From a1ad3e1b02709f46b4da71ea6a1c4b2592b49ef8 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Tue, 21 Aug 2018 10:28:04 -0700 Subject: [PATCH 01/24] new build --- ...ndows-diagnostic-events-and-fields-1803.md | 3819 ++++++++++------- 1 file changed, 2152 insertions(+), 1667 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index 84da766a22..31e8059b50 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -1,27 +1,31 @@ --- description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. title: Windows 10, version 1803 basic diagnostic events and fields (Windows 10) -keywords: privacy, telemetry, diagnostic data +keywords: privacy, telemetry ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security -ms.localizationpriority: high +localizationpriority: high author: brianlic-msft ms.author: brianlic -ms.date: 4/30/2018 +ms.date: 08/21/2018 --- # Windows 10, version 1803 basic level Windows diagnostic events and fields +> [!IMPORTANT] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + + **Applies to** - Windows 10, version 1803 -The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. When the level is set to Basic, it also includes the Security level information. +The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Windows Store. When the level is set to Basic, it also includes the Security level information. The Basic level helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems. @@ -30,230 +34,15 @@ Use this article to learn about diagnostic events, grouped by event area, and th You can learn more about Windows functional and diagnostic data through these articles: +- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) - [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md) - [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) - [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) -- [Manage Windows 10 connection endpoints](manage-windows-endpoints.md) - [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) -## Common data extensions - -### Common Data Extensions.App - - - -The following fields are available: - -- **expId** Associates a flight, such as an OS flight, or an experiment, such as a web site UX experiment, with an event. -- **userId** The userID as known by the application. -- **env** The environment from which the event was logged. -- **asId** An integer value that represents the app session. This value starts at 0 on the first app launch and increments after each subsequent app launch per boot session. -- **id** Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application. -- **ver** Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app. - - -### Common Data Extensions.CS - - - -The following fields are available: - -- **sig** A common schema signature that identifies new and modified event schemas. - - -### Common Data Extensions.CUET - - - -The following fields are available: - -- **stId** Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID. -- **aId** Represents the ETW ActivityId. Logged via TraceLogging or directly via ETW. -- **raId** Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW. -- **op** Represents the ETW Op Code. -- **cat** Represents a bitmask of the ETW Keywords associated with the event. -- **flags** Represents the bitmap that captures various Windows specific flags. -- **cpId** The composer ID, such as Reference, Desktop, Phone, Holographic, Hub, IoT Composer. -- **tickets** A list of strings that represent entries in the HTTP header of the web request that includes this event. -- **bseq** Upload buffer sequence number in the format \:\ -- **mon** Combined monitor and event sequence numbers in the format \:\ -- **epoch** Represents the epoch and seqNum fields, which help track how many events were fired and how many events were uploaded, and enables identification of data lost during upload and de-duplication of events on the ingress server. -- **seq** Represents the sequence field used to track absolute order of uploaded events. It is an incrementing identifier for each event added to the upload queue.  The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server. - - -### Common Data Extensions.Device - - - -The following fields are available: - -- **ver** Represents the major and minor version of the extension. -- **localId** Represents a locally defined unique ID for the device, not the human readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId -- **deviceClass** Represents the classification of the device, the device “family”.  For example, Desktop, Server, or Mobile. - - -### Common Data Extensions.Envelope - - - -The following fields are available: - -- **ver** Represents the major and minor version of the extension. -- **name** Represents the uniquely qualified name for the event. -- **time** Represents the event date time in Coordinated Universal Time (UTC) when the event was generated on the client. This should be in ISO 8601 format. -- **popSample** Represents the effective sample rate for this event at the time it was generated by a client. -- **iKey** Represents an ID for applications or other logical groupings of events. -- **flags** Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency. -- **cV** Represents the Correlation Vector: A single field for tracking partial order of related telemetry events across component boundaries. - - -### Common Data Extensions.OS - - - -The following fields are available: - -- **ver** Represents the major and minor version of the extension. -- **expId** Represents the experiment ID. The standard for associating a flight, such as an OS flight (pre-release build), or an experiment, such as a web site UX experiment, with an event is to record the flight / experiment IDs in Part A of the common schema. -- **locale** Represents the locale of the operating system. -- **bootId** An integer value that represents the boot session. This value starts at 0 on first boot after OS install and increments after every reboot. -- **os** Represents the operating system name. -- **ver** Represents the OS version, and its format is OS dependent. - - -### Common Data Extensions.User - - - -The following fields are available: - -- **ver** Represents the major and minor version of the extension. -- **localId** Represents a unique user identity that is created locally and added by the client. This is not the user's account ID. - - -### Common Data Extensions.XBL - - - -The following fields are available: - -- **nbf** Not before time -- **expId** Expiration time -- **sbx** XBOX sandbox identifier -- **dty** XBOX device type -- **did** XBOX device ID -- **xid** A list of base10-encoded XBOX User IDs. -- **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts. - - -### Common Data Extensions.Consent UI Event - -This User Account Control (UAC) telemetry point collects information on elevations that originate from low integrity levels. This occurs when a process running at low integrity level (IL) requires higher (administrator) privileges, and therefore requests for elevation via UAC (consent.exe). By better understanding the processes requesting these elevations, Microsoft can in turn improve the detection and handling of potentially malicious behavior in this path. - -The following fields are available: - -- **eventType** Represents the type of elevation: If it succeeded, was cancelled, or was auto-approved. -- **splitToken** Represents the flag used to distinguish between administrators and standard users. -- **friendlyName** Represents the name of the file requesting elevation from low IL. -- **elevationReason** Represents the distinction between various elevation requests sources (appcompat, installer, COM, MSI and so on). -- **exeName** Represents the name of the file requesting elevation from low IL. -- **signatureState** Represents the state of the signature, if it signed, unsigned, OS signed and so on. -- **publisherName** Represents the name of the publisher of the file requesting elevation from low IL. -- **cmdLine** Represents the full command line arguments being used to elevate. -- **Hash.Length** Represents the length of the hash of the file requesting elevation from low IL. -- **Hash** Represents the hash of the file requesting elevation from low IL. -- **HashAlgId** Represents the algorithm ID of the hash of the file requesting elevation from low IL. -- **telemetryFlags** Represents the details about the elevation prompt for CEIP data. -- **timeStamp** Represents the time stamp on the file requesting elevation. -- **fileVersionMS** Represents the major version of the file requesting elevation. -- **fileVersionLS** Represents the minor version of the file requesting elevation. - - -## Common data fields - -### Common Data Fields.MS.Device.DeviceInventory.Change - -These fields are added whenever Ms.Device.DeviceInventoryChange is included in the event. - -The following fields are available: - -- **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object. -- **objectType** Indicates the object type that the event applies to. -- **Action** The change that was invoked on a device inventory object. -- **inventoryId** Device ID used for Compatibility testing - - -### Common Data Fields.TelClientSynthetic.PrivacySettingsAfterCreatorsUpdate.PreUpgradeSettings - -These fields are added whenever PreUpgradeSettings is included in the event. - -The following fields are available: - -- **HKLM_SensorPermissionState.SensorPermissionState** The state of the Location service before the feature update completed. -- **HKLM_SensorPermissionState.HRESULT** The error code returned when trying to query the Location service for the device. -- **HKCU_SensorPermissionState.SensorPermissionState** The state of the Location service when a user signs on before the feature update completed. -- **HKCU_SensorPermissionState.HRESULT** The error code returned when trying to query the Location service for the current user. -- **HKLM_LocationPlatform.Status** The state of the location platform after the feature update has completed. -- **HKLM_LocationPlatform.HRESULT** The error code returned when trying to query the location platform for the device. -- **HKLM_LocationSyncEnabled.AcceptedPrivacyPolicy** The speech recognition state for the device before the feature update completed. -- **HKLM_LocationSyncEnabled.HRESULT** The error code returned when trying to query the Find My Device service for the device. -- **HKCU_LocationSyncEnabled.AcceptedPrivacyPolicy** The speech recognition state for the current user before the feature update completed. -- **HKCU_LocationSyncEnabled.HRESULT** The error code returned when trying to query the Find My Device service for the current user. -- **HKLM_AllowTelemetry.AllowTelemetry** The state of the Connected User Experiences and Telemetry component for the device before the feature update. -- **HKLM_AllowTelemetry.HRESULT** The error code returned when trying to query the Connected User Experiences and Telemetry conponent for the device. -- **HKLM_TIPC.Enabled** The state of TIPC for the device. -- **HKLM_TIPC.HRESULT** The error code returned when trying to query TIPC for the device. -- **HKCU_TIPC.Enabled** The state of TIPC for the current user. -- **HKCU_TIPC.HRESULT** The error code returned when trying to query TIPC for the current user. -- **HKLM_FlipAhead.FPEnabled** Is Flip Ahead enabled for the device before the feature update was completed? -- **HKLM_FlipAhead.HRESULT** The error code returned when trying to query Flip Ahead for the device. -- **HKCU_FlipAhead.FPEnabled** Is Flip Ahead enabled for the current user before the feature update was completed? -- **HKCU_FlipAhead.HRESULT** The error code returned when trying to query Flip Ahead for the current user. -- **HKLM_TailoredExperiences.TailoredExperiencesWithDiagnosticDataEnabled** Is Tailored Experiences with Diagnostics Data enabled for the current user after the feature update had completed? -- **HKCU_TailoredExperiences.HRESULT** The error code returned when trying to query Tailored Experiences with Diagnostics Data for the current user. -- **HKLM_AdvertisingID.Enabled** Is the adveristing ID enabled for the device? -- **HKLM_AdvertisingID.HRESULT** The error code returned when trying to query the state of the advertising ID for the device. -- **HKCU_AdvertisingID.Enabled** Is the adveristing ID enabled for the current user? -- **HKCU_AdvertisingID.HRESULT** The error code returned when trying to query the state of the advertising ID for the user. - - -### Common Data Fields.TelClientSynthetic.PrivacySettingsAfterCreatorsUpdate.PostUpgradeSettings - -These fields are added whenever PostUpgradeSettings is included in the event. - -The following fields are available: - -- **HKLM_SensorPermissionState.SensorPermissionState** The state of the Location service after the feature update has completed. -- **HKLM_SensorPermissionState.HRESULT** The error code returned when trying to query the Location service for the device. -- **HKCU_SensorPermissionState.SensorPermissionState** The state of the Location service when a user signs on after a feature update has completed. -- **HKCU_SensorPermissionState.HRESULT** The error code returned when trying to query the Location service for the current user. -- **HKLM_LocationPlatform.Status** The state of the location platform after the feature update has completed. -- **HKLM_LocationPlatform.HRESULT** The error code returned when trying to query the location platform for the device. -- **HKLM_LocationSyncEnabled.AcceptedPrivacyPolicy** The speech recognition state for the device after the feature update has completed. -- **HKLM_LocationSyncEnabled.HRESULT** The error code returned when trying to query the Find My Device service for the device. -- **HKCU_LocationSyncEnabled.AcceptedPrivacyPolicy** The speech recognition state for the current user after the feature update has completed. -- **HKCU_LocationSyncEnabled.HRESULT** The error code returned when trying to query the Find My Device service for the current user. -- **HKLM_AllowTelemetry.AllowTelemetry** The state of the Connected User Experiences and Telemetry component for the device after the feature update. -- **HKLM_AllowTelemetry.HRESULT** The error code returned when trying to query the Connected User Experiences and Telemetry conponent for the device. -- **HKLM_TIPC.Enabled** The state of TIPC for the device. -- **HKLM_TIPC.HRESULT** The error code returned when trying to query TIPC for the device. -- **HKCU_TIPC.Enabled** The state of TIPC for the current user. -- **HKCU_TIPC.HRESULT** The error code returned when trying to query TIPC for the current user. -- **HKLM_FlipAhead.FPEnabled** Is Flip Ahead enabled for the device after the feature update has completed? -- **HKLM_FlipAhead.HRESULT** The error code returned when trying to query Flip Ahead for the device. -- **HKCU_FlipAhead.FPEnabled** Is Flip Ahead enabled for the current user after the feature update has completed? -- **HKCU_FlipAhead.HRESULT** The error code returned when trying to query Flip Ahead for the current user. -- **HKLM_TailoredExperiences.TailoredExperiencesWithDiagnosticDataEnabled** Is Tailored Experiences with Diagnostics Data enabled for the current user after the feature update had completed? -- **HKCU_TailoredExperiences.HRESULT** The error code returned when trying to query Tailored Experiences with Diagnostics Data for the current user. -- **HKLM_AdvertisingID.Enabled** Is the adveristing ID enabled for the device? -- **HKLM_AdvertisingID.HRESULT** The error code returned when trying to query the state of the advertising ID for the device. -- **HKCU_AdvertisingID.Enabled** Is the adveristing ID enabled for the current user? -- **HKCU_AdvertisingID.HRESULT** The error code returned when trying to query the state of the advertising ID for the user. - - ## Appraiser events ### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount @@ -262,37 +51,38 @@ This event lists the types of objects and how many of each exist on the client d The following fields are available: -- **PCFP** An ID for the system, calculated by hashing hardware identifiers. -- **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device. -- **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device. -- **SystemProcessorSse2** The count of the number of this particular object type present on this device. +- **PCFP** An ID for the system, calculated by hashing hardware identifiers. +- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device. +- **InventoryMediaCenter** The count of the number of this particular object type present on this device. +- **InventoryApplicationFile** The count of the number of this particular object type present on this device. - **SystemProcessorNx** The count of the number of this particular object type present on this device. -- **SystemWim** The count of the number of this particular object type present on this device. -- **SystemWlan** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device. -- **DecisionDevicePnp_RS1** The total DecisionDevicePnp objects targeting Windows 10 version 1607 on this device. -- **InventorySystemBios** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. -- **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. -- **SystemMemory** The count of the number of this particular object type present on this device. -- **SystemProcessorPrefetchW** The count of the number of this particular object type present on this device. +- **SystemProcessorSse2** The count of the number of this particular object type present on this device. +- **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device. +- **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_RS1** The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device. - **DecisionSystemBios_RS1** The total DecisionSystemBios objects targeting Windows 10 version 1607 on this device. +- **SystemProcessorPrefetchW** The count of the number of this particular object type present on this device. +- **SystemMemory** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_RS1** The total DataSourceMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. - **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. -- **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. +- **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. +- **InventorySystemBios** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_RS1** The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device. +- **DataSourceMatchingInfoBlock_RS1** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device. +- **DecisionMatchingInfoBlock_RS1** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device. +- **DatasourceApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. +- **DecisionApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. +- **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. +- **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device. - **DatasourceDriverPackage_RS1** The total DataSourceDriverPackage objects targeting Windows 10 version 1607 on this device. +- **DecisionDevicePnp_RS1** The total DecisionDevicePnp objects targeting Windows 10 version 1607 on this device. - **DecisionDriverPackage_RS1** The total DecisionDriverPackage objects targeting Windows 10 version 1607 on this device. -- **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. -- **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. -- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device. -- **SystemTouch** The count of the number of this particular object type present on this device. -- **InventoryApplicationFile** The count of the number of this particular object type present on this device. -- **InventoryLanguagePack** The count of InventoryLanguagePack objects present on this machine. -- **InventoryMediaCenter** The count of the number of this particular object type present on this device. -- **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting the next release of Windows on this device. -- **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device. -- **DatasourceApplicationFile_RS3** The total DecisionApplicationFile objects targeting the next release of Windows on this device. +- **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. +- **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device. +- **InventoryLanguagePack** The count of the number of this particular object type present on this device. +- **SystemWlan** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_RS3** The total DecisionApplicationFile objects targeting the next release of Windows on this device. - **DatasourceDevicePnp_RS3** The total DatasourceDevicePnp objects targeting the next release of Windows on this device. - **DatasourceDriverPackage_RS3** The total DatasourceDriverPackage objects targeting the next release of Windows on this device. - **DataSourceMatchingInfoBlock_RS3** The total DataSourceMatchingInfoBlock objects targeting the next release of Windows on this device. @@ -306,99 +96,37 @@ The following fields are available: - **DecisionMatchingInfoPostUpgrade_RS3** The total DecisionMatchingInfoPostUpgrade objects targeting the next release of Windows on this device. - **DecisionMediaCenter_RS3** The total DecisionMediaCenter objects targeting the next release of Windows on this device. - **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device. -- **DatasourceApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. -- **DecisionApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. -- **DataSourceMatchingInfoBlock_RS1** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device. -- **DecisionMatchingInfoBlock_RS1** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device. -- **DecisionMediaCenter_RS1** The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device. +- **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting the next release of Windows on this device. +- **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device. +- **SystemTouch** The count of SystemTouch objects present on this machine. +- **SystemWim** The count of SystemWim objects present on this machine. +- **InventoryTest** No content is currently available. -### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockAdd +### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd -This event sends blocking data about any compatibility blocking entries hit on the system that are not directly related to specific applications or devices, to help keep Windows up-to-date. +Represents the basic metadata about specific application files installed on the system. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: -- **AppraiserVersion** The version of the appraiser file generating the events. - - -### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockRemove - -This event indicates that the DataSourceMatchingInfoBlock object is no longer present. - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockStartSync - -This event indicates that a full set of DataSourceMatchingInfoBlockStAdd events have been sent. - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveAdd - -This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up-to-date. - -The following fields are available: - -- **AppraiserVersion** The version of the appraiser file generating the events. - - -### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveRemove - -This event indicates that the DataSourceMatchingInfoPassive object is no longer present. - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveStartSync - -This event indicates that a new set of DataSourceMatchingInfoPassiveAdd events will be sent. - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeAdd - -This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up-to-date. - -The following fields are available: - -- **AppraiserVersion** The version of the appraiser file generating the events. - - -### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeRemove - -This event indicates that the DataSourceMatchingInfoPostUpgrade object is no longer present. - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - - -### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeStartSync - -This event indicates that a new set of DataSourceMatchingInfoPostUpgradeAdd events will be sent. - -The following fields are available: - -- **AppraiserVersion** The version of the Appraiser file that is generating the events. - +- **AppraiserVersion** The version of the appraiser file that is generating the events. +- **AvDisplayName** If the app is an antivirus app, this is its display name. +- **CompatModelIndex** The compatibility prediction for this file. +- **HasCitData** Is the file present in CIT data? +- **HasUpgradeExe** Does the antivirus app have an upgrade.exe file? +- **IsAv** Is the file an antivirus reporting EXE? +- **ResolveAttempted** This will always be an empty string when sent. +- **SdbEntries** An array of fields that indicates the SDB entries that apply to this file. ### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileRemove This event indicates that the DatasourceApplicationFile object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -408,6 +136,8 @@ The following fields are available: This event indicates that a new set of DatasourceApplicationFileAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -417,6 +147,8 @@ The following fields are available: This event sends compatibility data for a PNP device, to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **ActiveNetworkConnection** Is the device an active network device? @@ -432,6 +164,8 @@ The following fields are available: This event indicates that the DatasourceDevicePnp object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -441,6 +175,8 @@ The following fields are available: This event indicates that a new set of DatasourceDevicePnpAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -450,6 +186,8 @@ The following fields are available: This event sends compatibility database data about driver packages to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the appraiser file generating the events. @@ -459,6 +197,8 @@ The following fields are available: This event indicates that the DatasourceDriverPackage object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -468,6 +208,107 @@ The following fields are available: This event indicates that a new set of DatasourceDriverPackageAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockAdd + +This event sends blocking data about any compatibility blocking entries hit on the system that are not directly related to specific applications or devices, to help keep Windows up-to-date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the appraiser file generating the events. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockRemove + +This event indicates that the DataSourceMatchingInfoBlock object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockStartSync + +This event indicates that a full set of DataSourceMatchingInfoBlockStAdd events have been sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveAdd + +This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up-to-date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the appraiser file generating the events. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveRemove + +This event indicates that the DataSourceMatchingInfoPassive object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveStartSync + +This event indicates that a new set of DataSourceMatchingInfoPassiveAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeAdd + +This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up-to-date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the appraiser file generating the events. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeRemove + +This event indicates that the DataSourceMatchingInfoPostUpgrade object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeStartSync + +This event indicates that a new set of DataSourceMatchingInfoPostUpgradeAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -477,6 +318,8 @@ The following fields are available: This event sends compatibility database information about the BIOS to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file generating the events. @@ -487,6 +330,8 @@ The following fields are available: This event indicates that the DatasourceSystemBios object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -496,6 +341,8 @@ The following fields are available: This event indicates that a new set of DatasourceSystemBiosAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -505,6 +352,8 @@ The following fields are available: This event sends compatibility decision data about a file to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the appraiser file generating the events. @@ -530,7 +379,9 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove -This event indicates that the DecisionApplicationFile object is no longer present. +This event indicates Indicates that the DecisionApplicationFile object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: @@ -541,6 +392,8 @@ The following fields are available: This event indicates that a new set of DecisionApplicationFileAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -550,6 +403,8 @@ The following fields are available: This event sends compatibility decision data about a PNP device to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the appraiser file generating the events. @@ -574,6 +429,8 @@ The following fields are available: This event indicates that the DecisionDevicePnp object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -581,7 +438,9 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DecisionDevicePnpStartSync -This event indicates that the DecisionDevicePnp object is no longer present. +The DecisionDevicePnpStartSync event indicates that a new set of DecisionDevicePnpAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: @@ -592,6 +451,8 @@ The following fields are available: This event sends decision data about driver package compatibility to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the appraiser file generating the events. @@ -606,6 +467,8 @@ The following fields are available: This event indicates that the DecisionDriverPackage object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -615,6 +478,8 @@ The following fields are available: This event indicates that a new set of DecisionDriverPackageAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -624,6 +489,8 @@ The following fields are available: This event sends compatibility decision data about blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the appraiser file generating the events. @@ -639,6 +506,8 @@ The following fields are available: This event indicates that the DecisionMatchingInfoBlock object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -648,6 +517,8 @@ The following fields are available: This event indicates that a new set of DecisionMatchingInfoBlockAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -657,6 +528,8 @@ The following fields are available: This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -668,6 +541,8 @@ The following fields are available: This event Indicates that the DecisionMatchingInfoPassive object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -677,6 +552,8 @@ The following fields are available: This event indicates that a new set of DecisionMatchingInfoPassiveAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -686,6 +563,8 @@ The following fields are available: This event sends compatibility decision data about entries that require reinstall after upgrade. It's used to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -699,6 +578,8 @@ The following fields are available: This event indicates that the DecisionMatchingInfoPostUpgrade object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -708,6 +589,8 @@ The following fields are available: This event sends decision data about the presence of Windows Media Center, to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file generating the events. @@ -723,6 +606,8 @@ The following fields are available: This event indicates that the DecisionMediaCenter object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -732,6 +617,8 @@ The following fields are available: This event indicates that a new set of DecisionMediaCenterAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -741,6 +628,8 @@ The following fields are available: This event sends compatibility decision data about the BIOS to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file generating the events. @@ -752,6 +641,8 @@ The following fields are available: This event indicates that the DecisionSystemBios object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -761,6 +652,8 @@ The following fields are available: This event indicates that a new set of DecisionSystemBiosAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -784,6 +677,8 @@ The following fields are available: This event represents the basic metadata about a file on the system. The file must be part of an app and either have a block in the compatibility database or are part of an anti-virus program. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file generating the events. @@ -807,6 +702,8 @@ The following fields are available: This event indicates that the InventoryApplicationFile object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -814,7 +711,9 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync -This event indicates that a new set of InventoryApplicationFileAdd events will be sent. +This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: @@ -825,6 +724,8 @@ The following fields are available: This event sends data about the number of language packs installed on the system, to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -836,6 +737,8 @@ The following fields are available: This event indicates that the InventoryLanguagePack object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -845,6 +748,8 @@ The following fields are available: This event indicates that a new set of InventoryLanguagePackAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -854,6 +759,8 @@ The following fields are available: This event sends true/false data about decision points used to understand whether Windows Media Center is used on the system, to help keep Windows up to date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file generating the events. @@ -870,6 +777,8 @@ The following fields are available: This event indicates that the InventoryMediaCenter object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -879,6 +788,8 @@ The following fields are available: This event indicates that a new set of InventoryMediaCenterAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -888,6 +799,8 @@ The following fields are available: This event sends basic metadata about the BIOS to determine whether it has a compatibility block. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -899,7 +812,9 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.InventorySystemBiosRemove -This event indicates that the InventorySystemBios object is no longer present. +This event indicates that the InventorySystemBios object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: @@ -910,6 +825,8 @@ The following fields are available: This event indicates that a new set of InventorySystemBiosAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -919,6 +836,8 @@ The following fields are available: This event indicates that the InventoryUplevelDriverPackage object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -928,6 +847,8 @@ The following fields are available: This event indicates that a new set of InventoryUplevelDriverPackageAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -935,7 +856,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.RunContext -This event indicates what should be expected in the data payload. +This event indicates what should be expected in the data payload. The following fields are available: @@ -951,6 +872,8 @@ The following fields are available: This event sends data on the amount of memory on the system and whether it meets requirements, to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file generating the events. @@ -967,6 +890,8 @@ The following fields are available: This event that the SystemMemory object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -976,6 +901,8 @@ The following fields are available: This event indicates that a new set of SystemMemoryAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -985,6 +912,8 @@ The following fields are available: This event sends data indicating whether the system supports the CompareExchange128 CPU requirement, to help keep Windows up to date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file generating the events. @@ -994,7 +923,9 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.SystemProcessorCompareExchangeRemove -This event indicates that the SystemProcessorCompareExchange object is no longer present. +This event indicates that the SystemProcessorCompareExchange object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: @@ -1005,6 +936,8 @@ The following fields are available: This event indicates that a new set of SystemProcessorCompareExchangeAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1014,6 +947,8 @@ The following fields are available: This event sends data indicating whether the system supports the LahfSahf CPU requirement, to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file generating the events. @@ -1023,7 +958,9 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfRemove -This event indicates that the SystemProcessorLahfSahf object is no longer present. +This event indicates that the SystemProcessorLahfSahf object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: @@ -1034,6 +971,8 @@ The following fields are available: This event indicates that a new set of SystemProcessorLahfSahfAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1043,6 +982,8 @@ The following fields are available: This event sends data indicating whether the system supports the NX CPU requirement, to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1055,6 +996,8 @@ The following fields are available: This event indicates that the SystemProcessorNx object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1064,6 +1007,8 @@ The following fields are available: This event indicates that a new set of SystemProcessorNxAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1073,6 +1018,8 @@ The following fields are available: This event sends data indicating whether the system supports the PrefetchW CPU requirement, to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1084,6 +1031,8 @@ The following fields are available: This event indicates that the SystemProcessorPrefetchW object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1093,6 +1042,8 @@ The following fields are available: This event indicates that a new set of SystemProcessorPrefetchWAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1102,6 +1053,8 @@ The following fields are available: This event sends data indicating whether the system supports the SSE2 CPU requirement, to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1113,6 +1066,8 @@ The following fields are available: This event indicates that the SystemProcessorSse2 object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1122,6 +1077,8 @@ The following fields are available: This event indicates that a new set of SystemProcessorSse2Add events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1131,6 +1088,8 @@ The following fields are available: This event sends data indicating whether the system supports touch, to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1140,7 +1099,9 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.SystemTouchRemove -This event indicates that the SystemTouch object is no longer present. +This event indicates that the SystemTouch object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: @@ -1151,6 +1112,8 @@ The following fields are available: This event indicates that a new set of SystemTouchAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1160,6 +1123,8 @@ The following fields are available: This event sends data indicating whether the operating system is running from a compressed WIM file, to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1169,7 +1134,9 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.SystemWimRemove -This event indicates that the SystemWim object is no longer present. +This event indicates that the SystemWim object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: @@ -1180,6 +1147,8 @@ The following fields are available: This event indicates that a new set of SystemWimAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1189,6 +1158,8 @@ The following fields are available: This event sends data indicating whether the current operating system is activated, to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1200,6 +1171,8 @@ The following fields are available: This event indicates that the SystemWindowsActivationStatus object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1209,6 +1182,8 @@ The following fields are available: This event indicates that a new set of SystemWindowsActivationStatusAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1216,7 +1191,9 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.SystemWlanRemove -This event indicates that the SystemWlan object is no longer present. +This event indicates that the SystemWlan object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: @@ -1227,6 +1204,8 @@ The following fields are available: This event indicates that a new set of SystemWlanAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1269,6 +1248,8 @@ The following fields are available: This event sends data about the usage of older digital rights management on the system, to help keep Windows up to date. This data does not indicate the details of the media using the digital rights management, only whether any such files exist. Collecting this data was critical to ensuring the correct mitigation for customers, and should be able to be removed once all mitigations are in place. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1286,6 +1267,8 @@ The following fields are available: This event indicates that the Wmdrm object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1295,6 +1278,8 @@ The following fields are available: This event indicates that a new set of WmdrmAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1304,12 +1289,20 @@ The following fields are available: ### Census.App -This event sends version data about the Apps running on this device, to help keep Windows up to date. +Provides information on IE and Census versions running on the device. The following fields are available: - **CensusVersion** The version of Census that generated the current data for this device. - **IEVersion** Retrieves which version of Internet Explorer is running on this device. +- **AppraiserEnterpriseErrorCode** No content is currently available. +- **AppraiserErrorCode** No content is currently available. +- **AppraiserRunEndTimeStamp** No content is currently available. +- **AppraiserRunIsInProgressOrCrashed** No content is currently available. +- **AppraiserRunStartTimeStamp** No content is currently available. +- **AppraiserTaskEnabled** No content is currently available. +- **AppraiserTaskExitCode** No content is currently available. +- **AppraiserTaskLastRun** No content is currently available. ### Census.Battery @@ -1358,6 +1351,7 @@ The following fields are available: - **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment. - **ServerFeatures** Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. - **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier +- **AADDeviceId** Azure Active Directory device id. ### Census.Firmware @@ -1470,7 +1464,7 @@ The following fields are available: - **ActivationChannel** Retrieves the retail license key or Volume license key for a machine. - **AssignedAccessStatus** Kiosk configuration mode. - **CompactOS** Indicates if the Compact OS feature from Win10 is enabled. -- **DeveloperUnlockStatus** Represents if a device has been developer unlocked by the user or Group Policy. +- **DeveloperUnlockStatus** Represents if a device has been developer unlocked by the user or Group Policy. - **DeviceTimeZone** The time zone that is set on the device. Example: Pacific Standard Time - **GenuineState** Retrieves the ID Value specifying the OS Genuine check. - **InstallationType** Retrieves the type of OS installation. (Clean, Upgrade, Reset, Refresh, Update). @@ -1505,14 +1499,15 @@ The following fields are available: ### Census.Processor -This event sends data about the processor (architecture, speed, number of cores, manufacturer, and model number), to help keep Windows up to date. +Provides information on several important data points about Processor settings. The following fields are available: - **KvaShadow** Microcode info of the processor. - **MMSettingOverride** Microcode setting of the processor. - **MMSettingOverrideMask** Microcode setting override of the processor. -- **ProcessorArchitecture** Processor architecture of the installed operating system. +- **PreviousUpdateRevision** Previous microcode revision. +- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system. - **ProcessorClockSpeed** Clock speed of the processor in MHz. - **ProcessorCores** Number of logical cores in the processor. - **ProcessorIdentifier** Processor Identifier of a manufacturer. @@ -1520,7 +1515,7 @@ The following fields are available: - **ProcessorModel** Name of the processor model. - **ProcessorPhysicalCores** Number of physical cores in the processor. - **ProcessorUpdateRevision** Microcode revision. -- **ProcessorUpdateStatus** The status of the microcode update. +- **ProcessorUpdateStatus** Enum value that represents the processor microcode load status. - **SocketCount** Count of CPU sockets. - **SpeculationControl** If the system has enabled protections needed to validate the speculation control vulnerability. @@ -1535,8 +1530,11 @@ The following fields are available: - **CGRunning** Credential Guard isolates and hardens key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector. This field tells if Credential Guard is running. - **DGState** This field summarizes Device Guard state - **HVCIRunning** Hypervisor Code Integrity (HVCI) enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s functionality to force all software running in kernel mode to safely allocate memory. This field tells if HVCI is running +- **IsSawGuest** Describes whether the device is running as a Secure Admin Workstation Guest +- **IsSawHost** Describes whether the device is running as a Secure Admin Workstation Host - **RequiredSecurityProperties** This field describes the required security properties to enable virtualization-based security - **SecureBootCapable** Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting. +- **SModeState** The Windows S mode trail state. - **VBSState** Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation. VBS has a tri-state that can be Disabled, Enabled, or Running. @@ -1568,6 +1566,16 @@ The following fields are available: - **SystemVolumeTotalCapacity** Retrieves the size of the partition that the System volume is installed on in MB. +### Census.Userdefault + +This event sends data about the current user's default preferences for browser and several of the most popular extensions and protocols, to help keep Windows up to date. + +The following fields are available: + +- **DefaultApp** The current uer's default program selected for the following extension or protocol: .html,.htm,.jpg,.jpeg,.png,.mp3,.mp4, .mov,.pdf +- **DefaultBrowserProgId** The ProgramId of the current user's default browser + + ### Census.UserDisplay This event sends data about the logical/physical display size, resolution and number of internal/external displays, and VRAM on the system, to help keep Windows up to date. @@ -1602,16 +1610,6 @@ The following fields are available: - **SpeechInputLanguages** The Speech Input languages installed on the device. -### Census.Userdefault - -This event sends data about the current user's default preferences for browser and several of the most popular extensions and protocols, to help keep Windows up to date. - -The following fields are available: - -- **DefaultApp** The current uer's default program selected for the following extension or protocol: .html,.htm,.jpg,.jpeg,.png,.mp3,.mp4, .mov,.pdf -- **DefaultBrowserProgId** The ProgramId of the current user's default browser - - ### Census.VM This event sends data indicating whether virtualization is enabled on the device, and its various characteristics, to help keep Windows up to date. @@ -1670,18 +1668,248 @@ The following fields are available: - **XboxLiveSandboxId** Retrieves the developer sandbox id if the device is internal to MS. -## Deployment events +## Common data extensions + +### Common Data Extensions.app + +Describes the properties of the running application. This extension could be populated by a client app or a web app. + +The following fields are available: + +- **asId** An integer value that represents the app session. This value starts at 0 on the first app launch and increments after each subsequent app launch per boot session. +- **env** The environment from which the event was logged. +- **expId** Associates a flight, such as an OS flight, or an experiment, such as a web site UX experiment, with an event. +- **id** Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application. +- **locale** The locale of the app. +- **name** The name of the app. +- **userId** The userID as known by the application. +- **ver** Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app. + + +### Common Data Extensions.container + +Describes the properties of the container for events logged within a container. + +The following fields are available: + +- **epoch** An ID that's incremented for each SDK initialization. +- **localId** The device ID as known by the client. +- **osVer** The operating system version. +- **seq** An ID that's incremented for each event. +- **type** The container type. Examples: Process or VMHost + + +### Common Data Extensions.cs + +Describes properties related to the schema of the event. + +The following fields are available: + +- **sig** A common schema signature that identifies new and modified event schemas. + + +### Common Data Extensions.cs1 + +Contains all common data extensions that were originally part of the 1.0 schema. + +The following fields are available: + +- **dblp** A bitfield that is set to a non-zero value if the event in the newer schema has an equivalent event from the 1.0 schema. +- **esc** The event sequence clock. +- **ev** The version of the event. +- **locale** The client language locale on the device. +- **scid** The Service Config ID of the running title that sent the event. +- **users** A comma-separated list of all users logged into the device when the event was created. The user ID is encoded. Example: x:12345678 + + +### Common Data Extensions.device + +Describes the device-related fields. + +The following fields are available: + +- **authId** The ID of the device associated with this event. For Microsoft Account tickets, this is expected to be the MSA Global ID. +- **authSecId** The secondary ID of the device associated with this event. For Microsoft Account tickets, this is expected to be the MSA Hardware ID. +- **deviceClass** The device classification. Examples: Desktop, Server, or Mobile. +- **id** A unique device ID. +- **localId** A locally-defined unique ID for the device. This is not the human-readable device name. +- **make** Device manufacturer. +- **model** Device model. +- **orgAuthId** ID used to authenticate the orgId. +- **orgId** Organization ID associated with the event. + + +### Common Data Extensions.Envelope + +No content is currently available. + +The following fields are available: + +- **cV** Represents the Correlation Vector: A single field for tracking partial order of related telemetry events across component boundaries. +- **data** Represents the optional unique diagnostic data for a particular event schema. +- **ext_app** Describes the properties of the running application. This extension could be populated by either a client app or a web app. See [Common Data Extensions.app](#common-data-extensionsapp). +- **ext_container** Describes the properties of the container for events logged within a container. See [Common Data Extensions.container](#common-data-extensionscontainer). +- **ext_cs** Describes properties related to the schema of the event. See [Common Data Extensions.cs](#common-data-extensionscs). +- **ext_cs1** If the field doesn't exist in the newer schema, this contains the fields from an earlier schema. See [Common Data Extensions.cs1](#common-data-extensionscs1). +- **ext_device** Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice). +- **ext_ingest** Describes the fields added dynamically by the service. See [Common Data Extensions.ingest](#common-data-extensionsingest). +- **ext_loc** Describes the location from which the event was logged. See [Common Data Extensions.loc](#common-data-extensionsloc). +- **ext_os** Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos). +- **ext_receipts** Describes the fields related to time as provided by the client for debugging purposes. See [Common Data Extensions.receipts](#common-data-extensionsreceipts). +- **ext_sdk** Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk). +- **ext_user** Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser). +- **ext_utc** Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc). +- **ext_xbl** Describes the fields related to XBOX Live. See [Common Data Extensions.xbl](#common-data-extensionsxbl). +- **flags** Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency. +- **iKey** Represents an ID for applications or other logical groupings of events. +- **name** Represents the uniquely qualified name for the event. +- **popSample** Represents the effective sample rate for this event at the time it was generated by a client. +- **time** Represents the event date time in Coordinated Universal Time (UTC) when the event was generated on the client. This should be in ISO 8601 format. +- **ver** Represents the major and minor version of the extension. + + +### Common Data Extensions.ingest + +Describes the fields that are added by the ingestion service. + +The following fields are available: + +- **auth** Used to assess the trustworthiness of the data. +- **client** The client name. +- **clientIp** The IP address seen by the service. This is not necessarily the client IP address, but could be a router or some other device. +- **processedIngest** If the event already had an ingest extension and the client was authenticated as a first party, the ingest extension will be inserted as processedIngest. +- **quality** A bitfield added by the service to all events coming from a client device. +- **time** The time that the event was received by the service. +- **userAgent** For events that are not using the CUET component, this is the user agent of the browser. + + +### Common Data Extensions.loc + +Describes the location from which the event was logged. + +The following fields are available: + +- **country** 2 letter country code using the codes from the ISO 3166-1 alpha-2 standard. +- **id** Location ID based on the client's IP address. +- **tz** The time zone of the device. + + +### Common Data Extensions.os + +Describes some properties of the operating system. + +The following fields are available: + +- **bootId** An integer value that represents the boot session. This value starts at 0 on first boot after OS install and increments after every reboot. +- **expId** Represents the experiment ID. The standard for associating a flight, such as an OS flight (pre-release build), or an experiment, such as a web site UX experiment, with an event is to record the flight / experiment IDs in Part A of the common schema. +- **locale** Represents the locale of the operating system. +- **name** The name of the operating system. +- **ver** Represents the OS version, and its format is OS dependent. + + +### Common Data Extensions.receipts + +Represents various time information as provided by the client and helps for debugging purposes. + +The following fields are available: + +- **originalTime** The original event time. +- **uploadTime** The time the event was uploaded. + + +### Common Data Extensions.sdk + +Used by platform specific libraries to record fields that are required for a specific SDK. + +The following fields are available: + +- **epoch** An ID that is incremented for each SDK initialization. +- **installId** An ID that's created during the initialization of the SDK for the first time. +- **libVer** The SDK version. +- **seq** An ID that is incremented for each event. + + +### Common Data Extensions.user + +Describes the fields related to a user. + +The following fields are available: + +- **authId** This is an ID of the user associated with this event that is deduced from a token such as a Microsoft Account ticket or an XBOX token. +- **id** Unique user Id. Example: x:12345678. +- **locale** The language and region. +- **localId** Represents a unique user identity that is created locally and added by the client. This is not the user's account ID. + + +### Common Data Extensions.utc + +Describes the properties that could be populated by a logging library on Windows. + +The following fields are available: + +- **aId** Represents the ETW ActivityId. Logged via TraceLogging or directly via ETW. +- **bSeq** Upload buffer sequence number in the format: buffer identifier:sequence number +- **cat** Represents a bitmask of the ETW Keywords associated with the event. +- **cpId** The composer ID, such as Reference, Desktop, Phone, Holographic, Hub, IoT Composer. +- **epoch** Represents the epoch and seqNum fields, which help track how many events were fired and how many events were uploaded, and enables identification of data lost during upload and de-duplication of events on the ingress server. +- **flags** Represents the bitmap that captures various Windows specific flags. +- **mon** Combined monitor and event sequence numbers in the format: monitor sequence : event sequence +- **op** Represents the ETW Op Code. +- **raId** Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW. +- **seq** Represents the sequence field used to track absolute order of uploaded events. It is an incrementing identifier for each event added to the upload queue. The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server. +- **stId** Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID. + + +### Common Data Extensions.xbl + +Describes the fields that are related to XBOX Live. + +The following fields are available: + +- **claims** Any additional claims whose short claim name hasn't been added to this structure. +- **did** XBOX device ID +- **dty** XBOX device type +- **dvr** The version of the operating system on the device. +- **eid** A unique ID that represents the developer entity. +- **exp** Expiration time +- **ip** The IP address of the client device. +- **nbf** Not before time +- **pid** A comma separated list of PUIDs listed as base10 numbers. +- **sbx** XBOX sandbox identifier +- **sid** The service instance ID. +- **sty** The service type. +- **tid** The XBOX Live title ID. +- **tvr** The XBOX Live title version. +- **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts. +- **xid** A list of base10-encoded XBOX User IDs. + + +## Compatibility events + +### Microsoft.Windows.Compatibility.Apphelp.SdbFix + +Product instrumentation for helping debug/troubleshoot issues with inbox compatibility components. + +The following fields are available: + +- **AppName** Name of the application impacted by SDB. +- **FixID** SDB GUID. +- **Flags** List of flags applied. +- **ImageName** Name of file. + + +## Deployment extensions ### DeploymentTelemetry.Deployment_End -Event to indicate that a Deployment 360 API has completed. +Event to indicate that a Deployment 360 API has completed. The following fields are available: - **ClientId** Client ID of user utilizing the D360 API - **ErrorCode** Error code of action - **FlightId** Flight being used -- **Mode** Phase in upgrade +- **Mode** Phase in upgrade - **RelatedCV** CV of any other related events - **Result** End result of action @@ -1709,7 +1937,7 @@ The following fields are available: - **FlightId** Flight being used - **Quiet** Whether Setup will run in quiet mode or in full - **RelatedCV** CV of any other related events -- **SetupMode** Phase Setup is in +- **SetupMode** Phase Setup is in ### DeploymentTelemetry.Deployment_SetupBoxResult @@ -1721,9 +1949,9 @@ The following fields are available: - **ClientId** Client ID of user utilizing the D360 API - **ErrorCode** Error code of action - **FlightId** Flight being used -- **Quiet** Whether Setup will run in quiet mode or in full -- **RelatedCV** Correlation vector of any other related events -- **SetupMode** Phase that Setup is in +- **Quiet** Whether Setup run in quiet mode or in full +- **RelatedCV** CV of any other related events +- **SetupMode** Phase Setup is in ### DeploymentTelemetry.Deployment_Start @@ -1734,7 +1962,7 @@ The following fields are available: - **ClientId** Client ID of user utilizing the D360 API - **FlightId** Flight being used -- **Mode** Phase in upgrade +- **Mode** Phase in upgrade - **RelatedCV** CV of any other related events @@ -1785,7 +2013,7 @@ Fired by UTC as a heartbeat signal. The following fields are available: - **AgentConnectionErrorsCount** Number of non-timeout errors associated with the host/agent channel. -- **CensusExitCode** Last exit code of Census task. +- **CensusExitCode** Last exit code of�Census task. - **CensusStartTime** Time of last Census run. - **CensusTaskEnabled** True if Census is enabled, false otherwise. - **CompressedBytesUploaded** Number of compressed bytes uploaded. @@ -1812,14 +2040,14 @@ The following fields are available: - **LastAgentConnectionError** Last non-timeout error encountered in the host/agent channel. - **LastEventSizeOffender** Event name of last event which exceeded max event size. - **LastInvalidHttpCode** Last invalid HTTP code received from Vortex. -- **MaxActiveAgentConnectionCount** Maximum number of active agents during this heartbeat timeframe. +- **MaxActiveAgentConnectionCount** Maximum number of active agents during this�heartbeat timeframe. - **MaxInUseScenarioCounter** Soft maximum number of scenarios loaded by UTC. - **PreviousHeartBeatTime** Time of last heartbeat event (allows chaining of events). - **SettingsHttpAttempts** Number of attempts to contact OneSettings service. -- **SettingsHttpFailures** Number of failures from contacting OneSettings service. +- **SettingsHttpFailures** Number of failures from contacting�OneSettings service. - **ThrottledDroppedCount** Number of events dropped due to throttling of noisy providers. - **UploaderDroppedCount** Number of events dropped at the uploader layer of telemetry client. -- **VortexFailuresTimeout** Number of time out failures received from Vortex. +- **VortexFailuresTimeout** Number of time out failures�received from Vortex. - **VortexHttpAttempts** Number of attempts to contact Vortex. - **VortexHttpFailures4xx** Number of 400-499 error codes received from Vortex. - **VortexHttpFailures5xx** Number of 500-599 error codes received from Vortex. @@ -1854,7 +2082,7 @@ The following fields are available: - **LastInvalidHttpCode** Last invalid HTTP code received from Vortex. - **PreviousHeartBeatTime** The FILETIME of the previous heartbeat fire. - **SettingsHttpAttempts** Number of attempts to contact OneSettings service. -- **SettingsHttpFailures** Number of failures from contacting OneSettings service. +- **SettingsHttpFailures** Number of failures from contacting OneSettings service. - **UploaderDroppedCount** Number of events dropped at the uploader layer of telemetry client. - **VortexFailuresTimeout** Number of time out failures received from Vortex. - **VortexHttpAttempts** Number of attempts to contact Vortex. @@ -1870,8 +2098,8 @@ This event sends basic data on privacy settings before and after a feature updat The following fields are available: -- **PostUpgradeSettings** The privacy settings after a feature update. -- **PreUpgradeSettings** The privacy settings before a feature update. +- **PostUpgradeSettings** The privacy settings after a feature update. See [TelClientSynthetic.PostUpgradeSettings](#telclientsyntheticpostupgradesettings). +- **PreUpgradeSettings** The privacy settings before a feature update. See [TelClientSynthetic.PreUpgradeSettings](#telclientsyntheticpreupgradesettings). ## Direct to update events @@ -1902,17 +2130,42 @@ The following fields are available: - **CV** Correlation vector. +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCleanupGenericFailure + +Event to indicate that we have received an unexpected error in the DTU Coordinator Cleanup call. + +The following fields are available: + +- **CampaignID** Campaign ID being run. +- **ClientID** Client ID being run. +- **CoordinatorVersion** Coordinator version of DTU. +- **CV** Correlation vector. +- **hResult** HRESULT of the failure. + + +### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCleanupSuccess + +Event to indicate that the Coordinator Cleanup call succeeded. + +The following fields are available: + +- **CampaignID** Campaign ID being run. +- **ClientID** Client ID being run. +- **CoordinatorVersion** Coordinator version of DTU. +- **CV** Correlation vector. + + ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCommitGenericFailure Commit call. The following fields are available: -- **hResult** HRESULT of the failure. - **CampaignID** Campaign ID being run. - **ClientID** Client ID being run. - **CoordinatorVersion** Coordinator version of DTU. - **CV** Correlation vector. +- **hResult** HRESULT of the failure. ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCommitSuccess @@ -2030,7 +2283,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInstallIgnoredFailure -Event to indicate that we have received an error in the DTU Coordinator Install call that will be ignored. +Event to indicate that we have received an error in the DTU Coordinator Install call that will be ignored. The following fields are available: @@ -2043,7 +2296,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInstallSuccess -Event to indicate that the Coordinator Install call succeeded. +Event to indicate that the Coordinator Install call succeeded. The following fields are available: @@ -2055,21 +2308,21 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorProgressCallBack -Event to indicate Coordinator's progress callback has been called. +Event to indicate Coordinator's progress callback has been called. The following fields are available: -- **Current Deploy Phase's percentage completed** Trigger which fired UXLauncher. -- **DeployPhase** Current Deploy Phase. - **CampaignID** Campaign ID being run. - **ClientID** Client ID being run. - **CoordinatorVersion** Coordinator version of DTU. +- **Current Deploy Phase's percentage completed** Trigger which fired UXLauncher. - **CV** Correlation vector. +- **DeployPhase** Current Deploy Phase. ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorSetCommitReadyGenericFailure -Event to indicate that we have received an unexpected error in the DTU Coordinator SetCommitReady call. +Event to indicate that we have received an unexpected error in the DTU Coordinator SetCommitReady call. The following fields are available: @@ -2082,7 +2335,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorSetCommitReadySuccess -Event to indicate that the Coordinator SetCommitReady call succeeded. +Event to indicate that the Coordinator SetCommitReady call succeeded. The following fields are available: @@ -2111,11 +2364,11 @@ Event to indicate that the Coordinator WaitForRebootUi call succeeded. The following fields are available: -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector -- **hResult** HRESULT of the failure +- **CampaignID** Campaign ID being run. +- **ClientID** Client ID being run. +- **CoordinatorVersion** Coordinator version of DTU. +- **CV** Correlation vector. +- **hResult** HRESULT of the failure. ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSelection @@ -2149,11 +2402,11 @@ Event to indicate that we have received an unexpected error in the DTU Handler C The following fields are available: -- **hResult** HRESULT of the failure - **CampaignID** Campaign ID being run - **ClientID** Client ID being run - **CoordinatorVersion** Coordinator version of DTU - **CV** Correlation vector +- **hResult** HRESULT of the failure - **CV_new** New correlation vector @@ -2229,12 +2482,12 @@ Event to indicate that we have received an unexpected error in the DTU Handler C The following fields are available: +- **hResult** HRESULT of the failure - **CampaignID** Campaign ID being run - **ClientID** Client ID being run - **CoordinatorVersion** Coordinator version of DTU - **CV** Correlation vector - **CV_new** New correlation vector -- **hResult** HRESULT of the failure ### Microsoft.Windows.DirectToUpdate.DTUHandlerCommitSuccess @@ -2346,11 +2599,11 @@ Event to indicate that we have received an unexpected error in the DTU Handler I The following fields are available: +- **hResult** HRESULT of the failure - **CampaignID** Campaign ID being run - **ClientID** Client ID being run - **CoordinatorVersion** Coordinator version of DTU - **CV** Correlation vector -- **hResult** HRESULT of the failure ### Microsoft.Windows.DirectToUpdate.DTUHandlerInstallSuccess @@ -2396,11 +2649,11 @@ Event to indicate that we have received an unexpected error in the DTU Handler W The following fields are available: -- **hResult** HRESULT of the failure - **CampaignID** Campaign ID being run - **ClientID** Client ID being run - **CoordinatorVersion** Coordinator version of DTU - **CV** Correlation vector +- **hResult** HRESULT of the failure ### Microsoft.Windows.DirectToUpdate.DTUHandlerWaitForRebootUiSuccess @@ -2435,14 +2688,15 @@ Indicates that the uninstall was properly configured and that a system reboot wa ### Microsoft.Windows.Upgrade.Uninstall.UninstallGoBackButtonClicked -This event sends basic metadata about the starting point of uninstalling a feature update which helps us ensure customers can safely revert to a well-known state if the update caused any problems. +This event sends basic metadata about the starting point of uninstalling a feature update which helps us ensure customers can safely revert to a well-known state if the update caused any problems. + ## Inventory events ### Microsoft.Windows.Inventory.Core.AmiTelCacheChecksum -This event captures basic checksum data about the device inventory items stored in the cache for use in validating data completeness for Microsoft.Windows.Inventory.Core events. The fields in this event may change over time, but they will always represent a count of a given object. +This event captures basic checksum data about the device inventory items stored in the cache for use in validating data completeness for Microsoft.Windows.Inventory.Core events. The fields in this event may change over time, but they will always represent a count of a given object. The following fields are available: @@ -2457,6 +2711,21 @@ The following fields are available: - **InventoryDeviceUsbHubClass** A count of device usb objects in cache - **InventoryDriverBinary** A count of driver binary objects in cache - **InventoryDriverPackage** A count of device objects in cache +- **InventoryMiscellaneousOfficeAddIn** A count of office add-in objects in cache. +- **InventoryMiscellaneousOfficeIdentifiers** A count of office identifier objects in cache. +- **InventoryMiscellaneousOfficeIESettings** A count of office IE settings objects in cache. +- **InventoryMiscellaneousOfficeInsights** A count of office insights objects in cache. +- **InventoryMiscellaneousOfficeProducts** A count of office products objects in cache. +- **InventoryMiscellaneousOfficeSettings** A count of office settings objects in cache. +- **InventoryMiscellaneousOfficeVBA** A count of office VBA objects in cache. +- **InventoryMiscellaneousOfficeVBARuleViolations** A count of office VBA rule violations objects in cache. +- **InventoryMiscellaneousUUPInfo** A count of UUP info objects in cache. +- **DeviceCensus** A count of devicecensus objects in cache +- **InventoryApplicationAppV** No content is currently available. +- **InventoryApplicationDriver** No content is currently available. +- **InventoryApplicationFramework** No content is currently available. +- **InventoryApplicationShortcut** No content is currently available. +- **InventoryMiscellaneousOfficeAddInUsage** No content is currently available. ### Microsoft.Windows.Inventory.Core.AmiTelCacheVersions @@ -2473,6 +2742,8 @@ The following fields are available: This event sends basic metadata about an application on the system to help keep Windows up to date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **HiddenArp** Indicates whether a program hides itself from showing up in ARP. @@ -2500,6 +2771,8 @@ The following fields are available: This event provides the basic metadata about the frameworks an application may depend on +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **FileId** A hash that uniquely identifies a file @@ -2511,6 +2784,8 @@ The following fields are available: This event indicates that a new set of InventoryApplicationFrameworkAdd events will be sent +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **InventoryVersion** The version of the inventory file generating the events @@ -2520,6 +2795,8 @@ The following fields are available: This event indicates that a new set of InventoryDevicePnpAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **InventoryVersion** The version of the inventory file generating the events. @@ -2529,6 +2806,8 @@ The following fields are available: This event indicates that a new set of InventoryApplicationAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **InventoryVersion** The version of the inventory file generating the events. @@ -2538,6 +2817,8 @@ The following fields are available: This event sends basic metadata about a device container (such as a monitor or printer as opposed to a PNP device) to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **Categories** A comma separated list of functional categories in which the container belongs. @@ -2560,6 +2841,8 @@ The following fields are available: This event indicates that the InventoryDeviceContainer object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **InventoryVersion** The version of the inventory file generating the events. @@ -2569,6 +2852,8 @@ The following fields are available: This event indicates that a new set of InventoryDeviceContainerAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **InventoryVersion** The version of the inventory file generating the events. @@ -2578,6 +2863,8 @@ The following fields are available: This event retrieves information about what sensor interfaces are available on the device. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **Accelerometer3D** Indicates if an Accelerator3D sensor is found. @@ -2606,6 +2893,8 @@ The following fields are available: This event indicates that a new set of InventoryDeviceInterfaceAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **InventoryVersion** The version of the inventory file generating the events. @@ -2615,6 +2904,8 @@ The following fields are available: This event sends additional metadata about a PNP device that is specific to a particular class of devices to help keep Windows up to date while reducing overall size of data payload. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **Audio_CaptureDriver** The Audio device capture driver endpoint. @@ -2626,6 +2917,8 @@ The following fields are available: This event indicates that a new set of InventoryDeviceMediaClassSAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **InventoryVersion** The version of the inventory file generating the events. @@ -2635,6 +2928,8 @@ The following fields are available: This event represents the basic metadata about a PNP device and its associated driver +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **BusReportedDescription** System-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the computer. @@ -2650,7 +2945,7 @@ The following fields are available: - **DriverVerDate** Name of the .sys image file (or wudfrd.sys if using user mode driver framework). - **DriverVerVersion** The immediate parent directory name in the Directory field of InventoryDriverPackage. - **Enumerator** The date of the driver loaded for the device. -- **HWID** The version of the driver loaded for the device. +- **HWID** The version of the driver loaded for the device. - **Inf** The bus that enumerated the device. - **InstallState** The device installation state. One of these values: https://msdn.microsoft.com/en-us/library/windows/hardware/ff543130.aspx - **InventoryVersion** List of hardware ids for the device. @@ -2672,6 +2967,8 @@ The following fields are available: This event indicates that the InventoryDevicePnpRemove object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **InventoryVersion** The version of the inventory file generating the events. @@ -2681,6 +2978,8 @@ The following fields are available: This event indicates that a new set of InventoryDevicePnpAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **InventoryVersion** The version of the inventory file generating the events. @@ -2690,6 +2989,8 @@ The following fields are available: This event sends basic metadata about the USB hubs on the device +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **InventoryVersion** The version of the inventory file generating the events @@ -2701,6 +3002,8 @@ The following fields are available: This event indicates that a new set of InventoryDeviceUsbHubClassAdd events will be sent +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **InventoryVersion** The version of the inventory file generating the events @@ -2710,6 +3013,8 @@ The following fields are available: This event provides the basic metadata about driver binaries running on the system +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **DriverCheckSum** The checksum of the driver file. @@ -2735,6 +3040,8 @@ The following fields are available: This event indicates that the InventoryDriverBinary object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **InventoryVersion** The version of the inventory file generating the events. @@ -2744,6 +3051,8 @@ The following fields are available: This event indicates that a new set of InventoryDriverBinaryAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **InventoryVersion** The version of the inventory file generating the events. @@ -2753,6 +3062,8 @@ The following fields are available: This event sends basic metadata about drive packages installed on the system to help keep Windows up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **Class** The class name for the device driver. @@ -2771,6 +3082,8 @@ The following fields are available: This event indicates that the InventoryDriverPackageRemove object is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **InventoryVersion** The version of the inventory file generating the events. @@ -2780,6 +3093,8 @@ The following fields are available: This event indicates that a new set of InventoryDriverPackageAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **InventoryVersion** The version of the inventory file generating the events. @@ -2789,43 +3104,92 @@ The following fields are available: Provides data on the installed Office Add-ins +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: -- **AddInCLSID** CLSID key for the office addin +- **AddinCLSID** The CLSID for the Office addin - **AddInId** Office addin ID +- **AddinType** The type of the Office addin. - **BinFileTimestamp** Timestamp of the Office addin - **BinFileVersion** Version of the Office addin - **Description** Office addin description - **FileId** FileId of the Office addin +- **FileSize** File size of the Office addin - **FriendlyName** Friendly name for office addin - **FullPath** Unexpanded path to the office addin - **LoadBehavior** Uint32 that describes the load behavior -- **LoadTime** Load time for the office addin - **OfficeApplication** The office application for this addin - **OfficeArchitecture** Architecture of the addin - **OfficeVersion** The office version for this addin - **OutlookCrashingAddin** Boolean that indicates if crashes have been found for this addin +- **ProductCompany** The name of the company associated with the Office addin +- **ProductName** The product name associated with the Office addin +- **ProductVersion** The version associated with the Office addin +- **ProgramId** The unique program identifier of the Office addin - **Provider** Name of the provider for this addin +- **AddInCLSID** CLSID key for the office addin +- **LoadTime** Load time for the office addin +- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove Indicates that this particular data object represented by the objectInstanceId is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInStartSync This event indicates that a new sync is being generated for this object type. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIdentifiersAdd + +Provides data on the Office identifiers + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. +- **OAudienceData** Sub-identifier for Microsoft Office release management, identifying the pilot group for a device +- **OAudienceId** Microsoft Office identifier for Microsoft Office release management, identifying the pilot group for a device +- **OMID** Identifier for the Office SQM Machine +- **OPlatform** Whether the installed Microsoft Office product is 32-bit or 64-bit +- **OTenantId** Unique GUID representing the Microsoft O365 Tenant +- **OVersion** Installed version of Microsoft Office. For example, 16.0.8602.1000 +- **OWowMID** Legacy Microsoft Office telemetry identifier (SQM Machine ID) for WoW systems (32-bit Microsoft Office on 64-bit Windows) + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIdentifiersStartSync + +Diagnostic event to indicate a new sync is being generated for this object type. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIESettingsAdd -This event includes the Office-related Internet Explorer features +Office-related Internet Explorer features + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: +- **InventoryVersion** The version of the inventory binary generating the events. - **OIeFeatureAddon** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_ADDON_MANAGEMENT feature lets applications hosting the WebBrowser Control to respect add-on management selections made using the Add-on Manager feature of Internet Explorer. Add-ons disabled by the user or by administrative group policy will also be disabled in applications that enable this feature. - **OIeMachineLockdown** Flag indicating which Microsoft Office products have this setting enabled. When the FEATURE_LOCALMACHINE_LOCKDOWN feature is enabled, Internet Explorer applies security restrictions on content loaded from the user's local machine, which helps prevent malicious behavior involving local files. - **OIeMimeHandling** Flag indicating which Microsoft Office products have this setting enabled. When the FEATURE_MIME_HANDLING feature control is enabled, Internet Explorer handles MIME types more securely. Only applies to Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2) @@ -2847,62 +3211,55 @@ The following fields are available: Diagnostic event to indicate a new sync is being generated for this object type. - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIdentifiersAdd - -This event provides data on the Office identifiers +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: -- **OAudienceData** Sub-identifier for Microsoft Office release management, identifying the pilot group for a device -- **OAudienceId** Microsoft Office identifier for Microsoft Office release management, identifying the pilot group for a device -- **OMID** Identifier for the Office SQM Machine -- **OPlatform** Whether the installed Microsoft Office product is 32-bit or 64-bit -- **OTenantId** Unique GUID representing the Microsoft O365 Tenant -- **OVersion** Installed version of Microsoft Office. For example, 16.0.8602.1000 -- **OWowMID** Legacy Microsoft Office telemetry identifier (SQM Machine ID) for WoW systems (32-bit Microsoft Office on 64-bit Windows) - - -### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIdentifiersStartSync - -Diagnostic event to indicate a new sync is being generated for this object type. - +- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsAdd This event provides insight data on the installed Office products +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **OfficeApplication** The name of the Office application. - **OfficeArchitecture** The bitness of the Office application. - **OfficeVersion** The version of the Office application. -- **Value** The insights collected about this entity. +- **Value** The insights collected about this entity. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsRemove Indicates that this particular data object represented by the objectInstanceId is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsStartSync This diagnostic event indicates that a new sync is being generated for this object type. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeProductsAdd -This event list all installed Office products +Describes Office Products installed + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: +- **InventoryVersion** The version of the inventory binary generating the events. - **OC2rApps** A GUID the describes the Office Click-To-Run apps -- **OC2rSkus** Comma-delimited list (CSV) of Office Click-To-Run products installed on the device. For example, Office 2016 ProPlus -- **OMsiApps** Comma-delimited list (CSV) of Office MSI products installed on the device. For example, Microsoft Word +- **OC2rSkus** Comma-delimited list (CSV) of Office Click-To-Run products installed on the device. For example, Office 2016 ProPlus +- **OMsiApps** Comma-delimited list (CSV) of Office MSI products installed on the device. For example, Microsoft Word - **OProductCodes** A GUID that describes the Office MSI products @@ -2910,29 +3267,44 @@ The following fields are available: Diagnostic event to indicate a new sync is being generated for this object type. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeSettingsAdd This event describes various Office settings +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **BrowserFlags** Browser flags for Office-related products - **ExchangeProviderFlags** Provider policies for Office Exchange - **SharedComputerLicensing** Office shared computer licensing policies +- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeSettingsStartSync Diagnostic event to indicate a new sync is being generated for this object type. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBAAdd This event provides a summary rollup count of conditions encountered while performing a local scan of Office files, analyzing for known VBA programmability compatibility issues between legacy office version and ProPlus, and between 32 and 64-bit versions +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **Design** Count of files with design issues found @@ -2962,12 +3334,16 @@ The following fields are available: Indicates that this particular data object represented by the objectInstanceId is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARuleViolationsAdd This event provides data on Microsoft Office VBA rule violations, including a rollup count per violation type, giving an indication of remediation requirements for an organization. The event identifier is a unique GUID, associated with the validation rule +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **Count** Count of total Microsoft Office VBA rule violations @@ -2977,24 +3353,35 @@ The following fields are available: Indicates that this particular data object represented by the objectInstanceId is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARuleViolationsStartSync This event indicates that a new sync is being generated for this object type. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBAStartSync Diagnostic event to indicate a new sync is being generated for this object type. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd Provides data on Unified Update Platform (UUP) products and what version they are at. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **Identifier** UUP identifier @@ -3008,12 +3395,16 @@ The following fields are available: Indicates that this particular data object represented by the objectInstanceId is no longer present. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoStartSync Diagnostic event to indicate a new sync is being generated for this object type. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + ### Microsoft.Windows.Inventory.Indicators.Checksum @@ -3030,6 +3421,8 @@ The following fields are available: These events represent the basic metadata about the OS indicators installed on the system which are used for keeping the device up-to-date. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **IndicatorValue** The indicator value @@ -3039,15 +3432,1131 @@ The following fields are available: This event is a counterpart to InventoryMiscellaneousUexIndicatorAdd that indicates that the item has been removed. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + ### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorStartSync This event indicates that a new set of InventoryMiscellaneousUexIndicatorAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). -## Microsoft Store events + +## Kernel events + +### Microsoft.Windows.Kernel.BootEnvironment.OsLaunch + +OS Boot information used to evaluate the success of the upgrade process. + +The following fields are available: + +- **BootApplicationId** No content is currently available. +- **BootAttemptCount** No content is currently available. +- **BootSequence** No content is currently available. +- **BootStatusPolicy** No content is currently available. +- **BootType** No content is currently available. +- **EventTimestamp** No content is currently available. +- **FirmwareResetReasonEmbeddedController** No content is currently available. +- **FirmwareResetReasonEmbeddedControllerAdditional** No content is currently available. +- **FirmwareResetReasonPch** No content is currently available. +- **FirmwareResetReasonPchAdditional** No content is currently available. +- **FirmwareResetReasonSupplied** No content is currently available. +- **IO** No content is currently available. See [IO](#io). +- **LastBootSucceeded** No content is currently available. +- **LastShutdownSucceeded** No content is currently available. +- **MenuPolicy** No content is currently available. +- **RecoveryEnabled** No content is currently available. +- **UserInputTime** No content is currently available. +- **MaxAbove4GbFreeRange** No content is currently available. +- **MaxBelow4GbFreeRange** No content is currently available. +- **MeasuredLaunchPrepared** No content is currently available. +- **SecureLaunchPrepared** No content is currently available. + + +### Microsoft.Windows.Kernel.Power.OSStateChange + +This event indicates an OS state change. + +The following fields are available: + +- **AcPowerOnline** If "TRUE," the device is using AC power. If "FALSE," the device is using battery power. +- **ActualTransitions** The number of transitions between operating system states since the last system boot +- **BatteryCapacity** Maximum battery capacity in mWh +- **BatteryCharge** Current battery charge as a percentage of total capacity +- **BatteryDischarging** Flag indicating whether the battery is discharging or charging +- **BootId** Total boot count since the operating system was installed +- **BootTimeUTC** Date and time of a particular boot event (identified by BootId) +- **EnergyChangeV2** A snapshot value in mWh reflecting a change in power usage +- **EnergyChangeV2Flags** Flags for disambiguating EnergyChangeV2 context +- **EventSequence** Indicates the sequence order for this event instance, relative to previous instances of OSStateChange events that have occurred since boot +- **LastStateTransition** ID of the last operating system state transition +- **LastStateTransitionSub** ID of the last operating system sub-state transition +- **StateDurationMS** Number of milliseconds spent in the last operating system state +- **StateTransition** ID of the operating system state the system is transitioning to +- **StateTransitionSub** ID of the operating system sub-state the system is transitioning to +- **TotalDurationMS** Total time (in milliseconds) spent in all states since the last boot +- **TotalUptimeMS** Total time (in milliseconds) the device was in Up or Running states since the last boot +- **TransitionsToOn** Number of transitions to the Powered On state since the last boot +- **UptimeDeltaMS** Total time (in milliseconds) added to Uptime since the last event + + +## Privacy consent logging events + +### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted + +This event is used to determine whether the user successfully completed the privacy consent experience. + +The following fields are available: + +- **presentationVersion** Which display version of the privacy consent experience the user completed +- **privacyConsentState** The current state of the privacy consent experience +- **settingsVersion** Which setting version of the privacy consent experience the user completed +- **userOobeExitReason** The exit reason of the privacy consent experience + + +### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentStatus + +Event tells us effectiveness of new privacy experience. + +The following fields are available: + +- **isAdmin** Whether the current user is an administrator or not +- **isSilentElevation** Whether the current user has enabled silent elevation +- **privacyConsentState** The current state of the privacy consent experience +- **isLaunching** Whether or not the privacy consent experience will be launched +- **userRegionCode** The current user's region setting + + +## Sediment events + +### Microsoft.Windows.Sediment.OSRSS.UrlState + +Event indicating the state OSRSS service is in while attempting a download from the URL. + +The following fields are available: + +- **Id** A number identifying the URL. +- **ServiceVersionMajor** Version information for the component. +- **ServiceVersionMinor** Version information for the component. +- **StateData** State-specific data, such as the attempt number for the download. +- **StateNumber** A number identifying the current state of the URL (for example, found, downloading, extracted). +- **Time** System timestamp when the event was started. + + +## Setup events + +### SetupPlatformTel.SetupPlatformTelEvent + +This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios. + +The following fields are available: + +- **FieldName** Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc. +- **GroupName** Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc. +- **Value** Retrieves the value associated with the corresponding event name (Field Name). For example: For time related events this will include the system time. + + +## Shared PC events + +### Microsoft.Windows.SharedPC.AccountManager.DeleteUserAccount + +Activity for deletion of a user account for devices set up for Shared PC mode as part of the Transient Account Manager to help keep Windows up to date. Deleting un-used user accounts on Education/Shared PCs frees up disk space to improve Windows Update success rates. + +The following fields are available: + +- **wilActivity** Windows Error Reporting data collected when there is a failure in deleting a user account with the Transient Account Manager. See [wilActivity](#wilactivity). +- **accountType** The type of account that was deleted. Example: AD, AAD, or Local +- **deleteState** Whether the attempted deletion of the user account was successful. +- **userSid** The security identifier of the account. + + +### Microsoft.Windows.SharedPC.AccountManager.SinglePolicyEvaluation + +Activity for run of the Transient Account Manager that determines if any user accounts should be deleted for devices set up for Shared PC mode to help keep Windows up to date. Deleting unused user accounts on shared devices frees up disk space to improve Windows Update success rates + +The following fields are available: + +- **totalAccountCount** The number of accounts on a device after running the Transient Account Manager policies. +- **wilActivity** Windows Error Reporting data collected when there is a failure in evaluating accounts to be deleted with the Transient Account Manager. See [wilActivity](#wilactivity). +- **evaluationTrigger** When was the Transient Account Manager policies ran? Example: At log off or during maintenance hours + + +## SIH events + +### SIHEngineTelemetry.EvalApplicability + +This event is sent when targeting logic is evaluated to determine if a device is eligible for a given action. + +The following fields are available: + +- **CachedEngineVersion** The engine DLL version that is being used. +- **EventInstanceID** A unique identifier for event instance. +- **EventScenario** Indicates the purpose of sending this event – whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. +- **IsExecutingAction** If the action is presently being executed. +- **ServiceGuid** A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Windows Store, etc.) +- **SihclientVersion** The client version that is being used. +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **UpdateID** A unique identifier for the action being acted upon. +- **WuapiVersion** The Windows Update API version that is currently installed. +- **WuaucltVersion** The Windows Update client version that is currently installed. +- **WuauengVersion** The Windows Update engine version that is currently installed. +- **WUDeviceID** The unique identifier controlled by the software distribution client. +- **ActionReasons** If an action has been assessed as inapplicable, the additional logic prevented it. +- **AdditionalReasons** If an action has been assessed as inapplicable, the additional logic prevented it. +- **HandlerReasons** If an action has been assessed as inapplicable, the installer technology-specific logic prevented it. +- **StandardReasons** If an action has been assessed as inapplicable, the standard logic the prevented it. + + +### SIHEngineTelemetry.SLSActionData + +This event reports if the SIH client was able to successfully parse the manifest describing the actions to be evaluated. + +The following fields are available: + +- **CachedEngineVersion** The engine DLL version that is being used. +- **EventInstanceID** A unique identifier for event instance. +- **EventScenario** Indicates the purpose of sending this event – whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. +- **ServiceGuid** A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Windows Store, etc.) +- **SihclientVersion** The client version that is being used. +- **WuapiVersion** The Windows Update API version that is currently installed. +- **WuaucltVersion** The Windows Update client version that is currently installed. +- **WuauengVersion** The Windows Update engine version that is currently installed. +- **WUDeviceID** The unique identifier controlled by the software distribution client. +- **FailedParseActions** The list of actions that were not successfully parsed. +- **ParsedActions** The list of actions that were successfully parsed. + + +## Software update events + +### SoftwareUpdateClientTelemetry.CheckForUpdates + +Scan process event on Windows Update client (see eventscenario field for specifics, e.g.: started/failed/succeeded) + +The following fields are available: + +- **ActivityMatchingId** Contains a unique ID identifying a single CheckForUpdates session from initialization to completion. +- **AllowCachedResults** Indicates if the scan allowed using cached results. +- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. +- **CurrentMobileOperator** The mobile operator the device is currently connected to. +- **DriverSyncPassPerformed** Were drivers scanned this time? +- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. +- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough. +- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. +- **FlightBranch** The branch that a device is on if participating in flighting (pre-release builds). +- **FlightRing** The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds). +- **HomeMobileOperator** The mobile operator that the device was originally intended to work with. +- **IPVersion** Indicates whether the download took place over IPv4 or IPv6 +- **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. +- **MetadataIntegrityMode** The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce +- **NumberOfApplicationsCategoryScanEvaluated** The number of categories (apps) for which an app update scan checked +- **NumberOfLoop** The number of round trips the scan required +- **NumberOfNewUpdatesFromServiceSync** The number of updates which were seen for the first time in this scan +- **NumberOfUpdatesEvaluated** The total number of updates which were evaluated as a part of the scan +- **NumFailedMetadataSignatures** The number of metadata signatures checks which failed for new metadata synced down. +- **Online** Indicates if this was an online scan. +- **PhonePreviewEnabled** Indicates whether a phone was getting preview build, prior to flighting (pre-release builds) being introduced. +- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided. +- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. +- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one +- **ScanDurationInSeconds** The number of seconds a scan took +- **ScanEnqueueTime** The number of seconds it took to initialize a scan +- **ServiceGuid** An ID which represents which service the software distribution client is checking for content (Windows Update, Windows Store, etc.). +- **ServiceUrl** The environment URL a device is configured to scan with +- **ShippingMobileOperator** The mobile operator that a device shipped on. +- **StatusCode** Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult). +- **SyncType** Describes the type of scan the event was +- **TotalNumMetadataSignatures** The total number of metadata signatures checks done for new metadata that was synced down. +- **BiosFamily** The family of the BIOS (Basic Input Output System). +- **BiosName** The name of the device BIOS. +- **BiosReleaseDate** The release date of the device BIOS. +- **BiosSKUNumber** The sku number of the device BIOS. +- **BIOSVendor** The vendor of the BIOS. +- **BiosVersion** The version of the BIOS. +- **CapabilityDetectoidGuid** The GUID for a hardware applicability detectoid that could not be evaluated. +- **CDNCountryCode** Two letter country abbreviation for the CDN's location. +- **CDNId** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. +- **ClientVersion** The version number of the software distribution client. +- **DeviceModel** What is the device model. +- **DriverError** The error code hit during a driver scan. This is 0 if no error was encountered. +- **EventInstanceID** A globally unique identifier for event instance. +- **ExtendedMetadataCabUrl** Hostname that is used to download an update. +- **FailedUpdateGuids** The GUIDs for the updates that failed to be evaluated during the scan. +- **FailedUpdatesCount** The number of updates that failed to be evaluated during the scan. +- **IntentPFNs** Intended application-set metadata for atomic update scenarios. +- **MSIError** The last error that was encountered during a scan for updates. +- **NetworkConnectivityDetected** Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6 +- **SystemBIOSMajorRelease** Major version of the BIOS. +- **SystemBIOSMinorRelease** Minor version of the BIOS. +- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. +- **TargetMetadataVersion** For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null. +- **IsWUfBFederatedScanDisabled** Indicates if Windows Update for Business federated scan is disabled on the device. +- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable +- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null. +- **Context** Gives context on where the error has occurred. Example: AutoEnable, GetSLSData, AddService, Misc, or Unknown +- **NumberOfApplicableUpdates** The number of updates which were ultimately deemed applicable to the system after the detection process is complete +- **WebServiceRetryMethods** Web service method requests that needed to be retried to complete operation. +- **BranchReadinessLevel** The servicing branch configured on the device. +- **DeferralPolicySources** Sources for any update deferral policies defined (GPO = 0x10, MDM = 0x100, Flight = 0x1000, UX = 0x10000). +- **DeferredUpdates** Update IDs which are currently being deferred until a later time +- **DriverExclusionPolicy** Indicates if the policy for not including drivers with Windows Update is enabled. +- **FeatureUpdateDeferral** The deferral period configured for feature OS updates on the device (in days). +- **FeatureUpdatePausePeriod** The pause duration configured for feature OS updates on the device (in days). +- **PausedUpdates** A list of UpdateIds which that currently being paused. +- **PauseFeatureUpdatesEndTime** If feature OS updates are paused on the device, this is the date and time for the end of the pause time window. +- **PauseFeatureUpdatesStartTime** If feature OS updates are paused on the device, this is the date and time for the beginning of the pause time window. +- **PauseQualityUpdatesEndTime** If quality OS updates are paused on the device, this is the date and time for the end of the pause time window. +- **PauseQualityUpdatesStartTime** If quality OS updates are paused on the device, this is the date and time for the beginning of the pause time window. +- **QualityUpdateDeferral** The deferral period configured for quality OS updates on the device (in days). +- **QualityUpdatePausePeriod** The pause duration configured for quality OS updates on the device (in days). + + +### SoftwareUpdateClientTelemetry.Commit + +This event tracks the commit process post the update installation when software update client is trying to update the device. + +The following fields are available: + +- **BiosFamily** Device family as defined in the system BIOS +- **BiosName** Name of the system BIOS +- **BiosReleaseDate** Release date of the system BIOS +- **BiosSKUNumber** Device SKU as defined in the system BIOS +- **BIOSVendor** Vendor of the system BIOS +- **BiosVersion** Version of the system BIOS +- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleRevisionNumber** Identifies the revision number of the content bundle +- **CallerApplicationName** Name provided by the caller who initiated API calls into the software distribution client +- **ClientVersion** Version number of the software distribution client +- **DeviceModel** Device model as defined in the system bios +- **EventInstanceID** A globally unique identifier for event instance +- **EventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc. +- **EventType** Possible values are "Child", "Bundle", "Relase" or "Driver". +- **FlightId** The specific id of the flight the device is getting +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.) +- **RevisionNumber** Identifies the revision number of this specific piece of content +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc) +- **SystemBIOSMajorRelease** Major release version of the system bios +- **SystemBIOSMinorRelease** Minor release version of the system bios +- **UpdateId** Identifier associated with the specific piece of content +- **WUDeviceID** Unique device id controlled by the software distribution client + + +### SoftwareUpdateClientTelemetry.Download + +Download process event for target update on Windows Update client (see eventscenario field for specifics, e.g.: started/failed/succeeded) + +The following fields are available: + +- **ActiveDownloadTime** How long the download took, in seconds, excluding time where the update wasn't actively being downloaded. +- **AppXBlockHashValidationFailureCount** A count of the number of blocks that have failed validation after being downloaded. +- **AppXDownloadScope** Indicates the scope of the download for application content. For streaming install scenarios, AllContent - non-streaming download, RequiredOnly - streaming download requested content required for launch, AutomaticOnly - streaming download requested automatic streams for the app, and Unknown - for events sent before download scope is determined by the Windows Update client. +- **BiosFamily** The family of the BIOS (Basic Input Output System). +- **BiosName** The name of the device BIOS. +- **BiosReleaseDate** The release date of the device BIOS. +- **BiosSKUNumber** The sku number of the device BIOS. +- **BIOSVendor** The vendor of the BIOS. +- **BiosVersion** The version of the BIOS. +- **BundleBytesDownloaded** How many bytes were downloaded for the specific content bundle. +- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleRepeatFailFlag** Indicates whether this particular update bundle had previously failed to download. +- **BundleRevisionNumber** Identifies the revision number of the content bundle. +- **BytesDownloaded** How many bytes were downloaded for an individual piece of content (not the entire bundle). +- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. +- **CbsDownloadMethod** Indicates whether the download was a full-file download or a partial/delta download. +- **CDNCountryCode** Two letter country abbreviation for the CDN's location. +- **CDNId** ID which defines which CDN the software distribution client downloaded the content from. +- **ClientVersion** The version number of the software distribution client. +- **CurrentMobileOperator** The mobile operator the device is currently connected to. +- **DeviceModel** What is the device model. +- **DownloadPriority** Indicates whether a download happened at background, normal, or foreground priority. +- **EventInstanceID** A globally unique identifier for event instance. +- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started downloading content, or whether it was cancelled, succeeded, or failed. +- **EventType** Possible values are Child, Bundle, or Driver. +- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough. +- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. +- **FlightBranch** The branch that a device is on if participating in flighting (pre-release builds). +- **FlightBuildNumber** If this download was for a flight (pre-release build), this indicates the build number of that flight. +- **FlightId** The specific id of the flight (pre-release build) the device is getting. +- **FlightRing** The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds). +- **HandlerType** Indicates what kind of content is being downloaded (app, driver, windows patch, etc.). +- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device. +- **HomeMobileOperator** The mobile operator that the device was originally intended to work with. +- **HostName** The hostname URL the content is downloading from. +- **IPVersion** Indicates whether the download took place over IPv4 or IPv6. +- **IsDependentSet** Indicates whether a driver is a part of a larger System Hardware/Firmware Update +- **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. +- **NetworkCostBitMask** Indicates what kind of network the device is connected to (roaming, metered, over data cap, etc.) +- **NetworkRestrictionStatus** More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered." +- **PackageFullName** The package name of the content. +- **PhonePreviewEnabled** Indicates whether a phone was opted-in to getting preview builds, prior to flighting (pre-release builds) being introduced. +- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided. +- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. +- **RegulationReason** The reason that the update is regulated +- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one +- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download. +- **RevisionNumber** Identifies the revision number of this specific piece of content. +- **ServiceGuid** An ID which represents which service the software distribution client is installing content for (Windows Update, Windows Store, etc.). +- **Setup360Phase** If the download is for an operating system upgrade, this datapoint indicates which phase of the upgrade is underway. +- **ShippingMobileOperator** The mobile operator that a device shipped on. +- **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult). +- **SystemBIOSMajorRelease** Major version of the BIOS. +- **SystemBIOSMinorRelease** Minor version of the BIOS. +- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. +- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. +- **ThrottlingServiceHResult** Result code (success/failure) while contacting a web service to determine whether this device should download content yet. +- **TimeToEstablishConnection** Time (in ms) it took to establish the connection prior to beginning downloaded. +- **TotalExpectedBytes** The total count of bytes that the download is expected to be. +- **UpdateId** An identifier associated with the specific piece of content. +- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional. +- **UsedDO** Whether the download used the delivery optimization service. +- **UsedSystemVolume** Indicates whether the content was downloaded to the device's main system storage drive, or an alternate storage drive. +- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. +- **DownloadScenarioId** A unique ID for a given download used to tie together WU and DO events. + + +### SoftwareUpdateClientTelemetry.DownloadCheckpoint + +This event provides a checkpoint between each of the Windows Update download phases for UUP content + +The following fields are available: + +- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client +- **ClientVersion** The version number of the software distribution client +- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed +- **EventType** Possible values are "Child", "Bundle", "Relase" or "Driver" +- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough +- **FileId** A hash that uniquely identifies a file +- **FileName** Name of the downloaded file +- **FlightId** The unique identifier for each flight +- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one +- **RevisionNumber** Unique revision number of Update +- **ServiceGuid** An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.) +- **StatusCode** Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult) +- **UpdateId** Unique Update ID +- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue + + +### SoftwareUpdateClientTelemetry.DownloadHeartbeat + +This event allows tracking of ongoing downloads and contains data to explain the current state of the download + +The following fields are available: + +- **BytesTotal** Total bytes to transfer for this content +- **BytesTransferred** Total bytes transferred for this content at the time of heartbeat +- **CallerApplicationName** Name provided by the caller who initiated API calls into the software distribution client +- **ClientVersion** The version number of the software distribution client +- **ConnectionStatus** Indicates the connectivity state of the device at the time of heartbeat +- **CurrentError** Last (transient) error encountered by the active download +- **DownloadFlags** Flags indicating if power state is ignored +- **DownloadState** Current state of the active download for this content (queued, suspended, or progressing) +- **EventType** Possible values are "Child", "Bundle", or "Driver" +- **FlightId** The unique identifier for each flight +- **IsNetworkMetered** Indicates whether Windows considered the current network to be ?metered" +- **MOAppDownloadLimit** Mobile operator cap on size of application downloads, if any +- **MOUpdateDownloadLimit** Mobile operator cap on size of operating system update downloads, if any +- **PowerState** Indicates the power state of the device at the time of heartbeart (DC, AC, Battery Saver, or Connected Standby) +- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one +- **ResumeCount** Number of times this active download has resumed from a suspended state +- **RevisionNumber** Identifies the revision number of this specific piece of content +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc) +- **SuspendCount** Number of times this active download has entered a suspended state +- **SuspendReason** Last reason for why this active download entered a suspended state +- **UpdateId** Identifier associated with the specific piece of content +- **WUDeviceID** Unique device id controlled by the software distribution client + + +### SoftwareUpdateClientTelemetry.Install + +This event sends tracking data about the software distribution client installation of the content for that update, to help keep Windows up to date. + +The following fields are available: + +- **BiosFamily** The family of the BIOS (Basic Input Output System). +- **BiosName** The name of the device BIOS. +- **BiosReleaseDate** The release date of the device BIOS. +- **BiosSKUNumber** The sku number of the device BIOS. +- **BIOSVendor** The vendor of the BIOS. +- **BiosVersion** The version of the BIOS. +- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleRepeatFailFlag** Has this particular update bundle previously failed to install? +- **BundleRevisionNumber** Identifies the revision number of the content bundle. +- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. +- **ClientVersion** The version number of the software distribution client. +- **CSIErrorType** The stage of CBS installation where it failed. +- **CurrentMobileOperator** Mobile operator that device is currently connected to. +- **DeviceModel** What is the device model. +- **DriverPingBack** Contains information about the previous driver and system state. +- **EventInstanceID** A globally unique identifier for event instance. +- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. +- **EventType** Possible values are Child, Bundle, or Driver. +- **ExtendedErrorCode** The extended error code. +- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough. +- **FeatureUpdatePause** Are feature OS updates paused on the device? +- **FlightBranch** The branch that a device is on if participating in the Windows Insider Program. +- **FlightBuildNumber** If this installation was for a Windows Insider build, this is the build number of that build. +- **FlightId** The specific ID of the Windows Insider build the device is getting. +- **FlightRing** The ring that a device is on if participating in the Windows Insider Program. +- **HandlerType** Indicates what kind of content is being installed. Example: app, driver, Windows update +- **HardwareId** If this install was for a driver targeted to a particular device model, this ID indicates the model of the device. +- **HomeMobileOperator** The mobile operator that the device was originally intended to work with. +- **IntentPFNs** Intended application-set metadata for atomic update scenarios. +- **IsDependentSet** Is the driver part of a larger System Hardware/Firmware update? +- **IsFinalOutcomeEvent** Does this event signal the end of the update/upgrade process? +- **IsFirmware** Is this update a firmware update? +- **IsSuccessFailurePostReboot** Did it succeed and then fail after a restart? +- **IsWUfBDualScanEnabled** Is Windows Update for Business dual scan enabled on the device? +- **IsWUfBEnabled** Is Windows Update for Business enabled on the device? +- **MergedUpdate** Was the OS update and a BSP update merged for installation? +- **MsiAction** The stage of MSI installation where it failed. +- **MsiProductCode** The unique identifier of the MSI installer. +- **PackageFullName** The package name of the content being installed. +- **PhonePreviewEnabled** Indicates whether a phone was getting preview build, prior to flighting being introduced. +- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided. +- **QualityUpdatePause** Are quality OS updates paused on the device? +- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one +- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to install. +- **RevisionNumber** The revision number of this specific piece of content. +- **ServiceGuid** An ID which represents which service the software distribution client is installing content for (Windows Update, Windows Store, etc.). +- **Setup360Phase** If the install is for an operating system upgrade, indicates which phase of the upgrade is underway. +- **ShippingMobileOperator** The mobile operator that a device shipped on. +- **StatusCode** Indicates the result of an installation event (success, cancellation, failure code HResult). +- **SystemBIOSMajorRelease** Major version of the BIOS. +- **SystemBIOSMinorRelease** Minor version of the BIOS. +- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. +- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. +- **TransactionCode** The ID which represents a given MSI installation +- **UpdateId** Unique update ID +- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional. +- **UsedSystemVolume** Indicates whether the content was downloaded and then installed from the device's main system storage drive, or an alternate storage drive. +- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. + + +### SoftwareUpdateClientTelemetry.UpdateDetected + +This event sends data about an AppX app that has been updated from the Microsoft Store, including what app needs an update and what version/architecture is required, in order to understand and address problems with apps getting required updates. + +The following fields are available: + +- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable +- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client +- **IntentPFNs** Intended application-set metadata for atomic update scenarios. +- **NumberOfApplicableUpdates** The number of updates which were ultimately deemed applicable to the system after the detection process is complete +- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one +- **ServiceGuid** An ID which represents which service the software distribution client is connecting to (Windows Update, Windows Store, etc.) +- **WUDeviceID** The unique device ID controlled by the software distribution client + + +### SoftwareUpdateClientTelemetry.UpdateMetadataIntegrity + +Ensures Windows Updates are secure and complete. Event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. + +The following fields are available: + +- **EndpointUrl** The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments. +- **EventScenario** The purpose of this event, such as scan started, scan succeeded, or scan failed. +- **ExtendedStatusCode** The secondary status code of the event. +- **LeafCertId** Integral ID from the FragmentSigning data for certificate that failed. +- **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. +- **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce +- **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable. +- **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable. +- **ServiceGuid** Identifies the service to which the software distribution client is connected, Example: Windows Update or Windows Store +- **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate. +- **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast +- **StatusCode** The status code of the event. +- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request. +- **SHA256OfTimestampToken** A base64-encoded string of hash of the timestamp token blob. +- **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token. +- **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed. +- **ValidityWindowInDays** The validity window that's in effect when verifying the timestamp. +- **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID). +- **RevisionId** The revision ID for a specific piece of content. +- **RevisionNumber** The revision number for a specific piece of content. +- **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate. +- **SignatureAlgorithm** The hash algorithm for the metadata signature. +- **UpdateId** The update ID for a specific piece of content. + + +## Update events + +### Update360Telemetry.UpdateAgentCommit + +This event collects information regarding the commit phase of the new UUP (Unified Update Platform) update scenario, which is leveraged by both Mobile and Desktop. + +The following fields are available: + +- **ErrorCode** The error code returned for the current install phase. +- **FlightId** Unique ID for each flight. +- **ObjectId** Unique value for each Update Agent mode. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **Result** Outcome of the install phase of the update. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each update. + + +### Update360Telemetry.UpdateAgentDownloadRequest + +The UpdateAgent_DownloadRequest event sends data for the download request phase of updating Windows via the new UUP (Unified Update Platform) scenario. Applicable to PC and Mobile. + +The following fields are available: + +- **DeletedCorruptFiles** Boolean indicating whether corrupt payload was deleted. +- **ErrorCode** The error code returned for the current download request phase. +- **FlightId** Unique ID for each flight. +- **ObjectId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360) +- **PackageCountOptional** Number of optional packages requested. +- **PackageCountRequired** Number of required packages requested. +- **PackageCountTotal** Total number of packages needed. +- **PackageCountTotalCanonical** Total number of canonical packages. +- **PackageCountTotalDiff** Total number of diff packages. +- **PackageCountTotalExpress** Total number of express packages. +- **PackageSizeCanonical** Size of canonical packages in bytes. +- **PackageSizeDiff** Size of diff packages in bytes. +- **PackageSizeExpress** Size of express packages in bytes. +- **RangeRequestState** Indicates the range request type used. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **Result** Outcome of the download request phase of update. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each attempt (same value for initialize, download, install commit phases) +- **UpdateId** Unique ID for each update. +- **DownloadRequests** No content is currently available. +- **ExtensionName** No content is currently available. +- **InternalFailureResult** No content is currently available. +- **PackageExpressType** Type of express package. + + +### Update360Telemetry.UpdateAgentExpand + +This event collects information regarding the expansion phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. + +The following fields are available: + +- **ElapsedTickCount** Time taken for expand phase. +- **EndFreeSpace** Free space after expand phase. +- **EndSandboxSize** Sandbox size after expand phase. +- **ErrorCode** The error code returned for the current install phase. +- **FlightId** Unique ID for each flight. +- **ObjectId** Unique value for each Update Agent mode. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each update attempt. +- **StartFreeSpace** Free space before expand phase. +- **StartSandboxSize** Sandbox size after expand phase. +- **UpdateId** Unique ID for each update. + + +### Update360Telemetry.UpdateAgentFellBackToCanonical + +This event collects information when express could not be used and we fall back to canonical during the new UUP (Unified Update Platform) update scenario, which is leveraged by both Mobile and Desktop. + +The following fields are available: + +- **FlightId** Unique ID for each flight. +- **ObjectId** Unique value for each Update Agent mode. +- **PackageCount** Number of packages that feel back to canonical. +- **PackageList** PackageIds which fell back to canonical. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each update. + + +### Update360Telemetry.UpdateAgentInitialize + +The UpdateAgentInitialize event sends data for the initialize phase of updating Windows via the new UUP (Unified Update Platform) scenario. Applicable to both PCs and Mobile. + +The following fields are available: + +- **ErrorCode** The error code returned for the current install phase. +- **FlightId** Unique ID for each flight. +- **FlightMetadata** Contains the FlightId and the build being flighted. +- **ObjectId** Unique value for each Update Agent mode. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **Result** Outcome of the install phase of the update. +- **ScenarioId** Indicates the update scenario. +- **SessionData** String containing instructions to update agent for processing FODs and DUICs (Null for other scenarios). +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each update. + + +### Update360Telemetry.UpdateAgentInstall + +The UpdateAgentInstall event sends data for the install phase of updating Windows. + +The following fields are available: + +- **ErrorCode** The error code returned for the current install phase. +- **FlightId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360). +- **ObjectId** Correlation vector value generated from the latest USO scan. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **Result** The result for the current install phase. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each update. +- **ExtensionName** No content is currently available. +- **InternalFailureResult** No content is currently available. + + +### Update360Telemetry.UpdateAgentMerge + +The UpdateAgentMerge event sends data on the merge phase when updating Windows. + +The following fields are available: + +- **ErrorCode** The error code returned for the current merge phase. +- **FlightId** Unique ID for each flight. +- **ObjectId** Unique value for each Update Agent mode. +- **RelatedCV** Related correlation vector value. +- **Result** Outcome of the merge phase of the update. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each attempt. +- **UpdateId** Unique ID for each update. + + +### Update360Telemetry.UpdateAgentModeStart + +The UpdateAgentModeStart event sends data for the start of each mode during the process of updating Windows via the new UUP (Unified Update Platform) scenario. Applicable to both PCs and Mobile. + +The following fields are available: + +- **FlightId** Unique ID for each flight. +- **Mode** Indicates the mode that has started. +- **ObjectId** Unique value for each Update Agent mode. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each update. +- **Version** Version of update + + +### Update360Telemetry.UpdateAgentPostRebootResult + +This event collects information for both Mobile and Desktop regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario + +The following fields are available: + +- **ErrorCode** The error code returned for the current post reboot phase +- **FlightId** The unique identifier for each flight +- **ObjectId** Unique value for each Update Agent mode +- **PostRebootResult** Indicates the Hresult +- **RelatedCV** Correlation vector value generated from the latest USO scan +- **ScenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each update + + +### Update360Telemetry.UpdateAgentSetupBoxLaunch + +The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new UUP (Unified Update Plaform) scenario. This event is only applicable to PCs. + +The following fields are available: + +- **ContainsExpressPackage** Indicates whether the download package is express. +- **FlightId** Unique ID for each flight. +- **FreeSpace** Free space on OS partition. +- **InstallCount** Number of install attempts using the same sandbox. +- **ObjectId** Unique value for each Update Agent mode. +- **Quiet** Indicates whether setup is running in quiet mode. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **SandboxSize** Size of the sandbox. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each update attempt. +- **SetupMode** Mode of setup to be launched. +- **UpdateId** Unique ID for each Update. +- **UserSession** Indicates whether install was invoked by user actions. + + +## Update notification events + +### Microsoft.Windows.UpdateNotificationPipeline.JavascriptJavascriptCriticalGenericMessage + +Event to indicate that Javascript is reporting a schema and a set of values for critical telemetry. + +The following fields are available: + +- **CampaignConfigVersion** Config version of current campaign +- **CampaignID** Currently running campaign on UNP +- **ConfigCatalogVersion** Current catalog version of UNP +- **ContentVersion** Content version of the current campaign on UNP +- **CV** Correlation vector +- **DetectorVersion** Most recently run detector version for the current campaign on UNP +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user +- **key1** UI interaction data +- **key10** UI interaction data +- **key11** UI interaction data +- **key12** UI interaction data +- **key13** UI interaction data +- **key14** UI interaction data +- **key15** UI interaction data +- **key16** UI interaction data +- **key17** UI interaction data +- **key18** UI interaction data +- **key19** UI interaction data +- **key2** UI interaction data +- **key3** UI interaction data +- **key4** UI interaction data +- **key5** UI interaction data +- **key6** Current package version of UNP +- **key7** UI interaction type +- **key8** UI interaction type +- **key9** UI interaction type +- **PackageVersion** UI interaction type +- **schema** UI interaction type +- **key20** UI interaction data +- **key21** UI interaction data +- **key22** UI interaction data +- **key23** UI interaction data +- **key24** UI interaction data +- **key25** UI interaction data +- **key26** UI interaction data +- **key27** UI interaction data +- **key28** UI interaction data +- **key29** Interaction data for the UI +- **key30** UI interaction data + + +### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignHeartbeat + +This event is sent at the start of each campaign, to be used as a heartbeat + +The following fields are available: + +- **CampaignConfigVersion** Configuration version for the current campaign +- **CampaignID** Currently campaign that's running on UNP +- **ConfigCatalogVersion** Current catalog version of UNP +- **ContentVersion** Content version for the current campaign on UNP +- **CV** Correlation vector +- **DetectorVersion** Most recently run detector version for the current campaign on UNP +- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user +- **PackageVersion** Current UNP package version + + +### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignManagerCleaningCampaign + +This event indicates that the Campaign Manager is cleaning up the campaign content + +The following fields are available: + +- **CampaignConfigVersion** Configuration version for the current campaign +- **CampaignID** Current campaign that's running on UNP +- **ConfigCatalogVersion** Current catalog version of UNP +- **ContentVersion** Content version for the current campaign on UNP +- **CV** Correlation vector +- **DetectorVersion** Most recently run detector version for the current campaign on UNP +- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user +- **PackageVersion** Current UNP package version + + +### Microsoft.Windows.UpdateNotificationPipeline.UnpCampaignManagerGetIsCamppaignCompleteFailed + +This event is sent when a campaign completion status query fails + +The following fields are available: + +- **CampaignConfigVersion** Configuration version for the current campaign +- **CampaignID** Current campaign that's running on UNP +- **ConfigCatalogVersion** Current catalog version of UNP +- **ContentVersion** Content version for the current campaign on UNP +- **CV** Correlation vector +- **DetectorVersion** Most recently run detector version for the current campaign on UNP +- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user +- **hresult** HRESULT of the failure +- **PackageVersion** Current UNP package version + + +### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignManagerHeartbeat + +This event is sent at the start of the CampaignManager event and is intended to be used as a heartbeat + +The following fields are available: + +- **CampaignConfigVersion** Configuration version for the current campaign +- **CampaignID** Currently campaign that's running on UNP +- **ConfigCatalogVersion** Current catalog version of UNP +- **ContentVersion** Content version for the current campaign on UNP +- **CV** Correlation vector +- **DetectorVersion** Most recently run detector version for the current campaign on UNP +- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user +- **PackageVersion** Current UNP package version + + +### Microsoft.Windows.UpdateNotificationPipeline.UnpCampaignManagerRunCampaignFailed + +This event is sent when the Campaign Manager encounters an unexpected error while running the campaign + +The following fields are available: + +- **CampaignConfigVersion** Configuration version for the current campaign +- **CampaignID** Currently campaign that's running on UNP +- **ConfigCatalogVersion** Current catalog version of UNP +- **ContentVersion** Content version for the current campaign on UNP +- **CV** Correlation vector +- **DetectorVersion** Most recently run detector version for the current campaign on UNP +- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user +- **hresult** HRESULT of the failure +- **PackageVersion** Current UNP package version + + +## Upgrade events + +### Setup360Telemetry.Downlevel + +This event sends data indicating that the device has invoked the downlevel phase of the upgrade. It's used to help keep Windows up-to-date and secure. + +The following fields are available: + +- **ClientId** If using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but it can be overwritten by the caller to a unique value. +- **HostOSBuildNumber** The build number of the downlevel OS. +- **HostOsSkuName** The operating system edition which is running Setup360 instance (downlevel OS). +- **InstanceId** A unique GUID that identifies each instance of setuphost.exe. +- **ReportId** In the Windows Update scenario, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. +- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback +- **Setup360Result** The result of Setup360. It's an HRESULT error code that can be used to diagnose errors. +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT +- **SetupVersionBuildNumber** The build number of Setup360 (build number of the target OS). +- **State** Exit state of given Setup360 run. Example: succeeded, failed, blocked, cancelled +- **TestId** A string that uniquely identifies a group of events. +- **WuId** This is the Windows Update Client ID. In the Windows Update scenario, this is the same as the clientId. +- **FlightData** Unique value that identifies the flight. + + +### Setup360Telemetry.Finalize + +This event sends data indicating that the device has invoked the finalize phase of the upgrade, to help keep Windows up-to-date. + +The following fields are available: + +- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **HostOSBuildNumber** The build number of the previous OS. +- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). +- **InstanceId** A unique GUID that identifies each instance of setuphost.exe +- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. +- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback +- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT +- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled +- **TestId** A string to uniquely identify a group of events. +- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. +- **FlightData** Unique value that identifies the flight. + + +### Setup360Telemetry.OsUninstall + +The event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10. Specifically, the Setup360Telemetry.OSUninstall indicates the outcome of an OS uninstall. + +The following fields are available: + +- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** Unique value that identifies the flight. +- **HostOSBuildNumber** The build number of the previous OS. +- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous OS). +- **InstanceId** A unique GUID that identifies each instance of setuphost.exe. +- **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim. +- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback +- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT +- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). +- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled +- **TestId** A string to uniquely identify a group of events. +- **WuId** Windows Update client ID. + + +### Setup360Telemetry.PostRebootInstall + +This event sends data indicating that the device has invoked the postrebootinstall phase of the upgrade, to help keep Windows up-to-date. + +The following fields are available: + +- **ClientId** With Windows Update, this is the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but can be overwritten by the caller to a unique value. +- **HostOSBuildNumber** The build number of the previous OS. +- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). +- **InstanceId** A unique GUID that identifies each instance of setuphost.exe. +- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. +- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback +- **Setup360Result** The result of Setup360. This is an HRESULT error code that's used to diagnose errors. +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT +- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled +- **TestId** A string to uniquely identify a group of events. +- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as ClientId. +- **FlightData** Unique value that identifies the flight. + + +### Setup360Telemetry.PreDownloadQuiet + +This event sends data indicating that the device has invoked the predownload quiet phase of the upgrade, to help keep Windows up to date. + +The following fields are available: + +- **ClientId** Using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** Unique value that identifies the flight. +- **HostOSBuildNumber** The build number of the previous OS. +- **HostOsSkuName** The OS edition which is running Setup360 instance (previous operating system). +- **InstanceId** A unique GUID that identifies each instance of setuphost.exe +- **ReportId** Using Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. +- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback +- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT +- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled +- **TestId** A string to uniquely identify a group of events. +- **WuId** This is the Windows Update Client ID. Using Windows Update, this is the same as the clientId. + + +### Setup360Telemetry.PreDownloadUX + +This event sends data regarding OS Updates and Upgrades from Windows 7.X, Windows 8.X, Windows 10 and RS. Specifically the Setup360Telemetry.PredownloadUX indicates the outcome of the PredownloadUX portion of the update process + +The following fields are available: + +- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **HostOSBuildNumber** The build number of the previous operating system. +- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous operating system). +- **InstanceId** Unique GUID that identifies each instance of setuphost.exe. +- **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim. +- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback +- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors. +- **Setup360Scenario** The Setup360 flow type. Examplle: Boot, Media, Update, MCT +- **SetupVersionBuildNumber** The build number of Setup360 (build number of the target OS). +- **State** The exit state of the Setup360 run. Example: succeeded, failed, blocked, cancelled +- **TestId** A string to uniquely identify a group of events. +- **WuId** Windows Update client ID. +- **FlightData** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. + + +### Setup360Telemetry.PreInstallQuiet + +This event sends data indicating that the device has invoked the preinstall quiet phase of the upgrade, to help keep Windows up to date. + +The following fields are available: + +- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **HostOSBuildNumber** The build number of the previous OS. +- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). +- **InstanceId** A unique GUID that identifies each instance of setuphost.exe +- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. +- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback etc. +- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors. +- **Setup360Scenario** Setup360 flow type (Boot, Media, Update, MCT) +- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled +- **TestId** A string to uniquely identify a group of events. +- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. +- **FlightData** Unique value that identifies the flight. + + +### Setup360Telemetry.PreInstallUX + +This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10. Specifically, the Setup360Telemetry.PreinstallUX indicates the outcome of the PreinstallUX portion of the update process. + +The following fields are available: + +- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** Unique value that identifies the flight. +- **HostOSBuildNumber** The build number of the previous OS. +- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous OS). +- **InstanceId** A unique GUID that identifies each instance of setuphost.exe. +- **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim. +- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback +- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. +- **Setup360Scenario** The Setup360 flow type, Example: Boot, Media, Update, MCT +- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled +- **TestId** A string to uniquely identify a group of events. +- **WuId** Windows Update client ID. + + +### Setup360Telemetry.Setup360 + +This event sends data about OS deployment scenarios, to help keep Windows up-to-date. + +The following fields are available: + +- **FieldName** Retrieves the data point. +- **FlightData** Specifies a unique identifier for each group of Windows Insider builds. +- **InstanceId** Retrieves a unique identifier for each instance of a setup session. +- **ReportId** Retrieves the report ID. +- **ScenarioId** Retrieves the deployment scenario. +- **Value** Retrieves the value associated with the corresponding FieldName. +- **ClientId** Retrieves the upgrade ID: Upgrades via Windows Update - specifies the WU clientID. All other deployment - static string. + + +### Setup360Telemetry.UnexpectedEvent + +This event sends data indicating that the device has invoked the unexpected event phase of the upgrade, to help keep Windows up to date. + +The following fields are available: + +- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **HostOSBuildNumber** The build number of the previous OS. +- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). +- **InstanceId** A unique GUID that identifies each instance of setuphost.exe +- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. +- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback +- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors. +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT +- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled +- **TestId** A string to uniquely identify a group of events. +- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. +- **FlightData** Unique value that identifies the flight. + + +## Windows as a Service diagnostic events + +### Microsoft.Windows.WaaSMedic.SummaryEvent + +Result of the WaaSMedic operation. + +The following fields are available: + +- **detectionSummary** Result of each applicable detection that was ran. +- **featureAssessmentImpact** WaaS Assessment impact for feature updates. +- **hrEngineResult** Error code from the engine operation. +- **insufficientSessions** Device not eligible for diagnostics. +- **isManaged** Device is managed for updates. +- **isWUConnected** Device is connected to Windows Update. +- **noMoreActions** No more applicable diagnostics. +- **qualityAssessmentImpact** WaaS Assessment impact for quality updates. +- **remediationSummary** Result of each applicable resolution that was ran. +- **usingBackupFeatureAssessment** Relying on backup feature assessment. +- **usingBackupQualityAssessment** Relying on backup quality assessment. +- **versionString** Version of the WaaSMedic engine. +- **usingCachedFeatureAssessment** WaaS Medic run did not get OS build age from the network on the previous run. +- **usingCachedQualityAssessment** WaaS Medic run did not get OS revision age from the network on the previous run. + + +## Windows Error Reporting MTT events + +### Microsoft.Windows.WER.MTT.Denominator + +This event provides a denominator to calculate MTTF (mean-time-to-failure) for crashes and other errors to help keep Windows up to date. + +The following fields are available: + +- **UtcAggParams** These fields are not logged by the event - this datagrid entry is generated erroneously from build See [UtcAggParams](#utcaggparams). +- **UtcDiffpVal** These fields are not logged by the event - this datagrid entry is generated erroneously from build See [UtcDiffpVal](#utcdiffpval). +- **Value** Standard UTC emitted DP value structure See [Microsoft.Windows.WER.MTT.Value](#microsoftwindowswermttvalue). +- **DPRange** Maximum mean value range. +- **DPValue** No content is currently available. + + +## Windows Store events ### Microsoft.Windows.StoreAgent.Telemetry.AbortedInstallation @@ -3137,7 +4646,6 @@ The following fields are available: - **AggregatedPackageFullNames** Includes a set of package full names for each app that is part of an atomic set. - **AttemptNumber** The total number of attempts to acquire this product. -- **BundleId** The bundle ID - **CategoryId** The identity of the package or packages being installed. - **ClientAppId** The identity of the app that initiated this operation. - **HResult** HResult code to show the result of the operation (success/failure). @@ -3147,7 +4655,6 @@ The following fields are available: - **IsRemediation** Is this repairing a previous installation? - **IsRestore** Is this happening after a device restore? - **IsUpdate** Is this an update? -- **ParentBundleId** The parent bundle ID (if it's part of a bundle). - **PFN** Product Family Name of the product being installed. - **ProductId** The Store Product ID for the product being installed. - **SystemAttemptNumber** The number of attempts by the system to acquire this product. @@ -3308,11 +4815,11 @@ The FulfillmentComplete event is fired at the end of an app install or update. The following fields are available: -- **CatalogId** The CatalogId is the name of the product catalog from which this app was chosen. - **FailedRetry** Was the installation or update retry successful? - **HResult** The HResult code of the operation. - **PFN** The Package Family Name of the app that is being installed or updated. - **ProductId** The product ID of the app that is being updated or installed. +- **CatalogId** The CatalogId is the name of the product catalog from which this app was chosen. ### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate @@ -3321,9 +4828,9 @@ The FulfillmentInitiate event is fired at the start of an app install or update. The following fields are available: +- **CatalogId** The CatalogId is the name of the product catalog from which this app was chosen. - **PFN** The Package Family Name of the app that is being installed or updated. - **ProductId** The product ID of the app that is being updated or installed. -- **CatalogId** The CatalogId is the name of the product catalog from which this app was chosen. ### Microsoft.Windows.StoreAgent.Telemetry.InstallOperationRequest @@ -3426,1037 +4933,6 @@ The following fields are available: - **PFamN** The name of the product that is requested for update. -## Privacy consent logging events - -### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted - -This event is used to determine whether the user successfully completed the privacy consent experience. - -The following fields are available: - -- **presentationVersion** Which display version of the privacy consent experience the user completed -- **privacyConsentState** The current state of the privacy consent experience -- **settingsVersion** Which setting version of the privacy consent experience the user completed -- **userOobeExitReason** The exit reason of the privacy consent experience - - -### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentStatus - -Event tells us effectiveness of new privacy experience. - -The following fields are available: - -- **isAdmin** Whether the current user is an administrator or not -- **isLaunching** Whether or not the privacy consent experience will be launched -- **isSilentElevation** Whether the current user has enabled silent elevation -- **privacyConsentState** The current state of the privacy consent experience -- **userRegionCode** The current user's region setting - - -## Setup events - -### SetupPlatformTel.SetupPlatformTelEvent - -This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios. - -The following fields are available: - -- **FieldName** Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc. -- **GroupName** Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc. -- **Value** Retrieves the value associated with the corresponding event name (Field Name). For example: For time related events this will include the system time. - - -## Shared PC events - -### Microsoft.Windows.SharedPC.AccountManager.DeleteUserAccount - -Activity for deletion of a user account for devices set up for Shared PC mode as part of the Transient Account Manager to help keep Windows up to date. Deleting un-used user accounts on Education/Shared PCs frees up disk space to improve Windows Update success rates. - -The following fields are available: - -- **accountType** The type of account that was deleted. Example: AD, AAD, or Local -- **deleteState** Whether the attempted deletion of the user account was successful. -- **userSid** The security identifier of the account. -- **wilActivity** Windows Error Reporting data collected when there is a failure in deleting a user account with the Transient Account Manager. - - -### Microsoft.Windows.SharedPC.AccountManager.SinglePolicyEvaluation - -Activity for run of the Transient Account Manager that determines if any user accounts should be deleted for devices set up for Shared PC mode to help keep Windows up to date. Deleting unused user accounts on shared devices frees up disk space to improve Windows Update success rates - -The following fields are available: - -- **totalAccountCount** The number of accounts on a device after running the Transient Account Manager policies. -- **wilActivity** Windows Error Reporting data collected when there is a failure in evaluating accounts to be deleted with the Transient Account Manager. -- **evaluationTrigger** When was the Transient Account Manager policies ran? Example: At log off or during maintenance hours - - -## SIH events - -### SIHEngineTelemetry.EvalApplicability - -This event is sent when targeting logic is evaluated to determine if a device is eligible for a given action. - -The following fields are available: - -- **ActionReasons** If an action has been assessed as inapplicable, the additional logic prevented it. -- **AdditionalReasons** If an action has been assessed as inapplicable, the additional logic prevented it. -- **CachedEngineVersion** The engine DLL version that is being used. -- **EventInstanceID** A unique identifier for event instance. -- **EventScenario** Indicates the purpose of sending this event – whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. -- **HandlerReasons** If an action has been assessed as inapplicable, the installer technology-specific logic prevented it. -- **IsExecutingAction** If the action is presently being executed. -- **ServiceGuid** A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Windows Store, etc.) -- **SihclientVersion** The client version that is being used. -- **StandardReasons** If an action has been assessed as inapplicable, the standard logic the prevented it. -- **StatusCode** Result code of the event (success, cancellation, failure code HResult). -- **UpdateID** A unique identifier for the action being acted upon. -- **WuapiVersion** The Windows Update API version that is currently installed. -- **WuaucltVersion** The Windows Update client version that is currently installed. -- **WuauengVersion** The Windows Update engine version that is currently installed. -- **WUDeviceID** The unique identifier controlled by the software distribution client. - - -### SIHEngineTelemetry.SLSActionData - -This event reports if the SIH client was able to successfully parse the manifest describing the actions to be evaluated. - -The following fields are available: - -- **CachedEngineVersion** The engine DLL version that is being used. -- **EventInstanceID** A unique identifier for event instance. -- **EventScenario** Indicates the purpose of sending this event – whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. -- **FailedParseActions** The list of actions that were not successfully parsed. -- **ParsedActions** The list of actions that were successfully parsed. -- **ServiceGuid** A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Windows Store, etc.) -- **SihclientVersion** The client version that is being used. -- **WuapiVersion** The Windows Update API version that is currently installed. -- **WuaucltVersion** The Windows Update client version that is currently installed. -- **WuauengVersion** The Windows Update engine version that is currently installed. -- **WUDeviceID** The unique identifier controlled by the software distribution client. - - -## Software update events - -### SoftwareUpdateClientTelemetry.CheckForUpdates - -Scan process event on Windows Update client (see eventscenario field for specifics, e.g.: started/failed/succeeded) - -The following fields are available: - -- **ActivityMatchingId** Contains a unique ID identifying a single CheckForUpdates session from initialization to completion. -- **AllowCachedResults** Indicates if the scan allowed using cached results. -- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. -- **CurrentMobileOperator** The mobile operator the device is currently connected to. -- **DriverSyncPassPerformed** Were drivers scanned this time? -- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. -- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough. -- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. -- **FlightBranch** The branch that a device is on if participating in flighting (pre-release builds). -- **FlightRing** The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds). -- **HomeMobileOperator** The mobile operator that the device was originally intended to work with. -- **IPVersion** Indicates whether the download took place over IPv4 or IPv6 -- **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. -- **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. -- **MetadataIntegrityMode** The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce -- **NumberOfApplicationsCategoryScanEvaluated** The number of categories (apps) for which an app update scan checked -- **NumberOfLoop** The number of round trips the scan required -- **NumberOfNewUpdatesFromServiceSync** The number of updates which were seen for the first time in this scan -- **NumberOfUpdatesEvaluated** The total number of updates which were evaluated as a part of the scan -- **NumFailedMetadataSignatures** The number of metadata signatures checks which failed for new metadata synced down. -- **Online** Indicates if this was an online scan. -- **PhonePreviewEnabled** Indicates whether a phone was getting preview build, prior to flighting (pre-release builds) being introduced. -- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided. -- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. -- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one -- **ScanDurationInSeconds** The number of seconds a scan took -- **ScanEnqueueTime** The number of seconds it took to initialize a scan -- **ServiceGuid** An ID which represents which service the software distribution client is checking for content (Windows Update, Windows Store, etc.). -- **ServiceUrl** The environment URL a device is configured to scan with -- **ShippingMobileOperator** The mobile operator that a device shipped on. -- **StatusCode** Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult). -- **SyncType** Describes the type of scan the event was -- **TotalNumMetadataSignatures** The total number of metadata signatures checks done for new metadata that was synced down. -- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable -- **BiosFamily** The family of the BIOS (Basic Input Output System). -- **BiosName** The name of the device BIOS. -- **BiosReleaseDate** The release date of the device BIOS. -- **BiosSKUNumber** The sku number of the device BIOS. -- **BIOSVendor** The vendor of the BIOS. -- **BiosVersion** The version of the BIOS. -- **BranchReadinessLevel** The servicing branch configured on the device. -- **ClientVersion** The version number of the software distribution client. -- **DeferralPolicySources** Sources for any update deferral policies defined (GPO = 0x10, MDM = 0x100, Flight = 0x1000, UX = 0x10000). -- **DeferredUpdates** Update IDs which are currently being deferred until a later time -- **DeviceModel** What is the device model. -- **DriverExclusionPolicy** Indicates if the policy for not including drivers with Windows Update is enabled. -- **EventInstanceID** A globally unique identifier for event instance. -- **FeatureUpdateDeferral** The deferral period configured for feature OS updates on the device (in days). -- **FeatureUpdatePausePeriod** The pause duration configured for feature OS updates on the device (in days). -- **IntentPFNs** Intended application-set metadata for atomic update scenarios. -- **NumberOfApplicableUpdates** The number of updates which were ultimately deemed applicable to the system after the detection process is complete -- **PausedUpdates** A list of UpdateIds which that currently being paused. -- **PauseFeatureUpdatesEndTime** If feature OS updates are paused on the device, this is the date and time for the end of the pause time window. -- **PauseFeatureUpdatesStartTime** If feature OS updates are paused on the device, this is the date and time for the beginning of the pause time window. -- **PauseQualityUpdatesEndTime** If quality OS updates are paused on the device, this is the date and time for the end of the pause time window. -- **PauseQualityUpdatesStartTime** If quality OS updates are paused on the device, this is the date and time for the beginning of the pause time window. -- **QualityUpdateDeferral** The deferral period configured for quality OS updates on the device (in days). -- **QualityUpdatePausePeriod** The pause duration configured for quality OS updates on the device (in days). -- **SystemBIOSMajorRelease** Major version of the BIOS. -- **SystemBIOSMinorRelease** Minor version of the BIOS. -- **WebServiceRetryMethods** Web service method requests that needed to be retried to complete operation. -- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. -- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null. -- **TargetMetadataVersion** For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null. -- **IsWUfBFederatedScanDisabled** Indicates if Windows Update for Business federated scan is disabled on the device. -- **CapabilityDetectoidGuid** The GUID for a hardware applicability detectoid that could not be evaluated. -- **CDNCountryCode** Two letter country abbreviation for the CDN's location. -- **CDNId** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. -- **DriverError** The error code hit during a driver scan. This is 0 if no error was encountered. -- **ExtendedMetadataCabUrl** Hostname that is used to download an update. -- **FailedUpdateGuids** The GUIDs for the updates that failed to be evaluated during the scan. -- **FailedUpdatesCount** The number of updates that failed to be evaluated during the scan. -- **MSIError** The last error that was encountered during a scan for updates. -- **NetworkConnectivityDetected** Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6 -- **Context** Gives context on where the error has occurred. Example: AutoEnable, GetSLSData, AddService, Misc, or Unknown - - -### SoftwareUpdateClientTelemetry.Commit - -This event tracks the commit process post the update installation when software update client is trying to update the device. - -The following fields are available: - -- **BiosFamily** Device family as defined in the system BIOS -- **BiosName** Name of the system BIOS -- **BiosReleaseDate** Release date of the system BIOS -- **BiosSKUNumber** Device SKU as defined in the system BIOS -- **BIOSVendor** Vendor of the system BIOS -- **BiosVersion** Version of the system BIOS -- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. -- **BundleRevisionNumber** Identifies the revision number of the content bundle -- **CallerApplicationName** Name provided by the caller who initiated API calls into the software distribution client -- **ClientVersion** Version number of the software distribution client -- **DeviceModel** Device model as defined in the system bios -- **EventInstanceID** A globally unique identifier for event instance -- **EventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc. -- **EventType** Possible values are "Child", "Bundle", "Relase" or "Driver". -- **FlightId** The specific id of the flight the device is getting -- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.) -- **RevisionNumber** Identifies the revision number of this specific piece of content -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc) -- **SystemBIOSMajorRelease** Major release version of the system bios -- **SystemBIOSMinorRelease** Minor release version of the system bios -- **UpdateId** Identifier associated with the specific piece of content -- **WUDeviceID** Unique device id controlled by the software distribution client - - -### SoftwareUpdateClientTelemetry.Download - -Download process event for target update on Windows Update client (see eventscenario field for specifics, e.g.: started/failed/succeeded) - -The following fields are available: - -- **ActiveDownloadTime** How long the download took, in seconds, excluding time where the update wasn't actively being downloaded. -- **AppXBlockHashValidationFailureCount** A count of the number of blocks that have failed validation after being downloaded. -- **AppXDownloadScope** Indicates the scope of the download for application content. For streaming install scenarios, AllContent - non-streaming download, RequiredOnly - streaming download requested content required for launch, AutomaticOnly - streaming download requested automatic streams for the app, and Unknown - for events sent before download scope is determined by the Windows Update client. -- **BiosFamily** The family of the BIOS (Basic Input Output System). -- **BiosName** The name of the device BIOS. -- **BiosReleaseDate** The release date of the device BIOS. -- **BiosSKUNumber** The sku number of the device BIOS. -- **BIOSVendor** The vendor of the BIOS. -- **BiosVersion** The version of the BIOS. -- **BundleBytesDownloaded** How many bytes were downloaded for the specific content bundle. -- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. -- **BundleRepeatFailFlag** Indicates whether this particular update bundle had previously failed to download. -- **BundleRevisionNumber** Identifies the revision number of the content bundle. -- **BytesDownloaded** How many bytes were downloaded for an individual piece of content (not the entire bundle). -- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. -- **CbsDownloadMethod** Indicates whether the download was a full-file download or a partial/delta download. -- **CDNCountryCode** Two letter country abbreviation for the CDN's location. -- **CDNId** ID which defines which CDN the software distribution client downloaded the content from. -- **ClientVersion** The version number of the software distribution client. -- **CurrentMobileOperator** The mobile operator the device is currently connected to. -- **DeviceModel** What is the device model. -- **DownloadPriority** Indicates whether a download happened at background, normal, or foreground priority. -- **EventInstanceID** A globally unique identifier for event instance. -- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started downloading content, or whether it was cancelled, succeeded, or failed. -- **EventType** Possible values are Child, Bundle, or Driver. -- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough. -- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. -- **FlightBranch** The branch that a device is on if participating in flighting (pre-release builds). -- **FlightBuildNumber** If this download was for a flight (pre-release build), this indicates the build number of that flight. -- **FlightId** The specific id of the flight (pre-release build) the device is getting. -- **FlightRing** The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds). -- **HandlerType** Indicates what kind of content is being downloaded (app, driver, windows patch, etc.). -- **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device. -- **HomeMobileOperator** The mobile operator that the device was originally intended to work with. -- **HostName** The hostname URL the content is downloading from. -- **IPVersion** Indicates whether the download took place over IPv4 or IPv6. -- **IsDependentSet** Indicates whether a driver is a part of a larger System Hardware/Firmware Update -- **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. -- **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. -- **NetworkCostBitMask** Indicates what kind of network the device is connected to (roaming, metered, over data cap, etc.) -- **NetworkRestrictionStatus** More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered." -- **PackageFullName** The package name of the content. -- **PhonePreviewEnabled** Indicates whether a phone was opted-in to getting preview builds, prior to flighting (pre-release builds) being introduced. -- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided. -- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. -- **RegulationReason** The reason that the update is regulated -- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one -- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download. -- **RevisionNumber** Identifies the revision number of this specific piece of content. -- **ServiceGuid** An ID which represents which service the software distribution client is installing content for (Windows Update, Windows Store, etc.). -- **Setup360Phase** If the download is for an operating system upgrade, this datapoint indicates which phase of the upgrade is underway. -- **ShippingMobileOperator** The mobile operator that a device shipped on. -- **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult). -- **SystemBIOSMajorRelease** Major version of the BIOS. -- **SystemBIOSMinorRelease** Minor version of the BIOS. -- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. -- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. -- **ThrottlingServiceHResult** Result code (success/failure) while contacting a web service to determine whether this device should download content yet. -- **TimeToEstablishConnection** Time (in ms) it took to establish the connection prior to beginning downloaded. -- **TotalExpectedBytes** The total count of bytes that the download is expected to be. -- **UpdateId** An identifier associated with the specific piece of content. -- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional. -- **UsedDO** Whether the download used the delivery optimization service. -- **UsedSystemVolume** Indicates whether the content was downloaded to the device's main system storage drive, or an alternate storage drive. -- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. -- **DownloadScenarioId** A unique ID for a given download used to tie together WU and DO events. - - -### SoftwareUpdateClientTelemetry.DownloadCheckpoint - -This event provides a checkpoint between each of the Windows Update download phases for UUP content - -The following fields are available: - -- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client -- **ClientVersion** The version number of the software distribution client -- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed -- **EventType** Possible values are "Child", "Bundle", "Relase" or "Driver" -- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough -- **FileId** A hash that uniquely identifies a file -- **FileName** Name of the downloaded file -- **FlightId** The unique identifier for each flight -- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one -- **RevisionNumber** Unique revision number of Update -- **ServiceGuid** An ID which represents which service the software distribution client is checking for content (Windows Update, Microsoft Store, etc.) -- **StatusCode** Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult) -- **UpdateId** Unique Update ID -- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue - - -### SoftwareUpdateClientTelemetry.DownloadHeartbeat - -This event allows tracking of ongoing downloads and contains data to explain the current state of the download - -The following fields are available: - -- **BytesTotal** Total bytes to transfer for this content -- **BytesTransferred** Total bytes transferred for this content at the time of heartbeat -- **CallerApplicationName** Name provided by the caller who initiated API calls into the software distribution client -- **ClientVersion** The version number of the software distribution client -- **ConnectionStatus** Indicates the connectivity state of the device at the time of heartbeat -- **CurrentError** Last (transient) error encountered by the active download -- **DownloadFlags** Flags indicating if power state is ignored -- **DownloadState** Current state of the active download for this content (queued, suspended, or progressing) -- **EventType** Possible values are "Child", "Bundle", or "Driver" -- **FlightId** The unique identifier for each flight -- **IsNetworkMetered** Indicates whether Windows considered the current network to be ?metered" -- **MOAppDownloadLimit** Mobile operator cap on size of application downloads, if any -- **MOUpdateDownloadLimit** Mobile operator cap on size of operating system update downloads, if any -- **PowerState** Indicates the power state of the device at the time of heartbeart (DC, AC, Battery Saver, or Connected Standby) -- **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one -- **ResumeCount** Number of times this active download has resumed from a suspended state -- **RevisionNumber** Identifies the revision number of this specific piece of content -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc) -- **SuspendCount** Number of times this active download has entered a suspended state -- **SuspendReason** Last reason for why this active download entered a suspended state -- **UpdateId** Identifier associated with the specific piece of content -- **WUDeviceID** Unique device id controlled by the software distribution client - - -### SoftwareUpdateClientTelemetry.Install - -This event sends tracking data about the software distribution client installation of the content for that update, to help keep Windows up to date. - -The following fields are available: - -- **BiosFamily** The family of the BIOS (Basic Input Output System). -- **BiosName** The name of the device BIOS. -- **BiosReleaseDate** The release date of the device BIOS. -- **BiosSKUNumber** The sku number of the device BIOS. -- **BIOSVendor** The vendor of the BIOS. -- **BiosVersion** The version of the BIOS. -- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. -- **BundleRepeatFailFlag** Has this particular update bundle previously failed to install? -- **BundleRevisionNumber** Identifies the revision number of the content bundle. -- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. -- **ClientVersion** The version number of the software distribution client. -- **CSIErrorType** The stage of CBS installation where it failed. -- **CurrentMobileOperator** Mobile operator that device is currently connected to. -- **DeviceModel** What is the device model. -- **DriverPingBack** Contains information about the previous driver and system state. -- **EventInstanceID** A globally unique identifier for event instance. -- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. -- **EventType** Possible values are Child, Bundle, or Driver. -- **ExtendedErrorCode** The extended error code. -- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough. -- **FeatureUpdatePause** Are feature OS updates paused on the device? -- **FlightBranch** The branch that a device is on if participating in the Windows Insider Program. -- **FlightBuildNumber** If this installation was for a Windows Insider build, this is the build number of that build. -- **FlightId** The specific ID of the Windows Insider build the device is getting. -- **FlightRing** The ring that a device is on if participating in the Windows Insider Program. -- **HandlerType** Indicates what kind of content is being installed. Example: app, driver, Windows update -- **HardwareId** If this install was for a driver targeted to a particular device model, this ID indicates the model of the device. -- **HomeMobileOperator** The mobile operator that the device was originally intended to work with. -- **IntentPFNs** Intended application-set metadata for atomic update scenarios. -- **IsDependentSet** Is the driver part of a larger System Hardware/Firmware update? -- **IsFinalOutcomeEvent** Does this event signal the end of the update/upgrade process? -- **IsFirmware** Is this update a firmware update? -- **IsSuccessFailurePostReboot** Did it succeed and then fail after a restart? -- **IsWUfBDualScanEnabled** Is Windows Update for Business dual scan enabled on the device? -- **IsWUfBEnabled** Is Windows Update for Business enabled on the device? -- **MergedUpdate** Was the OS update and a BSP update merged for installation? -- **MsiAction** The stage of MSI installation where it failed. -- **MsiProductCode** The unique identifier of the MSI installer. -- **PackageFullName** The package name of the content being installed. -- **PhonePreviewEnabled** Indicates whether a phone was getting preview build, prior to flighting being introduced. -- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided. -- **QualityUpdatePause** Are quality OS updates paused on the device? -- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one -- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to install. -- **RevisionNumber** The revision number of this specific piece of content. -- **ServiceGuid** An ID which represents which service the software distribution client is installing content for (Windows Update, Windows Store, etc.). -- **Setup360Phase** If the install is for an operating system upgrade, indicates which phase of the upgrade is underway. -- **ShippingMobileOperator** The mobile operator that a device shipped on. -- **StatusCode** Indicates the result of an installation event (success, cancellation, failure code HResult). -- **SystemBIOSMajorRelease** Major version of the BIOS. -- **SystemBIOSMinorRelease** Minor version of the BIOS. -- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. -- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. -- **TransactionCode** The ID which represents a given MSI installation -- **UpdateId** Unique update ID -- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional. -- **UsedSystemVolume** Indicates whether the content was downloaded and then installed from the device's main system storage drive, or an alternate storage drive. -- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. - - -### SoftwareUpdateClientTelemetry.UpdateDetected - -This event sends data about an AppX app that has been updated from the Microsoft Store, including what app needs an update and what version/architecture is required, in order to understand and address problems with apps getting required updates. - -The following fields are available: - -- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable -- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client -- **IntentPFNs** Intended application-set metadata for atomic update scenarios. -- **NumberOfApplicableUpdates** The number of updates which were ultimately deemed applicable to the system after the detection process is complete -- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one -- **ServiceGuid** An ID which represents which service the software distribution client is connecting to (Windows Update, Windows Store, etc.) -- **WUDeviceID** The unique device ID controlled by the software distribution client - - -### SoftwareUpdateClientTelemetry.UpdateMetadataIntegrity - -Ensures Windows Updates are secure and complete. Event helps to identify whether update content has been tampered with and protects against man-in-the-middle attack. - -The following fields are available: - -- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. -- **EventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc. -- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. -- **LeafCertId** Integral id from the FragmentSigning data for certificate which failed. -- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce -- **MetadataSignature** Base64 string of the signature associated with the update metadata (specified by revision id) -- **RevisionId** Identifies the revision of this specific piece of content -- **RevisionNumber** Identifies the revision number of this specific piece of content -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc) -- **SHA256OfLeafCertPublicKey** Base64 encoding of hash of the Base64CertData in the FragmentSigning data of leaf certificate. -- **SHA256OfTimestampToken** Base64 string of hash of the timestamp token blob -- **SignatureAlgorithm** Hash algorithm for the metadata signature -- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". -- **StatusCode** Result code of the event (success, cancellation, failure code HResult) -- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is itself malformed and decoding failed. -- **UpdateId** Identifier associated with the specific piece of content -- **RawMode** Raw unparsed mode string from the SLS response. May be null if not applicable. -- **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token. -- **ValidityWindowInDays** The validity window that's in effect when verifying the timestamp. -- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request. -- **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. -- **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable. -- **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate. - - -## Update events - -### Update360Telemetry.UpdateAgentCommit - -This event collects information regarding the commit phase of the new UUP (Unified Update Platform) update scenario, which is leveraged by both Mobile and Desktop. - -The following fields are available: - -- **ErrorCode** The error code returned for the current install phase. -- **FlightId** Unique ID for each flight. -- **ObjectId** Unique value for each Update Agent mode. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **Result** Outcome of the install phase of the update. -- **ScenarioId** Indicates the update scenario. -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each update. - - -### Update360Telemetry.UpdateAgentDownloadRequest - - The UpdateAgent_DownloadRequest event sends data for the download request phase of updating Windows via the new UUP (Unified Update Platform) scenario. Applicable to PC and Mobile. - -The following fields are available: - -- **DeletedCorruptFiles** Boolean indicating whether corrupt payload was deleted. -- **ErrorCode** The error code returned for the current download request phase. -- **FlightId** Unique ID for each flight. -- **ObjectId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360) -- **PackageCountOptional** Number of optional packages requested. -- **PackageCountRequired** Number of required packages requested. -- **PackageCountTotal** Total number of packages needed. -- **PackageCountTotalCanonical** Total number of canonical packages. -- **PackageCountTotalDiff** Total number of diff packages. -- **PackageCountTotalExpress** Total number of express packages. -- **PackageSizeCanonical** Size of canonical packages in bytes. -- **PackageSizeDiff** Size of diff packages in bytes. -- **PackageSizeExpress** Size of express packages in bytes. -- **RangeRequestState** Indicates the range request type used. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **Result** Outcome of the download request phase of update. -- **ScenarioId** Indicates the update scenario. -- **SessionId** Unique value for each attempt (same value for initialize, download, install commit phases) -- **UpdateId** Unique ID for each update. -- **PackageExpressType** Type of express package. - - -### Update360Telemetry.UpdateAgentExpand - - This event collects information regarding the expansion phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. - -The following fields are available: - -- **ElapsedTickCount** Time taken for expand phase. -- **EndFreeSpace** Free space after expand phase. -- **EndSandboxSize** Sandbox size after expand phase. -- **ErrorCode** The error code returned for the current install phase. -- **FlightId** Unique ID for each flight. -- **ObjectId** Unique value for each Update Agent mode. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **ScenarioId** Indicates the update scenario. -- **SessionId** Unique value for each update attempt. -- **StartFreeSpace** Free space before expand phase. -- **StartSandboxSize** Sandbox size after expand phase. -- **UpdateId** Unique ID for each update. - - -### Update360Telemetry.UpdateAgentFellBackToCanonical - -This event collects information when express could not be used and we fall back to canonical during the new UUP (Unified Update Platform) update scenario, which is leveraged by both Mobile and Desktop. - -The following fields are available: - -- **FlightId** Unique ID for each flight. -- **ObjectId** Unique value for each Update Agent mode. -- **PackageCount** Number of packages that feel back to canonical. -- **PackageList** PackageIds which fell back to canonical. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **ScenarioId** Indicates the update scenario. -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each update. - - -### Update360Telemetry.UpdateAgentInitialize - - The UpdateAgentInitialize event sends data for the initialize phase of updating Windows via the new UUP (Unified Update Platform) scenario. Applicable to both PCs and Mobile. - -The following fields are available: - -- **ErrorCode** The error code returned for the current install phase. -- **FlightId** Unique ID for each flight. -- **FlightMetadata** Contains the FlightId and the build being flighted. -- **ObjectId** Unique value for each Update Agent mode. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **Result** Outcome of the install phase of the update. -- **ScenarioId** Indicates the update scenario. -- **SessionData** String containing instructions to update agent for processing FODs and DUICs (Null for other scenarios). -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each update. - - -### Update360Telemetry.UpdateAgentInstall - -The UpdateAgentInstall event sends data for the install phase of updating Windows. - -The following fields are available: - -- **ErrorCode** The error code returned for the current install phase. -- **FlightId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360). -- **ObjectId** Correlation vector value generated from the latest USO scan. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **Result** The result for the current install phase. -- **ScenarioId** Indicates the update scenario. -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each update. - - -### Update360Telemetry.UpdateAgentMerge - -The UpdateAgentMerge event sends data on the merge phase when updating Windows. - -The following fields are available: - -- **ErrorCode** The error code returned for the current merge phase. -- **FlightId** Unique ID for each flight. -- **ObjectId** Unique value for each Update Agent mode. -- **RelatedCV** Related correlation vector value. -- **Result** Outcome of the merge phase of the update. -- **ScenarioId** Indicates the update scenario. -- **SessionId** Unique value for each attempt. -- **UpdateId** Unique ID for each update. - - -### Update360Telemetry.UpdateAgentModeStart - -The UpdateAgentModeStart event sends data for the start of each mode during the process of updating Windows via the new UUP (Unified Update Platform) scenario. Applicable to both PCs and Mobile. - -The following fields are available: - -- **FlightId** Unique ID for each flight. -- **Mode** Indicates the mode that has started. -- **ObjectId** Unique value for each Update Agent mode. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **ScenarioId** Indicates the update scenario. -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each update. -- **Version** Version of update - - -### Update360Telemetry.UpdateAgentPostRebootResult - -This event collects information for both Mobile and Desktop regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario - -The following fields are available: - -- **ErrorCode** The error code returned for the current post reboot phase -- **FlightId** The unique identifier for each flight -- **ObjectId** Unique value for each Update Agent mode -- **PostRebootResult** Indicates the Hresult -- **RelatedCV** Correlation vector value generated from the latest USO scan -- **ScenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each update - - -### Update360Telemetry.UpdateAgentSetupBoxLaunch - -The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new UUP (Unified Update Plaform) scenario. This event is only applicable to PCs. - -The following fields are available: - -- **FlightId** Unique ID for each flight. -- **FreeSpace** Free space on OS partition. -- **InstallCount** Number of install attempts using the same sandbox. -- **ObjectId** Unique value for each Update Agent mode. -- **Quiet** Indicates whether setup is running in quiet mode. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **SandboxSize** Size of the sandbox. -- **ScenarioId** Indicates the update scenario. -- **SessionId** Unique value for each update attempt. -- **SetupMode** Mode of setup to be launched. -- **UpdateId** Unique ID for each Update. -- **UserSession** Indicates whether install was invoked by user actions. -- **ContainsExpressPackage** Indicates whether the download package is express. - - -## Update notification events - -### Microsoft.Windows.UpdateNotificationPipeline.JavascriptJavascriptCriticalGenericMessage - -Event to indicate that Javascript is reporting a schema and a set of values for critical telemetry. - -The following fields are available: - -- **CampaignConfigVersion** Config version of current campaign -- **CampaignID** Currently running campaign on UNP -- **ConfigCatalogVersion** Current catalog version of UNP -- **ContentVersion** Content version of the current campaign on UNP -- **CV** Correlation vector -- **DetectorVersion** Most recently run detector version for the current campaign on UNP -- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user -- **key1** UI interaction data -- **key10** UI interaction data -- **key11** UI interaction data -- **key12** UI interaction data -- **key13** UI interaction data -- **key14** UI interaction data -- **key15** UI interaction data -- **key16** UI interaction data -- **key17** UI interaction data -- **key2** UI interaction data -- **key3** UI interaction data -- **key4** UI interaction data -- **key5** UI interaction data -- **key6** UI interaction data -- **key7** Interaction data for the UI -- **key8** Interaction data for the UI -- **key9** UI interaction data -- **PackageVersion** Current package version of UNP -- **schema** UI interaction type -- **key18** UI interaction data -- **key19** UI interaction data -- **key20** UI interaction data -- **key21** Interaction data for the UI -- **key22** UI interaction data -- **key23** UI interaction data -- **key24** UI interaction data -- **key25** UI interaction data -- **key26** UI interaction data -- **key27** UI interaction data -- **key28** Interaction data for the UI -- **key29** UI interaction data -- **key30** UI interaction data - - -### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignHeartbeat - -This event is sent at the start of each campaign, to be used as a heartbeat - -The following fields are available: - -- **CampaignConfigVersion** Configuration version for the current campaign -- **CampaignID** Currently campaign that's running on UNP -- **ConfigCatalogVersion** Current catalog version of UNP -- **ContentVersion** Content version for the current campaign on UNP -- **CV** Correlation vector -- **DetectorVersion** Most recently run detector version for the current campaign on UNP -- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user -- **PackageVersion** Current UNP package version - - -### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignManagerCleaningCampaign - -This event indicates that the Campaign Manager is cleaning up the campaign content - -The following fields are available: - -- **CampaignConfigVersion** Configuration version for the current campaign -- **CampaignID** Current campaign that's running on UNP -- **ConfigCatalogVersion** Current catalog version of UNP -- **ContentVersion** Content version for the current campaign on UNP -- **CV** Correlation vector -- **DetectorVersion** Most recently run detector version for the current campaign on UNP -- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user -- **PackageVersion** Current UNP package version - - -### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignManagerHeartbeat - -This event is sent at the start of the CampaignManager event and is intended to be used as a heartbeat - -The following fields are available: - -- **CampaignConfigVersion** Configuration version for the current campaign -- **CampaignID** Currently campaign that's running on UNP -- **ConfigCatalogVersion** Current catalog version of UNP -- **ContentVersion** Content version for the current campaign on UNP -- **CV** Correlation vector -- **DetectorVersion** Most recently run detector version for the current campaign on UNP -- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user -- **PackageVersion** Current UNP package version - - -### Microsoft.Windows.UpdateNotificationPipeline.UnpCampaignManagerGetIsCamppaignCompleteFailed - -This event is sent when a campaign completion status query fails - -The following fields are available: - -- **CampaignConfigVersion** Configuration version for the current campaign -- **CampaignID** Current campaign that's running on UNP -- **ConfigCatalogVersion** Current catalog version of UNP -- **ContentVersion** Content version for the current campaign on UNP -- **CV** Correlation vector -- **DetectorVersion** Most recently run detector version for the current campaign on UNP -- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user -- **hresult** HRESULT of the failure -- **PackageVersion** Current UNP package version - - -### Microsoft.Windows.UpdateNotificationPipeline.UnpCampaignManagerRunCampaignFailed - -This event is sent when the Campaign Manager encounters an unexpected error while running the campaign - -The following fields are available: - -- **CampaignConfigVersion** Configuration version for the current campaign -- **CampaignID** Currently campaign that's running on UNP -- **ConfigCatalogVersion** Current catalog version of UNP -- **ContentVersion** Content version for the current campaign on UNP -- **CV** Correlation vector -- **DetectorVersion** Most recently run detector version for the current campaign on UNP -- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user -- **hresult** HRESULT of the failure -- **PackageVersion** Current UNP package version - - -## Upgrade events - -### Setup360Telemetry.Downlevel - -This event sends data indicating that the device has invoked the downlevel phase of the upgrade. It's used to help keep Windows up-to-date and secure. - -The following fields are available: - -- **ClientId** If using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but it can be overwritten by the caller to a unique value. -- **HostOSBuildNumber** The build number of the downlevel OS. -- **HostOsSkuName** The operating system edition which is running Setup360 instance (downlevel OS). -- **InstanceId** A unique GUID that identifies each instance of setuphost.exe. -- **ReportId** In the Windows Update scenario, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. -- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback -- **Setup360Result** The result of Setup360. It's an HRESULT error code that can be used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT -- **SetupVersionBuildNumber** The build number of Setup360 (build number of the target OS). -- **State** Exit state of given Setup360 run. Example: succeeded, failed, blocked, cancelled -- **TestId** A string that uniquely identifies a group of events. -- **WuId** This is the Windows Update Client ID. In the Windows Update scenario, this is the same as the clientId. -- **FlightData** Unique value that identifies the flight. - - -### Setup360Telemetry.Finalize - -This event sends data indicating that the device has invoked the finalize phase of the upgrade, to help keep Windows up-to-date. - -The following fields are available: - -- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightData** Unique value that identifies the flight. -- **HostOSBuildNumber** The build number of the previous OS. -- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). -- **InstanceId** A unique GUID that identifies each instance of setuphost.exe -- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. -- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback -- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT -- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled -- **TestId** A string to uniquely identify a group of events. -- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. - - -### Setup360Telemetry.OsUninstall - -The event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10. Specifically, the Setup360Telemetry.OSUninstall indicates the outcome of an OS uninstall. - -The following fields are available: - -- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **HostOSBuildNumber** The build number of the previous OS. -- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous OS). -- **InstanceId** A unique GUID that identifies each instance of setuphost.exe. -- **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim. -- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback -- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT -- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled -- **TestId** A string to uniquely identify a group of events. -- **WuId** Windows Update client ID. -- **FlightData** Unique value that identifies the flight. - - -### Setup360Telemetry.PostRebootInstall - -This event sends data indicating that the device has invoked the postrebootinstall phase of the upgrade, to help keep Windows up-to-date. - -The following fields are available: - -- **ClientId** With Windows Update, this is the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but can be overwritten by the caller to a unique value. -- **HostOSBuildNumber** The build number of the previous OS. -- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). -- **InstanceId** A unique GUID that identifies each instance of setuphost.exe. -- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. -- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback -- **Setup360Result** The result of Setup360. This is an HRESULT error code that's used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT -- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled -- **TestId** A string to uniquely identify a group of events. -- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as ClientId. -- **FlightData** Unique value that identifies the flight. - - -### Setup360Telemetry.PreDownloadQuiet - -This event sends data indicating that the device has invoked the predownload quiet phase of the upgrade, to help keep Windows up to date. - -The following fields are available: - -- **ClientId** Using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightData** Unique value that identifies the flight. -- **HostOSBuildNumber** The build number of the previous OS. -- **HostOsSkuName** The OS edition which is running Setup360 instance (previous operating system). -- **InstanceId** A unique GUID that identifies each instance of setuphost.exe -- **ReportId** Using Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. -- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback -- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT -- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled -- **TestId** A string to uniquely identify a group of events. -- **WuId** This is the Windows Update Client ID. Using Windows Update, this is the same as the clientId. - - -### Setup360Telemetry.PreDownloadUX - -This event sends data regarding OS Updates and Upgrades from Windows 7.X, Windows 8.X, Windows 10 and RS. Specifically the Setup360Telemetry.PredownloadUX indicates the outcome of the PredownloadUX portion of the update process - -The following fields are available: - -- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **HostOSBuildNumber** The build number of the previous operating system. -- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous operating system). -- **InstanceId** Unique GUID that identifies each instance of setuphost.exe. -- **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim. -- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback -- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Examplle: Boot, Media, Update, MCT -- **SetupVersionBuildNumber** The build number of Setup360 (build number of the target OS). -- **State** The exit state of the Setup360 run. Example: succeeded, failed, blocked, cancelled -- **TestId** A string to uniquely identify a group of events. -- **WuId** Windows Update client ID. -- **FlightData** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. - - -### Setup360Telemetry.PreInstallQuiet - -This event sends data indicating that the device has invoked the preinstall quiet phase of the upgrade, to help keep Windows up to date. - -The following fields are available: - -- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **HostOSBuildNumber** The build number of the previous OS. -- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). -- **InstanceId** A unique GUID that identifies each instance of setuphost.exe -- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. -- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback etc. -- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors. -- **Setup360Scenario** Setup360 flow type (Boot, Media, Update, MCT) -- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled -- **TestId** A string to uniquely identify a group of events. -- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. -- **FlightData** Unique value that identifies the flight. - - -### Setup360Telemetry.PreInstallUX - -This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10. Specifically, the Setup360Telemetry.PreinstallUX indicates the outcome of the PreinstallUX portion of the update process. - -The following fields are available: - -- **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **HostOSBuildNumber** The build number of the previous OS. -- **HostOsSkuName** The OS edition which is running the Setup360 instance (previous OS). -- **InstanceId** A unique GUID that identifies each instance of setuphost.exe. -- **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim. -- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback -- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type, Example: Boot, Media, Update, MCT -- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled -- **TestId** A string to uniquely identify a group of events. -- **WuId** Windows Update client ID. -- **FlightData** Unique value that identifies the flight. - - -### Setup360Telemetry.Setup360 - -This event sends data about OS deployment scenarios, to help keep Windows up-to-date. - -The following fields are available: - -- **FieldName** Retrieves the data point. -- **FlightData** Specifies a unique identifier for each group of Windows Insider builds. -- **InstanceId** Retrieves a unique identifier for each instance of a setup session. -- **ReportId** Retrieves the report ID. -- **ScenarioId** Retrieves the deployment scenario. -- **Value** Retrieves the value associated with the corresponding FieldName. -- **ClientId** Retrieves the upgrade ID: Upgrades via Windows Update - specifies the WU clientID. All other deployment - static string. - - -### Setup360Telemetry.UnexpectedEvent - -This event sends data indicating that the device has invoked the unexpected event phase of the upgrade, to help keep Windows up to date. - -The following fields are available: - -- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **HostOSBuildNumber** The build number of the previous OS. -- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). -- **InstanceId** A unique GUID that identifies each instance of setuphost.exe -- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. -- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback -- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT -- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled -- **TestId** A string to uniquely identify a group of events. -- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. -- **FlightData** Unique value that identifies the flight. - - -## Windows as a Service diagnostic events - -### Microsoft.Windows.WaaSMedic.SummaryEvent - -Result of the WaaSMedic operation. - -The following fields are available: - -- **detectionSummary** Result of each applicable detection that was ran. -- **featureAssessmentImpact** WaaS Assessment impact for feature updates. -- **hrEngineResult** Error code from the engine operation. -- **isManaged** Device is managed for updates. -- **isWUConnected** Device is connected to Windows Update. -- **noMoreActions** No more applicable diagnostics. -- **qualityAssessmentImpact** WaaS Assessment impact for quality updates. -- **remediationSummary** Result of each applicable resolution that was ran. -- **usingBackupFeatureAssessment** Relying on backup feature assessment. -- **usingBackupQualityAssessment** Relying on backup quality assessment. -- **versionString** Version of the WaaSMedic engine. -- **usingCachedFeatureAssessment** WaaS Medic run did not get OS build age from the network on the previous run. -- **usingCachedQualityAssessment** WaaS Medic run did not get OS revision age from the network on the previous run. -- **insufficientSessions** Device not eligible for diagnostics. - - -## Windows Error Reporting events - -## Windows Error Reporting MTT events - -### Microsoft.Windows.WER.MTT.Denominator - -This event provides a denominator to calculate MTTF (mean-time-to-failure) for crashes and other errors to help keep Windows up to date. - -The following fields are available: - -- **Value** Standard UTC emitted DP value structure - - ## Windows Update CSP events ### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureFailed @@ -4467,7 +4943,7 @@ The following fields are available: - **current** Result of currency check - **dismOperationSucceeded** Dism uninstall operation status -- **hResult** Failure Error code +- **hResult** Failure error code - **oSVersion** Build number of the machine - **paused** Machine's pause status - **rebootRequestSucceeded** Reboot CSP call success status @@ -4550,7 +5026,7 @@ This event sends data describing the start of a new download to enable Delivery The following fields are available: - **background** If the download is happening in the background -- **bytesRequested** Number of bytes requested for download. +- **bytesRequested** Number of bytes requested for download - **cdnUrl** Url of the source CDN - **costFlags** Network cost flags - **deviceProfile** Identifies the usage or form factor (Desktop, Xbox, VM, etc) @@ -4561,24 +5037,24 @@ The following fields are available: - **downloadModeSrc** Source of the DownloadMode setting (KvsProvider: 0, GeoProvider: 1, GeoVerProvider: 2, CpProvider: 3, DiscoveryProvider: 4, RegistryProvider: 5, GroupPolicyProvider: 6, MdmProvider: 7, SettingsProvider: 8, InvalidProviderType: 9) - **errorCode** Error code returned - **experimentId** Used to correlate client/services calls that are part of the same test during A/B testing -- **fileID** ID of the File being downloaded +- **fileID** ID of the file being downloaded - **filePath** Path to where the downloaded file will be written - **fileSize** Total filesize of the file that was downloaded - **fileSizeCaller** Value for total file size provided by our caller - **groupID** ID for the group -- **isVpn** If the machine is connected to a Virtual Private Network -- **jobID** Identifier for the Windows Update Job +- **isVpn** If the machine is connected to a Virtual Private Network +- **jobID** Identifier for the Windows Update job +- **minDiskSizeGB** The minimum disk size policy set for the device to allow Peering with Delivery Optimization +- **minDiskSizePolicyEnforced** If there is an enforced mininum disk size requirement for peering +- **minFileSizePolicy** Minimum filesize policy set for the device to allow Peering with Delivery Optimization - **peerID** ID for this Delivery Optimization client - **predefinedCallerName** Name of the API caller - **sessionID** ID for the file download session -- **setConfigs** ID of the update being downloaded -- **updateID** ID for the file download session +- **updateID** ID of the update being downloaded - **usedMemoryStream** If the download is using memory streaming in App downloads - **callerName** Name of the API Caller -- **minDiskSizeGB** The minimum disk size policy set for the device to allow Peering with Delivery Optimization -- **minDiskSizePolicyEnforced** If there is an enforced mininum disk size requirement for peering -- **minFileSizePolicy** The minimum file size policy set for the device to allow Peering with Delivery Optimization - **scenarioID** ID for the Scenario +- **setConfigs** A JSON representation of the configurations that have been set, and their sources - **isEncrypted** Whether the download is encrypted @@ -4592,20 +5068,20 @@ The following fields are available: - **activated** Whether the entire device manifest update is considered activated and in use. - **analysisErrorCount** How many driver packages that could not be analyzed because errors were hit during the analysis. -- **flightId** Unique ID for each flight. +- **flightId** Unique ID for each flight. - **missingDriverCount** How many driver packages that were delivered by the device manifest that are missing from the system. - **missingUpdateCount** How many updates that were part of the device manifest that are missing from the system. -- **objectId** Unique value for each diagnostics session. +- **objectId** Unique value for each diagnostics session. - **publishedCount** How many drivers packages that were delivered by the device manifest that are published and available to be used on devices. -- **relatedCV** Correlation vector value generated from the latest USO scan. -- **scenarioId** Indicates the update scenario. -- **sessionId** Unique value for each update session. +- **relatedCV** Correlation vector value generated from the latest USO scan. +- **scenarioId** Indicates the update scenario. +- **sessionId** Unique value for each update session. - **summary** A summary string that contains some basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match on. - **summaryAppendError** A Boolean indicating if there was an error appending more information to the summary string. - **truncatedDeviceCount** How many devices are missing from the summary string due to there not being enough room in the string. - **truncatedDriverCount** How many driver packages are missing from the summary string due to there not being enough room in the string. - **unpublishedCount** How many drivers packages that were delivered by the device manifest that are still unpublished and unavailable to be used on devices. -- **updateId** Unique ID for each Update. +- **updateId** Unique ID for each Update. ### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentCommit @@ -4663,41 +5139,41 @@ The following fields are available: - **objectId** Unique value for each Update Agent mode - **relatedCV** Correlation vector value generated from the latest USO scan - **result** Result of the initialize phase of update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled -- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate +- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate - **sessionData** Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios) -- **sessionId** Unique value for each Update Agent mode attempt +- **sessionId** Unique value for each Update Agent mode attempt - **updateId** Unique ID for each update ### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInstall -This event collects information regarding the install phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages +This event collects information regarding the install phase of the new device manifest UUP (Unified Update Platform) update scenario which is used to install a device manifest describing a set of driver packages. The following fields are available: -- **errorCode** The error code returned for the current install phase -- **flightId** The unique identifier for each flight -- **objectId** Unique value for each Update Agent mode -- **relatedCV** Correlation vector value generated from the latest scan -- **result** Result of the install phase of update. 0 = Succeeded 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled -- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate -- **sessionId** Unique value for each Update Agent mode attempt -- **updateId** Unique ID for each update +- **errorCode** The error code returned for the current install phase. +- **flightId** Unique ID for each flight. +- **objectId** Unique value for each diagnostics session. +- **relatedCV** Correlation vector value generated from the latest USO scan. +- **result** Outcome of the install phase of the update. +- **scenarioId** Indicates the update scenario. +- **sessionId** Unique value for each update session. +- **updateId** Unique ID for each Update. ### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentModeStart -This event sends data for the start of each mode during the process of updating device manifest assets via the UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. +This event sends data for the start of each mode during the process of updating device manifest assets via the UUP (Unified Update Platform) update scenario which is used to install a device manifest describing a set of driver packages. The following fields are available: -- **flightId** The unique identifier for each flight -- **mode** Indicates that the Update Agent mode that has started. 1 = Initialize, 2 = DownloadRequest, 3 = Install, 4 = Commit -- **objectId** Unique value for each Update Agent mode -- **relatedCV** Correlation vector value generated from the latest scan -- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate -- **sessionId** Unique value for each Update Agent mode attempt -- **updateId** Unique ID for each update +- **flightId** Unique ID for each flight. +- **mode** The mode that is starting. +- **objectId** Unique value for each diagnostics session. +- **relatedCV** Correlation vector value generated from the latest USO scan. +- **scenarioId** Indicates the update scenario. +- **sessionId** Unique value for each update session. +- **updateId** Unique ID for each Update. ### Microsoft.Windows.Update.NotificationUx.DialogNotificationToBeDisplayed @@ -4706,24 +5182,24 @@ Dialog notification about to be displayed to user. The following fields are available: -- **AcceptAutoModeLimit** Maximum number of days for a device to automatically enter Auto Reboot mode -- **AutoToAutoFailedLimit** Maximum number of days for Auto Reboot mode to fail before RebootFailed dialog will be shown -- **DeviceLocalTime** Time of dialog shown on local device -- **EngagedModeLimit** Number of days to switch between DTE dialogs -- **EnterAutoModeLimit** Maximum number of days for a device to enter Auto Reboot mode -- **ETag** OneSettings versioning value +- **AcceptAutoModeLimit** Maximum number of days for a device to automatically enter Auto Reboot mode +- **AutoToAutoFailedLimit** Maximum number of days for Auto Reboot mode to fail before RebootFailed dialog will be shown +- **DaysSinceRebootRequired** Number of days since reboot was required. +- **DeviceLocalTime** Time of dialog shown on local device +- **EngagedModeLimit** Number of days to switch between DTE dialogs +- **EnterAutoModeLimit** Maximum number of days for a device to enter Auto Reboot mode +- **ETag** OneSettings versioning value - **IsForcedEnabled** Is Forced Reboot mode enabled for this device? - **IsUltimateForcedEnabled** Is Ultimate Forced Reboot mode enabled for this device? - **NotificationUxState** Which dialog is shown (ENUM)? - **NotificationUxStateString** Which dialog is shown (string mapping)? -- **RebootUxState** Engaged/Auto/Forced/UltimateForced -- **RebootUxStateString** Engaged/Auto/Forced/UltimateForced -- **RebootVersion** Version of DTE +- **RebootUxState** Engaged/Auto/Forced/UltimateForced +- **RebootUxStateString** Engaged/Auto/Forced/UltimateForced +- **RebootVersion** Version of DTE - **SkipToAutoModeLimit** The minimum length of time to pass in reboot pending before a machine can be put into auto mode -- **UpdateId** The ID of the update that is pending reboot to finish installation -- **UpdateRevision** The revision of the update that is pending reboot to finish installation +- **UpdateId** The ID of the update that is pending reboot to finish installation +- **UpdateRevision** The revision of the update that is pending reboot to finish installation - **UtcTime** The Coordinated Universal Time when the dialog notification will be displayed. -- **DaysSinceRebootRequired** Number of days since reboot was required. ### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootAcceptAutoDialog @@ -4732,13 +5208,13 @@ Enhanced Engaged reboot accept auto dialog was displayed. The following fields are available: -- **DeviceLocalTime** Local time of the device sending the event -- **ETag** OneSettings ETag -- **ExitCode** Dialog exit code - user response -- **RebootVersion** Reboot flow version -- **UpdateId** Id of pending update -- **UpdateRevision** Revision number of the pending update -- **UserResponseString** User response to the reboot dialog +- **DeviceLocalTime** Local time of the device sending the event +- **ETag** OneSettings ETag +- **ExitCode** Dialog exit code - user response +- **RebootVersion** Reboot flow version +- **UpdateId** Id of pending update +- **UpdateRevision** Revision number of the pending update +- **UserResponseString** User response to the reboot dialog - **UtcTime** The Coordinated Universal Time that dialog was displayed @@ -4748,13 +5224,13 @@ Enhanced Engaged reboot first reminder dialog was displayed. The following fields are available: -- **DeviceLocalTime** Time of dialog shown on local device -- **ETag** OneSettings versioning value -- **ExitCode** Indicates how users exited the dialog -- **RebootVersion** Version of DTE -- **UpdateId** The id of the update that is pending reboot to finish installation -- **UpdateRevision** The revision of the update that is pending reboot to finish installation -- **UserResponseString** The option that user chose on this dialog +- **DeviceLocalTime** Time of dialog shown on local device +- **ETag** OneSettings versioning value +- **ExitCode** Indicates how users exited the dialog +- **RebootVersion** Version of DTE +- **UpdateId** The id of the update that is pending reboot to finish installation +- **UpdateRevision** The revision of the update that is pending reboot to finish installation +- **UserResponseString** The option that user chose on this dialog - **UtcTime** The Coordinated Universal Time that dialog was displayed @@ -4764,13 +5240,13 @@ Enhanced Engaged reboot forced precursor dialog was displayed. The following fields are available: -- **DeviceLocalTime** Time of dialog shown on local device -- **ETag** OneSettings versioning value -- **ExitCode** Indicates how users exited the dialog -- **RebootVersion** Version of DTE -- **UpdateId** The id of the update that is pending reboot to finish installation -- **UpdateRevision** The revision of the update that is pending reboot to finish installation -- **UserResponseString** The option that user chose on this dialog +- **DeviceLocalTime** Time of dialog shown on local device +- **ETag** OneSettings versioning value +- **ExitCode** Indicates how users exited the dialog +- **RebootVersion** Version of DTE +- **UpdateId** The id of the update that is pending reboot to finish installation +- **UpdateRevision** The revision of the update that is pending reboot to finish installation +- **UserResponseString** The option that user chose on this dialog - **UtcTime** The Coordinated Universal Time that dialog was displayed @@ -4780,13 +5256,13 @@ Enhanced Engaged forced warning dialog was displayed. The following fields are available: -- **DeviceLocalTime** Time of dialog shown on local device -- **ETag** OneSettings versioning value -- **ExitCode** Indicates how users exited the dialog -- **RebootVersion** Version of DTE -- **UpdateId** The id of the update that is pending reboot to finish installation -- **UpdateRevision** The revision of the update that is pending reboot to finish installation -- **UserResponseString** The option that user chose on this dialog +- **DeviceLocalTime** Time of dialog shown on local device +- **ETag** OneSettings versioning value +- **ExitCode** Indicates how users exited the dialog +- **RebootVersion** Version of DTE +- **UpdateId** The id of the update that is pending reboot to finish installation +- **UpdateRevision** The revision of the update that is pending reboot to finish installation +- **UserResponseString** The option that user chose on this dialog - **UtcTime** The Coordinated Universal Time that dialog was displayed @@ -4796,13 +5272,13 @@ Enhanced Engaged reboot reboot failed dialog was displayed. The following fields are available: -- **DeviceLocalTime** Dialog exit code - user response -- **ETag** OneSettings versioning value -- **ExitCode** Indicates how users exited the dialog -- **RebootVersion** Version of DTE -- **UpdateId** The ID of the update that is pending reboot to finish installation -- **UpdateRevision** The revision of the update that is pending reboot to finish installation -- **UserResponseString** The option that user chose on this dialog +- **DeviceLocalTime** Time of dialog shown on local device +- **ETag** OneSettings versioning value +- **ExitCode** Indicates how users exited the dialog +- **RebootVersion** Version of DTE +- **UpdateId** The ID of the update that is pending reboot to finish installation +- **UpdateRevision** The revision of the update that is pending reboot to finish installation +- **UserResponseString** The option that user chose on this dialog - **UtcTime** The Coordinated Universal Time that dialog was displayed @@ -4812,13 +5288,13 @@ Enhanced Engaged reboot reboot imminent dialog was displayed. The following fields are available: -- **DeviceLocalTime** Time of dialog shown on local device -- **ETag** OneSettings versioning value -- **ExitCode** Indicates how users exited the dialog -- **RebootVersion** Version of DTE -- **UpdateId** The ID of the update that is pending reboot to finish installation -- **UpdateRevision** The revision of the update that is pending reboot to finish installation -- **UserResponseString** The option that user chose on this dialog +- **DeviceLocalTime** Time of dialog shown on local device +- **ETag** OneSettings versioning value +- **ExitCode** Indicates how users exited the dialog +- **RebootVersion** Version of DTE +- **UpdateId** The ID of the update that is pending reboot to finish installation +- **UpdateRevision** The revision of the update that is pending reboot to finish installation +- **UserResponseString** The option that user chose on this dialog - **UtcTime** The Coordinated Universal Time that dialog was displayed @@ -4828,13 +5304,13 @@ Enhanced Engaged reboot second reminder dialog was displayed. The following fields are available: -- **DeviceLocalTime** Time of dialog shown on local device -- **ETag** OneSettings versioning value -- **ExitCode** Indicates how users exited the dialog -- **RebootVersion** Version of DTE -- **UpdateId** The ID of the update that is pending reboot to finish installation -- **UpdateRevision** The revision of the update that is pending reboot to finish installation -- **UserResponseString** The option that user chose on this dialog +- **DeviceLocalTime** Time of dialog shown on local device +- **ETag** OneSettings versioning value +- **ExitCode** Indicates how users exited the dialog +- **RebootVersion** Version of DTE +- **UpdateId** The ID of the update that is pending reboot to finish installation +- **UpdateRevision** The revision of the update that is pending reboot to finish installation +- **UserResponseString** The option that user chose on this dialog - **UtcTime** The Coordinated Universal Time that dialog was displayed @@ -4844,13 +5320,13 @@ Enhanced Engaged reboot third reminder dialog was displayed. The following fields are available: -- **DeviceLocalTime** Time of dialog shown on local device -- **ETag** OneSettings versioning value -- **ExitCode** Indicates how users exited the dialog -- **RebootVersion** Version of DTE -- **UpdateId** The ID of the update that is pending reboot to finish installation -- **UpdateRevision** The revision of the update that is pending reboot to finish installation -- **UserResponseString** The option that user chose on this dialog +- **DeviceLocalTime** Time of dialog shown on local device +- **ETag** OneSettings versioning value +- **ExitCode** Indicates how users exited the dialog +- **RebootVersion** Version of DTE +- **UpdateId** The ID of the update that is pending reboot to finish installation +- **UpdateRevision** The revision of the update that is pending reboot to finish installation +- **UserResponseString** The option that user chose on this dialog - **UtcTime** The Coordinated Universal Time that dialog was displayed @@ -4920,52 +5396,23 @@ The following fields are available: - **wuDeviceid** The Windows Update device GUID. -### Microsoft.Windows.Update.Orchestrator.DTUCompletedWhenWuFlightPendingCommit - -Event to indicate that DTU completed installation of the ESD, when WU was already Pending Commit of the feature update. - -The following fields are available: - -- **wuDeviceid** Device ID used by WU - - -### Microsoft.Windows.Update.Orchestrator.DTUEnabled - -Inbox DTU functionality enabled. - -The following fields are available: - -- **wuDeviceid** Device ID. - - -### Microsoft.Windows.Update.Orchestrator.DTUInitiated - -Inbox DTU functionality intiated. - -The following fields are available: - -- **dtuErrorCode** Return code from creating the DTU Com Server. -- **isDtuApplicable** Determination of whether DTU is applicable to the machine it is running on. -- **wuDeviceid** Return code from creating the DTU Com Server. - - ### Microsoft.Windows.Update.Orchestrator.DeferRestart Indicates that a restart required for installing updates was postponed. The following fields are available: -- **displayNeededReason** Semicolon-separated list of reasons reported for display needed - **eventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc - **filteredDeferReason** The raised reason that the USO did not restart (e.g. user active, low battery) that were ignorable +- **raisedDeferReason** The reason that the USO did not restart (e.g. user active, low battery) +- **wuDeviceid** Windows Update Device GUID +- **displayNeededReason** Semicolon-separated list of reasons reported for display needed - **gameModeReason** Name of the executable that caused the game mode state check to trigger. - **ignoredReason** Semicolon-separated list of reasons that were intentionally ignored. - **revisionNumber** Update ID revision number - **systemNeededReason** Semicolon-separated list of reasons reported for system needed. - **updateId** Update ID - **updateScenarioType** Update session type -- **wuDeviceid** Windows Update Device GUID -- **raisedDeferReason** The reason that the USO did not restart (e.g. user active, low battery) ### Microsoft.Windows.Update.Orchestrator.Detection @@ -4975,19 +5422,19 @@ A scan for an update occurred. The following fields are available: - **detectionBlockingPolicy** State of update action -- **detectionBlockreason** Reason for detection not completing. -- **eventScenario** End to end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. -- **interactive** Identifies if session is User Initiated. +- **detectionBlockreason** State of update action +- **eventScenario** Was it user Initiated +- **interactive** Source of the triggered scan - **scanTriggerSource** Source of the triggered scan. -- **updateScenarioType** The update session type. -- **wuDeviceid** Unique device ID used by Windows Update. -- **detectionRetryMode** If we retry to scan -- **errorCode** The returned error code. -- **deferReason** Reason for postponing detection -- **flightID** Flight info -- **revisionNumber** Update version -- **updateId** Update ID - GUID +- **updateScenarioType** Device ID +- **wuDeviceid** Device ID +- **detectionRetryMode** Error info +- **errorCode** State of update action - **networkStatus** Error info +- **deferReason** Reason for postponing detection +- **flightID** Flight info +- **revisionNumber** Update version +- **updateId** Update ID - GUID ### Microsoft.Windows.Update.Orchestrator.DisplayNeeded @@ -5023,13 +5470,42 @@ The following fields are available: - **wuDeviceid** Unique device ID used by Windows Update. +### Microsoft.Windows.Update.Orchestrator.DTUCompletedWhenWuFlightPendingCommit + +Event to indicate that DTU completed installation of the ESD, when WU was already Pending Commit of the feature update. + +The following fields are available: + +- **wuDeviceid** Device ID used by WU + + +### Microsoft.Windows.Update.Orchestrator.DTUEnabled + +Inbox DTU functionality enabled. + +The following fields are available: + +- **wuDeviceid** Device ID. + + +### Microsoft.Windows.Update.Orchestrator.DTUInitiated + +Inbox DTU functionality intiated. + +The following fields are available: + +- **dtuErrorCode** Return code from creating the DTU Com Server. +- **isDtuApplicable** Determination of whether DTU is applicable to the machine it is running on. +- **wuDeviceid** Return code from creating the DTU Com Server. + + ### Microsoft.Windows.Update.Orchestrator.Escalation Event sent when USO takes an Escalation action on device. The following fields are available: -- **configVersion** Escalation config version on device +- **configVersion** Escalation config version on device - **escalationAction** Indicate the specific escalation action that took place on device - **updateClassificationGUID** GUID of the update the device is offered - **updateId** ID of the update the device is offered @@ -5115,22 +5591,22 @@ This event sends launch data for a Windows Update install to help keep Windows u The following fields are available: - **batteryLevel** Current battery capacity in mWh or percentage left. -- **deferReason** Reason for install not completing. +- **errorCode** The error code reppresented by a hexadecimal value. - **eventScenario** End to end update session ID. +- **flightID** Unique update ID +- **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates. +- **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress. - **interactive** Identifies if session is user initiated. - **rebootOutsideOfActiveHours** Indicates the timing that the reboot was to occur to ensure the correct update process and experience is provided to keep Windows up to date. +- **revisionNumber** Update revision number. +- **updateId** Update ID. - **updateScenarioType** The update session type. - **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date. - **wuDeviceid** Unique device ID used by Windows Update. -- **flightID** Unique update ID +- **deferReason** Reason for install not completing. - **flightUpdate** Flight update -- **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates. - **installRebootinitiatetime** The time it took for a reboot to be attempted. - **minutesToCommit** The time it took to install updates. -- **revisionNumber** Update revision number. -- **updateId** Update ID. -- **errorCode** The error code reppresented by a hexadecimal value. -- **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress. ### Microsoft.Windows.Update.Orchestrator.PostInstall @@ -5139,12 +5615,12 @@ Event sent after Update install completes. The following fields are available: -- **batteryLevel** Battery level percentage -- **bundleId** Update ID - GUID -- **bundleRevisionnumber** Update ID revision number -- **errorCode** Error value -- **eventScenario** State of update action -- **sessionType** Update session type +- **batteryLevel** Battery level percentage +- **bundleId** Update ID - GUID +- **bundleRevisionnumber** Update ID revision number +- **errorCode** Error value +- **eventScenario** State of update action +- **sessionType** Update session type - **wuDeviceid** Windows Update device GUID - **flightID** The flight ID of the device - **updateScenarioType** The scenario type of this update @@ -5152,14 +5628,14 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.PowerMenuOptionsChanged -This event is sent when the options in power menu changed, usually due to an update pending reboot, or after a update is installed. +This event is sent when the options in power menu changed, usually due to an update pending reboot, or after a update is installed. The following fields are available: -- **powermenuNewOptions** The new options after the power menu changed -- **powermenuOldOptions** The old options before the power menu changed -- **rebootPendingMinutes** If the power menu changed because a reboot is pending due to a update, how long that reboot has been pending -- **wuDeviceid** If the power menu changed because a reboot is pending due to a update, the device ID recorded by WU +- **powermenuNewOptions** The new options after the power menu changed +- **powermenuOldOptions** The old options before the power menu changed +- **rebootPendingMinutes** If the power menu changed because a reboot is pending due to a update, how long that reboot has been pending +- **wuDeviceid** If the power menu changed because a reboot is pending due to a update, the device ID recorded by WU ### Microsoft.Windows.Update.Orchestrator.PreShutdownStart @@ -5258,10 +5734,10 @@ Update activity was stopped due to active hours starting. The following fields are available: -- **activeHoursEnd** The end of the active hours window -- **activeHoursStart** The start of the active hours window -- **updatePhase** The current state of the update process -- **wuDeviceid** Device ID +- **activeHoursEnd** The end of the active hours window. +- **activeHoursStart** The start of the active hours window. +- **updatePhase** The current state of the update process. +- **wuDeviceid** The device identifier. ### Microsoft.Windows.Update.Orchestrator.TerminatedByBatteryLevel @@ -5270,10 +5746,10 @@ Update activity was stopped due to a low battery level. The following fields are available: -- **batteryLevel** The current battery charge capacity -- **batteryLevelThreshold** The battery capacity threshold to stop update activity -- **updatePhase** The current state of the update process -- **wuDeviceid** Device ID +- **batteryLevel** The current battery charge capacity. +- **batteryLevelThreshold** The battery capacity threshold to stop update activity. +- **updatePhase** The current state of the update process. +- **wuDeviceid** The device identifier. ### Microsoft.Windows.Update.Orchestrator.UpdatePolicyCacheRefresh @@ -5324,21 +5800,21 @@ The following fields are available: ### Microsoft.Windows.Update.Ux.MusNotification.RebootScheduled -The RebootScheduled event sends basic information for scheduling a update related reboot to facilitate the flow of getting security updates and keeping Windows up to date. +The RebootScheduled event sends basic information for scheduling a update related reboot to facilitate the flow of getting security updates and keeping Windows up to date. The following fields are available: -- **activeHoursApplicable** Whether Active Hours applies. -- **rebootArgument** The reboot arguments +- **activeHoursApplicable** Whether Active Hours applies. +- **IsEnhancedEngagedReboot** If Enhanced reboot was enabled. +- **rebootArgument** The reboot arguments - **rebootOutsideOfActiveHours** If reboot was outside of Active Hours -- **rebootScheduledByUser** If the reboot was scheduled by the user, or the system. +- **rebootScheduledByUser** If the reboot was scheduled by the user, or the system. - **rebootState** Which state the reboot is in - **revisionNumber** Revision number of the OS -- **scheduledRebootTime** Time the reboot was scheduled for. -- **scheduledRebootTimeInUTC** Time the reboot was scheduled for in UTC +- **scheduledRebootTime** Time the reboot was scheduled for. +- **scheduledRebootTimeInUTC** Time the reboot was scheduled for in UTC. - **updateId** UpdateId to identify which update is being scheduled. - **wuDeviceid** Unique DeviceID -- **IsEnhancedEngagedReboot** If Enhanced reboot was enabled. ### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerFirstReadyToReboot @@ -5353,7 +5829,7 @@ This event is sent when MUSE broker schedules a task. The following fields are available: -- **TaskArgument** The arguments with which the task is scheduled. +- **TaskArgument** The arguments with which the task is scheduled. - **TaskName** Name of the task. @@ -5361,26 +5837,26 @@ The following fields are available: ### Mitigation360Telemetry.MitigationCustom.CleanupSafeOsImages -This event sends data specific to the CleanupSafeOsImages mitigation used for OS Updates. +This event sends data specific to the CleanupSafeOsImages mitigation used for OS Updates. The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightId** Unique identifier for each flight. -- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. -- **MitigationScenario** The update scenario in which the mitigation was executed. -- **MountedImageCount** Number of mounted images. -- **MountedImageMatches** Number of mounted images that were under %systemdrive%\$Windows.~BT. -- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. -- **MountedImagesRemoved** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. -- **MountedImagesSkipped** Number of mounted images that were not under %systemdrive%\$Windows.~BT. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **Result** HResult of this operation. -- **ScenarioId** ID indicating the mitigation scenario. -- **ScenarioSupported** Indicates whether the scenario was supported. -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each Update. -- **WuId** Unique ID for the Windows Update client. +- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightId** Unique identifier for each flight. +- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. +- **MitigationScenario** The update scenario in which the mitigation was executed. +- **MountedImageCount** Number of mounted images. +- **MountedImageMatches** Number of mounted images that were under %systemdrive%\$Windows.~BT. +- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. +- **MountedImagesRemoved** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. +- **MountedImagesSkipped** Number of mounted images that were not under %systemdrive%\$Windows.~BT. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **Result** HResult of this operation. +- **ScenarioId** ID indicating the mitigation scenario. +- **ScenarioSupported** Indicates whether the scenario was supported. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each Update. +- **WuId** Unique ID for the Windows Update client. ### Mitigation360Telemetry.MitigationCustom.FixAppXReparsePoints @@ -5389,19 +5865,19 @@ This event sends data specific to the FixAppXReparsePoints mitigation used for O The following fields are available: -- **ClientId** Unique identifier for each flight. -- **FlightId** Unique GUID that identifies each instances of setuphost.exe. -- **InstanceId** The update scenario in which the mitigation was executed. -- **MitigationScenario** Correlation vector value generated from the latest USO scan. -- **RelatedCV** Number of reparse points that are corrupted but we failed to fix them. -- **ReparsePointsFailed** Number of reparse points that were corrupted and were fixed by this mitigation. -- **ReparsePointsFixed** Number of reparse points that are not corrupted and no action is required. -- **ReparsePointsSkipped** HResult of this operation. -- **Result** ID indicating the mitigation scenario. -- **ScenarioId** Indicates whether the scenario was supported. -- **ScenarioSupported** Unique value for each update attempt. -- **SessionId** Unique ID for each Update. -- **UpdateId** Unique ID for the Windows Update client. +- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightId** Unique identifier for each flight. +- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. +- **MitigationScenario** The update scenario in which the mitigation was executed. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **ReparsePointsFailed** Number of reparse points that are corrupted but we failed to fix them. +- **ReparsePointsFixed** Number of reparse points that were corrupted and were fixed by this mitigation. +- **ReparsePointsSkipped** Number of reparse points that are not corrupted and no action is required. +- **Result** HResult of this operation. +- **ScenarioId** ID indicating the mitigation scenario. +- **ScenarioSupported** Indicates whether the scenario was supported. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each Update. - **WuId** Unique ID for the Windows Update client. @@ -5411,20 +5887,29 @@ This event sends data specific to the FixupEditionId mitigation used for OS upda The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. - **EditionIdUpdated** Determine whether EditionId was changed. -- **FlightId** Unique identifier for each flight. -- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. -- **MitigationScenario** The update scenario in which the mitigation was executed. +- **FlightId** Unique identifier for each flight. +- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. +- **MitigationScenario** The update scenario in which the mitigation was executed. - **ProductEditionId** Expected EditionId value based on GetProductInfo. - **ProductType** Value returned by GetProductInfo. - **RegistryEditionId** EditionId value in the registry. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **Result** HResult of this operation. -- **ScenarioId** ID indicating the mitigation scenario. -- **ScenarioSupported** Indicates whether the scenario was supported. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **Result** HResult of this operation. +- **ScenarioId** ID indicating the mitigation scenario. +- **ScenarioSupported** Indicates whether the scenario was supported. - **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each update. -- **WuId** Unique ID for the Windows Update client. +- **UpdateId** Unique ID for each update. +- **WuId** Unique ID for the Windows Update client. + + +## Winlogon events + +### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon + +This event signals the completion of the setup process. It happens only once during the first logon. + + From 00f7793c6c960adaf039fc07827474059f025afc Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Wed, 22 Aug 2018 16:02:05 -0700 Subject: [PATCH 02/24] new build --- ...ndows-diagnostic-events-and-fields-1803.md | 663 ++++++++++-------- 1 file changed, 359 insertions(+), 304 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index 31e8059b50..05668c325b 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -9,7 +9,7 @@ ms.pagetype: security localizationpriority: high author: brianlic-msft ms.author: brianlic -ms.date: 08/21/2018 +ms.date: 08/22/2018 --- @@ -51,37 +51,40 @@ This event lists the types of objects and how many of each exist on the client d The following fields are available: +- **DatasourceApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. +- **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device. +- **DatasourceDriverPackage_RS1** The total DataSourceDriverPackage objects targeting Windows 10 version 1607 on this device. +- **DataSourceMatchingInfoBlock_RS1** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device. +- **DataSourceMatchingInfoPassive_RS1** The total DataSourceMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. +- **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. +- **DatasourceSystemBios_RS1** The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device. +- **DecisionApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. +- **DecisionDevicePnp_RS1** The total DecisionDevicePnp objects targeting Windows 10 version 1607 on this device. +- **DecisionDriverPackage_RS1** The total DecisionDriverPackage objects targeting Windows 10 version 1607 on this device. +- **DecisionMatchingInfoBlock_RS1** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device. +- **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. +- **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. +- **DecisionMediaCenter_RS1** The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device. +- **DecisionSystemBios_RS1** The total DecisionSystemBios objects targeting Windows 10 version 1607 on this device. - **PCFP** An ID for the system, calculated by hashing hardware identifiers. -- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device. -- **InventoryMediaCenter** The count of the number of this particular object type present on this device. -- **InventoryApplicationFile** The count of the number of this particular object type present on this device. +- **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. +- **SystemMemory** The count of the number of this particular object type present on this device. +- **InventoryTest** No content is currently available. +- **SystemWlan** The count of the number of this particular object type present on this device. +- **SystemWim** The count of the number of this particular object type present on this device. - **SystemProcessorNx** The count of the number of this particular object type present on this device. - **SystemProcessorSse2** The count of the number of this particular object type present on this device. - **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device. - **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device. -- **DatasourceSystemBios_RS1** The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device. -- **DecisionSystemBios_RS1** The total DecisionSystemBios objects targeting Windows 10 version 1607 on this device. - **SystemProcessorPrefetchW** The count of the number of this particular object type present on this device. -- **SystemMemory** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_RS1** The total DataSourceMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. -- **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. -- **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. -- **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. -- **InventorySystemBios** The count of the number of this particular object type present on this device. -- **DecisionMediaCenter_RS1** The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device. -- **DataSourceMatchingInfoBlock_RS1** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device. -- **DecisionMatchingInfoBlock_RS1** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device. -- **DatasourceApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. -- **DecisionApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. -- **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. -- **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device. -- **DatasourceDriverPackage_RS1** The total DataSourceDriverPackage objects targeting Windows 10 version 1607 on this device. -- **DecisionDevicePnp_RS1** The total DecisionDevicePnp objects targeting Windows 10 version 1607 on this device. -- **DecisionDriverPackage_RS1** The total DecisionDriverPackage objects targeting Windows 10 version 1607 on this device. -- **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. -- **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device. - **InventoryLanguagePack** The count of the number of this particular object type present on this device. -- **SystemWlan** The count of the number of this particular object type present on this device. +- **InventoryMediaCenter** The count of the number of this particular object type present on this device. +- **InventoryApplicationFile** The count of the number of this particular object type present on this device. +- **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device. +- **InventorySystemBios** The count of the number of this particular object type present on this device. +- **SystemTouch** The count of SystemTouch objects present on this machine. +- **SystemWindowsActivationStatus** The count of SystemWindowsActivationStatus objects present on this machine. +- **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. - **DatasourceApplicationFile_RS3** The total DecisionApplicationFile objects targeting the next release of Windows on this device. - **DatasourceDevicePnp_RS3** The total DatasourceDevicePnp objects targeting the next release of Windows on this device. - **DatasourceDriverPackage_RS3** The total DatasourceDriverPackage objects targeting the next release of Windows on this device. @@ -98,9 +101,6 @@ The following fields are available: - **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device. - **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting the next release of Windows on this device. - **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device. -- **SystemTouch** The count of SystemTouch objects present on this machine. -- **SystemWim** The count of SystemWim objects present on this machine. -- **InventoryTest** No content is currently available. ### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd @@ -1182,8 +1182,6 @@ The following fields are available: This event indicates that a new set of SystemWindowsActivationStatusAdd events will be sent. -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1293,16 +1291,16 @@ Provides information on IE and Census versions running on the device. The following fields are available: +- **AppraiserEnterpriseErrorCode** The error code of the last Appraiser enterprise run. +- **AppraiserErrorCode** The error code of the last Appraiser run. +- **AppraiserRunEndTimeStamp** The end time of the last Appraiser run. +- **AppraiserRunIsInProgressOrCrashed** Flag that indicates if the Appraiser run is in progress or has crashed. +- **AppraiserRunStartTimeStamp** The start time of the last Appraiser run. +- **AppraiserTaskEnabled** Whether the Appraiser task is enabled. +- **AppraiserTaskExitCode** The Appraiser task exist code. +- **AppraiserTaskLastRun** The last runtime for the Appraiser task. - **CensusVersion** The version of Census that generated the current data for this device. -- **IEVersion** Retrieves which version of Internet Explorer is running on this device. -- **AppraiserEnterpriseErrorCode** No content is currently available. -- **AppraiserErrorCode** No content is currently available. -- **AppraiserRunEndTimeStamp** No content is currently available. -- **AppraiserRunIsInProgressOrCrashed** No content is currently available. -- **AppraiserRunStartTimeStamp** No content is currently available. -- **AppraiserTaskEnabled** No content is currently available. -- **AppraiserTaskExitCode** No content is currently available. -- **AppraiserTaskLastRun** No content is currently available. +- **IEVersion** IE version running on the device. ### Census.Battery @@ -1334,6 +1332,7 @@ This event sends data about Azure presence, type, and cloud domain use in order The following fields are available: +- **AADDeviceId** Azure Active Directory device id. - **AzureOSIDPresent** Represents the field used to identify an Azure machine. - **AzureVMType** Represents whether the instance is Azure VM PAAS, Azure VM IAAS or any other VMs. - **CDJType** Represents the type of cloud domain joined for the machine. @@ -1351,7 +1350,6 @@ The following fields are available: - **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment. - **ServerFeatures** Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. - **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier -- **AADDeviceId** Azure Active Directory device id. ### Census.Firmware @@ -1391,6 +1389,7 @@ The following fields are available: - **ChassisType** Represents the type of device chassis, such as desktop or low profile desktop. The possible values can range between 1 - 36. - **ComputerHardwareID** Identifies a device class that is represented by a hash of different SMBIOS fields. - **D3DMaxFeatureLevel** Supported Direct3D version. +- **DeviceColor** Indicates a color of the device. - **DeviceForm** Indicates the form as per the device classification. - **DeviceName** The device name that is set by the user. - **DigitizerSupport** Is a digitizer supported? @@ -1419,7 +1418,6 @@ The following fields are available: - **TelemetrySettingAuthority** Determines who set the telemetry level, such as GP, MDM, or the user. - **TPMVersion** The supported Trusted Platform Module (TPM) on the device. If no TPM is present, the value is 0. - **VoiceSupported** Does the device have a cellular radio capable of making voice calls? -- **DeviceColor** Indicates a color of the device. ### Census.Memory @@ -1503,21 +1501,21 @@ Provides information on several important data points about Processor settings The following fields are available: +- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system. The complete list of values can be found in DimProcessorArchitecture. +- **ProcessorClockSpeed** Retrieves the clock speed of the processor in MHz. +- **ProcessorCores** Retrieves the number of cores in the processor. +- **ProcessorIdentifier** The processor identifier of a manufacturer. +- **ProcessorManufacturer** Retrieves the name of the processor's manufacturer. +- **ProcessorModel** Retrieves the name of the processor model. +- **ProcessorPhysicalCores** Number of physical cores in the processor. +- **ProcessorUpdateRevision** Retrieves the processor architecture of the installed operating system. +- **SocketCount** Number of physical CPU sockets of the machine. - **KvaShadow** Microcode info of the processor. - **MMSettingOverride** Microcode setting of the processor. - **MMSettingOverrideMask** Microcode setting override of the processor. -- **PreviousUpdateRevision** Previous microcode revision. -- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system. -- **ProcessorClockSpeed** Clock speed of the processor in MHz. -- **ProcessorCores** Number of logical cores in the processor. -- **ProcessorIdentifier** Processor Identifier of a manufacturer. -- **ProcessorManufacturer** Name of the processor manufacturer. -- **ProcessorModel** Name of the processor model. -- **ProcessorPhysicalCores** Number of physical cores in the processor. -- **ProcessorUpdateRevision** Microcode revision. - **ProcessorUpdateStatus** Enum value that represents the processor microcode load status. -- **SocketCount** Count of CPU sockets. - **SpeculationControl** If the system has enabled protections needed to validate the speculation control vulnerability. +- **PreviousUpdateRevision** Previous microcode revision. ### Census.Security @@ -1924,7 +1922,7 @@ The following fields are available: - **ErrorCode** Error code of action - **FlightId** Flight being used - **RelatedCV** CV of any other related events -- **Result** Phase Setup is in +- **Result** End result of action ### DeploymentTelemetry.Deployment_SetupBoxLaunch @@ -2161,11 +2159,11 @@ Commit call. The following fields are available: +- **hResult** HRESULT of the failure. - **CampaignID** Campaign ID being run. - **ClientID** Client ID being run. - **CoordinatorVersion** Coordinator version of DTU. - **CV** Correlation vector. -- **hResult** HRESULT of the failure. ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCommitSuccess @@ -2186,11 +2184,11 @@ Event to indicate that we have received an unexpected error in the DTU Coordinat The following fields are available: +- **hResult** HRESULT of the failure. - **CampaignID** Campaign ID being run. - **ClientID** Client ID being run. - **CoordinatorVersion** Coordinator version of DTU. - **CV** Correlation vector. -- **hResult** HRESULT of the failure. ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadIgnoredFailure @@ -2249,11 +2247,11 @@ Event to indicate that we have received an unexpected error in the DTU Coordinat The following fields are available: -- **hResult** HRESULT of the failure. - **CampaignID** Campaign ID being run. - **ClientID** Client ID being run. - **CoordinatorVersion** Coordinator version of DTU. - **CV** Correlation vector. +- **hResult** HRESULT of the failure. ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInitializeSuccess @@ -2312,12 +2310,12 @@ Event to indicate Coordinator's progress callback has been called. The following fields are available: +- **Current Deploy Phase's percentage completed** Trigger which fired UXLauncher. +- **DeployPhase** Current Deploy Phase. - **CampaignID** Campaign ID being run. - **ClientID** Client ID being run. - **CoordinatorVersion** Coordinator version of DTU. -- **Current Deploy Phase's percentage completed** Trigger which fired UXLauncher. - **CV** Correlation vector. -- **DeployPhase** Current Deploy Phase. ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorSetCommitReadyGenericFailure @@ -2364,11 +2362,11 @@ Event to indicate that the Coordinator WaitForRebootUi call succeeded. The following fields are available: -- **CampaignID** Campaign ID being run. -- **ClientID** Client ID being run. -- **CoordinatorVersion** Coordinator version of DTU. -- **CV** Correlation vector. -- **hResult** HRESULT of the failure. +- **CampaignID** Campaign ID being run +- **ClientID** Client ID being run +- **CoordinatorVersion** Coordinator version of DTU +- **CV** Correlation vector +- **hResult** HRESULT of the failure ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSelection @@ -2547,11 +2545,11 @@ Event to indicate that we have received an unexpected error in the DTU Handler D The following fields are available: +- **hResult** HRESULT of the failure - **CampaignID** Campaign ID being run - **ClientID** Client ID being run - **CoordinatorVersion** Coordinator version of DTU - **CV** Correlation vector -- **hResult** HRESULT of the failure ### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadSuccess @@ -2599,11 +2597,11 @@ Event to indicate that we have received an unexpected error in the DTU Handler I The following fields are available: -- **hResult** HRESULT of the failure - **CampaignID** Campaign ID being run - **ClientID** Client ID being run - **CoordinatorVersion** Coordinator version of DTU - **CV** Correlation vector +- **hResult** HRESULT of the failure ### Microsoft.Windows.DirectToUpdate.DTUHandlerInstallSuccess @@ -3118,6 +3116,7 @@ The following fields are available: - **FileSize** File size of the Office addin - **FriendlyName** Friendly name for office addin - **FullPath** Unexpanded path to the office addin +- **InventoryVersion** The version of the inventory binary generating the events. - **LoadBehavior** Uint32 that describes the load behavior - **OfficeApplication** The office application for this addin - **OfficeArchitecture** Architecture of the addin @@ -3130,7 +3129,6 @@ The following fields are available: - **Provider** Name of the provider for this addin - **AddInCLSID** CLSID key for the office addin - **LoadTime** Load time for the office addin -- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove @@ -3256,11 +3254,11 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: -- **InventoryVersion** The version of the inventory binary generating the events. - **OC2rApps** A GUID the describes the Office Click-To-Run apps - **OC2rSkus** Comma-delimited list (CSV) of Office Click-To-Run products installed on the device. For example, Office 2016 ProPlus - **OMsiApps** Comma-delimited list (CSV) of Office MSI products installed on the device. For example, Microsoft Word - **OProductCodes** A GUID that describes the Office MSI products +- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeProductsStartSync @@ -3452,27 +3450,27 @@ OS Boot information used to evaluate the success of the upgrade process. The following fields are available: -- **BootApplicationId** No content is currently available. -- **BootAttemptCount** No content is currently available. -- **BootSequence** No content is currently available. -- **BootStatusPolicy** No content is currently available. -- **BootType** No content is currently available. -- **EventTimestamp** No content is currently available. -- **FirmwareResetReasonEmbeddedController** No content is currently available. -- **FirmwareResetReasonEmbeddedControllerAdditional** No content is currently available. -- **FirmwareResetReasonPch** No content is currently available. -- **FirmwareResetReasonPchAdditional** No content is currently available. -- **FirmwareResetReasonSupplied** No content is currently available. -- **IO** No content is currently available. See [IO](#io). -- **LastBootSucceeded** No content is currently available. -- **LastShutdownSucceeded** No content is currently available. -- **MenuPolicy** No content is currently available. -- **RecoveryEnabled** No content is currently available. -- **UserInputTime** No content is currently available. +- **BootApplicationId** This field tells us what the OS Loader Application Identifier is. +- **BootAttemptCount** This is the number of consecutive times the boot manager has attempted to boot into this operating system. +- **BootSequence** The current Boot ID. It is used to correlate events related to a particular boot session. +- **BootStatusPolicy** This field tells us the boot status policy. +- **BootType** This field tells us the type of boot (such as "Cold", "Hiber", "Resume"). +- **EventTimestamp** Seconds elapsed since an arbitrary time point. This field can be used to identify the time difference in successive boot attempts being made. +- **FirmwareResetReasonEmbeddedController** Reason for system reset provided by firmware. +- **FirmwareResetReasonEmbeddedControllerAdditional** Additional information on system reset reason provided by firmware if needed. +- **FirmwareResetReasonPch** Reason for system reset provided by firmware. +- **FirmwareResetReasonPchAdditional** Additional information on system reset reason provided by firmware if needed. +- **FirmwareResetReasonSupplied** Flag indicating that a reason for system reset was provided by firmware. +- **IO** Amount of disk IO in boot. See [IO](#io). +- **LastBootSucceeded** Flag indicating whether the last boot was successful. +- **LastShutdownSucceeded** Flag indicating whether the last shutdown was successful. +- **MenuPolicy** Type of advanced options menu that should be shown to the user, such as Legacy or Standard. +- **RecoveryEnabled** Tells us whether or not recovery is enabled. +- **UserInputTime** This is the amount of time the loader application spent waiting for user input. - **MaxAbove4GbFreeRange** No content is currently available. - **MaxBelow4GbFreeRange** No content is currently available. - **MeasuredLaunchPrepared** No content is currently available. -- **SecureLaunchPrepared** No content is currently available. +- **SecureLaunchPrepared** This field indicates if DRTM was prepared during boot. ### Microsoft.Windows.Kernel.Power.OSStateChange @@ -3522,10 +3520,10 @@ Event tells us effectiveness of new privacy experience. The following fields are available: -- **isAdmin** Whether the current user is an administrator or not -- **isSilentElevation** Whether the current user has enabled silent elevation -- **privacyConsentState** The current state of the privacy consent experience +- **isAdmin** whether the person who is logging in is an admin - **isLaunching** Whether or not the privacy consent experience will be launched +- **isSilentElevation** whether the user has most restrictive UAC controls +- **privacyConsentState** whether the user has completed privacy experience - **userRegionCode** The current user's region setting @@ -3578,9 +3576,9 @@ Activity for run of the Transient Account Manager that determines if any user ac The following fields are available: -- **totalAccountCount** The number of accounts on a device after running the Transient Account Manager policies. - **wilActivity** Windows Error Reporting data collected when there is a failure in evaluating accounts to be deleted with the Transient Account Manager. See [wilActivity](#wilactivity). - **evaluationTrigger** When was the Transient Account Manager policies ran? Example: At log off or during maintenance hours +- **totalAccountCount** The number of accounts on a device after running the Transient Account Manager policies. ## SIH events @@ -3618,14 +3616,14 @@ The following fields are available: - **CachedEngineVersion** The engine DLL version that is being used. - **EventInstanceID** A unique identifier for event instance. - **EventScenario** Indicates the purpose of sending this event – whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. +- **FailedParseActions** The list of actions that were not successfully parsed. +- **ParsedActions** The list of actions that were successfully parsed. - **ServiceGuid** A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Windows Store, etc.) - **SihclientVersion** The client version that is being used. - **WuapiVersion** The Windows Update API version that is currently installed. - **WuaucltVersion** The Windows Update client version that is currently installed. - **WuauengVersion** The Windows Update engine version that is currently installed. - **WUDeviceID** The unique identifier controlled by the software distribution client. -- **FailedParseActions** The list of actions that were not successfully parsed. -- **ParsedActions** The list of actions that were successfully parsed. ## Software update events @@ -3638,19 +3636,38 @@ The following fields are available: - **ActivityMatchingId** Contains a unique ID identifying a single CheckForUpdates session from initialization to completion. - **AllowCachedResults** Indicates if the scan allowed using cached results. +- **BiosFamily** The family of the BIOS (Basic Input Output System). +- **BiosName** The name of the device BIOS. +- **BiosReleaseDate** The release date of the device BIOS. +- **BiosSKUNumber** The sku number of the device BIOS. +- **BIOSVendor** The vendor of the BIOS. +- **BiosVersion** The version of the BIOS. - **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. +- **CapabilityDetectoidGuid** The GUID for a hardware applicability detectoid that could not be evaluated. +- **CDNCountryCode** Two letter country abbreviation for the CDN's location. +- **CDNId** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. +- **ClientVersion** The version number of the software distribution client. - **CurrentMobileOperator** The mobile operator the device is currently connected to. +- **DeviceModel** What is the device model. +- **DriverError** The error code hit during a driver scan. This is 0 if no error was encountered. - **DriverSyncPassPerformed** Were drivers scanned this time? +- **EventInstanceID** A globally unique identifier for event instance. - **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. +- **ExtendedMetadataCabUrl** Hostname that is used to download an update. - **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough. +- **FailedUpdateGuids** The GUIDs for the updates that failed to be evaluated during the scan. +- **FailedUpdatesCount** The number of updates that failed to be evaluated during the scan. - **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. - **FlightBranch** The branch that a device is on if participating in flighting (pre-release builds). - **FlightRing** The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds). - **HomeMobileOperator** The mobile operator that the device was originally intended to work with. +- **IntentPFNs** Intended application-set metadata for atomic update scenarios. - **IPVersion** Indicates whether the download took place over IPv4 or IPv6 - **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. - **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. - **MetadataIntegrityMode** The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce +- **MSIError** The last error that was encountered during a scan for updates. +- **NetworkConnectivityDetected** Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6 - **NumberOfApplicationsCategoryScanEvaluated** The number of categories (apps) for which an app update scan checked - **NumberOfLoop** The number of round trips the scan required - **NumberOfNewUpdatesFromServiceSync** The number of updates which were seen for the first time in this scan @@ -3668,34 +3685,11 @@ The following fields are available: - **ShippingMobileOperator** The mobile operator that a device shipped on. - **StatusCode** Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult). - **SyncType** Describes the type of scan the event was -- **TotalNumMetadataSignatures** The total number of metadata signatures checks done for new metadata that was synced down. -- **BiosFamily** The family of the BIOS (Basic Input Output System). -- **BiosName** The name of the device BIOS. -- **BiosReleaseDate** The release date of the device BIOS. -- **BiosSKUNumber** The sku number of the device BIOS. -- **BIOSVendor** The vendor of the BIOS. -- **BiosVersion** The version of the BIOS. -- **CapabilityDetectoidGuid** The GUID for a hardware applicability detectoid that could not be evaluated. -- **CDNCountryCode** Two letter country abbreviation for the CDN's location. -- **CDNId** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. -- **ClientVersion** The version number of the software distribution client. -- **DeviceModel** What is the device model. -- **DriverError** The error code hit during a driver scan. This is 0 if no error was encountered. -- **EventInstanceID** A globally unique identifier for event instance. -- **ExtendedMetadataCabUrl** Hostname that is used to download an update. -- **FailedUpdateGuids** The GUIDs for the updates that failed to be evaluated during the scan. -- **FailedUpdatesCount** The number of updates that failed to be evaluated during the scan. -- **IntentPFNs** Intended application-set metadata for atomic update scenarios. -- **MSIError** The last error that was encountered during a scan for updates. -- **NetworkConnectivityDetected** Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6 - **SystemBIOSMajorRelease** Major version of the BIOS. - **SystemBIOSMinorRelease** Minor version of the BIOS. +- **TotalNumMetadataSignatures** The total number of metadata signatures checks done for new metadata that was synced down. - **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. -- **TargetMetadataVersion** For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null. -- **IsWUfBFederatedScanDisabled** Indicates if Windows Update for Business federated scan is disabled on the device. - **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable -- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null. -- **Context** Gives context on where the error has occurred. Example: AutoEnable, GetSLSData, AddService, Misc, or Unknown - **NumberOfApplicableUpdates** The number of updates which were ultimately deemed applicable to the system after the detection process is complete - **WebServiceRetryMethods** Web service method requests that needed to be retried to complete operation. - **BranchReadinessLevel** The servicing branch configured on the device. @@ -3711,6 +3705,10 @@ The following fields are available: - **PauseQualityUpdatesStartTime** If quality OS updates are paused on the device, this is the date and time for the beginning of the pause time window. - **QualityUpdateDeferral** The deferral period configured for quality OS updates on the device (in days). - **QualityUpdatePausePeriod** The pause duration configured for quality OS updates on the device (in days). +- **IsWUfBFederatedScanDisabled** Indicates if Windows Update for Business federated scan is disabled on the device. +- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null. +- **TargetMetadataVersion** For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null. +- **Context** Gives context on where the error has occurred. Example: AutoEnable, GetSLSData, AddService, Misc, or Unknown ### SoftwareUpdateClientTelemetry.Commit @@ -3745,11 +3743,11 @@ The following fields are available: ### SoftwareUpdateClientTelemetry.Download -Download process event for target update on Windows Update client (see eventscenario field for specifics, e.g.: started/failed/succeeded) +Download process event for target update on Windows Update client. See EventScenario field for specifics (started/failed/succeeded). The following fields are available: -- **ActiveDownloadTime** How long the download took, in seconds, excluding time where the update wasn't actively being downloaded. +- **ActiveDownloadTime** Number of seconds the update was actively being downloaded. - **AppXBlockHashValidationFailureCount** A count of the number of blocks that have failed validation after being downloaded. - **AppXDownloadScope** Indicates the scope of the download for application content. For streaming install scenarios, AllContent - non-streaming download, RequiredOnly - streaming download requested content required for launch, AutomaticOnly - streaming download requested automatic streams for the app, and Unknown - for events sent before download scope is determined by the Windows Update client. - **BiosFamily** The family of the BIOS (Basic Input Output System). @@ -3758,11 +3756,11 @@ The following fields are available: - **BiosSKUNumber** The sku number of the device BIOS. - **BIOSVendor** The vendor of the BIOS. - **BiosVersion** The version of the BIOS. -- **BundleBytesDownloaded** How many bytes were downloaded for the specific content bundle. +- **BundleBytesDownloaded** Number of bytes downloaded for the specific content bundle. - **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. -- **BundleRepeatFailFlag** Indicates whether this particular update bundle had previously failed to download. +- **BundleRepeatFailFlag** Indicates whether this particular update bundle previously failed to download. - **BundleRevisionNumber** Identifies the revision number of the content bundle. -- **BytesDownloaded** How many bytes were downloaded for an individual piece of content (not the entire bundle). +- **BytesDownloaded** Number of bytes that were downloaded for an individual piece of content (not the entire bundle). - **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. - **CbsDownloadMethod** Indicates whether the download was a full-file download or a partial/delta download. - **CDNCountryCode** Two letter country abbreviation for the CDN's location. @@ -3771,6 +3769,7 @@ The following fields are available: - **CurrentMobileOperator** The mobile operator the device is currently connected to. - **DeviceModel** What is the device model. - **DownloadPriority** Indicates whether a download happened at background, normal, or foreground priority. +- **DownloadScenarioId** A unique ID for a given download used to tie together WU and DO events. - **EventInstanceID** A globally unique identifier for event instance. - **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started downloading content, or whether it was cancelled, succeeded, or failed. - **EventType** Possible values are Child, Bundle, or Driver. @@ -3778,7 +3777,7 @@ The following fields are available: - **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. - **FlightBranch** The branch that a device is on if participating in flighting (pre-release builds). - **FlightBuildNumber** If this download was for a flight (pre-release build), this indicates the build number of that flight. -- **FlightId** The specific id of the flight (pre-release build) the device is getting. +- **FlightId** The specific ID of the flight (pre-release build) the device is getting. - **FlightRing** The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds). - **HandlerType** Indicates what kind of content is being downloaded (app, driver, windows patch, etc.). - **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device. @@ -3794,11 +3793,10 @@ The following fields are available: - **PhonePreviewEnabled** Indicates whether a phone was opted-in to getting preview builds, prior to flighting (pre-release builds) being introduced. - **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. -- **RegulationReason** The reason that the update is regulated -- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one +- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one. - **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download. - **RevisionNumber** Identifies the revision number of this specific piece of content. -- **ServiceGuid** An ID which represents which service the software distribution client is installing content for (Windows Update, Windows Store, etc.). +- **ServiceGuid** An ID that represents which service the software distribution client is installing content for (Windows Update, Windows Store, etc.). - **Setup360Phase** If the download is for an operating system upgrade, this datapoint indicates which phase of the upgrade is underway. - **ShippingMobileOperator** The mobile operator that a device shipped on. - **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult). @@ -3814,7 +3812,7 @@ The following fields are available: - **UsedDO** Whether the download used the delivery optimization service. - **UsedSystemVolume** Indicates whether the content was downloaded to the device's main system storage drive, or an alternate storage drive. - **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. -- **DownloadScenarioId** A unique ID for a given download used to tie together WU and DO events. +- **RegulationReason** The reason that the update is regulated ### SoftwareUpdateClientTelemetry.DownloadCheckpoint @@ -3882,43 +3880,43 @@ The following fields are available: - **BIOSVendor** The vendor of the BIOS. - **BiosVersion** The version of the BIOS. - **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. -- **BundleRepeatFailFlag** Has this particular update bundle previously failed to install? +- **BundleRepeatFailFlag** Indicates whether this particular update bundle previously failed to install. - **BundleRevisionNumber** Identifies the revision number of the content bundle. - **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. - **ClientVersion** The version number of the software distribution client. - **CSIErrorType** The stage of CBS installation where it failed. -- **CurrentMobileOperator** Mobile operator that device is currently connected to. -- **DeviceModel** What is the device model. +- **CurrentMobileOperator** The mobile operator to which the device is currently connected. +- **DeviceModel** The device model. - **DriverPingBack** Contains information about the previous driver and system state. - **EventInstanceID** A globally unique identifier for event instance. - **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. - **EventType** Possible values are Child, Bundle, or Driver. - **ExtendedErrorCode** The extended error code. -- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough. -- **FeatureUpdatePause** Are feature OS updates paused on the device? +- **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode is not specific enough. +- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. - **FlightBranch** The branch that a device is on if participating in the Windows Insider Program. - **FlightBuildNumber** If this installation was for a Windows Insider build, this is the build number of that build. - **FlightId** The specific ID of the Windows Insider build the device is getting. - **FlightRing** The ring that a device is on if participating in the Windows Insider Program. -- **HandlerType** Indicates what kind of content is being installed. Example: app, driver, Windows update +- **HandlerType** Indicates what kind of content is being installed (for example, app, driver, Windows update). - **HardwareId** If this install was for a driver targeted to a particular device model, this ID indicates the model of the device. - **HomeMobileOperator** The mobile operator that the device was originally intended to work with. - **IntentPFNs** Intended application-set metadata for atomic update scenarios. -- **IsDependentSet** Is the driver part of a larger System Hardware/Firmware update? -- **IsFinalOutcomeEvent** Does this event signal the end of the update/upgrade process? -- **IsFirmware** Is this update a firmware update? -- **IsSuccessFailurePostReboot** Did it succeed and then fail after a restart? -- **IsWUfBDualScanEnabled** Is Windows Update for Business dual scan enabled on the device? -- **IsWUfBEnabled** Is Windows Update for Business enabled on the device? -- **MergedUpdate** Was the OS update and a BSP update merged for installation? +- **IsDependentSet** Indicates whether the driver is part of a larger System Hardware/Firmware update. +- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process. +- **IsFirmware** Indicates whether this update is a firmware update. +- **IsSuccessFailurePostReboot** Indicates whether the update succeeded and then failed after a restart. +- **IsWUfBDualScanEnabled** Indicates whether Windows Update for Business dual scan is enabled on the device. +- **IsWUfBEnabled** Indicates whether Windows Update for Business is enabled on the device. +- **MergedUpdate** Indicates whether the OS update and a BSP update merged for installation. - **MsiAction** The stage of MSI installation where it failed. - **MsiProductCode** The unique identifier of the MSI installer. - **PackageFullName** The package name of the content being installed. - **PhonePreviewEnabled** Indicates whether a phone was getting preview build, prior to flighting being introduced. -- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided. -- **QualityUpdatePause** Are quality OS updates paused on the device? +- **ProcessName** The process name of the caller who initiated API calls, in the event that CallerApplicationName was not provided. +- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. - **RelatedCV** The previous Correlation Vector that was used before swapping with a new one -- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to install. +- **RepeatFailFlag** Indicates whether this specific piece of content previously failed to install. - **RevisionNumber** The revision number of this specific piece of content. - **ServiceGuid** An ID which represents which service the software distribution client is installing content for (Windows Update, Windows Store, etc.). - **Setup360Phase** If the install is for an operating system upgrade, indicates which phase of the upgrade is underway. @@ -3928,8 +3926,8 @@ The following fields are available: - **SystemBIOSMinorRelease** Minor version of the BIOS. - **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. - **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. -- **TransactionCode** The ID which represents a given MSI installation -- **UpdateId** Unique update ID +- **TransactionCode** The ID that represents a given MSI installation. +- **UpdateId** Unique update ID. - **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional. - **UsedSystemVolume** Indicates whether the content was downloaded and then installed from the device's main system storage drive, or an alternate storage drive. - **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. @@ -3941,13 +3939,13 @@ This event sends data about an AppX app that has been updated from the Microsoft The following fields are available: -- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable -- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client +- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable. +- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. - **IntentPFNs** Intended application-set metadata for atomic update scenarios. -- **NumberOfApplicableUpdates** The number of updates which were ultimately deemed applicable to the system after the detection process is complete -- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one -- **ServiceGuid** An ID which represents which service the software distribution client is connecting to (Windows Update, Windows Store, etc.) -- **WUDeviceID** The unique device ID controlled by the software distribution client +- **NumberOfApplicableUpdates** The number of updates ultimately deemed applicable to the system after the detection process is complete. +- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one. +- **ServiceGuid** An ID that represents which service the software distribution client is connecting to (Windows Update, Windows Store, etc.). +- **WUDeviceID** The unique device ID controlled by the software distribution client. ### SoftwareUpdateClientTelemetry.UpdateMetadataIntegrity @@ -3956,29 +3954,29 @@ Ensures Windows Updates are secure and complete. Event helps to identify whether The following fields are available: -- **EndpointUrl** The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments. -- **EventScenario** The purpose of this event, such as scan started, scan succeeded, or scan failed. -- **ExtendedStatusCode** The secondary status code of the event. +- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. +- **EventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. - **LeafCertId** Integral ID from the FragmentSigning data for certificate that failed. -- **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. -- **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce -- **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable. -- **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable. -- **ServiceGuid** Identifies the service to which the software distribution client is connected, Example: Windows Update or Windows Store -- **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate. -- **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast -- **StatusCode** The status code of the event. -- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request. -- **SHA256OfTimestampToken** A base64-encoded string of hash of the timestamp token blob. -- **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token. -- **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed. -- **ValidityWindowInDays** The validity window that's in effect when verifying the timestamp. +- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce - **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID). +- **RawMode** Raw unparsed mode string from the SLS response. May be null if not applicable. - **RevisionId** The revision ID for a specific piece of content. - **RevisionNumber** The revision number for a specific piece of content. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc) - **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate. +- **SHA256OfTimestampToken** Base64 string of hash of the timestamp token blob - **SignatureAlgorithm** The hash algorithm for the metadata signature. +- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". +- **StatusCode** Result code of the event (success, cancellation, failure code HResult) +- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is itself malformed and decoding failed. - **UpdateId** The update ID for a specific piece of content. +- **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request. +- **TimestampTokenCertThumbprint** Thumbprint of the encoded timestamp token. +- **ValidityWindowInDays** Validity window in effect when verifying the timestamp +- **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. +- **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable. +- **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate. ## Update events @@ -4015,6 +4013,7 @@ The following fields are available: - **PackageCountTotalCanonical** Total number of canonical packages. - **PackageCountTotalDiff** Total number of diff packages. - **PackageCountTotalExpress** Total number of express packages. +- **PackageExpressType** Type of express package. - **PackageSizeCanonical** Size of canonical packages in bytes. - **PackageSizeDiff** Size of diff packages in bytes. - **PackageSizeExpress** Size of express packages in bytes. @@ -4024,10 +4023,9 @@ The following fields are available: - **ScenarioId** Indicates the update scenario. - **SessionId** Unique value for each attempt (same value for initialize, download, install commit phases) - **UpdateId** Unique ID for each update. -- **DownloadRequests** No content is currently available. - **ExtensionName** No content is currently available. - **InternalFailureResult** No content is currently available. -- **PackageExpressType** Type of express package. +- **DownloadRequests** No content is currently available. ### Update360Telemetry.UpdateAgentExpand @@ -4091,15 +4089,15 @@ The UpdateAgentInstall event sends data for the install phase of updating Window The following fields are available: - **ErrorCode** The error code returned for the current install phase. +- **ExtensionName** No content is currently available. - **FlightId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360). +- **InternalFailureResult** No content is currently available. - **ObjectId** Correlation vector value generated from the latest USO scan. - **RelatedCV** Correlation vector value generated from the latest USO scan. - **Result** The result for the current install phase. - **ScenarioId** Indicates the update scenario. - **SessionId** Unique value for each update attempt. - **UpdateId** Unique ID for each update. -- **ExtensionName** No content is currently available. -- **InternalFailureResult** No content is currently available. ### Update360Telemetry.UpdateAgentMerge @@ -4156,7 +4154,6 @@ The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup b The following fields are available: -- **ContainsExpressPackage** Indicates whether the download package is express. - **FlightId** Unique ID for each flight. - **FreeSpace** Free space on OS partition. - **InstallCount** Number of install attempts using the same sandbox. @@ -4169,6 +4166,7 @@ The following fields are available: - **SetupMode** Mode of setup to be launched. - **UpdateId** Unique ID for each Update. - **UserSession** Indicates whether install was invoked by user actions. +- **ContainsExpressPackage** Indicates whether the download package is express. ## Update notification events @@ -4187,36 +4185,36 @@ The following fields are available: - **DetectorVersion** Most recently run detector version for the current campaign on UNP - **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user - **key1** UI interaction data -- **key10** UI interaction data -- **key11** UI interaction data -- **key12** UI interaction data -- **key13** UI interaction data -- **key14** UI interaction data -- **key15** UI interaction data -- **key16** UI interaction data -- **key17** UI interaction data -- **key18** UI interaction data -- **key19** UI interaction data -- **key2** UI interaction data +- **key2** Interaction data for the UI - **key3** UI interaction data - **key4** UI interaction data - **key5** UI interaction data -- **key6** Current package version of UNP -- **key7** UI interaction type -- **key8** UI interaction type -- **key9** UI interaction type -- **PackageVersion** UI interaction type -- **schema** UI interaction type -- **key20** UI interaction data -- **key21** UI interaction data -- **key22** UI interaction data -- **key23** UI interaction data -- **key24** UI interaction data -- **key25** UI interaction data -- **key26** UI interaction data +- **key6** UI interaction data +- **key7** UI interaction data +- **key8** UI interaction data +- **key9** UI interaction data +- **PackageVersion** UI interaction data +- **schema** UI interaction data +- **key10** Interaction data for the UI +- **key11** Interaction data for the UI +- **key12** Interaction data for the UI +- **key13** Interaction data for the UI +- **key14** Interaction data for the UI +- **key15** Interaction data for the UI +- **key16** Interaction data for the UI +- **key17** Interaction data for the UI +- **key18** Interaction data for the UI +- **key19** Interaction data for the UI +- **key20** Interaction data for the UI +- **key21** Interaction data for the UI +- **key22** Interaction data for the UI +- **key23** Interaction data for the UI +- **key24** Interaction data for the UI +- **key25** Interaction data for the UI +- **key26** Interaction data for the UI - **key27** UI interaction data - **key28** UI interaction data -- **key29** Interaction data for the UI +- **key29** UI interaction data - **key30** UI interaction data @@ -4304,6 +4302,33 @@ The following fields are available: ## Upgrade events +### FacilitatorTelemetry.DCATDownload + +Datapoint that determines whether or not machines received additional/critical supplemental content during an OS Upgrade. + +The following fields are available: + +- **DownloadSize** Download size of payload. +- **ElapsedTime** Time taken to download payload. +- **MediaFallbackUsed** Used to determine if we used Media CompDBs to figure out package requirements for upgrade +- **ResultCode** Result returned by Facilitator’s DCAT call +- **Scenario** Dynamic Update scenario (Image DU, or Setup DU) +- **Type** Which type of package was downloaded + + +### FacilitatorTelemetry.InitializeDU + +No content is currently available. + +The following fields are available: + +- **DCATUrl** No content is currently available. +- **DownloadRequestAttributes** No content is currently available. +- **ResultCode** No content is currently available. +- **Scenario** No content is currently available. +- **Version** No content is currently available. + + ### Setup360Telemetry.Downlevel This event sends data indicating that the device has invoked the downlevel phase of the upgrade. It's used to help keep Windows up-to-date and secure. @@ -4399,7 +4424,6 @@ This event sends data indicating that the device has invoked the predownload qui The following fields are available: - **ClientId** Using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightData** Unique value that identifies the flight. - **HostOSBuildNumber** The build number of the previous OS. - **HostOsSkuName** The OS edition which is running Setup360 instance (previous operating system). - **InstanceId** A unique GUID that identifies each instance of setuphost.exe @@ -4412,6 +4436,7 @@ The following fields are available: - **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled - **TestId** A string to uniquely identify a group of events. - **WuId** This is the Windows Update Client ID. Using Windows Update, this is the same as the clientId. +- **FlightData** Unique value that identifies the flight. ### Setup360Telemetry.PreDownloadUX @@ -4465,7 +4490,6 @@ This event sends data regarding OS updates and upgrades from Windows 7, Windows The following fields are available: - **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightData** Unique value that identifies the flight. - **HostOSBuildNumber** The build number of the previous OS. - **HostOsSkuName** The OS edition which is running the Setup360 instance (previous OS). - **InstanceId** A unique GUID that identifies each instance of setuphost.exe. @@ -4478,6 +4502,7 @@ The following fields are available: - **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled - **TestId** A string to uniquely identify a group of events. - **WuId** Windows Update client ID. +- **FlightData** Unique value that identifies the flight. ### Setup360Telemetry.Setup360 @@ -4495,6 +4520,22 @@ The following fields are available: - **ClientId** Retrieves the upgrade ID: Upgrades via Windows Update - specifies the WU clientID. All other deployment - static string. +### Setup360Telemetry.Setup360DynamicUpdate + +No content is currently available. + +The following fields are available: + +- **FlightData** No content is currently available. +- **InstanceId** No content is currently available. +- **Operation** No content is currently available. +- **ReportId** No content is currently available. +- **ResultCode** No content is currently available. +- **Scenario** No content is currently available. +- **TargetBranch** No content is currently available. +- **TargetBuild** No content is currently available. + + ### Setup360Telemetry.UnexpectedEvent This event sends data indicating that the device has invoked the unexpected event phase of the upgrade, to help keep Windows up to date. @@ -4502,6 +4543,7 @@ This event sends data indicating that the device has invoked the unexpected even The following fields are available: - **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** Unique value that identifies the flight. - **HostOSBuildNumber** The build number of the previous OS. - **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). - **InstanceId** A unique GUID that identifies each instance of setuphost.exe @@ -4514,7 +4556,6 @@ The following fields are available: - **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled - **TestId** A string to uniquely identify a group of events. - **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. -- **FlightData** Unique value that identifies the flight. ## Windows as a Service diagnostic events @@ -4528,7 +4569,6 @@ The following fields are available: - **detectionSummary** Result of each applicable detection that was ran. - **featureAssessmentImpact** WaaS Assessment impact for feature updates. - **hrEngineResult** Error code from the engine operation. -- **insufficientSessions** Device not eligible for diagnostics. - **isManaged** Device is managed for updates. - **isWUConnected** Device is connected to Windows Update. - **noMoreActions** No more applicable diagnostics. @@ -4537,6 +4577,7 @@ The following fields are available: - **usingBackupFeatureAssessment** Relying on backup feature assessment. - **usingBackupQualityAssessment** Relying on backup quality assessment. - **versionString** Version of the WaaSMedic engine. +- **insufficientSessions** Device not eligible for diagnostics. - **usingCachedFeatureAssessment** WaaS Medic run did not get OS build age from the network on the previous run. - **usingCachedQualityAssessment** WaaS Medic run did not get OS revision age from the network on the previous run. @@ -4549,11 +4590,25 @@ This event provides a denominator to calculate MTTF (mean-time-to-failure) for c The following fields are available: +- **DPRange** Maximum mean value range. +- **DPValue** Randomized bit value (0 or 1) that can be reconstituted over a large population to estimate mean. - **UtcAggParams** These fields are not logged by the event - this datagrid entry is generated erroneously from build See [UtcAggParams](#utcaggparams). - **UtcDiffpVal** These fields are not logged by the event - this datagrid entry is generated erroneously from build See [UtcDiffpVal](#utcdiffpval). - **Value** Standard UTC emitted DP value structure See [Microsoft.Windows.WER.MTT.Value](#microsoftwindowswermttvalue). -- **DPRange** Maximum mean value range. + + +### Microsoft.Windows.WER.MTT.Value + +No content is currently available. + +The following fields are available: + +- **Algorithm** No content is currently available. +- **DPRange** No content is currently available. - **DPValue** No content is currently available. +- **Epsilon** No content is currently available. +- **HistType** No content is currently available. +- **PertProb** No content is currently available. ## Windows Store events @@ -4815,11 +4870,11 @@ The FulfillmentComplete event is fired at the end of an app install or update. The following fields are available: +- **CatalogId** The CatalogId is the name of the product catalog from which this app was chosen. - **FailedRetry** Was the installation or update retry successful? - **HResult** The HResult code of the operation. - **PFN** The Package Family Name of the app that is being installed or updated. - **ProductId** The product ID of the app that is being updated or installed. -- **CatalogId** The CatalogId is the name of the product catalog from which this app was chosen. ### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate @@ -4984,7 +5039,7 @@ The following fields are available: - **current** Result of currency check - **dismOperationSucceeded** Dism uninstall operation status -- **hResult** Failure Error code +- **hResult** Failure error code - **oSVersion** Build number of the machine - **paused** Machine's pause status - **rebootRequestSucceeded** Reboot CSP call success status @@ -5037,25 +5092,25 @@ The following fields are available: - **downloadModeSrc** Source of the DownloadMode setting (KvsProvider: 0, GeoProvider: 1, GeoVerProvider: 2, CpProvider: 3, DiscoveryProvider: 4, RegistryProvider: 5, GroupPolicyProvider: 6, MdmProvider: 7, SettingsProvider: 8, InvalidProviderType: 9) - **errorCode** Error code returned - **experimentId** Used to correlate client/services calls that are part of the same test during A/B testing -- **fileID** ID of the file being downloaded +- **fileID** ID of the File being downloaded - **filePath** Path to where the downloaded file will be written - **fileSize** Total filesize of the file that was downloaded - **fileSizeCaller** Value for total file size provided by our caller - **groupID** ID for the group - **isVpn** If the machine is connected to a Virtual Private Network -- **jobID** Identifier for the Windows Update job +- **jobID** Identifier for the Windows Update Job +- **peerID** ID for this Delivery Optimization client +- **predefinedCallerName** Name of the API Caller +- **sessionID** ID for the file download session +- **setConfigs** A JSON representation of the configurations that have been set, and their sources +- **updateID** ID of the Update being downloaded +- **usedMemoryStream** If the download is using memory streaming in App downloads +- **callerName** Name of the API Caller - **minDiskSizeGB** The minimum disk size policy set for the device to allow Peering with Delivery Optimization - **minDiskSizePolicyEnforced** If there is an enforced mininum disk size requirement for peering - **minFileSizePolicy** Minimum filesize policy set for the device to allow Peering with Delivery Optimization -- **peerID** ID for this Delivery Optimization client -- **predefinedCallerName** Name of the API caller -- **sessionID** ID for the file download session -- **updateID** ID of the update being downloaded -- **usedMemoryStream** If the download is using memory streaming in App downloads -- **callerName** Name of the API Caller -- **scenarioID** ID for the Scenario -- **setConfigs** A JSON representation of the configurations that have been set, and their sources - **isEncrypted** Whether the download is encrypted +- **scenarioID** ID for the Scenario ## Windows Update events @@ -5067,82 +5122,82 @@ This event collects information regarding the state of devices and drivers on th The following fields are available: - **activated** Whether the entire device manifest update is considered activated and in use. -- **analysisErrorCount** How many driver packages that could not be analyzed because errors were hit during the analysis. +- **analysisErrorCount** How many driver packages could not be analyzed because errors were hit during the analysis. - **flightId** Unique ID for each flight. -- **missingDriverCount** How many driver packages that were delivered by the device manifest that are missing from the system. -- **missingUpdateCount** How many updates that were part of the device manifest that are missing from the system. +- **missingDriverCount** How many driver packages that were delivered by the device manifest are missing from the system. +- **missingUpdateCount** How many updates that were part of the device manifest are missing from the system. - **objectId** Unique value for each diagnostics session. -- **publishedCount** How many drivers packages that were delivered by the device manifest that are published and available to be used on devices. +- **publishedCount** How many drivers packages that were delivered by the device manifest are published and available to be used on devices. - **relatedCV** Correlation vector value generated from the latest USO scan. - **scenarioId** Indicates the update scenario. - **sessionId** Unique value for each update session. -- **summary** A summary string that contains some basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match on. +- **summary** A summary string that contains some basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match. - **summaryAppendError** A Boolean indicating if there was an error appending more information to the summary string. -- **truncatedDeviceCount** How many devices are missing from the summary string due to there not being enough room in the string. -- **truncatedDriverCount** How many driver packages are missing from the summary string due to there not being enough room in the string. +- **truncatedDeviceCount** How many devices are missing from the summary string because there is not enough room in the string. +- **truncatedDriverCount** How many driver packages are missing from the summary string because there is not enough room in the string. - **unpublishedCount** How many drivers packages that were delivered by the device manifest that are still unpublished and unavailable to be used on devices. -- **updateId** Unique ID for each Update. +- **updateId** Unique ID for each update. ### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentCommit -This event collects information regarding the final commit phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages +This event collects information regarding the final commit phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The following fields are available: -- **errorCode** The error code returned for the current session initialization -- **flightId** The unique identifier for each flight -- **objectId** The unique GUID for each diagnostics session -- **relatedCV** A correlation vector value, generated from the latest USO scan -- **result** Outcome of the initialization of the session -- **scenarioId** Identifies the Update scenario -- **sessionId** The unique value for each update session -- **updateId** The unique identifier for each Update +- **errorCode** The error code returned for the current session initialization. +- **flightId** The unique identifier for each flight. +- **objectId** The unique GUID for each diagnostics session. +- **relatedCV** A correlation vector value generated from the latest USO scan. +- **result** Outcome of the initialization of the session. +- **scenarioId** Identifies the Update scenario. +- **sessionId** The unique value for each update session. +- **updateId** The unique identifier for each Update. ### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentDownloadRequest -This event collects information regarding the download request phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages +This event collects information regarding the download request phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The following fields are available: -- **deletedCorruptFiles** Indicates if UpdateAgent found any corrupt payload files and whether the payload was deleted -- **errorCode** The error code returned for the current session initialization -- **flightId** The unique identifier for each flight -- **objectId** Unique value for each Update Agent mode -- **packageCountOptional** Number of optional packages requested -- **packageCountRequired** Number of required packages requested -- **packageCountTotal** Total number of packages needed -- **packageCountTotalCanonical** Total number of canonical packages -- **packageCountTotalDiff** Total number of diff packages -- **packageCountTotalExpress** Total number of express packages -- **packageSizeCanonical** Size of canonical packages in bytes -- **packageSizeDiff** Size of diff packages in bytes +- **deletedCorruptFiles** Indicates if UpdateAgent found any corrupt payload files and whether the payload was deleted. +- **errorCode** The error code returned for the current session initialization. +- **flightId** The unique identifier for each flight. +- **objectId** Unique value for each Update Agent mode. +- **packageCountOptional** Number of optional packages requested. +- **packageCountRequired** Number of required packages requested. +- **packageCountTotal** Total number of packages needed. +- **packageCountTotalCanonical** Total number of canonical packages. +- **packageCountTotalDiff** Total number of diff packages. +- **packageCountTotalExpress** Total number of express packages. +- **packageSizeCanonical** Size of canonical packages in bytes. +- **packageSizeDiff** Size of diff packages in bytes. - **packageSizeExpress** Size of express packages in bytes -- **rangeRequestState** Represents the state of the download range request -- **relatedCV** Correlation vector value generated from the latest USO scan -- **result** Result of the download request phase of update -- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate -- **sessionId** Unique value for each Update Agent mode attempt -- **updateId** Unique ID for each update +- **rangeRequestState** Represents the state of the download range request. +- **relatedCV** Correlation vector value generated from the latest USO scan. +- **result** Result of the download request phase of update. +- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. +- **sessionId** Unique value for each Update Agent mode attempt. +- **updateId** Unique ID for each update. ### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInitialize -This event sends data for initializing a new update session for the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages +This event sends data for initializing a new update session for the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. The following fields are available: -- **errorCode** The error code returned for the current initialize phase -- **flightId** The unique identifier for each flight -- **flightMetadata** Contains the FlightId and the build being flighted -- **objectId** Unique value for each Update Agent mode -- **relatedCV** Correlation vector value generated from the latest USO scan -- **result** Result of the initialize phase of update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled -- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate -- **sessionData** Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios) -- **sessionId** Unique value for each Update Agent mode attempt -- **updateId** Unique ID for each update +- **errorCode** The error code returned for the current session initialization. +- **flightId** The unique identifier for each flight. +- **flightMetadata** Contains the FlightId and the build being flighted. +- **objectId** Unique value for each Update Agent mode. +- **relatedCV** Correlation vector value generated from the latest USO scan. +- **result** Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled. +- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. +- **sessionData** Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios). +- **sessionId** Unique value for each Update Agent mode attempt. +- **updateId** Unique ID for each update. ### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInstall @@ -5337,6 +5392,7 @@ Indicates when a reboot is scheduled by the system or a user for a security, qua The following fields are available: - **activeHoursApplicable** True, If Active Hours applicable on this device. False, otherwise +- **IsEnhancedEngagedReboot** Whether this is an Enhanced Engaged reboot - **rebootArgument** Argument for the reboot task. It also represents specific reboot related action - **rebootOutsideOfActiveHours** True, if a reboot is scheduled outside of active hours. False, otherwise - **rebootScheduledByUser** True, if a reboot is scheduled by user. False, if a reboot is scheduled automatically @@ -5346,7 +5402,6 @@ The following fields are available: - **scheduledRebootTimeInUTC** Time of the scheduled reboot in Coordinated Universal Time - **updateId** ID of the update that is getting installed with this reboot - **wuDeviceid** Unique device ID used by Windows Update -- **IsEnhancedEngagedReboot** Whether this is an Enhanced Engaged reboot ### Microsoft.Windows.Update.Orchestrator.ActivityRestrictedByActiveHoursPolicy @@ -5421,15 +5476,15 @@ A scan for an update occurred. The following fields are available: -- **detectionBlockingPolicy** State of update action -- **detectionBlockreason** State of update action -- **eventScenario** Was it user Initiated -- **interactive** Source of the triggered scan -- **scanTriggerSource** Source of the triggered scan. -- **updateScenarioType** Device ID -- **wuDeviceid** Device ID +- **detectionBlockreason** Reason for detection not completing. - **detectionRetryMode** Error info - **errorCode** State of update action +- **eventScenario** End to end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. +- **interactive** Identifies if session is User Initiated. +- **updateScenarioType** The update session type. +- **wuDeviceid** Unique device ID used by Windows Update. +- **detectionBlockingPolicy** State of update action +- **scanTriggerSource** Source of the triggered scan. - **networkStatus** Error info - **deferReason** Reason for postponing detection - **flightID** Flight info @@ -5591,19 +5646,19 @@ This event sends launch data for a Windows Update install to help keep Windows u The following fields are available: - **batteryLevel** Current battery capacity in mWh or percentage left. -- **errorCode** The error code reppresented by a hexadecimal value. +- **deferReason** Reason for install not completing. - **eventScenario** End to end update session ID. -- **flightID** Unique update ID -- **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates. -- **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress. - **interactive** Identifies if session is user initiated. - **rebootOutsideOfActiveHours** Indicates the timing that the reboot was to occur to ensure the correct update process and experience is provided to keep Windows up to date. -- **revisionNumber** Update revision number. -- **updateId** Update ID. - **updateScenarioType** The update session type. - **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date. - **wuDeviceid** Unique device ID used by Windows Update. -- **deferReason** Reason for install not completing. +- **errorCode** The error code reppresented by a hexadecimal value. +- **flightID** Unique update ID +- **revisionNumber** Update revision number. +- **updateId** Update ID. +- **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates. +- **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress. - **flightUpdate** Flight update - **installRebootinitiatetime** The time it took for a reboot to be attempted. - **minutesToCommit** The time it took to install updates. @@ -5700,8 +5755,6 @@ Indicates that Update Orchestrator has started a scan operation. The following fields are available: -- **errorCode** Error info -- **eventScenario** Indicates the purpose of sending this event - **interactive** Whether or not the scan is interactive. - **isScanPastSla** Has the SLA elapsed for scanning? - **isScanPastTriggerSla** Has the SLA elapsed for triggering a scan? @@ -5710,6 +5763,8 @@ The following fields are available: - **scanTriggerSource** What caused the scan? - **updateScenarioType** The type of scenario we are in. - **wuDeviceid** WU Device ID of the machine. +- **errorCode** Error info +- **eventScenario** Indicates the purpose of sending this event ### Microsoft.Windows.Update.Orchestrator.SystemNeeded @@ -5812,7 +5867,7 @@ The following fields are available: - **rebootState** Which state the reboot is in - **revisionNumber** Revision number of the OS - **scheduledRebootTime** Time the reboot was scheduled for. -- **scheduledRebootTimeInUTC** Time the reboot was scheduled for in UTC. +- **scheduledRebootTimeInUTC** Time the reboot was scheduled for in UTC - **updateId** UpdateId to identify which update is being scheduled. - **wuDeviceid** Unique DeviceID @@ -5841,21 +5896,21 @@ This event sends data specific to the CleanupSafeOsImages mitigation used for OS The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightId** Unique identifier for each flight. -- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. -- **MitigationScenario** The update scenario in which the mitigation was executed. -- **MountedImageCount** Number of mounted images. -- **MountedImageMatches** Number of mounted images that were under %systemdrive%\$Windows.~BT. -- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. -- **MountedImagesRemoved** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. -- **MountedImagesSkipped** Number of mounted images that were not under %systemdrive%\$Windows.~BT. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **Result** HResult of this operation. -- **ScenarioId** ID indicating the mitigation scenario. -- **ScenarioSupported** Indicates whether the scenario was supported. -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each Update. +- **ClientId** Unique identifier for each flight. +- **FlightId** Unique GUID that identifies each instances of setuphost.exe. +- **InstanceId** The update scenario in which the mitigation was executed. +- **MitigationScenario** Number of mounted images. +- **MountedImageCount** Number of mounted images that were under %systemdrive%\$Windows.~BT. +- **MountedImageMatches** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. +- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. +- **MountedImagesRemoved** Number of mounted images that were not under %systemdrive%\$Windows.~BT. +- **MountedImagesSkipped** Correlation vector value generated from the latest USO scan. +- **RelatedCV** HResult of this operation. +- **Result** ID indicating the mitigation scenario. +- **ScenarioId** Indicates whether the scenario was supported. +- **ScenarioSupported** Unique value for each update attempt. +- **SessionId** Unique ID for each Update. +- **UpdateId** Unique ID for the Windows Update client. - **WuId** Unique ID for the Windows Update client. @@ -5865,19 +5920,19 @@ This event sends data specific to the FixAppXReparsePoints mitigation used for O The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightId** Unique identifier for each flight. -- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. -- **MitigationScenario** The update scenario in which the mitigation was executed. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **ReparsePointsFailed** Number of reparse points that are corrupted but we failed to fix them. -- **ReparsePointsFixed** Number of reparse points that were corrupted and were fixed by this mitigation. -- **ReparsePointsSkipped** Number of reparse points that are not corrupted and no action is required. -- **Result** HResult of this operation. -- **ScenarioId** ID indicating the mitigation scenario. -- **ScenarioSupported** Indicates whether the scenario was supported. -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each Update. +- **ClientId** Unique identifier for each flight. +- **FlightId** Unique GUID that identifies each instances of setuphost.exe. +- **InstanceId** The update scenario in which the mitigation was executed. +- **MitigationScenario** Correlation vector value generated from the latest USO scan. +- **RelatedCV** Number of reparse points that are corrupted but we failed to fix them. +- **ReparsePointsFailed** Number of reparse points that were corrupted and were fixed by this mitigation. +- **ReparsePointsFixed** Number of reparse points that are not corrupted and no action is required. +- **ReparsePointsSkipped** HResult of this operation. +- **Result** ID indicating the mitigation scenario. +- **ScenarioId** Indicates whether the scenario was supported. +- **ScenarioSupported** Unique value for each update attempt. +- **SessionId** Unique ID for each Update. +- **UpdateId** Unique ID for the Windows Update client. - **WuId** Unique ID for the Windows Update client. From 3410628167b43d7202873d245324695855be355c Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Thu, 23 Aug 2018 12:16:29 -0700 Subject: [PATCH 03/24] new build --- ...ndows-diagnostic-events-and-fields-1803.md | 516 +++++++++--------- 1 file changed, 253 insertions(+), 263 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index 05668c325b..000f17b557 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -9,7 +9,7 @@ ms.pagetype: security localizationpriority: high author: brianlic-msft ms.author: brianlic -ms.date: 08/22/2018 +ms.date: 08/23/2018 --- @@ -51,25 +51,28 @@ This event lists the types of objects and how many of each exist on the client d The following fields are available: -- **DatasourceApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. -- **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device. -- **DatasourceDriverPackage_RS1** The total DataSourceDriverPackage objects targeting Windows 10 version 1607 on this device. -- **DataSourceMatchingInfoBlock_RS1** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device. - **DataSourceMatchingInfoPassive_RS1** The total DataSourceMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. -- **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. -- **DatasourceSystemBios_RS1** The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device. -- **DecisionApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. -- **DecisionDevicePnp_RS1** The total DecisionDevicePnp objects targeting Windows 10 version 1607 on this device. -- **DecisionDriverPackage_RS1** The total DecisionDriverPackage objects targeting Windows 10 version 1607 on this device. -- **DecisionMatchingInfoBlock_RS1** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device. - **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. -- **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. -- **DecisionMediaCenter_RS1** The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device. -- **DecisionSystemBios_RS1** The total DecisionSystemBios objects targeting Windows 10 version 1607 on this device. - **PCFP** An ID for the system, calculated by hashing hardware identifiers. +- **InventoryLanguagePack** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device. +- **DecisionDevicePnp_RS1** The total DecisionDevicePnp objects targeting Windows 10 version 1607 on this device. +- **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. +- **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. +- **InventorySystemBios** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_RS1** The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device. +- **DataSourceMatchingInfoBlock_RS1** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device. +- **DecisionMatchingInfoBlock_RS1** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device. +- **DatasourceApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. +- **DecisionApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. +- **DatasourceDriverPackage_RS1** The total DataSourceDriverPackage objects targeting Windows 10 version 1607 on this device. +- **DatasourceSystemBios_RS1** The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device. +- **DecisionDriverPackage_RS1** The total DecisionDriverPackage objects targeting Windows 10 version 1607 on this device. +- **DecisionSystemBios_RS1** The total DecisionSystemBios objects targeting Windows 10 version 1607 on this device. - **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. -- **SystemMemory** The count of the number of this particular object type present on this device. - **InventoryTest** No content is currently available. +- **InventoryApplicationFile** The count of the number of this particular object type present on this device. - **SystemWlan** The count of the number of this particular object type present on this device. - **SystemWim** The count of the number of this particular object type present on this device. - **SystemProcessorNx** The count of the number of this particular object type present on this device. @@ -77,14 +80,8 @@ The following fields are available: - **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device. - **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device. - **SystemProcessorPrefetchW** The count of the number of this particular object type present on this device. -- **InventoryLanguagePack** The count of the number of this particular object type present on this device. +- **SystemMemory** The count of the number of this particular object type present on this device. - **InventoryMediaCenter** The count of the number of this particular object type present on this device. -- **InventoryApplicationFile** The count of the number of this particular object type present on this device. -- **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device. -- **InventorySystemBios** The count of the number of this particular object type present on this device. -- **SystemTouch** The count of SystemTouch objects present on this machine. -- **SystemWindowsActivationStatus** The count of SystemWindowsActivationStatus objects present on this machine. -- **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. - **DatasourceApplicationFile_RS3** The total DecisionApplicationFile objects targeting the next release of Windows on this device. - **DatasourceDevicePnp_RS3** The total DatasourceDevicePnp objects targeting the next release of Windows on this device. - **DatasourceDriverPackage_RS3** The total DatasourceDriverPackage objects targeting the next release of Windows on this device. @@ -101,6 +98,9 @@ The following fields are available: - **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device. - **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting the next release of Windows on this device. - **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device. +- **SystemTouch** The count of SystemTouch objects present on this machine. +- **SystemWindowsActivationStatus** The count of SystemWindowsActivationStatus objects present on this machine. +- **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. ### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd @@ -156,7 +156,7 @@ The following fields are available: - **IsBootCritical** Is the device boot critical? - **SdbEntries** An array of fields indicating the SDB entries that apply to this device. - **WuDriverCoverage** Is there a driver uplevel for this device according to Windows Update? -- **WuDriverUpdateId** The Windows Update ID of the applicable uplevel driver +- **WuDriverUpdateId** The Windows Update ID of the applicable up-level driver - **WuPopulatedFromId** The expected up-level driver matching ID based on driver coverage from Windows Update @@ -1389,7 +1389,6 @@ The following fields are available: - **ChassisType** Represents the type of device chassis, such as desktop or low profile desktop. The possible values can range between 1 - 36. - **ComputerHardwareID** Identifies a device class that is represented by a hash of different SMBIOS fields. - **D3DMaxFeatureLevel** Supported Direct3D version. -- **DeviceColor** Indicates a color of the device. - **DeviceForm** Indicates the form as per the device classification. - **DeviceName** The device name that is set by the user. - **DigitizerSupport** Is a digitizer supported? @@ -1418,6 +1417,7 @@ The following fields are available: - **TelemetrySettingAuthority** Determines who set the telemetry level, such as GP, MDM, or the user. - **TPMVersion** The supported Trusted Platform Module (TPM) on the device. If no TPM is present, the value is 0. - **VoiceSupported** Does the device have a cellular radio capable of making voice calls? +- **DeviceColor** Indicates a color of the device. ### Census.Memory @@ -1501,19 +1501,19 @@ Provides information on several important data points about Processor settings The following fields are available: -- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system. The complete list of values can be found in DimProcessorArchitecture. -- **ProcessorClockSpeed** Retrieves the clock speed of the processor in MHz. -- **ProcessorCores** Retrieves the number of cores in the processor. -- **ProcessorIdentifier** The processor identifier of a manufacturer. -- **ProcessorManufacturer** Retrieves the name of the processor's manufacturer. -- **ProcessorModel** Retrieves the name of the processor model. -- **ProcessorPhysicalCores** Number of physical cores in the processor. -- **ProcessorUpdateRevision** Retrieves the processor architecture of the installed operating system. -- **SocketCount** Number of physical CPU sockets of the machine. - **KvaShadow** Microcode info of the processor. - **MMSettingOverride** Microcode setting of the processor. - **MMSettingOverrideMask** Microcode setting override of the processor. +- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system. +- **ProcessorClockSpeed** Clock speed of the processor in MHz. +- **ProcessorCores** Number of logical cores in the processor. +- **ProcessorIdentifier** Processor Identifier of a manufacturer. +- **ProcessorManufacturer** Name of the processor manufacturer. +- **ProcessorModel** Name of the processor model. +- **ProcessorPhysicalCores** Number of physical cores in the processor. +- **ProcessorUpdateRevision** Microcode revision - **ProcessorUpdateStatus** Enum value that represents the processor microcode load status. +- **SocketCount** Count of CPU sockets. - **SpeculationControl** If the system has enabled protections needed to validate the speculation control vulnerability. - **PreviousUpdateRevision** Previous microcode revision. @@ -1532,8 +1532,8 @@ The following fields are available: - **IsSawHost** Describes whether the device is running as a Secure Admin Workstation Host - **RequiredSecurityProperties** This field describes the required security properties to enable virtualization-based security - **SecureBootCapable** Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting. -- **SModeState** The Windows S mode trail state. - **VBSState** Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation. VBS has a tri-state that can be Disabled, Enabled, or Running. +- **SModeState** The Windows S mode trail state. ### Census.Speech @@ -1947,9 +1947,9 @@ The following fields are available: - **ClientId** Client ID of user utilizing the D360 API - **ErrorCode** Error code of action - **FlightId** Flight being used -- **Quiet** Whether Setup run in quiet mode or in full -- **RelatedCV** CV of any other related events -- **SetupMode** Phase Setup is in +- **Quiet** Whether Setup will run in quiet mode or in full +- **RelatedCV** Correlation vector of any other related events +- **SetupMode** Phase that Setup is in ### DeploymentTelemetry.Deployment_Start @@ -2011,13 +2011,13 @@ Fired by UTC as a heartbeat signal. The following fields are available: - **AgentConnectionErrorsCount** Number of non-timeout errors associated with the host/agent channel. -- **CensusExitCode** Last exit code of�Census task. +- **CensusExitCode** Last exit code of Census task. - **CensusStartTime** Time of last Census run. - **CensusTaskEnabled** True if Census is enabled, false otherwise. - **CompressedBytesUploaded** Number of compressed bytes uploaded. - **ConsumerDroppedCount** Number of events dropped at consumer layer of telemetry client. - **CriticalDataDbDroppedCount** Number of critical data sampled events dropped at the database layer. -- **CriticalDataThrottleDroppedCount** Number of critical data sampled events dropped due to�throttling. +- **CriticalDataThrottleDroppedCount** Number of critical data sampled events dropped due to throttling. - **CriticalOverflowEntersCounter** Number of times critical overflow mode was entered in event DB. - **DbCriticalDroppedCount** Total number of dropped critical events in event DB. - **DbDroppedCount** Number of events dropped due to DB fullness. @@ -2028,8 +2028,9 @@ The following fields are available: - **EtwDroppedBufferCount** Number of buffers dropped in the UTC ETW session. - **EtwDroppedCount** Number of events dropped at ETW layer of telemetry client. - **EventsPersistedCount** Number of events that reached the PersistEvent stage. -- **EventSubStoreResetCounter** Number of times event DB was reset. -- **EventSubStoreResetSizeSum** Total size of event DB across all resets reports in this instance. +- **EventStoreLifetimeResetCounter** Number of times event DB was reset for the lifetime of UTC. +- **EventStoreResetCounter** Number of times event DB was reset. +- **EventStoreResetSizeSum** Total size of event DB across all resets reports in this instance. - **EventsUploaded** Number of events uploaded. - **Flags** Flags indicating device state such as network state, battery state, and opt-in state. - **FullTriggerBufferDroppedCount** Number of events dropped due to trigger buffer being full. @@ -2038,22 +2039,21 @@ The following fields are available: - **LastAgentConnectionError** Last non-timeout error encountered in the host/agent channel. - **LastEventSizeOffender** Event name of last event which exceeded max event size. - **LastInvalidHttpCode** Last invalid HTTP code received from Vortex. -- **MaxActiveAgentConnectionCount** Maximum number of active agents during this�heartbeat timeframe. +- **MaxActiveAgentConnectionCount** Maximum number of active agents during this heartbeat timeframe. - **MaxInUseScenarioCounter** Soft maximum number of scenarios loaded by UTC. - **PreviousHeartBeatTime** Time of last heartbeat event (allows chaining of events). - **SettingsHttpAttempts** Number of attempts to contact OneSettings service. -- **SettingsHttpFailures** Number of failures from contacting�OneSettings service. +- **SettingsHttpFailures** Number of failures from contacting OneSettings service. - **ThrottledDroppedCount** Number of events dropped due to throttling of noisy providers. - **UploaderDroppedCount** Number of events dropped at the uploader layer of telemetry client. -- **VortexFailuresTimeout** Number of time out failures�received from Vortex. +- **VortexFailuresTimeout** Number of time out failures received from Vortex. - **VortexHttpAttempts** Number of attempts to contact Vortex. - **VortexHttpFailures4xx** Number of 400-499 error codes received from Vortex. - **VortexHttpFailures5xx** Number of 500-599 error codes received from Vortex. - **VortexHttpResponseFailures** Number of Vortex responses that are not 2XX or 400. - **VortexHttpResponsesWithDroppedEvents** Number of Vortex responses containing at least 1 dropped event. -- **EventStoreLifetimeResetCounter** Number of times event DB was reset for the lifetime of UTC. -- **EventStoreResetCounter** Number of times event DB was reset. -- **EventStoreResetSizeSum** Total size of event DB across all resets reports in this instance. +- **EventSubStoreResetCounter** Number of times event DB was reset. +- **EventSubStoreResetSizeSum** Total size of event DB across all resets reports in this instance. ### TelClientSynthetic.HeartBeat_Aria_5 @@ -2090,16 +2090,6 @@ The following fields are available: - **VortexHttpResponsesWithDroppedEvents** Number of Vortex responses containing at least 1 dropped event. -### TelClientSynthetic.PrivacySettingsAfterCreatorsUpdate - -This event sends basic data on privacy settings before and after a feature update. This is used to ensure that customer privacy settings are correctly migrated across feature updates. - -The following fields are available: - -- **PostUpgradeSettings** The privacy settings after a feature update. See [TelClientSynthetic.PostUpgradeSettings](#telclientsyntheticpostupgradesettings). -- **PreUpgradeSettings** The privacy settings before a feature update. See [TelClientSynthetic.PreUpgradeSettings](#telclientsyntheticpreupgradesettings). - - ## Direct to update events ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCheckApplicability @@ -2121,11 +2111,11 @@ Event to indicate that we have received an unexpected error in the DTU Coordinat The following fields are available: -- **hResult** HRESULT of the failure. - **CampaignID** Campaign ID being run. - **ClientID** Client ID being run. - **CoordinatorVersion** Coordinator version of DTU. - **CV** Correlation vector. +- **hResult** HRESULT of the failure. ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCleanupGenericFailure @@ -2310,12 +2300,12 @@ Event to indicate Coordinator's progress callback has been called. The following fields are available: -- **Current Deploy Phase's percentage completed** Trigger which fired UXLauncher. -- **DeployPhase** Current Deploy Phase. - **CampaignID** Campaign ID being run. - **ClientID** Client ID being run. - **CoordinatorVersion** Coordinator version of DTU. +- **Current Deploy Phase's percentage completed** Trigger which fired UXLauncher. - **CV** Correlation vector. +- **DeployPhase** Current Deploy Phase. ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorSetCommitReadyGenericFailure @@ -2480,11 +2470,11 @@ Event to indicate that we have received an unexpected error in the DTU Handler C The following fields are available: -- **hResult** HRESULT of the failure - **CampaignID** Campaign ID being run - **ClientID** Client ID being run - **CoordinatorVersion** Coordinator version of DTU - **CV** Correlation vector +- **hResult** HRESULT of the failure - **CV_new** New correlation vector @@ -2545,11 +2535,11 @@ Event to indicate that we have received an unexpected error in the DTU Handler D The following fields are available: -- **hResult** HRESULT of the failure - **CampaignID** Campaign ID being run - **ClientID** Client ID being run - **CoordinatorVersion** Coordinator version of DTU - **CV** Correlation vector +- **hResult** HRESULT of the failure ### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadSuccess @@ -2570,12 +2560,12 @@ Event to indicate that we have received an unexpected error in the DTU Handler I The following fields are available: +- **hResult** HRESULT of the failure - **CampaignID** Campaign ID being run - **ClientID** Client ID being run - **CoordinatorVersion** Coordinator version of DTU - **CV** Correlation vector - **DownloadAndExtractCabFunction_hResult** HRESULT of the DownloadAndExtractCab function -- **hResult** HRESULT of the failure ### Microsoft.Windows.DirectToUpdate.DTUHandlerInitializeSuccess @@ -2597,11 +2587,11 @@ Event to indicate that we have received an unexpected error in the DTU Handler I The following fields are available: +- **hResult** HRESULT of the failure - **CampaignID** Campaign ID being run - **ClientID** Client ID being run - **CoordinatorVersion** Coordinator version of DTU - **CV** Correlation vector -- **hResult** HRESULT of the failure ### Microsoft.Windows.DirectToUpdate.DTUHandlerInstallSuccess @@ -2930,12 +2920,12 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: -- **BusReportedDescription** System-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the computer. -- **Class** A unique identifier for the driver installed. -- **ClassGuid** Name of the .sys image file (or wudfrd.sys if using user mode driver framework). -- **COMPID** INF file name (the name could be renamed by OS, such as oemXX.inf) -- **ContainerId** The version of the inventory binary generating the events. -- **Description** The current error code for the device. +- **BusReportedDescription** The description of the device reported by the bux. +- **Class** The device setup class of the driver loaded for the device. +- **ClassGuid** The device class GUID from the driver package +- **COMPID** The device setup class guid of the driver loaded for the device. +- **ContainerId** The list of compat ids for the device. +- **Description** System-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the computer. - **DeviceState** The device description. - **DriverId** DeviceState is a bitmask of the following: DEVICE_IS_CONNECTED 0x0001 (currently only for container). DEVICE_IS_NETWORK_DEVICE 0x0002 (currently only for container). DEVICE_IS_PAIRED 0x0004 (currently only for container). DEVICE_IS_ACTIVE 0x0008 (currently never set). DEVICE_IS_MACHINE 0x0010 (currently only for container). DEVICE_IS_PRESENT 0x0020 (currently always set). DEVICE_IS_HIDDEN 0x0040. DEVICE_IS_PRINTER 0x0080 (currently only for container). DEVICE_IS_WIRELESS 0x0100. DEVICE_IS_WIRELESS_FAT 0x0200. The most common values are therefore: 32 (0x20)= device is present. 96 (0x60)= device is present but hidden. 288 (0x120)= device is a wireless device that is present - **DriverName** A unique identifier for the driver installed. @@ -3116,7 +3106,6 @@ The following fields are available: - **FileSize** File size of the Office addin - **FriendlyName** Friendly name for office addin - **FullPath** Unexpanded path to the office addin -- **InventoryVersion** The version of the inventory binary generating the events. - **LoadBehavior** Uint32 that describes the load behavior - **OfficeApplication** The office application for this addin - **OfficeArchitecture** Architecture of the addin @@ -3129,6 +3118,7 @@ The following fields are available: - **Provider** Name of the provider for this addin - **AddInCLSID** CLSID key for the office addin - **LoadTime** Load time for the office addin +- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove @@ -3187,7 +3177,6 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: -- **InventoryVersion** The version of the inventory binary generating the events. - **OIeFeatureAddon** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_ADDON_MANAGEMENT feature lets applications hosting the WebBrowser Control to respect add-on management selections made using the Add-on Manager feature of Internet Explorer. Add-ons disabled by the user or by administrative group policy will also be disabled in applications that enable this feature. - **OIeMachineLockdown** Flag indicating which Microsoft Office products have this setting enabled. When the FEATURE_LOCALMACHINE_LOCKDOWN feature is enabled, Internet Explorer applies security restrictions on content loaded from the user's local machine, which helps prevent malicious behavior involving local files. - **OIeMimeHandling** Flag indicating which Microsoft Office products have this setting enabled. When the FEATURE_MIME_HANDLING feature control is enabled, Internet Explorer handles MIME types more securely. Only applies to Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2) @@ -3203,6 +3192,7 @@ The following fields are available: - **OIeWebOcPopup** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_WEBOC_POPUPMANAGEMENT feature allows applications hosting the WebBrowser Control to receive the default Internet Explorer pop-up window management behavior - **OIeWinRestrict** Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_WINDOW_RESTRICTIONS feature adds several restrictions to the size and behavior of popup windows - **OIeZoneElevate** Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_ZONE_ELEVATION feature prevents pages in one zone from navigating to pages in a higher security zone unless the navigation is generated by the user +- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIESettingsStartSync @@ -3254,11 +3244,11 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: +- **InventoryVersion** The version of the inventory binary generating the events. - **OC2rApps** A GUID the describes the Office Click-To-Run apps - **OC2rSkus** Comma-delimited list (CSV) of Office Click-To-Run products installed on the device. For example, Office 2016 ProPlus - **OMsiApps** Comma-delimited list (CSV) of Office MSI products installed on the device. For example, Microsoft Word - **OProductCodes** A GUID that describes the Office MSI products -- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeProductsStartSync @@ -3576,9 +3566,9 @@ Activity for run of the Transient Account Manager that determines if any user ac The following fields are available: +- **totalAccountCount** The number of accounts on a device after running the Transient Account Manager policies. - **wilActivity** Windows Error Reporting data collected when there is a failure in evaluating accounts to be deleted with the Transient Account Manager. See [wilActivity](#wilactivity). - **evaluationTrigger** When was the Transient Account Manager policies ran? Example: At log off or during maintenance hours -- **totalAccountCount** The number of accounts on a device after running the Transient Account Manager policies. ## SIH events @@ -3589,22 +3579,22 @@ This event is sent when targeting logic is evaluated to determine if a device is The following fields are available: +- **ActionReasons** If an action has been assessed as inapplicable, the additional logic prevented it. +- **AdditionalReasons** If an action has been assessed as inapplicable, the additional logic prevented it. - **CachedEngineVersion** The engine DLL version that is being used. - **EventInstanceID** A unique identifier for event instance. - **EventScenario** Indicates the purpose of sending this event – whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. +- **HandlerReasons** If an action has been assessed as inapplicable, the installer technology-specific logic prevented it. - **IsExecutingAction** If the action is presently being executed. - **ServiceGuid** A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Windows Store, etc.) - **SihclientVersion** The client version that is being used. +- **StandardReasons** If an action has been assessed as inapplicable, the standard logic the prevented it. - **StatusCode** Result code of the event (success, cancellation, failure code HResult). - **UpdateID** A unique identifier for the action being acted upon. - **WuapiVersion** The Windows Update API version that is currently installed. - **WuaucltVersion** The Windows Update client version that is currently installed. - **WuauengVersion** The Windows Update engine version that is currently installed. - **WUDeviceID** The unique identifier controlled by the software distribution client. -- **ActionReasons** If an action has been assessed as inapplicable, the additional logic prevented it. -- **AdditionalReasons** If an action has been assessed as inapplicable, the additional logic prevented it. -- **HandlerReasons** If an action has been assessed as inapplicable, the installer technology-specific logic prevented it. -- **StandardReasons** If an action has been assessed as inapplicable, the standard logic the prevented it. ### SIHEngineTelemetry.SLSActionData @@ -3636,38 +3626,19 @@ The following fields are available: - **ActivityMatchingId** Contains a unique ID identifying a single CheckForUpdates session from initialization to completion. - **AllowCachedResults** Indicates if the scan allowed using cached results. -- **BiosFamily** The family of the BIOS (Basic Input Output System). -- **BiosName** The name of the device BIOS. -- **BiosReleaseDate** The release date of the device BIOS. -- **BiosSKUNumber** The sku number of the device BIOS. -- **BIOSVendor** The vendor of the BIOS. -- **BiosVersion** The version of the BIOS. - **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. -- **CapabilityDetectoidGuid** The GUID for a hardware applicability detectoid that could not be evaluated. -- **CDNCountryCode** Two letter country abbreviation for the CDN's location. -- **CDNId** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. -- **ClientVersion** The version number of the software distribution client. - **CurrentMobileOperator** The mobile operator the device is currently connected to. -- **DeviceModel** What is the device model. -- **DriverError** The error code hit during a driver scan. This is 0 if no error was encountered. - **DriverSyncPassPerformed** Were drivers scanned this time? -- **EventInstanceID** A globally unique identifier for event instance. - **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. -- **ExtendedMetadataCabUrl** Hostname that is used to download an update. - **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough. -- **FailedUpdateGuids** The GUIDs for the updates that failed to be evaluated during the scan. -- **FailedUpdatesCount** The number of updates that failed to be evaluated during the scan. - **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. - **FlightBranch** The branch that a device is on if participating in flighting (pre-release builds). - **FlightRing** The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds). - **HomeMobileOperator** The mobile operator that the device was originally intended to work with. -- **IntentPFNs** Intended application-set metadata for atomic update scenarios. - **IPVersion** Indicates whether the download took place over IPv4 or IPv6 - **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. - **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. - **MetadataIntegrityMode** The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce -- **MSIError** The last error that was encountered during a scan for updates. -- **NetworkConnectivityDetected** Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6 - **NumberOfApplicationsCategoryScanEvaluated** The number of categories (apps) for which an app update scan checked - **NumberOfLoop** The number of round trips the scan required - **NumberOfNewUpdatesFromServiceSync** The number of updates which were seen for the first time in this scan @@ -3685,13 +3656,34 @@ The following fields are available: - **ShippingMobileOperator** The mobile operator that a device shipped on. - **StatusCode** Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult). - **SyncType** Describes the type of scan the event was -- **SystemBIOSMajorRelease** Major version of the BIOS. -- **SystemBIOSMinorRelease** Minor version of the BIOS. - **TotalNumMetadataSignatures** The total number of metadata signatures checks done for new metadata that was synced down. - **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. +- **BiosFamily** The family of the BIOS (Basic Input Output System). +- **BiosName** The name of the device BIOS. +- **BiosReleaseDate** The release date of the device BIOS. +- **BiosSKUNumber** The sku number of the device BIOS. +- **BIOSVendor** The vendor of the BIOS. +- **BiosVersion** The version of the BIOS. +- **CapabilityDetectoidGuid** The GUID for a hardware applicability detectoid that could not be evaluated. +- **CDNCountryCode** Two letter country abbreviation for the CDN's location. +- **CDNId** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. +- **ClientVersion** The version number of the software distribution client. +- **DeviceModel** What is the device model. +- **DriverError** The error code hit during a driver scan. This is 0 if no error was encountered. +- **EventInstanceID** A globally unique identifier for event instance. +- **ExtendedMetadataCabUrl** Hostname that is used to download an update. +- **FailedUpdateGuids** The GUIDs for the updates that failed to be evaluated during the scan. +- **FailedUpdatesCount** The number of updates that failed to be evaluated during the scan. +- **IntentPFNs** Intended application-set metadata for atomic update scenarios. +- **MSIError** The last error that was encountered during a scan for updates. +- **NetworkConnectivityDetected** Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6 +- **SystemBIOSMajorRelease** Major version of the BIOS. +- **SystemBIOSMinorRelease** Minor version of the BIOS. - **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable - **NumberOfApplicableUpdates** The number of updates which were ultimately deemed applicable to the system after the detection process is complete - **WebServiceRetryMethods** Web service method requests that needed to be retried to complete operation. +- **TargetMetadataVersion** For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null. +- **IsWUfBFederatedScanDisabled** Indicates if Windows Update for Business federated scan is disabled on the device. - **BranchReadinessLevel** The servicing branch configured on the device. - **DeferralPolicySources** Sources for any update deferral policies defined (GPO = 0x10, MDM = 0x100, Flight = 0x1000, UX = 0x10000). - **DeferredUpdates** Update IDs which are currently being deferred until a later time @@ -3705,10 +3697,8 @@ The following fields are available: - **PauseQualityUpdatesStartTime** If quality OS updates are paused on the device, this is the date and time for the beginning of the pause time window. - **QualityUpdateDeferral** The deferral period configured for quality OS updates on the device (in days). - **QualityUpdatePausePeriod** The pause duration configured for quality OS updates on the device (in days). -- **IsWUfBFederatedScanDisabled** Indicates if Windows Update for Business federated scan is disabled on the device. -- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null. -- **TargetMetadataVersion** For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null. - **Context** Gives context on where the error has occurred. Example: AutoEnable, GetSLSData, AddService, Misc, or Unknown +- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null. ### SoftwareUpdateClientTelemetry.Commit @@ -3769,7 +3759,6 @@ The following fields are available: - **CurrentMobileOperator** The mobile operator the device is currently connected to. - **DeviceModel** What is the device model. - **DownloadPriority** Indicates whether a download happened at background, normal, or foreground priority. -- **DownloadScenarioId** A unique ID for a given download used to tie together WU and DO events. - **EventInstanceID** A globally unique identifier for event instance. - **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started downloading content, or whether it was cancelled, succeeded, or failed. - **EventType** Possible values are Child, Bundle, or Driver. @@ -3793,6 +3782,7 @@ The following fields are available: - **PhonePreviewEnabled** Indicates whether a phone was opted-in to getting preview builds, prior to flighting (pre-release builds) being introduced. - **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. +- **RegulationReason** The reason that the update is regulated - **RelatedCV** The previous Correlation Vector that was used before swapping with a new one. - **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download. - **RevisionNumber** Identifies the revision number of this specific piece of content. @@ -3812,7 +3802,7 @@ The following fields are available: - **UsedDO** Whether the download used the delivery optimization service. - **UsedSystemVolume** Indicates whether the content was downloaded to the device's main system storage drive, or an alternate storage drive. - **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. -- **RegulationReason** The reason that the update is regulated +- **DownloadScenarioId** A unique ID for a given download used to tie together WU and DO events. ### SoftwareUpdateClientTelemetry.DownloadCheckpoint @@ -3954,29 +3944,29 @@ Ensures Windows Updates are secure and complete. Event helps to identify whether The following fields are available: -- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. -- **EventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc. -- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. -- **LeafCertId** Integral ID from the FragmentSigning data for certificate that failed. -- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce -- **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID). -- **RawMode** Raw unparsed mode string from the SLS response. May be null if not applicable. -- **RevisionId** The revision ID for a specific piece of content. -- **RevisionNumber** The revision number for a specific piece of content. -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc) -- **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate. -- **SHA256OfTimestampToken** Base64 string of hash of the timestamp token blob -- **SignatureAlgorithm** The hash algorithm for the metadata signature. -- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". -- **StatusCode** Result code of the event (success, cancellation, failure code HResult) -- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is itself malformed and decoding failed. -- **UpdateId** The update ID for a specific piece of content. - **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request. +- **EndpointUrl** The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments. +- **EventScenario** The purpose of this event, such as scan started, scan succeeded, or scan failed. +- **ExtendedStatusCode** The secondary status code of the event. +- **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce +- **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable. +- **ServiceGuid** Identifies the service to which the software distribution client is connected, Example: Windows Update or Windows Store +- **SHA256OfTimestampToken** A base64-encoded string of hash of the timestamp token blob. +- **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast +- **StatusCode** The status code of the event. - **TimestampTokenCertThumbprint** Thumbprint of the encoded timestamp token. +- **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed. - **ValidityWindowInDays** Validity window in effect when verifying the timestamp +- **LeafCertId** Integral ID from the FragmentSigning data for certificate that failed. - **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. - **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable. - **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate. +- **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID). +- **RevisionId** The revision ID for a specific piece of content. +- **RevisionNumber** The revision number for a specific piece of content. +- **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate. +- **SignatureAlgorithm** The hash algorithm for the metadata signature. +- **UpdateId** The update ID for a specific piece of content. ## Update events @@ -4154,6 +4144,7 @@ The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup b The following fields are available: +- **ContainsExpressPackage** Indicates whether the download package is express. - **FlightId** Unique ID for each flight. - **FreeSpace** Free space on OS partition. - **InstallCount** Number of install attempts using the same sandbox. @@ -4166,7 +4157,6 @@ The following fields are available: - **SetupMode** Mode of setup to be launched. - **UpdateId** Unique ID for each Update. - **UserSession** Indicates whether install was invoked by user actions. -- **ContainsExpressPackage** Indicates whether the download package is express. ## Update notification events @@ -4185,37 +4175,37 @@ The following fields are available: - **DetectorVersion** Most recently run detector version for the current campaign on UNP - **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user - **key1** UI interaction data -- **key2** Interaction data for the UI +- **key10** UI interaction data +- **key11** UI interaction data +- **key12** UI interaction data +- **key13** UI interaction data +- **key14** UI interaction data +- **key15** UI interaction data +- **key16** UI interaction data +- **key17** UI interaction data +- **key18** UI interaction data +- **key19** UI interaction data +- **key2** UI interaction data +- **key20** UI interaction data +- **key21** Interaction data for the UI +- **key22** UI interaction data +- **key23** UI interaction data +- **key24** UI interaction data +- **key25** UI interaction data +- **key26** UI interaction data +- **key27** UI interaction data +- **key28** UI interaction data +- **key29** UI interaction data - **key3** UI interaction data +- **key30** UI interaction data - **key4** UI interaction data - **key5** UI interaction data - **key6** UI interaction data - **key7** UI interaction data - **key8** UI interaction data - **key9** UI interaction data -- **PackageVersion** UI interaction data -- **schema** UI interaction data -- **key10** Interaction data for the UI -- **key11** Interaction data for the UI -- **key12** Interaction data for the UI -- **key13** Interaction data for the UI -- **key14** Interaction data for the UI -- **key15** Interaction data for the UI -- **key16** Interaction data for the UI -- **key17** Interaction data for the UI -- **key18** Interaction data for the UI -- **key19** Interaction data for the UI -- **key20** Interaction data for the UI -- **key21** Interaction data for the UI -- **key22** Interaction data for the UI -- **key23** Interaction data for the UI -- **key24** Interaction data for the UI -- **key25** Interaction data for the UI -- **key26** Interaction data for the UI -- **key27** UI interaction data -- **key28** UI interaction data -- **key29** UI interaction data -- **key30** UI interaction data +- **PackageVersion** Current package version of UNP +- **schema** UI interaction type ### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignHeartbeat @@ -4336,6 +4326,7 @@ This event sends data indicating that the device has invoked the downlevel phase The following fields are available: - **ClientId** If using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but it can be overwritten by the caller to a unique value. +- **FlightData** Unique value that identifies the flight. - **HostOSBuildNumber** The build number of the downlevel OS. - **HostOsSkuName** The operating system edition which is running Setup360 instance (downlevel OS). - **InstanceId** A unique GUID that identifies each instance of setuphost.exe. @@ -4348,7 +4339,6 @@ The following fields are available: - **State** Exit state of given Setup360 run. Example: succeeded, failed, blocked, cancelled - **TestId** A string that uniquely identifies a group of events. - **WuId** This is the Windows Update Client ID. In the Windows Update scenario, this is the same as the clientId. -- **FlightData** Unique value that identifies the flight. ### Setup360Telemetry.Finalize @@ -4358,6 +4348,7 @@ This event sends data indicating that the device has invoked the finalize phase The following fields are available: - **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** Unique value that identifies the flight. - **HostOSBuildNumber** The build number of the previous OS. - **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). - **InstanceId** A unique GUID that identifies each instance of setuphost.exe @@ -4370,7 +4361,6 @@ The following fields are available: - **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled - **TestId** A string to uniquely identify a group of events. - **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. -- **FlightData** Unique value that identifies the flight. ### Setup360Telemetry.OsUninstall @@ -4424,6 +4414,7 @@ This event sends data indicating that the device has invoked the predownload qui The following fields are available: - **ClientId** Using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** Unique value that identifies the flight. - **HostOSBuildNumber** The build number of the previous OS. - **HostOsSkuName** The OS edition which is running Setup360 instance (previous operating system). - **InstanceId** A unique GUID that identifies each instance of setuphost.exe @@ -4436,7 +4427,6 @@ The following fields are available: - **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled - **TestId** A string to uniquely identify a group of events. - **WuId** This is the Windows Update Client ID. Using Windows Update, this is the same as the clientId. -- **FlightData** Unique value that identifies the flight. ### Setup360Telemetry.PreDownloadUX @@ -4576,10 +4566,10 @@ The following fields are available: - **remediationSummary** Result of each applicable resolution that was ran. - **usingBackupFeatureAssessment** Relying on backup feature assessment. - **usingBackupQualityAssessment** Relying on backup quality assessment. -- **versionString** Version of the WaaSMedic engine. -- **insufficientSessions** Device not eligible for diagnostics. - **usingCachedFeatureAssessment** WaaS Medic run did not get OS build age from the network on the previous run. - **usingCachedQualityAssessment** WaaS Medic run did not get OS revision age from the network on the previous run. +- **versionString** Version of the WaaSMedic engine. +- **insufficientSessions** Device not eligible for diagnostics. ## Windows Error Reporting MTT events @@ -4592,9 +4582,9 @@ The following fields are available: - **DPRange** Maximum mean value range. - **DPValue** Randomized bit value (0 or 1) that can be reconstituted over a large population to estimate mean. +- **Value** Standard UTC emitted DP value structure See [Microsoft.Windows.WER.MTT.Value](#microsoftwindowswermttvalue). - **UtcAggParams** These fields are not logged by the event - this datagrid entry is generated erroneously from build See [UtcAggParams](#utcaggparams). - **UtcDiffpVal** These fields are not logged by the event - this datagrid entry is generated erroneously from build See [UtcDiffpVal](#utcdiffpval). -- **Value** Standard UTC emitted DP value structure See [Microsoft.Windows.WER.MTT.Value](#microsoftwindowswermttvalue). ### Microsoft.Windows.WER.MTT.Value @@ -4883,9 +4873,9 @@ The FulfillmentInitiate event is fired at the start of an app install or update. The following fields are available: -- **CatalogId** The CatalogId is the name of the product catalog from which this app was chosen. - **PFN** The Package Family Name of the app that is being installed or updated. - **ProductId** The product ID of the app that is being updated or installed. +- **CatalogId** The CatalogId is the name of the product catalog from which this app was chosen. ### Microsoft.Windows.StoreAgent.Telemetry.InstallOperationRequest @@ -5039,7 +5029,7 @@ The following fields are available: - **current** Result of currency check - **dismOperationSucceeded** Dism uninstall operation status -- **hResult** Failure error code +- **hResult** Failure Error code - **oSVersion** Build number of the machine - **paused** Machine's pause status - **rebootRequestSucceeded** Reboot CSP call success status @@ -5092,25 +5082,25 @@ The following fields are available: - **downloadModeSrc** Source of the DownloadMode setting (KvsProvider: 0, GeoProvider: 1, GeoVerProvider: 2, CpProvider: 3, DiscoveryProvider: 4, RegistryProvider: 5, GroupPolicyProvider: 6, MdmProvider: 7, SettingsProvider: 8, InvalidProviderType: 9) - **errorCode** Error code returned - **experimentId** Used to correlate client/services calls that are part of the same test during A/B testing -- **fileID** ID of the File being downloaded +- **fileID** ID of the file being downloaded - **filePath** Path to where the downloaded file will be written - **fileSize** Total filesize of the file that was downloaded - **fileSizeCaller** Value for total file size provided by our caller - **groupID** ID for the group - **isVpn** If the machine is connected to a Virtual Private Network -- **jobID** Identifier for the Windows Update Job -- **peerID** ID for this Delivery Optimization client -- **predefinedCallerName** Name of the API Caller -- **sessionID** ID for the file download session -- **setConfigs** A JSON representation of the configurations that have been set, and their sources -- **updateID** ID of the Update being downloaded -- **usedMemoryStream** If the download is using memory streaming in App downloads -- **callerName** Name of the API Caller +- **jobID** Identifier for the Windows Update job - **minDiskSizeGB** The minimum disk size policy set for the device to allow Peering with Delivery Optimization - **minDiskSizePolicyEnforced** If there is an enforced mininum disk size requirement for peering - **minFileSizePolicy** Minimum filesize policy set for the device to allow Peering with Delivery Optimization -- **isEncrypted** Whether the download is encrypted +- **peerID** ID for this Delivery Optimization client +- **predefinedCallerName** Name of the API caller +- **sessionID** ID for the file download session +- **updateID** ID of the update being downloaded +- **usedMemoryStream** If the download is using memory streaming in App downloads +- **callerName** Name of the API Caller - **scenarioID** ID for the Scenario +- **isEncrypted** Whether the download is encrypted +- **setConfigs** A JSON representation of the configurations that have been set, and their sources ## Windows Update events @@ -5122,21 +5112,21 @@ This event collects information regarding the state of devices and drivers on th The following fields are available: - **activated** Whether the entire device manifest update is considered activated and in use. -- **analysisErrorCount** How many driver packages could not be analyzed because errors were hit during the analysis. +- **analysisErrorCount** How many driver packages that could not be analyzed because errors were hit during the analysis. - **flightId** Unique ID for each flight. -- **missingDriverCount** How many driver packages that were delivered by the device manifest are missing from the system. -- **missingUpdateCount** How many updates that were part of the device manifest are missing from the system. +- **missingDriverCount** How many driver packages that were delivered by the device manifest that are missing from the system. +- **missingUpdateCount** How many updates that were part of the device manifest that are missing from the system. - **objectId** Unique value for each diagnostics session. -- **publishedCount** How many drivers packages that were delivered by the device manifest are published and available to be used on devices. +- **publishedCount** How many drivers packages that were delivered by the device manifest that are published and available to be used on devices. - **relatedCV** Correlation vector value generated from the latest USO scan. - **scenarioId** Indicates the update scenario. - **sessionId** Unique value for each update session. -- **summary** A summary string that contains some basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match. +- **summary** A summary string that contains some basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match on. - **summaryAppendError** A Boolean indicating if there was an error appending more information to the summary string. -- **truncatedDeviceCount** How many devices are missing from the summary string because there is not enough room in the string. -- **truncatedDriverCount** How many driver packages are missing from the summary string because there is not enough room in the string. +- **truncatedDeviceCount** How many devices are missing from the summary string due to there not being enough room in the string. +- **truncatedDriverCount** How many driver packages are missing from the summary string due to there not being enough room in the string. - **unpublishedCount** How many drivers packages that were delivered by the device manifest that are still unpublished and unavailable to be used on devices. -- **updateId** Unique ID for each update. +- **updateId** Unique ID for each Update. ### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentCommit @@ -5239,7 +5229,6 @@ The following fields are available: - **AcceptAutoModeLimit** Maximum number of days for a device to automatically enter Auto Reboot mode - **AutoToAutoFailedLimit** Maximum number of days for Auto Reboot mode to fail before RebootFailed dialog will be shown -- **DaysSinceRebootRequired** Number of days since reboot was required. - **DeviceLocalTime** Time of dialog shown on local device - **EngagedModeLimit** Number of days to switch between DTE dialogs - **EnterAutoModeLimit** Maximum number of days for a device to enter Auto Reboot mode @@ -5255,6 +5244,7 @@ The following fields are available: - **UpdateId** The ID of the update that is pending reboot to finish installation - **UpdateRevision** The revision of the update that is pending reboot to finish installation - **UtcTime** The Coordinated Universal Time when the dialog notification will be displayed. +- **DaysSinceRebootRequired** Number of days since reboot was required. ### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootAcceptAutoDialog @@ -5327,7 +5317,7 @@ Enhanced Engaged reboot reboot failed dialog was displayed. The following fields are available: -- **DeviceLocalTime** Time of dialog shown on local device +- **DeviceLocalTime** Dialog exit code - user response - **ETag** OneSettings versioning value - **ExitCode** Indicates how users exited the dialog - **RebootVersion** Version of DTE @@ -5421,11 +5411,11 @@ Update activity blocked due to active hours being currently active. The following fields are available: -- **blockReason** The current state of the update process -- **updatePhase** The current state of the update process -- **wuDeviceid** Device ID - **activeHoursEnd** The end of the active hours window - **activeHoursStart** The start of the active hours window +- **updatePhase** Device ID +- **wuDeviceid** Device ID +- **blockReason** The current state of the update process ### Microsoft.Windows.Update.Orchestrator.BlockedByBatteryLevel @@ -5460,7 +5450,7 @@ The following fields are available: - **eventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc - **filteredDeferReason** The raised reason that the USO did not restart (e.g. user active, low battery) that were ignorable - **raisedDeferReason** The reason that the USO did not restart (e.g. user active, low battery) -- **wuDeviceid** Windows Update Device GUID +- **wuDeviceid** Device ID - **displayNeededReason** Semicolon-separated list of reasons reported for display needed - **gameModeReason** Name of the executable that caused the game mode state check to trigger. - **ignoredReason** Semicolon-separated list of reasons that were intentionally ignored. @@ -5477,19 +5467,19 @@ A scan for an update occurred. The following fields are available: - **detectionBlockreason** Reason for detection not completing. -- **detectionRetryMode** Error info -- **errorCode** State of update action - **eventScenario** End to end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. - **interactive** Identifies if session is User Initiated. +- **scanTriggerSource** Source of the triggered scan. - **updateScenarioType** The update session type. - **wuDeviceid** Unique device ID used by Windows Update. - **detectionBlockingPolicy** State of update action -- **scanTriggerSource** Source of the triggered scan. -- **networkStatus** Error info - **deferReason** Reason for postponing detection - **flightID** Flight info - **revisionNumber** Update version - **updateId** Update ID - GUID +- **detectionRetryMode** If we retry to scan +- **errorCode** The returned error code. +- **networkStatus** Error info ### Microsoft.Windows.Update.Orchestrator.DisplayNeeded @@ -5646,39 +5636,39 @@ This event sends launch data for a Windows Update install to help keep Windows u The following fields are available: - **batteryLevel** Current battery capacity in mWh or percentage left. -- **deferReason** Reason for install not completing. - **eventScenario** End to end update session ID. +- **flightID** Unique update ID +- **flightUpdate** Flight update +- **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates. +- **installRebootinitiatetime** The time it took for a reboot to be attempted. - **interactive** Identifies if session is user initiated. +- **minutesToCommit** The time it took to install updates. - **rebootOutsideOfActiveHours** Indicates the timing that the reboot was to occur to ensure the correct update process and experience is provided to keep Windows up to date. +- **revisionNumber** Update revision number. +- **updateId** Update ID. - **updateScenarioType** The update session type. - **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date. - **wuDeviceid** Unique device ID used by Windows Update. +- **deferReason** Reason for install not completing. - **errorCode** The error code reppresented by a hexadecimal value. -- **flightID** Unique update ID -- **revisionNumber** Update revision number. -- **updateId** Update ID. -- **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates. - **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress. -- **flightUpdate** Flight update -- **installRebootinitiatetime** The time it took for a reboot to be attempted. -- **minutesToCommit** The time it took to install updates. ### Microsoft.Windows.Update.Orchestrator.PostInstall -Event sent after Update install completes. +Event sent after Windows update install completes. The following fields are available: -- **batteryLevel** Battery level percentage -- **bundleId** Update ID - GUID -- **bundleRevisionnumber** Update ID revision number -- **errorCode** Error value -- **eventScenario** State of update action -- **sessionType** Update session type -- **wuDeviceid** Windows Update device GUID +- **batteryLevel** Current battery capacity in mWh or percentage left. +- **bundleId** Identifier associated with the specific content bundle. +- **bundleRevisionnumber** Identifies the revision number of the content bundle. +- **errorCode** Hex code for the error message, to allow lookup of the specific error. +- **eventScenario** End to end update session ID. - **flightID** The flight ID of the device +- **sessionType** Interactive vs. Background. - **updateScenarioType** The scenario type of this update +- **wuDeviceid** Unique device ID used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.PowerMenuOptionsChanged @@ -5687,42 +5677,42 @@ This event is sent when the options in power menu changed, usually due to an upd The following fields are available: -- **powermenuNewOptions** The new options after the power menu changed -- **powermenuOldOptions** The old options before the power menu changed -- **rebootPendingMinutes** If the power menu changed because a reboot is pending due to a update, how long that reboot has been pending -- **wuDeviceid** If the power menu changed because a reboot is pending due to a update, the device ID recorded by WU +- **powermenuNewOptions** The new options after the power menu changed. +- **powermenuOldOptions** The old options before the power menu changed. +- **rebootPendingMinutes** If the power menu changed because a reboot is pending due to a update, this indicates how long that reboot has been pending. +- **wuDeviceid** The device ID recorded by Windows Update if the power menu changed because a reboot is pending due to an update. ### Microsoft.Windows.Update.Orchestrator.PreShutdownStart -This event is generated right before the shutdown and commit operations +This event is generated before the shutdown and commit operations. The following fields are available: -- **wuDeviceid** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue +- **wuDeviceid** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. ### Microsoft.Windows.Update.Orchestrator.Progress -Event sent when the download of a update reaches a milestone change, such as network cost policy changed, a internal phase has completed, or a transient state has changed. +Event sent when the download of a update reaches a milestone change, such as a change in network cost policy, completion of an internal phase, or change in a transient state. The following fields are available: -- **errorCode** Error info -- **flightID** Flight info -- **interactive** Is USO session interactive or non-interactive? -- **networkCostPolicy** The current network cost policy on device -- **revisionNumber** Update ID revision number -- **updateId** Update ID - GUID -- **updateScenarioType** Update Session type -- **updateState** Subphase of the download -- **UpdateStatus** Subphase of the update -- **wuDeviceid** Device ID +- **errorCode** Error code returned. +- **flightID** The specific ID of the Windows Insider build the device is getting. +- **interactive** Identifies whether the session is user initiated. +- **networkCostPolicy** The current network cost policy on device. +- **revisionNumber** Update ID revision number. +- **updateId** Unique ID for each update. +- **updateScenarioType** Update Session type. +- **updateState** Subphase of the download. +- **UpdateStatus** Subphase of the update. +- **wuDeviceid** Unique device ID used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.RebootFailed -This event sends information about whether an update required a reboot and reasons for failure to help keep Windows up to date. +This event sends information about whether an update required a reboot and reasons for failure, to help keep Windows up to date. The following fields are available: @@ -5730,7 +5720,7 @@ The following fields are available: - **deferReason** Reason for install not completing. - **EventPublishedTime** The time that the reboot failure occurred. - **flightID** Unique update ID. -- **rebootOutsideOfActiveHours** Indicates the timing that the reboot was to occur to ensure the correct update process and experience is provided to keep Windows up to date. +- **rebootOutsideOfActiveHours** Indicates whether a reboot was scheduled outside of active hours. - **RebootResults** Hex code indicating failure reason. Typically, we expect this to be a specific USO generated hex code. - **revisionNumber** Update revision number. - **updateId** Update ID. @@ -5746,7 +5736,7 @@ This event sends data indicating that a reboot task is missing unexpectedly on a The following fields are available: - **RebootTaskRestoredTime** Time at which this reboot task was restored. -- **wuDeviceid** Device id on which the reboot is restored +- **wuDeviceid** Device ID for the device on which the reboot is restored. ### Microsoft.Windows.Update.Orchestrator.ScanTriggered @@ -5755,16 +5745,16 @@ Indicates that Update Orchestrator has started a scan operation. The following fields are available: -- **interactive** Whether or not the scan is interactive. -- **isScanPastSla** Has the SLA elapsed for scanning? -- **isScanPastTriggerSla** Has the SLA elapsed for triggering a scan? -- **minutesOverScanSla** How many minutes over the scan SLA is the scan? -- **minutesOverScanTriggerSla** How many minutes over the scan trigger SLA is the scan? -- **scanTriggerSource** What caused the scan? -- **updateScenarioType** The type of scenario we are in. -- **wuDeviceid** WU Device ID of the machine. -- **errorCode** Error info -- **eventScenario** Indicates the purpose of sending this event +- **errorCode** The error code returned for the current scan operation. +- **eventScenario** Indicates the purpose of sending this event. +- **interactive** Indicates whether the scan is interactive. +- **isScanPastSla** Indicates whether the SLA has elapsed for scanning. +- **isScanPastTriggerSla** Indicates whether the SLA has elapsed for triggering a scan. +- **minutesOverScanSla** Indicates how many minutes the scan exceeded the scan SLA. +- **minutesOverScanTriggerSla** Indicates how many minutes the scan exceeded the scan trigger SLA. +- **scanTriggerSource** Indicates what caused the scan. +- **updateScenarioType** The update session type. +- **wuDeviceid** Unique device ID used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.SystemNeeded @@ -5773,10 +5763,10 @@ This event sends data about why a device is unable to reboot, to help keep Windo The following fields are available: -- **eventScenario** End to end update session ID. -- **rebootOutsideOfActiveHours** Indicates the timing that the reboot was to occur to ensure the correct update process and experience is provided to keep Windows up to date. +- **eventScenario** End-to-end update session ID. +- **rebootOutsideOfActiveHours** Indicates whether a reboot is scheduled outside of active hours. - **revisionNumber** Update revision number. -- **systemNeededReason** Reason ID +- **systemNeededReason** List of apps or tasks that are preventing the system from restarting. - **updateId** Update ID. - **updateScenarioType** The update session type. - **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date. @@ -5813,10 +5803,10 @@ This event sends data on whether Update Management Policies were enabled on a de The following fields are available: -- **configuredPoliciescount** Policy Count -- **policiesNamevaluesource** Policy Name -- **policyCacherefreshtime** Refresh time -- **updateInstalluxsetting** This shows whether a user has set policies via UX option +- **configuredPoliciescount** Number of policies on the device. +- **policiesNamevaluesource** Policy name and source of policy (group policy, MDM or flight). +- **policyCacherefreshtime** Time when policy cache was refreshed. +- **updateInstalluxsetting** Indicates whether a user has set policies via a user experience option. - **wuDeviceid** Unique device ID used by Windows Update. @@ -5826,8 +5816,8 @@ This event sends data about whether an update required a reboot to help keep Win The following fields are available: -- **flightID** Unique update ID. -- **interactive** Indicates the reboot initiation stage of the update process was entered as a result of user action or not. +- **flightID** The specific ID of the Windows Insider build the device is getting. +- **interactive** Indicates whether the reboot initiation stage of the update process was entered as a result of user action. - **revisionNumber** Update revision number. - **updateId** Update ID. - **updateScenarioType** The update session type. @@ -5855,21 +5845,21 @@ The following fields are available: ### Microsoft.Windows.Update.Ux.MusNotification.RebootScheduled -The RebootScheduled event sends basic information for scheduling a update related reboot to facilitate the flow of getting security updates and keeping Windows up to date. +This event sends basic information about scheduling an update-related reboot, to get security updates and to help keep Windows up-to-date. The following fields are available: -- **activeHoursApplicable** Whether Active Hours applies. -- **IsEnhancedEngagedReboot** If Enhanced reboot was enabled. -- **rebootArgument** The reboot arguments -- **rebootOutsideOfActiveHours** If reboot was outside of Active Hours -- **rebootScheduledByUser** If the reboot was scheduled by the user, or the system. -- **rebootState** Which state the reboot is in -- **revisionNumber** Revision number of the OS -- **scheduledRebootTime** Time the reboot was scheduled for. -- **scheduledRebootTimeInUTC** Time the reboot was scheduled for in UTC -- **updateId** UpdateId to identify which update is being scheduled. +- **activeHoursApplicable** Indicates whether Active Hours applies on this device. +- **rebootArgument** Argument for the reboot task. It also represents specific reboot related action. +- **rebootOutsideOfActiveHours** True, if a reboot is scheduled outside of active hours. False, otherwise. +- **rebootScheduledByUser** True, if a reboot is scheduled by user. False, if a reboot is scheduled automatically. +- **rebootState** Current state of the reboot. +- **revisionNumber** Revision number of the OS. +- **scheduledRebootTime** Time scheduled for the reboot. +- **scheduledRebootTimeInUTC** Time scheduled for the reboot, in UTC. +- **updateId** Identifies which update is being scheduled. - **wuDeviceid** Unique DeviceID +- **IsEnhancedEngagedReboot** Indicates whether Enhanced reboot was enabled. ### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerFirstReadyToReboot @@ -5896,21 +5886,21 @@ This event sends data specific to the CleanupSafeOsImages mitigation used for OS The following fields are available: -- **ClientId** Unique identifier for each flight. -- **FlightId** Unique GUID that identifies each instances of setuphost.exe. -- **InstanceId** The update scenario in which the mitigation was executed. -- **MitigationScenario** Number of mounted images. -- **MountedImageCount** Number of mounted images that were under %systemdrive%\$Windows.~BT. -- **MountedImageMatches** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. -- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. -- **MountedImagesRemoved** Number of mounted images that were not under %systemdrive%\$Windows.~BT. -- **MountedImagesSkipped** Correlation vector value generated from the latest USO scan. -- **RelatedCV** HResult of this operation. -- **Result** ID indicating the mitigation scenario. -- **ScenarioId** Indicates whether the scenario was supported. -- **ScenarioSupported** Unique value for each update attempt. -- **SessionId** Unique ID for each Update. -- **UpdateId** Unique ID for the Windows Update client. +- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightId** Unique identifier for each flight. +- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. +- **MitigationScenario** The update scenario in which the mitigation was executed. +- **MountedImageCount** Number of mounted images. +- **MountedImageMatches** Number of mounted images that were under %systemdrive%\$Windows.~BT. +- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. +- **MountedImagesRemoved** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. +- **MountedImagesSkipped** Number of mounted images that were not under %systemdrive%\$Windows.~BT. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **Result** HResult of this operation. +- **ScenarioId** ID indicating the mitigation scenario. +- **ScenarioSupported** Indicates whether the scenario was supported. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each Update. - **WuId** Unique ID for the Windows Update client. From 74c8773f127c7b53437e9d371c7dd590ae048a4c Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Fri, 24 Aug 2018 09:55:25 -0700 Subject: [PATCH 04/24] new build --- ...ndows-diagnostic-events-and-fields-1803.md | 832 +++++++++--------- 1 file changed, 414 insertions(+), 418 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index 000f17b557..7475140c62 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -9,7 +9,7 @@ ms.pagetype: security localizationpriority: high author: brianlic-msft ms.author: brianlic -ms.date: 08/23/2018 +ms.date: 08/24/2018 --- @@ -51,56 +51,56 @@ This event lists the types of objects and how many of each exist on the client d The following fields are available: -- **DataSourceMatchingInfoPassive_RS1** The total DataSourceMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. -- **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. -- **PCFP** An ID for the system, calculated by hashing hardware identifiers. -- **InventoryLanguagePack** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device. -- **DecisionDevicePnp_RS1** The total DecisionDevicePnp objects targeting Windows 10 version 1607 on this device. -- **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. -- **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. -- **InventorySystemBios** The count of the number of this particular object type present on this device. -- **DecisionMediaCenter_RS1** The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device. -- **DataSourceMatchingInfoBlock_RS1** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device. -- **DecisionMatchingInfoBlock_RS1** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device. - **DatasourceApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. -- **DecisionApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. +- **DatasourceApplicationFile_RS3** The total DecisionApplicationFile objects targeting the next release of Windows on this device. +- **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device. +- **DatasourceDevicePnp_RS3** The total DatasourceDevicePnp objects targeting the next release of Windows on this device. - **DatasourceDriverPackage_RS1** The total DataSourceDriverPackage objects targeting Windows 10 version 1607 on this device. +- **DatasourceDriverPackage_RS3** The total DatasourceDriverPackage objects targeting the next release of Windows on this device. +- **DataSourceMatchingInfoBlock_RS1** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device. +- **DataSourceMatchingInfoBlock_RS3** The total DataSourceMatchingInfoBlock objects targeting the next release of Windows on this device. +- **DataSourceMatchingInfoPassive_RS1** The total DataSourceMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. +- **DataSourceMatchingInfoPassive_RS3** The total DataSourceMatchingInfoPassive objects targeting the next release of Windows on this device. +- **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. +- **DataSourceMatchingInfoPostUpgrade_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting the next release of Windows on this device. - **DatasourceSystemBios_RS1** The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device. +- **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting the next release of Windows on this device. +- **DecisionApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. +- **DecisionApplicationFile_RS3** The total DecisionApplicationFile objects targeting the next release of Windows on this device. +- **DecisionDevicePnp_RS1** The total DecisionDevicePnp objects targeting Windows 10 version 1607 on this device. +- **DecisionDevicePnp_RS3** The total DecisionDevicePnp objects targeting the next release of Windows on this device. - **DecisionDriverPackage_RS1** The total DecisionDriverPackage objects targeting Windows 10 version 1607 on this device. +- **DecisionDriverPackage_RS3** The total DecisionDriverPackage objects targeting the next release of Windows on this device. +- **DecisionMatchingInfoBlock_RS1** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device. +- **DecisionMatchingInfoBlock_RS3** The total DecisionMatchingInfoBlock objects targeting the next release of Windows on this device. +- **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. +- **DecisionMatchingInfoPassive_RS3** The total DataSourceMatchingInfoPassive objects targeting the next release of Windows on this device. +- **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. +- **DecisionMatchingInfoPostUpgrade_RS3** The total DecisionMatchingInfoPostUpgrade objects targeting the next release of Windows on this device. +- **DecisionMediaCenter_RS1** The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device. +- **DecisionMediaCenter_RS3** The total DecisionMediaCenter objects targeting the next release of Windows on this device. - **DecisionSystemBios_RS1** The total DecisionSystemBios objects targeting Windows 10 version 1607 on this device. -- **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. -- **InventoryTest** No content is currently available. +- **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device. +- **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. - **InventoryApplicationFile** The count of the number of this particular object type present on this device. -- **SystemWlan** The count of the number of this particular object type present on this device. -- **SystemWim** The count of the number of this particular object type present on this device. -- **SystemProcessorNx** The count of the number of this particular object type present on this device. -- **SystemProcessorSse2** The count of the number of this particular object type present on this device. +- **InventoryLanguagePack** The count of InventoryLanguagePack objects present on this machine. +- **InventoryMediaCenter** The count of the number of this particular object type present on this device. +- **InventorySystemBios** The count of the number of this particular object type present on this device. +- **InventoryTest** The count of the number of this particular object type present on this device. +- **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device. +- **PCFP** An ID for the system, calculated by hashing hardware identifiers. +- **SystemMemory** The count of the number of this particular object type present on this device. - **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device. - **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device. +- **SystemProcessorNx** The count of SystemProcessorNx objects present on this machine. - **SystemProcessorPrefetchW** The count of the number of this particular object type present on this device. -- **SystemMemory** The count of the number of this particular object type present on this device. -- **InventoryMediaCenter** The count of the number of this particular object type present on this device. -- **DatasourceApplicationFile_RS3** The total DecisionApplicationFile objects targeting the next release of Windows on this device. -- **DatasourceDevicePnp_RS3** The total DatasourceDevicePnp objects targeting the next release of Windows on this device. -- **DatasourceDriverPackage_RS3** The total DatasourceDriverPackage objects targeting the next release of Windows on this device. -- **DataSourceMatchingInfoBlock_RS3** The total DataSourceMatchingInfoBlock objects targeting the next release of Windows on this device. -- **DataSourceMatchingInfoPassive_RS3** The total DataSourceMatchingInfoPassive objects targeting the next release of Windows on this device. -- **DataSourceMatchingInfoPostUpgrade_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting the next release of Windows on this device. -- **DecisionApplicationFile_RS3** The total DecisionApplicationFile objects targeting the next release of Windows on this device. -- **DecisionDevicePnp_RS3** The total DecisionDevicePnp objects targeting the next release of Windows on this device. -- **DecisionDriverPackage_RS3** The total DecisionDriverPackage objects targeting the next release of Windows on this device. -- **DecisionMatchingInfoBlock_RS3** The total DecisionMatchingInfoBlock objects targeting the next release of Windows on this device. -- **DecisionMatchingInfoPassive_RS3** The total DataSourceMatchingInfoPassive objects targeting the next release of Windows on this device. -- **DecisionMatchingInfoPostUpgrade_RS3** The total DecisionMatchingInfoPostUpgrade objects targeting the next release of Windows on this device. -- **DecisionMediaCenter_RS3** The total DecisionMediaCenter objects targeting the next release of Windows on this device. -- **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device. -- **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting the next release of Windows on this device. -- **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device. -- **SystemTouch** The count of SystemTouch objects present on this machine. +- **SystemProcessorSse2** The count of the number of this particular object type present on this device. +- **SystemTouch** The count of the number of this particular object type present on this device. +- **SystemWim** The count of SystemWim objects present on this machine. - **SystemWindowsActivationStatus** The count of SystemWindowsActivationStatus objects present on this machine. -- **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. +- **SystemWlan** The count of SystemWlan objects present on this machine. +- **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. +- **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device. ### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd @@ -156,7 +156,7 @@ The following fields are available: - **IsBootCritical** Is the device boot critical? - **SdbEntries** An array of fields indicating the SDB entries that apply to this device. - **WuDriverCoverage** Is there a driver uplevel for this device according to Windows Update? -- **WuDriverUpdateId** The Windows Update ID of the applicable up-level driver +- **WuDriverUpdateId** The Windows Update ID of the applicable uplevel driver - **WuPopulatedFromId** The expected up-level driver matching ID based on driver coverage from Windows Update @@ -1389,6 +1389,7 @@ The following fields are available: - **ChassisType** Represents the type of device chassis, such as desktop or low profile desktop. The possible values can range between 1 - 36. - **ComputerHardwareID** Identifies a device class that is represented by a hash of different SMBIOS fields. - **D3DMaxFeatureLevel** Supported Direct3D version. +- **DeviceColor** Indicates a color of the device. - **DeviceForm** Indicates the form as per the device classification. - **DeviceName** The device name that is set by the user. - **DigitizerSupport** Is a digitizer supported? @@ -1417,7 +1418,6 @@ The following fields are available: - **TelemetrySettingAuthority** Determines who set the telemetry level, such as GP, MDM, or the user. - **TPMVersion** The supported Trusted Platform Module (TPM) on the device. If no TPM is present, the value is 0. - **VoiceSupported** Does the device have a cellular radio capable of making voice calls? -- **DeviceColor** Indicates a color of the device. ### Census.Memory @@ -1504,6 +1504,7 @@ The following fields are available: - **KvaShadow** Microcode info of the processor. - **MMSettingOverride** Microcode setting of the processor. - **MMSettingOverrideMask** Microcode setting override of the processor. +- **PreviousUpdateRevision** Previous microcode revision. - **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system. - **ProcessorClockSpeed** Clock speed of the processor in MHz. - **ProcessorCores** Number of logical cores in the processor. @@ -1515,7 +1516,6 @@ The following fields are available: - **ProcessorUpdateStatus** Enum value that represents the processor microcode load status. - **SocketCount** Count of CPU sockets. - **SpeculationControl** If the system has enabled protections needed to validate the speculation control vulnerability. -- **PreviousUpdateRevision** Previous microcode revision. ### Census.Security @@ -1532,8 +1532,8 @@ The following fields are available: - **IsSawHost** Describes whether the device is running as a Secure Admin Workstation Host - **RequiredSecurityProperties** This field describes the required security properties to enable virtualization-based security - **SecureBootCapable** Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting. -- **VBSState** Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation. VBS has a tri-state that can be Disabled, Enabled, or Running. - **SModeState** The Windows S mode trail state. +- **VBSState** Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation. VBS has a tri-state that can be Disabled, Enabled, or Running. ### Census.Speech @@ -1933,7 +1933,7 @@ The following fields are available: - **ClientId** Client ID of user utilizing the D360 API - **FlightId** Flight being used -- **Quiet** Whether Setup will run in quiet mode or in full +- **Quiet** Whether Setup run in quiet mode or in full - **RelatedCV** CV of any other related events - **SetupMode** Phase Setup is in @@ -2031,6 +2031,8 @@ The following fields are available: - **EventStoreLifetimeResetCounter** Number of times event DB was reset for the lifetime of UTC. - **EventStoreResetCounter** Number of times event DB was reset. - **EventStoreResetSizeSum** Total size of event DB across all resets reports in this instance. +- **EventSubStoreResetCounter** Number of times event DB was reset. +- **EventSubStoreResetSizeSum** Total size of event DB across all resets reports in this instance. - **EventsUploaded** Number of events uploaded. - **Flags** Flags indicating device state such as network state, battery state, and opt-in state. - **FullTriggerBufferDroppedCount** Number of events dropped due to trigger buffer being full. @@ -2052,8 +2054,6 @@ The following fields are available: - **VortexHttpFailures5xx** Number of 500-599 error codes received from Vortex. - **VortexHttpResponseFailures** Number of Vortex responses that are not 2XX or 400. - **VortexHttpResponsesWithDroppedEvents** Number of Vortex responses containing at least 1 dropped event. -- **EventSubStoreResetCounter** Number of times event DB was reset. -- **EventSubStoreResetSizeSum** Total size of event DB across all resets reports in this instance. ### TelClientSynthetic.HeartBeat_Aria_5 @@ -2149,11 +2149,11 @@ Commit call. The following fields are available: -- **hResult** HRESULT of the failure. - **CampaignID** Campaign ID being run. - **ClientID** Client ID being run. - **CoordinatorVersion** Coordinator version of DTU. - **CV** Correlation vector. +- **hResult** HRESULT of the failure. ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCommitSuccess @@ -2174,11 +2174,11 @@ Event to indicate that we have received an unexpected error in the DTU Coordinat The following fields are available: -- **hResult** HRESULT of the failure. - **CampaignID** Campaign ID being run. - **ClientID** Client ID being run. - **CoordinatorVersion** Coordinator version of DTU. - **CV** Correlation vector. +- **hResult** HRESULT of the failure. ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadIgnoredFailure @@ -2352,11 +2352,11 @@ Event to indicate that the Coordinator WaitForRebootUi call succeeded. The following fields are available: -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector -- **hResult** HRESULT of the failure +- **CampaignID** Campaign ID being run. +- **ClientID** Client ID being run. +- **CoordinatorVersion** Coordinator version of DTU. +- **CV** Correlation vector. +- **hResult** HRESULT of the failure. ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSelection @@ -2394,8 +2394,8 @@ The following fields are available: - **ClientID** Client ID being run - **CoordinatorVersion** Coordinator version of DTU - **CV** Correlation vector -- **hResult** HRESULT of the failure - **CV_new** New correlation vector +- **hResult** HRESULT of the failure ### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilityInternalGenericFailure @@ -2474,8 +2474,8 @@ The following fields are available: - **ClientID** Client ID being run - **CoordinatorVersion** Coordinator version of DTU - **CV** Correlation vector -- **hResult** HRESULT of the failure - **CV_new** New correlation vector +- **hResult** HRESULT of the failure ### Microsoft.Windows.DirectToUpdate.DTUHandlerCommitSuccess @@ -2560,12 +2560,12 @@ Event to indicate that we have received an unexpected error in the DTU Handler I The following fields are available: -- **hResult** HRESULT of the failure - **CampaignID** Campaign ID being run - **ClientID** Client ID being run - **CoordinatorVersion** Coordinator version of DTU - **CV** Correlation vector - **DownloadAndExtractCabFunction_hResult** HRESULT of the DownloadAndExtractCab function +- **hResult** HRESULT of the failure ### Microsoft.Windows.DirectToUpdate.DTUHandlerInitializeSuccess @@ -2587,11 +2587,11 @@ Event to indicate that we have received an unexpected error in the DTU Handler I The following fields are available: -- **hResult** HRESULT of the failure - **CampaignID** Campaign ID being run - **ClientID** Client ID being run - **CoordinatorVersion** Coordinator version of DTU - **CV** Correlation vector +- **hResult** HRESULT of the failure ### Microsoft.Windows.DirectToUpdate.DTUHandlerInstallSuccess @@ -2612,11 +2612,11 @@ Event to indicate that we have received an unexpected error in the DTU Handler S The following fields are available: -- **hResult** HRESULT of the failure - **CampaignID** Campaign ID being run - **ClientID** Client ID being run - **CoordinatorVersion** Coordinator version of DTU - **CV** Correlation vector +- **hResult** HRESULT of the failure ### Microsoft.Windows.DirectToUpdate.DTUHandlerSetCommitReadySuccess @@ -2688,10 +2688,15 @@ This event captures basic checksum data about the device inventory items stored The following fields are available: -- **DriverPackageExtended** A count of driverpackageextended objects in cache -- **FileSigningInfo** A count of file signing objects in cache -- **InventoryApplication** A count of application objects in cache -- **InventoryApplicationFile** A count of application file objects in cache +- **DeviceCensus** A count of devicecensus objects in cache. +- **DriverPackageExtended** A count of driverpackageextended objects in cache. +- **FileSigningInfo** A count of file signing objects in cache. +- **InventoryApplication** A count of application objects in cache. +- **InventoryApplicationAppV** A count of application AppV objects in cache. +- **InventoryApplicationDriver** A count of application driver objects in cache. +- **InventoryApplicationFile** A count of application file objects in cache. +- **InventoryApplicationFramework** A count of application framework objects in cache. +- **InventoryApplicationShortcut** A count of application shortcut objects in cache. - **InventoryDeviceContainer** A count of device container objects in cache - **InventoryDeviceInterface** A count of PNP device interface objects in cache - **InventoryDeviceMediaClass** A count of device media objects in cache @@ -2700,6 +2705,7 @@ The following fields are available: - **InventoryDriverBinary** A count of driver binary objects in cache - **InventoryDriverPackage** A count of device objects in cache - **InventoryMiscellaneousOfficeAddIn** A count of office add-in objects in cache. +- **InventoryMiscellaneousOfficeAddInUsage** A count of office add-in usage objects in cache. - **InventoryMiscellaneousOfficeIdentifiers** A count of office identifier objects in cache. - **InventoryMiscellaneousOfficeIESettings** A count of office IE settings objects in cache. - **InventoryMiscellaneousOfficeInsights** A count of office insights objects in cache. @@ -2708,12 +2714,6 @@ The following fields are available: - **InventoryMiscellaneousOfficeVBA** A count of office VBA objects in cache. - **InventoryMiscellaneousOfficeVBARuleViolations** A count of office VBA rule violations objects in cache. - **InventoryMiscellaneousUUPInfo** A count of UUP info objects in cache. -- **DeviceCensus** A count of devicecensus objects in cache -- **InventoryApplicationAppV** No content is currently available. -- **InventoryApplicationDriver** No content is currently available. -- **InventoryApplicationFramework** No content is currently available. -- **InventoryApplicationShortcut** No content is currently available. -- **InventoryMiscellaneousOfficeAddInUsage** No content is currently available. ### Microsoft.Windows.Inventory.Core.AmiTelCacheVersions @@ -3097,6 +3097,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: - **AddinCLSID** The CLSID for the Office addin +- **AddInCLSID** CLSID key for the office addin - **AddInId** Office addin ID - **AddinType** The type of the Office addin. - **BinFileTimestamp** Timestamp of the Office addin @@ -3106,7 +3107,9 @@ The following fields are available: - **FileSize** File size of the Office addin - **FriendlyName** Friendly name for office addin - **FullPath** Unexpanded path to the office addin +- **InventoryVersion** The version of the inventory binary generating the events. - **LoadBehavior** Uint32 that describes the load behavior +- **LoadTime** Load time for the office addin - **OfficeApplication** The office application for this addin - **OfficeArchitecture** Architecture of the addin - **OfficeVersion** The office version for this addin @@ -3116,9 +3119,6 @@ The following fields are available: - **ProductVersion** The version associated with the Office addin - **ProgramId** The unique program identifier of the Office addin - **Provider** Name of the provider for this addin -- **AddInCLSID** CLSID key for the office addin -- **LoadTime** Load time for the office addin -- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove @@ -3177,6 +3177,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: +- **InventoryVersion** The version of the inventory binary generating the events. - **OIeFeatureAddon** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_ADDON_MANAGEMENT feature lets applications hosting the WebBrowser Control to respect add-on management selections made using the Add-on Manager feature of Internet Explorer. Add-ons disabled by the user or by administrative group policy will also be disabled in applications that enable this feature. - **OIeMachineLockdown** Flag indicating which Microsoft Office products have this setting enabled. When the FEATURE_LOCALMACHINE_LOCKDOWN feature is enabled, Internet Explorer applies security restrictions on content loaded from the user's local machine, which helps prevent malicious behavior involving local files. - **OIeMimeHandling** Flag indicating which Microsoft Office products have this setting enabled. When the FEATURE_MIME_HANDLING feature control is enabled, Internet Explorer handles MIME types more securely. Only applies to Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2) @@ -3192,7 +3193,6 @@ The following fields are available: - **OIeWebOcPopup** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_WEBOC_POPUPMANAGEMENT feature allows applications hosting the WebBrowser Control to receive the default Internet Explorer pop-up window management behavior - **OIeWinRestrict** Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_WINDOW_RESTRICTIONS feature adds several restrictions to the size and behavior of popup windows - **OIeZoneElevate** Flag indicating which Microsoft Office products have this setting enabled. When enabled, the FEATURE_ZONE_ELEVATION feature prevents pages in one zone from navigating to pages in a higher security zone unless the navigation is generated by the user -- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIESettingsStartSync @@ -3272,8 +3272,8 @@ The following fields are available: - **BrowserFlags** Browser flags for Office-related products - **ExchangeProviderFlags** Provider policies for Office Exchange -- **SharedComputerLicensing** Office shared computer licensing policies - **InventoryVersion** The version of the inventory binary generating the events. +- **SharedComputerLicensing** Office shared computer licensing policies ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeSettingsStartSync @@ -3454,13 +3454,13 @@ The following fields are available: - **IO** Amount of disk IO in boot. See [IO](#io). - **LastBootSucceeded** Flag indicating whether the last boot was successful. - **LastShutdownSucceeded** Flag indicating whether the last shutdown was successful. +- **MaxAbove4GbFreeRange** This field describes the largest memory range available above 4Gb. +- **MaxBelow4GbFreeRange** This field describes the largest memory range available below 4Gb. +- **MeasuredLaunchPrepared** This field tells us if the OS launch was initiated using Measured/Secure Boot over DRTM (Dynamic Root of Trust for Measurement). - **MenuPolicy** Type of advanced options menu that should be shown to the user, such as Legacy or Standard. - **RecoveryEnabled** Tells us whether or not recovery is enabled. -- **UserInputTime** This is the amount of time the loader application spent waiting for user input. -- **MaxAbove4GbFreeRange** No content is currently available. -- **MaxBelow4GbFreeRange** No content is currently available. -- **MeasuredLaunchPrepared** No content is currently available. - **SecureLaunchPrepared** This field indicates if DRTM was prepared during boot. +- **UserInputTime** This is the amount of time the loader application spent waiting for user input. ### Microsoft.Windows.Kernel.Power.OSStateChange @@ -3554,10 +3554,10 @@ Activity for deletion of a user account for devices set up for Shared PC mode as The following fields are available: -- **wilActivity** Windows Error Reporting data collected when there is a failure in deleting a user account with the Transient Account Manager. See [wilActivity](#wilactivity). - **accountType** The type of account that was deleted. Example: AD, AAD, or Local - **deleteState** Whether the attempted deletion of the user account was successful. - **userSid** The security identifier of the account. +- **wilActivity** Windows Error Reporting data collected when there is a failure in deleting a user account with the Transient Account Manager. See [wilActivity](#wilactivity). ### Microsoft.Windows.SharedPC.AccountManager.SinglePolicyEvaluation @@ -3566,9 +3566,9 @@ Activity for run of the Transient Account Manager that determines if any user ac The following fields are available: +- **evaluationTrigger** When was the Transient Account Manager policies ran? Example: At log off or during maintenance hours - **totalAccountCount** The number of accounts on a device after running the Transient Account Manager policies. - **wilActivity** Windows Error Reporting data collected when there is a failure in evaluating accounts to be deleted with the Transient Account Manager. See [wilActivity](#wilactivity). -- **evaluationTrigger** When was the Transient Account Manager policies ran? Example: At log off or during maintenance hours ## SIH events @@ -3626,28 +3626,65 @@ The following fields are available: - **ActivityMatchingId** Contains a unique ID identifying a single CheckForUpdates session from initialization to completion. - **AllowCachedResults** Indicates if the scan allowed using cached results. +- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable +- **BiosFamily** The family of the BIOS (Basic Input Output System). +- **BiosName** The name of the device BIOS. +- **BiosReleaseDate** The release date of the device BIOS. +- **BiosSKUNumber** The sku number of the device BIOS. +- **BIOSVendor** The vendor of the BIOS. +- **BiosVersion** The version of the BIOS. +- **BranchReadinessLevel** The servicing branch configured on the device. +- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null. - **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. +- **CapabilityDetectoidGuid** The GUID for a hardware applicability detectoid that could not be evaluated. +- **CDNCountryCode** Two letter country abbreviation for the CDN's location. +- **CDNId** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. +- **ClientVersion** The version number of the software distribution client. +- **Context** Gives context on where the error has occurred. Example: AutoEnable, GetSLSData, AddService, Misc, or Unknown - **CurrentMobileOperator** The mobile operator the device is currently connected to. +- **DeferralPolicySources** Sources for any update deferral policies defined (GPO = 0x10, MDM = 0x100, Flight = 0x1000, UX = 0x10000). +- **DeferredUpdates** Update IDs which are currently being deferred until a later time +- **DeviceModel** What is the device model. +- **DriverError** The error code hit during a driver scan. This is 0 if no error was encountered. +- **DriverExclusionPolicy** Indicates if the policy for not including drivers with Windows Update is enabled. - **DriverSyncPassPerformed** Were drivers scanned this time? +- **EventInstanceID** A globally unique identifier for event instance. - **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. +- **ExtendedMetadataCabUrl** Hostname that is used to download an update. - **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough. +- **FailedUpdateGuids** The GUIDs for the updates that failed to be evaluated during the scan. +- **FailedUpdatesCount** The number of updates that failed to be evaluated during the scan. +- **FeatureUpdateDeferral** The deferral period configured for feature OS updates on the device (in days). - **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. +- **FeatureUpdatePausePeriod** The pause duration configured for feature OS updates on the device (in days). - **FlightBranch** The branch that a device is on if participating in flighting (pre-release builds). - **FlightRing** The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds). - **HomeMobileOperator** The mobile operator that the device was originally intended to work with. +- **IntentPFNs** Intended application-set metadata for atomic update scenarios. - **IPVersion** Indicates whether the download took place over IPv4 or IPv6 - **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. - **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. +- **IsWUfBFederatedScanDisabled** Indicates if Windows Update for Business federated scan is disabled on the device. - **MetadataIntegrityMode** The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce +- **MSIError** The last error that was encountered during a scan for updates. +- **NetworkConnectivityDetected** Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6 +- **NumberOfApplicableUpdates** The number of updates which were ultimately deemed applicable to the system after the detection process is complete - **NumberOfApplicationsCategoryScanEvaluated** The number of categories (apps) for which an app update scan checked - **NumberOfLoop** The number of round trips the scan required - **NumberOfNewUpdatesFromServiceSync** The number of updates which were seen for the first time in this scan - **NumberOfUpdatesEvaluated** The total number of updates which were evaluated as a part of the scan - **NumFailedMetadataSignatures** The number of metadata signatures checks which failed for new metadata synced down. - **Online** Indicates if this was an online scan. +- **PausedUpdates** A list of UpdateIds which that currently being paused. +- **PauseFeatureUpdatesEndTime** If feature OS updates are paused on the device, this is the date and time for the end of the pause time window. +- **PauseFeatureUpdatesStartTime** If feature OS updates are paused on the device, this is the date and time for the beginning of the pause time window. +- **PauseQualityUpdatesEndTime** If quality OS updates are paused on the device, this is the date and time for the end of the pause time window. +- **PauseQualityUpdatesStartTime** If quality OS updates are paused on the device, this is the date and time for the beginning of the pause time window. - **PhonePreviewEnabled** Indicates whether a phone was getting preview build, prior to flighting (pre-release builds) being introduced. - **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided. +- **QualityUpdateDeferral** The deferral period configured for quality OS updates on the device (in days). - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. +- **QualityUpdatePausePeriod** The pause duration configured for quality OS updates on the device (in days). - **RelatedCV** The previous Correlation Vector that was used before swapping with a new one - **ScanDurationInSeconds** The number of seconds a scan took - **ScanEnqueueTime** The number of seconds it took to initialize a scan @@ -3656,49 +3693,12 @@ The following fields are available: - **ShippingMobileOperator** The mobile operator that a device shipped on. - **StatusCode** Indicates the result of a CheckForUpdates event (success, cancellation, failure code HResult). - **SyncType** Describes the type of scan the event was -- **TotalNumMetadataSignatures** The total number of metadata signatures checks done for new metadata that was synced down. -- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. -- **BiosFamily** The family of the BIOS (Basic Input Output System). -- **BiosName** The name of the device BIOS. -- **BiosReleaseDate** The release date of the device BIOS. -- **BiosSKUNumber** The sku number of the device BIOS. -- **BIOSVendor** The vendor of the BIOS. -- **BiosVersion** The version of the BIOS. -- **CapabilityDetectoidGuid** The GUID for a hardware applicability detectoid that could not be evaluated. -- **CDNCountryCode** Two letter country abbreviation for the CDN's location. -- **CDNId** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. -- **ClientVersion** The version number of the software distribution client. -- **DeviceModel** What is the device model. -- **DriverError** The error code hit during a driver scan. This is 0 if no error was encountered. -- **EventInstanceID** A globally unique identifier for event instance. -- **ExtendedMetadataCabUrl** Hostname that is used to download an update. -- **FailedUpdateGuids** The GUIDs for the updates that failed to be evaluated during the scan. -- **FailedUpdatesCount** The number of updates that failed to be evaluated during the scan. -- **IntentPFNs** Intended application-set metadata for atomic update scenarios. -- **MSIError** The last error that was encountered during a scan for updates. -- **NetworkConnectivityDetected** Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6 - **SystemBIOSMajorRelease** Major version of the BIOS. - **SystemBIOSMinorRelease** Minor version of the BIOS. -- **ApplicableUpdateInfo** Metadata for the updates which were detected as applicable -- **NumberOfApplicableUpdates** The number of updates which were ultimately deemed applicable to the system after the detection process is complete -- **WebServiceRetryMethods** Web service method requests that needed to be retried to complete operation. - **TargetMetadataVersion** For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null. -- **IsWUfBFederatedScanDisabled** Indicates if Windows Update for Business federated scan is disabled on the device. -- **BranchReadinessLevel** The servicing branch configured on the device. -- **DeferralPolicySources** Sources for any update deferral policies defined (GPO = 0x10, MDM = 0x100, Flight = 0x1000, UX = 0x10000). -- **DeferredUpdates** Update IDs which are currently being deferred until a later time -- **DriverExclusionPolicy** Indicates if the policy for not including drivers with Windows Update is enabled. -- **FeatureUpdateDeferral** The deferral period configured for feature OS updates on the device (in days). -- **FeatureUpdatePausePeriod** The pause duration configured for feature OS updates on the device (in days). -- **PausedUpdates** A list of UpdateIds which that currently being paused. -- **PauseFeatureUpdatesEndTime** If feature OS updates are paused on the device, this is the date and time for the end of the pause time window. -- **PauseFeatureUpdatesStartTime** If feature OS updates are paused on the device, this is the date and time for the beginning of the pause time window. -- **PauseQualityUpdatesEndTime** If quality OS updates are paused on the device, this is the date and time for the end of the pause time window. -- **PauseQualityUpdatesStartTime** If quality OS updates are paused on the device, this is the date and time for the beginning of the pause time window. -- **QualityUpdateDeferral** The deferral period configured for quality OS updates on the device (in days). -- **QualityUpdatePausePeriod** The pause duration configured for quality OS updates on the device (in days). -- **Context** Gives context on where the error has occurred. Example: AutoEnable, GetSLSData, AddService, Misc, or Unknown -- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null. +- **TotalNumMetadataSignatures** The total number of metadata signatures checks done for new metadata that was synced down. +- **WebServiceRetryMethods** Web service method requests that needed to be retried to complete operation. +- **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. ### SoftwareUpdateClientTelemetry.Commit @@ -3759,6 +3759,7 @@ The following fields are available: - **CurrentMobileOperator** The mobile operator the device is currently connected to. - **DeviceModel** What is the device model. - **DownloadPriority** Indicates whether a download happened at background, normal, or foreground priority. +- **DownloadScenarioId** A unique ID for a given download used to tie together WU and DO events. - **EventInstanceID** A globally unique identifier for event instance. - **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started downloading content, or whether it was cancelled, succeeded, or failed. - **EventType** Possible values are Child, Bundle, or Driver. @@ -3802,7 +3803,6 @@ The following fields are available: - **UsedDO** Whether the download used the delivery optimization service. - **UsedSystemVolume** Indicates whether the content was downloaded to the device's main system storage drive, or an alternate storage drive. - **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. -- **DownloadScenarioId** A unique ID for a given download used to tie together WU and DO events. ### SoftwareUpdateClientTelemetry.DownloadCheckpoint @@ -3948,25 +3948,25 @@ The following fields are available: - **EndpointUrl** The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments. - **EventScenario** The purpose of this event, such as scan started, scan succeeded, or scan failed. - **ExtendedStatusCode** The secondary status code of the event. -- **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce -- **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable. -- **ServiceGuid** Identifies the service to which the software distribution client is connected, Example: Windows Update or Windows Store -- **SHA256OfTimestampToken** A base64-encoded string of hash of the timestamp token blob. -- **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast -- **StatusCode** The status code of the event. -- **TimestampTokenCertThumbprint** Thumbprint of the encoded timestamp token. -- **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed. -- **ValidityWindowInDays** Validity window in effect when verifying the timestamp - **LeafCertId** Integral ID from the FragmentSigning data for certificate that failed. - **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. -- **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable. -- **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate. +- **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce - **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID). +- **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable. +- **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable. - **RevisionId** The revision ID for a specific piece of content. - **RevisionNumber** The revision number for a specific piece of content. +- **ServiceGuid** Identifies the service to which the software distribution client is connected, Example: Windows Update or Windows Store +- **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate. - **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate. +- **SHA256OfTimestampToken** A base64-encoded string of hash of the timestamp token blob. - **SignatureAlgorithm** The hash algorithm for the metadata signature. +- **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast +- **StatusCode** The status code of the event. +- **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token. +- **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed. - **UpdateId** The update ID for a specific piece of content. +- **ValidityWindowInDays** The validity window that's in effect when verifying the timestamp. ## Update events @@ -3994,8 +3994,11 @@ The UpdateAgent_DownloadRequest event sends data for the download request phase The following fields are available: - **DeletedCorruptFiles** Boolean indicating whether corrupt payload was deleted. +- **DownloadRequests** No content is currently available. - **ErrorCode** The error code returned for the current download request phase. +- **ExtensionName** No content is currently available. - **FlightId** Unique ID for each flight. +- **InternalFailureResult** No content is currently available. - **ObjectId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360) - **PackageCountOptional** Number of optional packages requested. - **PackageCountRequired** Number of required packages requested. @@ -4013,9 +4016,6 @@ The following fields are available: - **ScenarioId** Indicates the update scenario. - **SessionId** Unique value for each attempt (same value for initialize, download, install commit phases) - **UpdateId** Unique ID for each update. -- **ExtensionName** No content is currently available. -- **InternalFailureResult** No content is currently available. -- **DownloadRequests** No content is currently available. ### Update360Telemetry.UpdateAgentExpand @@ -4180,19 +4180,19 @@ The following fields are available: - **key12** UI interaction data - **key13** UI interaction data - **key14** UI interaction data -- **key15** UI interaction data -- **key16** UI interaction data -- **key17** UI interaction data -- **key18** UI interaction data -- **key19** UI interaction data +- **key15** Interaction data for the UI +- **key16** Interaction data for the UI +- **key17** Interaction data for the UI +- **key18** Interaction data for the UI +- **key19** Interaction data for the UI - **key2** UI interaction data -- **key20** UI interaction data +- **key20** Interaction data for the UI - **key21** Interaction data for the UI -- **key22** UI interaction data -- **key23** UI interaction data -- **key24** UI interaction data -- **key25** UI interaction data -- **key26** UI interaction data +- **key22** Interaction data for the UI +- **key23** Interaction data for the UI +- **key24** Interaction data for the UI +- **key25** Interaction data for the UI +- **key26** Interaction data for the UI - **key27** UI interaction data - **key28** UI interaction data - **key29** UI interaction data @@ -4312,11 +4312,11 @@ No content is currently available. The following fields are available: -- **DCATUrl** No content is currently available. -- **DownloadRequestAttributes** No content is currently available. -- **ResultCode** No content is currently available. -- **Scenario** No content is currently available. -- **Version** No content is currently available. +- **DCATUrl** The DCAT URL we send the request to. +- **DownloadRequestAttributes** The attributes we send to DCAT. +- **ResultCode** The result returned from the initialization of Facilitator with the URL/attributes. +- **Scenario** Dynamic Update scenario (Image DU, or Setup DU). +- **Version** Version of Facilitator. ### Setup360Telemetry.Downlevel @@ -4392,6 +4392,7 @@ This event sends data indicating that the device has invoked the postrebootinsta The following fields are available: - **ClientId** With Windows Update, this is the Windows Update client ID that is passed to Setup. In Media setup, the default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** Unique value that identifies the flight. - **HostOSBuildNumber** The build number of the previous OS. - **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). - **InstanceId** A unique GUID that identifies each instance of setuphost.exe. @@ -4404,7 +4405,6 @@ The following fields are available: - **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled - **TestId** A string to uniquely identify a group of events. - **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as ClientId. -- **FlightData** Unique value that identifies the flight. ### Setup360Telemetry.PreDownloadQuiet @@ -4436,6 +4436,7 @@ This event sends data regarding OS Updates and Upgrades from Windows 7.X, Window The following fields are available: - **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. - **HostOSBuildNumber** The build number of the previous operating system. - **HostOsSkuName** The OS edition which is running the Setup360 instance (previous operating system). - **InstanceId** Unique GUID that identifies each instance of setuphost.exe. @@ -4448,7 +4449,6 @@ The following fields are available: - **State** The exit state of the Setup360 run. Example: succeeded, failed, blocked, cancelled - **TestId** A string to uniquely identify a group of events. - **WuId** Windows Update client ID. -- **FlightData** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. ### Setup360Telemetry.PreInstallQuiet @@ -4458,6 +4458,7 @@ This event sends data indicating that the device has invoked the preinstall quie The following fields are available: - **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** Unique value that identifies the flight. - **HostOSBuildNumber** The build number of the previous OS. - **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). - **InstanceId** A unique GUID that identifies each instance of setuphost.exe @@ -4470,7 +4471,6 @@ The following fields are available: - **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled - **TestId** A string to uniquely identify a group of events. - **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. -- **FlightData** Unique value that identifies the flight. ### Setup360Telemetry.PreInstallUX @@ -4480,6 +4480,7 @@ This event sends data regarding OS updates and upgrades from Windows 7, Windows The following fields are available: - **ClientId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** Unique value that identifies the flight. - **HostOSBuildNumber** The build number of the previous OS. - **HostOsSkuName** The OS edition which is running the Setup360 instance (previous OS). - **InstanceId** A unique GUID that identifies each instance of setuphost.exe. @@ -4492,7 +4493,6 @@ The following fields are available: - **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled - **TestId** A string to uniquely identify a group of events. - **WuId** Windows Update client ID. -- **FlightData** Unique value that identifies the flight. ### Setup360Telemetry.Setup360 @@ -4501,13 +4501,13 @@ This event sends data about OS deployment scenarios, to help keep Windows up-to- The following fields are available: +- **ClientId** Retrieves the upgrade ID: Upgrades via Windows Update - specifies the WU clientID. All other deployment - static string. - **FieldName** Retrieves the data point. - **FlightData** Specifies a unique identifier for each group of Windows Insider builds. - **InstanceId** Retrieves a unique identifier for each instance of a setup session. - **ReportId** Retrieves the report ID. - **ScenarioId** Retrieves the deployment scenario. - **Value** Retrieves the value associated with the corresponding FieldName. -- **ClientId** Retrieves the upgrade ID: Upgrades via Windows Update - specifies the WU clientID. All other deployment - static string. ### Setup360Telemetry.Setup360DynamicUpdate @@ -4516,14 +4516,14 @@ No content is currently available. The following fields are available: -- **FlightData** No content is currently available. -- **InstanceId** No content is currently available. -- **Operation** No content is currently available. -- **ReportId** No content is currently available. -- **ResultCode** No content is currently available. -- **Scenario** No content is currently available. -- **TargetBranch** No content is currently available. -- **TargetBuild** No content is currently available. +- **FlightData** Flight ID for the content. +- **InstanceId** ID of the setup invocation. +- **Operation** Facilitator’s last known operation (scan, download, etc.). +- **ReportId** ID for tying together events stream side. +- **ResultCode** Result returned by setup for the entire operation. +- **Scenario** Dynamic Update scenario (Image DU, or Setup DU). +- **TargetBranch** Branch of the target OS. +- **TargetBuild** Build of the target OS. ### Setup360Telemetry.UnexpectedEvent @@ -4559,6 +4559,7 @@ The following fields are available: - **detectionSummary** Result of each applicable detection that was ran. - **featureAssessmentImpact** WaaS Assessment impact for feature updates. - **hrEngineResult** Error code from the engine operation. +- **insufficientSessions** Device not eligible for diagnostics. - **isManaged** Device is managed for updates. - **isWUConnected** Device is connected to Windows Update. - **noMoreActions** No more applicable diagnostics. @@ -4569,7 +4570,6 @@ The following fields are available: - **usingCachedFeatureAssessment** WaaS Medic run did not get OS build age from the network on the previous run. - **usingCachedQualityAssessment** WaaS Medic run did not get OS revision age from the network on the previous run. - **versionString** Version of the WaaSMedic engine. -- **insufficientSessions** Device not eligible for diagnostics. ## Windows Error Reporting MTT events @@ -4580,11 +4580,7 @@ This event provides a denominator to calculate MTTF (mean-time-to-failure) for c The following fields are available: -- **DPRange** Maximum mean value range. -- **DPValue** Randomized bit value (0 or 1) that can be reconstituted over a large population to estimate mean. - **Value** Standard UTC emitted DP value structure See [Microsoft.Windows.WER.MTT.Value](#microsoftwindowswermttvalue). -- **UtcAggParams** These fields are not logged by the event - this datagrid entry is generated erroneously from build See [UtcAggParams](#utcaggparams). -- **UtcDiffpVal** These fields are not logged by the event - this datagrid entry is generated erroneously from build See [UtcDiffpVal](#utcdiffpval). ### Microsoft.Windows.WER.MTT.Value @@ -4593,12 +4589,12 @@ No content is currently available. The following fields are available: -- **Algorithm** No content is currently available. -- **DPRange** No content is currently available. -- **DPValue** No content is currently available. -- **Epsilon** No content is currently available. -- **HistType** No content is currently available. -- **PertProb** No content is currently available. +- **Algorithm** Privacy protecting algorithm used for randomization. +- **DPRange** Maximum mean value range. +- **DPValue** Randomized bit value (0 or 1) that can be reconstituted over a large population to estimate mean. +- **Epsilon** Constant used in algorithm for randomization. +- **HistType** Histogram type. +- **PertProb** Constant used in algorithm for randomization. ## Windows Store events @@ -4873,9 +4869,9 @@ The FulfillmentInitiate event is fired at the start of an app install or update. The following fields are available: +- **CatalogId** The CatalogId is the name of the product catalog from which this app was chosen. - **PFN** The Package Family Name of the app that is being installed or updated. - **ProductId** The product ID of the app that is being updated or installed. -- **CatalogId** The CatalogId is the name of the product catalog from which this app was chosen. ### Microsoft.Windows.StoreAgent.Telemetry.InstallOperationRequest @@ -5029,7 +5025,7 @@ The following fields are available: - **current** Result of currency check - **dismOperationSucceeded** Dism uninstall operation status -- **hResult** Failure Error code +- **hResult** Failure error code - **oSVersion** Build number of the machine - **paused** Machine's pause status - **rebootRequestSucceeded** Reboot CSP call success status @@ -5072,6 +5068,7 @@ The following fields are available: - **background** If the download is happening in the background - **bytesRequested** Number of bytes requested for download +- **callerName** Name of the API Caller - **cdnUrl** Url of the source CDN - **costFlags** Network cost flags - **deviceProfile** Identifies the usage or form factor (Desktop, Xbox, VM, etc) @@ -5082,25 +5079,24 @@ The following fields are available: - **downloadModeSrc** Source of the DownloadMode setting (KvsProvider: 0, GeoProvider: 1, GeoVerProvider: 2, CpProvider: 3, DiscoveryProvider: 4, RegistryProvider: 5, GroupPolicyProvider: 6, MdmProvider: 7, SettingsProvider: 8, InvalidProviderType: 9) - **errorCode** Error code returned - **experimentId** Used to correlate client/services calls that are part of the same test during A/B testing -- **fileID** ID of the file being downloaded +- **fileID** ID of the File being downloaded - **filePath** Path to where the downloaded file will be written - **fileSize** Total filesize of the file that was downloaded - **fileSizeCaller** Value for total file size provided by our caller - **groupID** ID for the group +- **isEncrypted** Whether the download is encrypted - **isVpn** If the machine is connected to a Virtual Private Network -- **jobID** Identifier for the Windows Update job +- **jobID** Identifier for the Windows Update Job - **minDiskSizeGB** The minimum disk size policy set for the device to allow Peering with Delivery Optimization - **minDiskSizePolicyEnforced** If there is an enforced mininum disk size requirement for peering - **minFileSizePolicy** Minimum filesize policy set for the device to allow Peering with Delivery Optimization - **peerID** ID for this Delivery Optimization client -- **predefinedCallerName** Name of the API caller -- **sessionID** ID for the file download session -- **updateID** ID of the update being downloaded -- **usedMemoryStream** If the download is using memory streaming in App downloads -- **callerName** Name of the API Caller +- **predefinedCallerName** Name of the API Caller - **scenarioID** ID for the Scenario -- **isEncrypted** Whether the download is encrypted -- **setConfigs** A JSON representation of the configurations that have been set, and their sources +- **sessionID** ID for the file download session +- **setConfigs** ID of the Update being downloaded +- **updateID** ID of the Update being downloaded +- **usedMemoryStream** If the download is using memory streaming in App downloads ## Windows Update events @@ -5223,217 +5219,217 @@ The following fields are available: ### Microsoft.Windows.Update.NotificationUx.DialogNotificationToBeDisplayed -Dialog notification about to be displayed to user. +This event indicates that a notification dialog box is about to be displayed to user. The following fields are available: -- **AcceptAutoModeLimit** Maximum number of days for a device to automatically enter Auto Reboot mode -- **AutoToAutoFailedLimit** Maximum number of days for Auto Reboot mode to fail before RebootFailed dialog will be shown -- **DeviceLocalTime** Time of dialog shown on local device -- **EngagedModeLimit** Number of days to switch between DTE dialogs -- **EnterAutoModeLimit** Maximum number of days for a device to enter Auto Reboot mode -- **ETag** OneSettings versioning value -- **IsForcedEnabled** Is Forced Reboot mode enabled for this device? -- **IsUltimateForcedEnabled** Is Ultimate Forced Reboot mode enabled for this device? -- **NotificationUxState** Which dialog is shown (ENUM)? -- **NotificationUxStateString** Which dialog is shown (string mapping)? -- **RebootUxState** Engaged/Auto/Forced/UltimateForced -- **RebootUxStateString** Engaged/Auto/Forced/UltimateForced -- **RebootVersion** Version of DTE -- **SkipToAutoModeLimit** The minimum length of time to pass in reboot pending before a machine can be put into auto mode -- **UpdateId** The ID of the update that is pending reboot to finish installation -- **UpdateRevision** The revision of the update that is pending reboot to finish installation -- **UtcTime** The Coordinated Universal Time when the dialog notification will be displayed. -- **DaysSinceRebootRequired** Number of days since reboot was required. +- **AcceptAutoModeLimit** The maximum number of days for a device to automatically enter Auto Reboot mode. +- **AutoToAutoFailedLimit** The maximum number of days for Auto Reboot mode to fail before the RebootFailed dialog box is shown. +- **DaysSinceRebootRequired** Number of days since restart was required. +- **DeviceLocalTime** The local time on the device sending the event. +- **EngagedModeLimit** The number of days to switch between DTE dialog boxes. +- **EnterAutoModeLimit** The maximum number of days for a device to enter Auto Reboot mode. +- **ETag** OneSettings versioning value. +- **IsForcedEnabled** Indicates whether Forced Reboot mode is enabled for this device. +- **IsUltimateForcedEnabled** Indicates whether Ultimate Forced Reboot mode is enabled for this device. +- **NotificationUxState** Indicates which dialog box is shown. +- **NotificationUxStateString** Indicates which dialog box is shown. +- **RebootUxState** Indicates the state of the restart (Engaged, Auto, Forced, or UltimateForced). +- **RebootUxStateString** Indicates the state of the restart (Engaged, Auto, Forced, or UltimateForced). +- **RebootVersion** Version of DTE. +- **SkipToAutoModeLimit** The minimum length of time to pass in restart pending before a device can be put into auto mode. +- **UpdateId** The ID of the update that is pending restart to finish installation. +- **UpdateRevision** The revision of the update that is pending restart to finish installation. +- **UtcTime** The time the dialog box notification will be displayed, in Coordinated Universal Time. ### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootAcceptAutoDialog -Enhanced Engaged reboot accept auto dialog was displayed. +This event indicates that the Enhanced Engaged restart "accept automatically" dialog box was displayed. The following fields are available: -- **DeviceLocalTime** Local time of the device sending the event -- **ETag** OneSettings ETag -- **ExitCode** Dialog exit code - user response -- **RebootVersion** Reboot flow version -- **UpdateId** Id of pending update -- **UpdateRevision** Revision number of the pending update -- **UserResponseString** User response to the reboot dialog -- **UtcTime** The Coordinated Universal Time that dialog was displayed +- **DeviceLocalTime** The local time on the device sending the event. +- **ETag** OneSettings versioning value. +- **ExitCode** Indicates how users exited the dialog box. +- **RebootVersion** Version of DTE. +- **UpdateId** The ID of the update that is pending restart to finish installation. +- **UpdateRevision** The revision of the update that is pending restart to finish installation. +- **UserResponseString** The option that user chose on this dialog box. +- **UtcTime** The time that the dialog box was displayed, in Coordinated Universal Time. ### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootFirstReminderDialog -Enhanced Engaged reboot first reminder dialog was displayed. +This event indicates that the Enhanced Engaged restart "first reminder" dialog box was displayed. The following fields are available: -- **DeviceLocalTime** Time of dialog shown on local device -- **ETag** OneSettings versioning value -- **ExitCode** Indicates how users exited the dialog -- **RebootVersion** Version of DTE -- **UpdateId** The id of the update that is pending reboot to finish installation -- **UpdateRevision** The revision of the update that is pending reboot to finish installation -- **UserResponseString** The option that user chose on this dialog -- **UtcTime** The Coordinated Universal Time that dialog was displayed +- **DeviceLocalTime** The local time on the device sending the event. +- **ETag** OneSettings versioning value. +- **ExitCode** Indicates how users exited the dialog box. +- **RebootVersion** Version of DTE. +- **UpdateId** The ID of the update that is pending restart to finish installation. +- **UpdateRevision** The revision of the update that is pending restart to finish installation. +- **UserResponseString** The option that user chose in this dialog box. +- **UtcTime** The time that the dialog box was displayed, in Coordinated Universal Time. ### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootForcedPrecursorDialog -Enhanced Engaged reboot forced precursor dialog was displayed. +This event indicates that the Enhanced Engaged restart "forced precursor" dialog box was displayed. The following fields are available: -- **DeviceLocalTime** Time of dialog shown on local device -- **ETag** OneSettings versioning value -- **ExitCode** Indicates how users exited the dialog -- **RebootVersion** Version of DTE -- **UpdateId** The id of the update that is pending reboot to finish installation -- **UpdateRevision** The revision of the update that is pending reboot to finish installation -- **UserResponseString** The option that user chose on this dialog -- **UtcTime** The Coordinated Universal Time that dialog was displayed +- **DeviceLocalTime** The local time on the device sending the event. +- **ETag** OneSettings versioning value. +- **ExitCode** Indicates how users exited the dialog box. +- **RebootVersion** Version of DTE. +- **UpdateId** The ID of the update that is pending restart to finish installation. +- **UpdateRevision** The revision of the update that is pending restart to finish installation. +- **UserResponseString** The option that the user chose in this dialog box. +- **UtcTime** The time the dialog box was displayed, in Coordinated Universal Time. ### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootForcedWarningDialog -Enhanced Engaged forced warning dialog was displayed. +This event indicates that the Enhanced Engaged "forced warning" dialog box was displayed. The following fields are available: -- **DeviceLocalTime** Time of dialog shown on local device -- **ETag** OneSettings versioning value -- **ExitCode** Indicates how users exited the dialog -- **RebootVersion** Version of DTE -- **UpdateId** The id of the update that is pending reboot to finish installation -- **UpdateRevision** The revision of the update that is pending reboot to finish installation -- **UserResponseString** The option that user chose on this dialog -- **UtcTime** The Coordinated Universal Time that dialog was displayed +- **DeviceLocalTime** The local time on the device sending the event. +- **ETag** OneSettings versioning value. +- **ExitCode** Indicates how users exited the dialog box. +- **RebootVersion** Version of DTE. +- **UpdateId** The ID of the update that is pending restart to finish installation. +- **UpdateRevision** The revision of the update that is pending restart to finish installation. +- **UserResponseString** The option that the user chose in this dialog box. +- **UtcTime** The time that the dialog box was displayed, in Coordinated Universal Time. ### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootFailedDialog -Enhanced Engaged reboot reboot failed dialog was displayed. +This event indicates that the Enhanced Engaged restart "restart failed" dialog box was displayed. The following fields are available: -- **DeviceLocalTime** Dialog exit code - user response -- **ETag** OneSettings versioning value -- **ExitCode** Indicates how users exited the dialog -- **RebootVersion** Version of DTE -- **UpdateId** The ID of the update that is pending reboot to finish installation -- **UpdateRevision** The revision of the update that is pending reboot to finish installation -- **UserResponseString** The option that user chose on this dialog -- **UtcTime** The Coordinated Universal Time that dialog was displayed +- **DeviceLocalTime** The local time of the device sending the event. +- **ETag** OneSettings versioning value. +- **ExitCode** Indicates how users exited the dialog box. +- **RebootVersion** Version of DTE. +- **UpdateId** The ID of the update that is pending restart to finish installation. +- **UpdateRevision** The revision of the update that is pending restart to finish installation. +- **UserResponseString** The option that the user chose in this dialog box. +- **UtcTime** The time that the dialog box was displayed, in Coordinated Universal Time. ### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootImminentDialog -Enhanced Engaged reboot reboot imminent dialog was displayed. +This event indicates that the Enhanced Engaged restart "restart imminent" dialog box was displayed.. The following fields are available: -- **DeviceLocalTime** Time of dialog shown on local device -- **ETag** OneSettings versioning value -- **ExitCode** Indicates how users exited the dialog -- **RebootVersion** Version of DTE -- **UpdateId** The ID of the update that is pending reboot to finish installation -- **UpdateRevision** The revision of the update that is pending reboot to finish installation -- **UserResponseString** The option that user chose on this dialog -- **UtcTime** The Coordinated Universal Time that dialog was displayed +- **DeviceLocalTime** Time the dialog box was shown on the local device. +- **ETag** OneSettings versioning value. +- **ExitCode** Indicates how users exited the dialog box. +- **RebootVersion** Version of DTE. +- **UpdateId** The ID of the update that is pending restart to finish installation. +- **UpdateRevision** The revision of the update that is pending restart to finish installation. +- **UserResponseString** The option that user chose in this dialog box. +- **UtcTime** The time that dialog box was displayed, in Coordinated Universal Time. ### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootSecondReminderDialog -Enhanced Engaged reboot second reminder dialog was displayed. +This event indicates that the second reminder dialog box was displayed for Enhanced Engaged restart. The following fields are available: -- **DeviceLocalTime** Time of dialog shown on local device -- **ETag** OneSettings versioning value -- **ExitCode** Indicates how users exited the dialog -- **RebootVersion** Version of DTE -- **UpdateId** The ID of the update that is pending reboot to finish installation -- **UpdateRevision** The revision of the update that is pending reboot to finish installation -- **UserResponseString** The option that user chose on this dialog -- **UtcTime** The Coordinated Universal Time that dialog was displayed +- **DeviceLocalTime** The time the dialog box was shown on the local device. +- **ETag** OneSettings versioning value. +- **ExitCode** Indicates how users exited the dialog box. +- **RebootVersion** Version of DTE. +- **UpdateId** The ID of the update that is pending restart to finish installation. +- **UpdateRevision** The revision of the update that is pending restart to finish installation. +- **UserResponseString** The option that the user chose in this dialog box. +- **UtcTime** The time that the dialog box was displayed, in Coordinated Universal Time. ### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootThirdReminderDialog -Enhanced Engaged reboot third reminder dialog was displayed. +This event indicates that the third reminder dialog box for Enhanced Engaged restart was displayed. The following fields are available: -- **DeviceLocalTime** Time of dialog shown on local device -- **ETag** OneSettings versioning value -- **ExitCode** Indicates how users exited the dialog -- **RebootVersion** Version of DTE -- **UpdateId** The ID of the update that is pending reboot to finish installation -- **UpdateRevision** The revision of the update that is pending reboot to finish installation -- **UserResponseString** The option that user chose on this dialog -- **UtcTime** The Coordinated Universal Time that dialog was displayed +- **DeviceLocalTime** The time the dialog box was shown on the local device. +- **ETag** OneSettings versioning value. +- **ExitCode** Indicates how users exited the dialog box. +- **RebootVersion** Version of DTE. +- **UpdateId** The ID of the update that is pending restart to finish installation. +- **UpdateRevision** The revision of the update that is pending restart to finish installation. +- **UserResponseString** The option that the user chose in this dialog box. +- **UtcTime** The time that the dialog box was displayed, in Coordinated Universal Time. ### Microsoft.Windows.Update.NotificationUx.RebootScheduled -Indicates when a reboot is scheduled by the system or a user for a security, quality, or feature update +Indicates when a reboot is scheduled by the system or a user for a security, quality, or feature update. The following fields are available: -- **activeHoursApplicable** True, If Active Hours applicable on this device. False, otherwise -- **IsEnhancedEngagedReboot** Whether this is an Enhanced Engaged reboot -- **rebootArgument** Argument for the reboot task. It also represents specific reboot related action -- **rebootOutsideOfActiveHours** True, if a reboot is scheduled outside of active hours. False, otherwise -- **rebootScheduledByUser** True, if a reboot is scheduled by user. False, if a reboot is scheduled automatically -- **rebootState** The state of the reboot -- **revisionNumber** Revision number of the update that is getting installed with this reboot -- **scheduledRebootTime** Time of the scheduled reboot -- **scheduledRebootTimeInUTC** Time of the scheduled reboot in Coordinated Universal Time -- **updateId** ID of the update that is getting installed with this reboot -- **wuDeviceid** Unique device ID used by Windows Update +- **activeHoursApplicable** Indicates whether an Active Hours policy is present on the device. +- **IsEnhancedEngagedReboot** Indicates whether this is an Enhanced Engaged reboot. +- **rebootArgument** Argument for the reboot task. It also represents specific reboot related action. +- **rebootOutsideOfActiveHours** Indicates whether a restart is scheduled outside of active hours. +- **rebootScheduledByUser** Indicates whether the restart was scheduled by user (if not, it was scheduled automatically). +- **rebootState** The current state of the restart. +- **revisionNumber** Revision number of the update that is getting installed with this restart. +- **scheduledRebootTime** Time of the scheduled restart. +- **scheduledRebootTimeInUTC** Time of the scheduled restart in Coordinated Universal Time. +- **updateId** ID of the update that is getting installed with this restart. +- **wuDeviceid** Unique device ID used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.ActivityRestrictedByActiveHoursPolicy -A policy is present that may restrict update activity to outside of active hours. +This event indicates a policy is present that may restrict update activity to outside of active hours. The following fields are available: -- **activeHoursEnd** The end of the active hours window -- **activeHoursStart** The start of the active hours window -- **wuDeviceid** Device ID +- **activeHoursEnd** The end of the active hours window. +- **activeHoursStart** The start of the active hours window. +- **wuDeviceid** Unique device ID used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.BlockedByActiveHours -Update activity blocked due to active hours being currently active. +This event indicates that update activity was blocked because it is within the active hours window. The following fields are available: -- **activeHoursEnd** The end of the active hours window -- **activeHoursStart** The start of the active hours window -- **updatePhase** Device ID -- **wuDeviceid** Device ID -- **blockReason** The current state of the update process +- **activeHoursEnd** The end of the active hours window. +- **activeHoursStart** The start of the active hours window. +- **blockReason** Reason for stopping the update activity. +- **updatePhase** The current state of the update process. +- **wuDeviceid** Unique device ID used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.BlockedByBatteryLevel -Update activity blocked due to low battery level. +This event indicates that Windows Update activity was blocked due to low battery level. The following fields are available: -- **batteryLevel** The current battery charge capacitity -- **batteryLevelThreshold** The battery capacity threshold to stop update activity -- **blockReason** The current state of the update process -- **updatePhase** The current state of the update process -- **wuDeviceid** Device ID +- **batteryLevel** The current battery charge capacity. +- **batteryLevelThreshold** The battery capacity threshold to stop update activity. +- **blockReason** Reason for stopping Windows Update activity. +- **updatePhase** The current state of the update process. +- **wuDeviceid** Device ID. ### Microsoft.Windows.Update.Orchestrator.CommitFailed -This events tracks when a device needs to restart after an update but did not. +This event indicates that a device was unable to restart after an update. The following fields are available: @@ -5443,58 +5439,58 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.DeferRestart -Indicates that a restart required for installing updates was postponed. +This event indicates that a restart required for installing updates was postponed. The following fields are available: -- **eventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc -- **filteredDeferReason** The raised reason that the USO did not restart (e.g. user active, low battery) that were ignorable -- **raisedDeferReason** The reason that the USO did not restart (e.g. user active, low battery) -- **wuDeviceid** Device ID -- **displayNeededReason** Semicolon-separated list of reasons reported for display needed -- **gameModeReason** Name of the executable that caused the game mode state check to trigger. -- **ignoredReason** Semicolon-separated list of reasons that were intentionally ignored. -- **revisionNumber** Update ID revision number -- **systemNeededReason** Semicolon-separated list of reasons reported for system needed. -- **updateId** Update ID -- **updateScenarioType** Update session type +- **displayNeededReason** List of reasons for needing display. +- **eventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.). +- **filteredDeferReason** Applicable filtered reasons why reboot was postponed (such as user active, or low battery). +- **gameModeReason** Name of the executable that caused the game mode state check to start. +- **ignoredReason** List of reasons that were intentionally ignored. +- **raisedDeferReason** Indicates all potential reasons for postponing restart (such as user active, or low battery). +- **revisionNumber** Update ID revision number. +- **systemNeededReason** List of reasons why system is needed. +- **updateId** Update ID. +- **updateScenarioType** Update session type. +- **wuDeviceid** Unique device ID used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.Detection -A scan for an update occurred. +This event indicates that a scan for a Windows Update occurred. The following fields are available: -- **detectionBlockreason** Reason for detection not completing. -- **eventScenario** End to end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. -- **interactive** Identifies if session is User Initiated. -- **scanTriggerSource** Source of the triggered scan. -- **updateScenarioType** The update session type. -- **wuDeviceid** Unique device ID used by Windows Update. -- **detectionBlockingPolicy** State of update action -- **deferReason** Reason for postponing detection -- **flightID** Flight info -- **revisionNumber** Update version -- **updateId** Update ID - GUID -- **detectionRetryMode** If we retry to scan -- **errorCode** The returned error code. +- **deferReason** Reason why the device could not check for updates. +- **detectionBlockingPolicy** State of update action. +- **detectionBlockreason** If we retry to scan +- **detectionRetryMode** Indicates whether we will try to scan again. +- **errorCode** State of update action +- **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. +- **flightID** The specific ID of the Windows Insider build the device is getting. +- **interactive** Indicates whether the session was user initiated. - **networkStatus** Error info +- **revisionNumber** Update revision number. +- **scanTriggerSource** Source of the triggered scan. +- **updateId** Update ID. +- **updateScenarioType** Update Session type +- **wuDeviceid** Device ID ### Microsoft.Windows.Update.Orchestrator.DisplayNeeded -Reboot postponed due to needing a display +This event indicates the reboot was postponed due to needing a display. The following fields are available: -- **displayNeededReason** Reason the display is needed -- **eventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed -- **rebootOutsideOfActiveHours** Indicates the timing that the reboot was to occur to ensure the correct update process and experience is provided to keep Windows up to date -- **revisionNumber** Revision number of the update -- **updateId** Update ID -- **updateScenarioType** The update session type -- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date +- **displayNeededReason** Reason the display is needed. +- **eventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. +- **rebootOutsideOfActiveHours** Indicates whether the reboot was to occur outside of active hours. +- **revisionNumber** Revision number of the update. +- **updateId** Update ID. +- **updateScenarioType** The update session type. +- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated. - **wuDeviceid** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue @@ -5504,11 +5500,11 @@ This event sends launch data for a Windows Update download to help keep Windows The following fields are available: -- **deferReason** Reason for download not completing -- **errorCode** An error code represented as a hexadecimal value -- **eventScenario** End to end update session ID. -- **flightID** Unique update ID. -- **interactive** Identifies if session is user initiated. +- **deferReason** Reason for download not completing. +- **errorCode** An error code represented as a hexadecimal value. +- **eventScenario** End-to-end update session ID. +- **flightID** The specific ID of the Windows Insider build the device is getting. +- **interactive** Indicates whether the session is user initiated. - **revisionNumber** Update revision number. - **updateId** Update ID. - **updateScenarioType** The update session type. @@ -5517,99 +5513,99 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.DTUCompletedWhenWuFlightPendingCommit -Event to indicate that DTU completed installation of the ESD, when WU was already Pending Commit of the feature update. +This event indicates that DTU completed installation of the ESD, when Windows Update was already in Pending Commit phase of the feature update. The following fields are available: -- **wuDeviceid** Device ID used by WU +- **wuDeviceid** Device ID used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.DTUEnabled -Inbox DTU functionality enabled. +This event indicates that Inbox DTU functionality was enabled. The following fields are available: -- **wuDeviceid** Device ID. +- **wuDeviceid** Device ID used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.DTUInitiated -Inbox DTU functionality intiated. +This event indicates that Inbox DTU functionality was intiated. The following fields are available: - **dtuErrorCode** Return code from creating the DTU Com Server. - **isDtuApplicable** Determination of whether DTU is applicable to the machine it is running on. -- **wuDeviceid** Return code from creating the DTU Com Server. +- **wuDeviceid** Device ID used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.Escalation -Event sent when USO takes an Escalation action on device. +This event is sent when USO takes an Escalation action on a device. The following fields are available: -- **configVersion** Escalation config version on device -- **escalationAction** Indicate the specific escalation action that took place on device -- **updateClassificationGUID** GUID of the update the device is offered -- **updateId** ID of the update the device is offered -- **wuDeviceid** Device ID used by WU +- **configVersion** Escalation config version on device. +- **escalationAction** Indicate the specific escalation action that took place on device. +- **updateClassificationGUID** GUID of the update the device is offered. +- **updateId** ID of the update the device is offered. +- **wuDeviceid** Device ID used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.EscalationRiskLevels -Event sent during update scan, download, install. Indicates that the device is at risk of being out-of-date. +This event is sent during update scan, download, or install, and indicates that the device is at risk of being out-of-date. The following fields are available: -- **configVersion** Escalation config version on device -- **downloadElapsedTime** How long since the download is required on device -- **downloadRiskLevel** At-risk level of download phase -- **installElapsedTime** How long since the install is required on device -- **installRiskLevel** At-risk level of install phase -- **isSediment** WaaSmedic's assessment of whether is device is at risk or not -- **scanElapsedTime** How long since the scan is required on device -- **scanRiskLevel** At-risk level of scan phase -- **wuDeviceid** Device id used by WU +- **configVersion** Escalation config version on device . +- **downloadElapsedTime** Indicates how long since the download is required on device. +- **downloadRiskLevel** At-risk level of download phase. +- **installElapsedTime** Indicates how long since the install is required on device. +- **installRiskLevel** The at-risk level of install phase. +- **isSediment** Assessment of whether is device is at risk. +- **scanElapsedTime** Indicates how long since the scan is required on device. +- **scanRiskLevel** At-risk level of the scan phase. +- **wuDeviceid** Device ID used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.EscalationsRefreshFailed -USO has a set of escalation actions to prevent a device from becoming out-of-date, and the actions are triggered based on the Escalation config that USO obtains from OneSettings. This event is sent when USO fails to refresh the escalation config from OneSettings. +USO has a set of escalation actions to prevent a device from becoming out-of-date, and the actions are triggered based on the Escalation configuration that USO obtains from OneSettings. This event is sent when USO fails to refresh the escalation configuration from OneSettings. The following fields are available: -- **configVersion** Current escalation config version on device -- **errorCode** Error code for the refresh failure -- **wuDeviceid** Device ID used by WU +- **configVersion** Current escalation config version on device. +- **errorCode** Error code for the refresh failure. +- **wuDeviceid** Device ID used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.FlightInapplicable -The Update is no longer Applicable to this device +This event indicates that the update is no longer applicable to this device. The following fields are available: -- **EventPublishedTime** Flight specific info -- **flightID** Update ID revision number -- **revisionNumber** Update ID - GUID -- **updateId** Update session type -- **updateScenarioType** Last status of update -- **UpdateStatus** Is UUP fallback configured? -- **UUPFallBackConfigured** Windows Update Device GUID -- **wuDeviceid** Windows Update Device GUID +- **EventPublishedTime** Time when this event was generated +- **flightID** The specific ID of the Windows Insider build. +- **revisionNumber** Update revision number. +- **updateId** Unique Windows Update ID. +- **updateScenarioType** Update session type. +- **UpdateStatus** Last status of update. +- **UUPFallBackConfigured** Indicates whether UUP fallback is configured. +- **wuDeviceid** Unique Device ID. ### Microsoft.Windows.Update.Orchestrator.GameActive -This event indicates that an enabled GameMode process prevented the device from restarting to complete an update +This event indicates that an enabled GameMode process prevented the device from restarting to complete an update. The following fields are available: -- **eventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed -- **gameModeReason** Name of the enabled GameMode process that prevented the device from restarting to complete an update -- **wuDeviceid** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue +- **eventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. +- **gameModeReason** Name of the enabled GameMode process that prevented the device from restarting to complete an update. +- **wuDeviceid** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. ### Microsoft.Windows.Update.Orchestrator.InitiatingReboot @@ -5620,12 +5616,12 @@ The following fields are available: - **EventPublishedTime** Time of the event. - **flightID** Unique update ID -- **interactive** Indicates the reboot initiation stage of the update process was entered as a result of user action or not. -- **rebootOutsideOfActiveHours** Indicates the timing that the reboot was to occur to ensure the correct update process and experience is provided to keep Windows up to date. +- **interactive** Indicates whether the reboot initiation stage of the update process was entered as a result of user action. +- **rebootOutsideOfActiveHours** Indicates whether the reboot was to occur outside of active hours. - **revisionNumber** Revision number of the update. - **updateId** Update ID. - **updateScenarioType** The update session type. -- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date. +- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated. - **wuDeviceid** Unique device ID used by Windows Update. @@ -5636,38 +5632,38 @@ This event sends launch data for a Windows Update install to help keep Windows u The following fields are available: - **batteryLevel** Current battery capacity in mWh or percentage left. -- **eventScenario** End to end update session ID. -- **flightID** Unique update ID -- **flightUpdate** Flight update +- **deferReason** Reason for install not completing. +- **errorCode** The error code reppresented by a hexadecimal value. +- **eventScenario** End-to-end update session ID. +- **flightID** The specific ID of the Windows Insider build the device is getting. +- **flightUpdate** Indicates whether the update is a Windows Insider build. - **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates. +- **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress. - **installRebootinitiatetime** The time it took for a reboot to be attempted. - **interactive** Identifies if session is user initiated. - **minutesToCommit** The time it took to install updates. -- **rebootOutsideOfActiveHours** Indicates the timing that the reboot was to occur to ensure the correct update process and experience is provided to keep Windows up to date. +- **rebootOutsideOfActiveHours** Indicates whether a reboot is scheduled outside of active hours. - **revisionNumber** Update revision number. - **updateId** Update ID. - **updateScenarioType** The update session type. - **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date. - **wuDeviceid** Unique device ID used by Windows Update. -- **deferReason** Reason for install not completing. -- **errorCode** The error code reppresented by a hexadecimal value. -- **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress. ### Microsoft.Windows.Update.Orchestrator.PostInstall -Event sent after Windows update install completes. +This event is sent after a Windows update install completes. The following fields are available: - **batteryLevel** Current battery capacity in mWh or percentage left. - **bundleId** Identifier associated with the specific content bundle. - **bundleRevisionnumber** Identifies the revision number of the content bundle. -- **errorCode** Hex code for the error message, to allow lookup of the specific error. -- **eventScenario** End to end update session ID. +- **errorCode** The error code returned for the current phase. +- **eventScenario** State of update action. - **flightID** The flight ID of the device -- **sessionType** Interactive vs. Background. -- **updateScenarioType** The scenario type of this update +- **sessionType** The Windows Update session type (Interactive or Background). +- **updateScenarioType** The update session type. - **wuDeviceid** Unique device ID used by Windows Update. @@ -5694,7 +5690,7 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.Progress -Event sent when the download of a update reaches a milestone change, such as a change in network cost policy, completion of an internal phase, or change in a transient state. +This event is sent when the download of a update reaches a milestone change, such as a change in network cost policy, completion of an internal phase, or change in a transient state. The following fields are available: @@ -5741,7 +5737,7 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.ScanTriggered -Indicates that Update Orchestrator has started a scan operation. +This event indicates that Update Orchestrator has started a scan operation. The following fields are available: @@ -5775,7 +5771,7 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.TerminatedByActiveHours -Update activity was stopped due to active hours starting. +This event indicates that update activity was stopped due to active hours starting. The following fields are available: @@ -5787,7 +5783,7 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.TerminatedByBatteryLevel -Update activity was stopped due to a low battery level. +This event is sent when update activity was stopped due to a low battery level. The following fields are available: @@ -5850,6 +5846,7 @@ This event sends basic information about scheduling an update-related reboot, to The following fields are available: - **activeHoursApplicable** Indicates whether Active Hours applies on this device. +- **IsEnhancedEngagedReboot** Indicates whether Enhanced reboot was enabled. - **rebootArgument** Argument for the reboot task. It also represents specific reboot related action. - **rebootOutsideOfActiveHours** True, if a reboot is scheduled outside of active hours. False, otherwise. - **rebootScheduledByUser** True, if a reboot is scheduled by user. False, if a reboot is scheduled automatically. @@ -5859,7 +5856,6 @@ The following fields are available: - **scheduledRebootTimeInUTC** Time scheduled for the reboot, in UTC. - **updateId** Identifies which update is being scheduled. - **wuDeviceid** Unique DeviceID -- **IsEnhancedEngagedReboot** Indicates whether Enhanced reboot was enabled. ### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerFirstReadyToReboot @@ -5910,19 +5906,19 @@ This event sends data specific to the FixAppXReparsePoints mitigation used for O The following fields are available: -- **ClientId** Unique identifier for each flight. -- **FlightId** Unique GUID that identifies each instances of setuphost.exe. -- **InstanceId** The update scenario in which the mitigation was executed. -- **MitigationScenario** Correlation vector value generated from the latest USO scan. -- **RelatedCV** Number of reparse points that are corrupted but we failed to fix them. -- **ReparsePointsFailed** Number of reparse points that were corrupted and were fixed by this mitigation. -- **ReparsePointsFixed** Number of reparse points that are not corrupted and no action is required. -- **ReparsePointsSkipped** HResult of this operation. -- **Result** ID indicating the mitigation scenario. -- **ScenarioId** Indicates whether the scenario was supported. -- **ScenarioSupported** Unique value for each update attempt. -- **SessionId** Unique ID for each Update. -- **UpdateId** Unique ID for the Windows Update client. +- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightId** Unique identifier for each flight. +- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. +- **MitigationScenario** The update scenario in which the mitigation was executed. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **ReparsePointsFailed** Number of reparse points that are corrupted but we failed to fix them. +- **ReparsePointsFixed** Number of reparse points that were corrupted and were fixed by this mitigation. +- **ReparsePointsSkipped** Number of reparse points that are not corrupted and no action is required. +- **Result** HResult of this operation. +- **ScenarioId** ID indicating the mitigation scenario. +- **ScenarioSupported** Indicates whether the scenario was supported. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each Update. - **WuId** Unique ID for the Windows Update client. From 3855996e813348297e731980c0e2721003fe88ca Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Mon, 27 Aug 2018 08:29:55 -0700 Subject: [PATCH 05/24] new build --- ...ndows-diagnostic-events-and-fields-1803.md | 283 ++++++++++-------- 1 file changed, 152 insertions(+), 131 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index 7475140c62..c88b2ded23 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -9,7 +9,7 @@ ms.pagetype: security localizationpriority: high author: brianlic-msft ms.author: brianlic -ms.date: 08/24/2018 +ms.date: 08/27/2018 --- @@ -83,7 +83,7 @@ The following fields are available: - **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device. - **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. - **InventoryApplicationFile** The count of the number of this particular object type present on this device. -- **InventoryLanguagePack** The count of InventoryLanguagePack objects present on this machine. +- **InventoryLanguagePack** The count of the number of this particular object type present on this device. - **InventoryMediaCenter** The count of the number of this particular object type present on this device. - **InventorySystemBios** The count of the number of this particular object type present on this device. - **InventoryTest** The count of the number of this particular object type present on this device. @@ -92,10 +92,10 @@ The following fields are available: - **SystemMemory** The count of the number of this particular object type present on this device. - **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device. - **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device. -- **SystemProcessorNx** The count of SystemProcessorNx objects present on this machine. +- **SystemProcessorNx** The count of the number of this particular object type present on this device. - **SystemProcessorPrefetchW** The count of the number of this particular object type present on this device. - **SystemProcessorSse2** The count of the number of this particular object type present on this device. -- **SystemTouch** The count of the number of this particular object type present on this device. +- **SystemTouch** The count of SystemTouch objects present on this machine. - **SystemWim** The count of SystemWim objects present on this machine. - **SystemWindowsActivationStatus** The count of SystemWindowsActivationStatus objects present on this machine. - **SystemWlan** The count of SystemWlan objects present on this machine. @@ -156,7 +156,7 @@ The following fields are available: - **IsBootCritical** Is the device boot critical? - **SdbEntries** An array of fields indicating the SDB entries that apply to this device. - **WuDriverCoverage** Is there a driver uplevel for this device according to Windows Update? -- **WuDriverUpdateId** The Windows Update ID of the applicable uplevel driver +- **WuDriverUpdateId** The Windows Update ID of the applicable up-level driver - **WuPopulatedFromId** The expected up-level driver matching ID based on driver coverage from Windows Update @@ -191,6 +191,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: - **AppraiserVersion** The version of the appraiser file generating the events. +- **SdbEntries** No content is currently available. ### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageRemove @@ -224,6 +225,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: - **AppraiserVersion** The version of the appraiser file generating the events. +- **SdbEntries** No content is currently available. ### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockRemove @@ -257,6 +259,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: - **AppraiserVersion** The version of the appraiser file generating the events. +- **SdbEntries** No content is currently available. ### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveRemove @@ -290,6 +293,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: - **AppraiserVersion** The version of the appraiser file generating the events. +- **SdbEntries** No content is currently available. ### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeRemove @@ -1182,6 +1186,8 @@ The following fields are available: This event indicates that a new set of SystemWindowsActivationStatusAdd events will be sent. +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. @@ -1728,9 +1734,9 @@ The following fields are available: - **authId** The ID of the device associated with this event. For Microsoft Account tickets, this is expected to be the MSA Global ID. - **authSecId** The secondary ID of the device associated with this event. For Microsoft Account tickets, this is expected to be the MSA Hardware ID. -- **deviceClass** The device classification. Examples: Desktop, Server, or Mobile. +- **deviceClass** The device classification. For example, Desktop, Server, or Mobile. - **id** A unique device ID. -- **localId** A locally-defined unique ID for the device. This is not the human-readable device name. +- **localId** A locally-defined unique ID for the device. This is not the human-readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId - **make** Device manufacturer. - **model** Device model. - **orgAuthId** ID used to authenticate the orgId. @@ -1739,7 +1745,7 @@ The following fields are available: ### Common Data Extensions.Envelope -No content is currently available. +Represents an envelope that contains all of the common data extensions. The following fields are available: @@ -1801,8 +1807,8 @@ The following fields are available: - **bootId** An integer value that represents the boot session. This value starts at 0 on first boot after OS install and increments after every reboot. - **expId** Represents the experiment ID. The standard for associating a flight, such as an OS flight (pre-release build), or an experiment, such as a web site UX experiment, with an event is to record the flight / experiment IDs in Part A of the common schema. - **locale** Represents the locale of the operating system. -- **name** The name of the operating system. -- **ver** Represents the OS version, and its format is OS dependent. +- **name** Represents the operating system name. +- **ver** Represents the major and minor version of the extension. ### Common Data Extensions.receipts @@ -1882,6 +1888,21 @@ The following fields are available: - **xid** A list of base10-encoded XBOX User IDs. +## Common data fields + +### Ms.Device.DeviceInventoryChange + +No content is currently available. + +The following fields are available: + +- **action** The change that was invoked on a device inventory object. +- **inventoryId** Device ID used for Compatibility testing +- **objectInstanceId** Object identity which is unique within the device scope. +- **objectType** Indicates the object type that the event applies to. +- **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object. + + ## Compatibility events ### Microsoft.Windows.Compatibility.Apphelp.SdbFix @@ -2011,13 +2032,13 @@ Fired by UTC as a heartbeat signal. The following fields are available: - **AgentConnectionErrorsCount** Number of non-timeout errors associated with the host/agent channel. -- **CensusExitCode** Last exit code of Census task. +- **CensusExitCode** Last exit code of�Census task. - **CensusStartTime** Time of last Census run. - **CensusTaskEnabled** True if Census is enabled, false otherwise. - **CompressedBytesUploaded** Number of compressed bytes uploaded. - **ConsumerDroppedCount** Number of events dropped at consumer layer of telemetry client. - **CriticalDataDbDroppedCount** Number of critical data sampled events dropped at the database layer. -- **CriticalDataThrottleDroppedCount** Number of critical data sampled events dropped due to throttling. +- **CriticalDataThrottleDroppedCount** Number of critical data sampled events dropped due to�throttling. - **CriticalOverflowEntersCounter** Number of times critical overflow mode was entered in event DB. - **DbCriticalDroppedCount** Total number of dropped critical events in event DB. - **DbDroppedCount** Number of events dropped due to DB fullness. @@ -2041,14 +2062,14 @@ The following fields are available: - **LastAgentConnectionError** Last non-timeout error encountered in the host/agent channel. - **LastEventSizeOffender** Event name of last event which exceeded max event size. - **LastInvalidHttpCode** Last invalid HTTP code received from Vortex. -- **MaxActiveAgentConnectionCount** Maximum number of active agents during this heartbeat timeframe. +- **MaxActiveAgentConnectionCount** Maximum number of active agents during this�heartbeat timeframe. - **MaxInUseScenarioCounter** Soft maximum number of scenarios loaded by UTC. - **PreviousHeartBeatTime** Time of last heartbeat event (allows chaining of events). - **SettingsHttpAttempts** Number of attempts to contact OneSettings service. -- **SettingsHttpFailures** Number of failures from contacting OneSettings service. +- **SettingsHttpFailures** Number of failures from contacting�OneSettings service. - **ThrottledDroppedCount** Number of events dropped due to throttling of noisy providers. - **UploaderDroppedCount** Number of events dropped at the uploader layer of telemetry client. -- **VortexFailuresTimeout** Number of time out failures received from Vortex. +- **VortexFailuresTimeout** Number of time out failures�received from Vortex. - **VortexHttpAttempts** Number of attempts to contact Vortex. - **VortexHttpFailures4xx** Number of 400-499 error codes received from Vortex. - **VortexHttpFailures5xx** Number of 500-599 error codes received from Vortex. @@ -2920,12 +2941,12 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: -- **BusReportedDescription** The description of the device reported by the bux. -- **Class** The device setup class of the driver loaded for the device. -- **ClassGuid** The device class GUID from the driver package -- **COMPID** The device setup class guid of the driver loaded for the device. -- **ContainerId** The list of compat ids for the device. -- **Description** System-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the computer. +- **BusReportedDescription** System-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the computer. +- **Class** A unique identifier for the driver installed. +- **ClassGuid** Name of the .sys image file (or wudfrd.sys if using user mode driver framework). +- **COMPID** INF file name (the name could be renamed by OS, such as oemXX.inf) +- **ContainerId** The version of the inventory binary generating the events. +- **Description** The current error code for the device. - **DeviceState** The device description. - **DriverId** DeviceState is a bitmask of the following: DEVICE_IS_CONNECTED 0x0001 (currently only for container). DEVICE_IS_NETWORK_DEVICE 0x0002 (currently only for container). DEVICE_IS_PAIRED 0x0004 (currently only for container). DEVICE_IS_ACTIVE 0x0008 (currently never set). DEVICE_IS_MACHINE 0x0010 (currently only for container). DEVICE_IS_PRESENT 0x0020 (currently always set). DEVICE_IS_HIDDEN 0x0040. DEVICE_IS_PRINTER 0x0080 (currently only for container). DEVICE_IS_WIRELESS 0x0100. DEVICE_IS_WIRELESS_FAT 0x0200. The most common values are therefore: 32 (0x20)= device is present. 96 (0x60)= device is present but hidden. 288 (0x120)= device is a wireless device that is present - **DriverName** A unique identifier for the driver installed. @@ -3436,31 +3457,31 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic ### Microsoft.Windows.Kernel.BootEnvironment.OsLaunch -OS Boot information used to evaluate the success of the upgrade process. +OS information collected during Boot, used to evaluate the success of the upgrade process. The following fields are available: - **BootApplicationId** This field tells us what the OS Loader Application Identifier is. -- **BootAttemptCount** This is the number of consecutive times the boot manager has attempted to boot into this operating system. -- **BootSequence** The current Boot ID. It is used to correlate events related to a particular boot session. -- **BootStatusPolicy** This field tells us the boot status policy. -- **BootType** This field tells us the type of boot (such as "Cold", "Hiber", "Resume"). -- **EventTimestamp** Seconds elapsed since an arbitrary time point. This field can be used to identify the time difference in successive boot attempts being made. +- **BootAttemptCount** The number of consecutive times the boot manager has attempted to boot into this operating system. +- **BootSequence** The current Boot ID, used to correlate events related to a particular boot session. +- **BootStatusPolicy** Identifies the applicable Boot Status Policy. +- **BootType** Identifies the type of boot (e.g.: "Cold", "Hiber", "Resume"). +- **EventTimestamp** Seconds elapsed since an arbitrary time point. This can be used to identify the time difference in successive boot attempts being made. - **FirmwareResetReasonEmbeddedController** Reason for system reset provided by firmware. - **FirmwareResetReasonEmbeddedControllerAdditional** Additional information on system reset reason provided by firmware if needed. - **FirmwareResetReasonPch** Reason for system reset provided by firmware. - **FirmwareResetReasonPchAdditional** Additional information on system reset reason provided by firmware if needed. - **FirmwareResetReasonSupplied** Flag indicating that a reason for system reset was provided by firmware. -- **IO** Amount of disk IO in boot. See [IO](#io). +- **IO** Amount of data written to and read from the disk by the OS Loader during boot. See [IO](#io). - **LastBootSucceeded** Flag indicating whether the last boot was successful. - **LastShutdownSucceeded** Flag indicating whether the last shutdown was successful. - **MaxAbove4GbFreeRange** This field describes the largest memory range available above 4Gb. - **MaxBelow4GbFreeRange** This field describes the largest memory range available below 4Gb. - **MeasuredLaunchPrepared** This field tells us if the OS launch was initiated using Measured/Secure Boot over DRTM (Dynamic Root of Trust for Measurement). -- **MenuPolicy** Type of advanced options menu that should be shown to the user, such as Legacy or Standard. -- **RecoveryEnabled** Tells us whether or not recovery is enabled. +- **MenuPolicy** Type of advanced options menu that should be shown to the user (Legacy, Standard, etc.). +- **RecoveryEnabled** Indicates whether recovery is enabled. - **SecureLaunchPrepared** This field indicates if DRTM was prepared during boot. -- **UserInputTime** This is the amount of time the loader application spent waiting for user input. +- **UserInputTime** The amount of time the loader application spent waiting for user input. ### Microsoft.Windows.Kernel.Power.OSStateChange @@ -3510,10 +3531,10 @@ Event tells us effectiveness of new privacy experience. The following fields are available: -- **isAdmin** whether the person who is logging in is an admin +- **isAdmin** Whether the current user is an administrator or not - **isLaunching** Whether or not the privacy consent experience will be launched -- **isSilentElevation** whether the user has most restrictive UAC controls -- **privacyConsentState** whether the user has completed privacy experience +- **isSilentElevation** Whether the current user has enabled silent elevation +- **privacyConsentState** The current state of the privacy consent experience - **userRegionCode** The current user's region setting @@ -3989,7 +4010,7 @@ The following fields are available: ### Update360Telemetry.UpdateAgentDownloadRequest -The UpdateAgent_DownloadRequest event sends data for the download request phase of updating Windows via the new UUP (Unified Update Platform) scenario. Applicable to PC and Mobile. +This event sends data for the download request phase of updating Windows via the new UUP (Unified Update Platform) scenario. Applicable to PC and Mobile. The following fields are available: @@ -4074,7 +4095,7 @@ The following fields are available: ### Update360Telemetry.UpdateAgentInstall -The UpdateAgentInstall event sends data for the install phase of updating Windows. +This event sends data for the install phase of updating Windows. The following fields are available: @@ -4180,21 +4201,21 @@ The following fields are available: - **key12** UI interaction data - **key13** UI interaction data - **key14** UI interaction data -- **key15** Interaction data for the UI -- **key16** Interaction data for the UI -- **key17** Interaction data for the UI -- **key18** Interaction data for the UI -- **key19** Interaction data for the UI +- **key15** UI interaction data +- **key16** UI interaction data +- **key17** UI interaction data +- **key18** UI interaction data +- **key19** UI interaction data - **key2** UI interaction data -- **key20** Interaction data for the UI +- **key20** UI interaction data - **key21** Interaction data for the UI - **key22** Interaction data for the UI - **key23** Interaction data for the UI - **key24** Interaction data for the UI - **key25** Interaction data for the UI - **key26** Interaction data for the UI -- **key27** UI interaction data -- **key28** UI interaction data +- **key27** Interaction data for the UI +- **key28** Interaction data for the UI - **key29** UI interaction data - **key3** UI interaction data - **key30** UI interaction data @@ -4204,8 +4225,8 @@ The following fields are available: - **key7** UI interaction data - **key8** UI interaction data - **key9** UI interaction data -- **PackageVersion** Current package version of UNP -- **schema** UI interaction type +- **PackageVersion** UI interaction data +- **schema** UI interaction data ### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignHeartbeat @@ -4308,7 +4329,7 @@ The following fields are available: ### FacilitatorTelemetry.InitializeDU -No content is currently available. +This event determines whether devices received additional or critical supplemental content during an OS upgrade. The following fields are available: @@ -4512,12 +4533,12 @@ The following fields are available: ### Setup360Telemetry.Setup360DynamicUpdate -No content is currently available. +This event helps determine whether or not the device received supplemental content during an operating system upgrade. The following fields are available: -- **FlightData** Flight ID for the content. -- **InstanceId** ID of the setup invocation. +- **FlightData** Specifies a unique identifier for each group of Windows Insider builds. +- **InstanceId** Retrieves a unique identifier for each instance of a setup session. - **Operation** Facilitator’s last known operation (scan, download, etc.). - **ReportId** ID for tying together events stream side. - **ResultCode** Result returned by setup for the entire operation. @@ -4585,7 +4606,7 @@ The following fields are available: ### Microsoft.Windows.WER.MTT.Value -No content is currently available. +This is used for differential privacy. The following fields are available: @@ -4978,56 +4999,56 @@ The following fields are available: ### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureFailed -The Execute Rollback Feature Failed event sends basic telemetry on the failure of the Feature Rollback. This functionality supports our feature by providing IT Admins the ability to see the operation failed, allowing them to do further triage of the device. +This event sends basic telemetry on the failure of the Feature Rollback. The following fields are available: -- **current** Result of currency check -- **dismOperationSucceeded** Dism uninstall operation status -- **hResult** Failure error code -- **oSVersion** Build number of the machine -- **paused** Machine's pause status -- **rebootRequestSucceeded** Reboot CSP call success status -- **wUfBConnected** Result of WUfB connection check +- **current** Result of currency check. +- **dismOperationSucceeded** Dism uninstall operation status. +- **hResult** Failure error code. +- **oSVersion** Build number of the device. +- **paused** Indicates whether the device is paused. +- **rebootRequestSucceeded** Reboot CSP call success status. +- **wUfBConnected** Result of WUfB connection check. ### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureNotApplicable -The Execute Rollback Feature Not Applicable event sends basic telemetry on the applicability of the Feature Rollback, to support the functionality of Feature Rollback. This event provides critical information for the feature because it will alert IT Admins that devices they are attempting to rollback Features updates are not applicable. +This event sends basic telemetry on whether Feature Rollback (rolling back features updates) is applicable to a device. The following fields are available: -- **current** Result of currency check -- **dismOperationSucceeded** Dism uninstall operation status -- **oSVersion** Build number of the machine -- **paused** Machine's pause status -- **rebootRequestSucceeded** Reboot CSP call success status -- **wUfBConnected** Result of WUfB connection check +- **current** Result of currency check. +- **dismOperationSucceeded** Dism uninstall operation status. +- **oSVersion** Build number of the device. +- **paused** Indicates whether the device is paused. +- **rebootRequestSucceeded** Reboot CSP call success status. +- **wUfBConnected** Result of WUfB connection check. ### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureStarted -The Execute Rollback Feature Started event sends basic information on the start process to provide information that the Feature Rollback has started. +This event sends basic information indicating that Feature Rollback has started. ### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureSucceeded -The Execute Rollback Feature Succeed event sends basic telemetry on the success of the Rollback of the Feature updates. This functionality supports our feature by providing insights to IT Admins of the success of the Feature rollback. +This event sends basic telemetry on the success of the rollback of feature updates. ### Microsoft.Windows.UpdateCsp.ExecuteRollBackQualityFailed -The Execute Rollback Quality Failed event sends basic telemetry on the failure of the rollback of the Quality/LCU builds. This functionality supports our feature by providing IT Admins the ability to see the operation failed allowing them to do further triage of the device. +This event sends basic telemetry on the failure of the rollback of the Quality/LCU builds. The following fields are available: -- **current** Result of currency check -- **dismOperationSucceeded** Dism uninstall operation status -- **hResult** Failure error code -- **oSVersion** Build number of the machine -- **paused** Machine's pause status +- **current** Result of currency check. +- **dismOperationSucceeded** Dism uninstall operation status. +- **hResult** Failure error code. +- **oSVersion** Build number of the device. +- **paused** Indicates whether the device is paused. - **rebootRequestSucceeded** Reboot CSP call success status - **wUfBConnected** Result of WUfB connection check @@ -5066,37 +5087,37 @@ This event sends data describing the start of a new download to enable Delivery The following fields are available: -- **background** If the download is happening in the background -- **bytesRequested** Number of bytes requested for download -- **callerName** Name of the API Caller +- **background** Indicates whether the download is happening in the background. +- **bytesRequested** Number of bytes requested for the download. +- **callerName** Name of the API caller. - **cdnUrl** Url of the source CDN -- **costFlags** Network cost flags -- **deviceProfile** Identifies the usage or form factor (Desktop, Xbox, VM, etc) -- **diceRoll** Random number used for determining if a client will use peering -- **doClientVersion** Version of the Delivery Optimization client -- **doErrorCode** Delivery Optimization error code returned -- **downloadMode** DownloadMode used (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100) -- **downloadModeSrc** Source of the DownloadMode setting (KvsProvider: 0, GeoProvider: 1, GeoVerProvider: 2, CpProvider: 3, DiscoveryProvider: 4, RegistryProvider: 5, GroupPolicyProvider: 6, MdmProvider: 7, SettingsProvider: 8, InvalidProviderType: 9) -- **errorCode** Error code returned -- **experimentId** Used to correlate client/services calls that are part of the same test during A/B testing -- **fileID** ID of the File being downloaded -- **filePath** Path to where the downloaded file will be written -- **fileSize** Total filesize of the file that was downloaded -- **fileSizeCaller** Value for total file size provided by our caller -- **groupID** ID for the group -- **isEncrypted** Whether the download is encrypted -- **isVpn** If the machine is connected to a Virtual Private Network -- **jobID** Identifier for the Windows Update Job -- **minDiskSizeGB** The minimum disk size policy set for the device to allow Peering with Delivery Optimization -- **minDiskSizePolicyEnforced** If there is an enforced mininum disk size requirement for peering -- **minFileSizePolicy** Minimum filesize policy set for the device to allow Peering with Delivery Optimization -- **peerID** ID for this Delivery Optimization client -- **predefinedCallerName** Name of the API Caller -- **scenarioID** ID for the Scenario -- **sessionID** ID for the file download session -- **setConfigs** ID of the Update being downloaded -- **updateID** ID of the Update being downloaded -- **usedMemoryStream** If the download is using memory streaming in App downloads +- **costFlags** A set of flags representing network cost. +- **deviceProfile** Identifies the usage or form factor (such as Desktop, Xbox, or VM). +- **diceRoll** Random number used for determining if a client will use peering. +- **doClientVersion** The version of the Delivery Optimization client. +- **doErrorCode** The Delivery Optimization error code that was returned. +- **downloadMode** The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100). +- **downloadModeSrc** Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9). +- **errorCode** The error code that was returned. +- **experimentId** ID used to correlate client/services calls that are part of the same test during A/B testing. +- **fileID** The ID of the file being downloaded. +- **filePath** The path to where the downloaded file will be written. +- **fileSize** Total file size of the file that was downloaded. +- **fileSizeCaller** Value for total file size provided by our caller. +- **groupID** ID for the group. +- **isEncrypted** Indicates whether the download is encrypted. +- **isVpn** Indicates whether the device is connected to a Virtual Private Network. +- **jobID** The ID of the Windows Update job. +- **minDiskSizeGB** The minimum disk size (in GB) policy set for the device to allow peering with delivery optimization. +- **minDiskSizePolicyEnforced** Indicates whether there is an enforced minimum disk size requirement for peering. +- **minFileSizePolicy** The minimum content file size policy to allow the download using peering with delivery optimization. +- **peerID** The ID for this delivery optimization client. +- **predefinedCallerName** Name of the API caller. +- **scenarioID** The ID of the scenario. +- **sessionID** The ID for the file download session. +- **setConfigs** A JSON representation of the configurations that have been set, and their sources. +- **updateID** The ID of the update being downloaded. +- **usedMemoryStream** Indicates whether the download used memory streaming. ## Windows Update events @@ -5108,21 +5129,21 @@ This event collects information regarding the state of devices and drivers on th The following fields are available: - **activated** Whether the entire device manifest update is considered activated and in use. -- **analysisErrorCount** How many driver packages that could not be analyzed because errors were hit during the analysis. +- **analysisErrorCount** How many driver packages could not be analyzed because errors were hit during the analysis. - **flightId** Unique ID for each flight. -- **missingDriverCount** How many driver packages that were delivered by the device manifest that are missing from the system. -- **missingUpdateCount** How many updates that were part of the device manifest that are missing from the system. +- **missingDriverCount** How many driver packages that were delivered by the device manifest are missing from the system. +- **missingUpdateCount** How many updates that were part of the device manifest are missing from the system. - **objectId** Unique value for each diagnostics session. -- **publishedCount** How many drivers packages that were delivered by the device manifest that are published and available to be used on devices. +- **publishedCount** How many drivers packages that were delivered by the device manifest are published and available to be used on devices. - **relatedCV** Correlation vector value generated from the latest USO scan. - **scenarioId** Indicates the update scenario. - **sessionId** Unique value for each update session. -- **summary** A summary string that contains some basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match on. +- **summary** A summary string that contains some basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match. - **summaryAppendError** A Boolean indicating if there was an error appending more information to the summary string. -- **truncatedDeviceCount** How many devices are missing from the summary string due to there not being enough room in the string. -- **truncatedDriverCount** How many driver packages are missing from the summary string due to there not being enough room in the string. +- **truncatedDeviceCount** How many devices are missing from the summary string because there is not enough room in the string. +- **truncatedDriverCount** How many driver packages are missing from the summary string because there is not enough room in the string. - **unpublishedCount** How many drivers packages that were delivered by the device manifest that are still unpublished and unavailable to be used on devices. -- **updateId** Unique ID for each Update. +- **updateId** Unique ID for each update. ### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentCommit @@ -5159,7 +5180,7 @@ The following fields are available: - **packageCountTotalExpress** Total number of express packages. - **packageSizeCanonical** Size of canonical packages in bytes. - **packageSizeDiff** Size of diff packages in bytes. -- **packageSizeExpress** Size of express packages in bytes +- **packageSizeExpress** Size of express packages in bytes. - **rangeRequestState** Represents the state of the download range request. - **relatedCV** Correlation vector value generated from the latest USO scan. - **result** Result of the download request phase of update. @@ -5445,7 +5466,7 @@ The following fields are available: - **displayNeededReason** List of reasons for needing display. - **eventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.). -- **filteredDeferReason** Applicable filtered reasons why reboot was postponed (such as user active, or low battery). +- **filteredDeferReason** Applicable filtered reasons why reboot was postponed (such as user active, or low battery).. - **gameModeReason** Name of the executable that caused the game mode state check to start. - **ignoredReason** List of reasons that were intentionally ignored. - **raisedDeferReason** Indicates all potential reasons for postponing restart (such as user active, or low battery). @@ -5559,7 +5580,7 @@ This event is sent during update scan, download, or install, and indicates that The following fields are available: -- **configVersion** Escalation config version on device . +- **configVersion** Escalation config version on device. - **downloadElapsedTime** Indicates how long since the download is required on device. - **downloadRiskLevel** At-risk level of download phase. - **installElapsedTime** Indicates how long since the install is required on device. @@ -5635,7 +5656,7 @@ The following fields are available: - **deferReason** Reason for install not completing. - **errorCode** The error code reppresented by a hexadecimal value. - **eventScenario** End-to-end update session ID. -- **flightID** The specific ID of the Windows Insider build the device is getting. +- **flightID** Unique update ID - **flightUpdate** Indicates whether the update is a Windows Insider build. - **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates. - **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress. @@ -5882,21 +5903,21 @@ This event sends data specific to the CleanupSafeOsImages mitigation used for OS The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightId** Unique identifier for each flight. -- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. -- **MitigationScenario** The update scenario in which the mitigation was executed. -- **MountedImageCount** Number of mounted images. -- **MountedImageMatches** Number of mounted images that were under %systemdrive%\$Windows.~BT. -- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. -- **MountedImagesRemoved** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. -- **MountedImagesSkipped** Number of mounted images that were not under %systemdrive%\$Windows.~BT. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **Result** HResult of this operation. -- **ScenarioId** ID indicating the mitigation scenario. -- **ScenarioSupported** Indicates whether the scenario was supported. -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each Update. +- **ClientId** Unique identifier for each flight. +- **FlightId** Unique GUID that identifies each instances of setuphost.exe. +- **InstanceId** The update scenario in which the mitigation was executed. +- **MitigationScenario** Number of mounted images. +- **MountedImageCount** Number of mounted images that were under %systemdrive%\$Windows.~BT. +- **MountedImageMatches** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. +- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. +- **MountedImagesRemoved** Number of mounted images that were not under %systemdrive%\$Windows.~BT. +- **MountedImagesSkipped** Correlation vector value generated from the latest USO scan. +- **RelatedCV** HResult of this operation. +- **Result** ID indicating the mitigation scenario. +- **ScenarioId** Indicates whether the scenario was supported. +- **ScenarioSupported** Unique value for each update attempt. +- **SessionId** Unique ID for each Update. +- **UpdateId** Unique ID for the Windows Update client. - **WuId** Unique ID for the Windows Update client. From 050fc5032631103b12b95db00703d2eff6f07bf4 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Mon, 27 Aug 2018 12:57:35 -0700 Subject: [PATCH 06/24] new build --- ...ndows-diagnostic-events-and-fields-1803.md | 173 +++++++----------- 1 file changed, 67 insertions(+), 106 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index c88b2ded23..93151bfa7d 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -34,7 +34,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th You can learn more about Windows functional and diagnostic data through these articles: -- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md) +- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md) - [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md) - [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) - [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) @@ -83,7 +83,7 @@ The following fields are available: - **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device. - **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. - **InventoryApplicationFile** The count of the number of this particular object type present on this device. -- **InventoryLanguagePack** The count of the number of this particular object type present on this device. +- **InventoryLanguagePack** The count of InventoryLanguagePack objects present on this machine. - **InventoryMediaCenter** The count of the number of this particular object type present on this device. - **InventorySystemBios** The count of the number of this particular object type present on this device. - **InventoryTest** The count of the number of this particular object type present on this device. @@ -95,10 +95,10 @@ The following fields are available: - **SystemProcessorNx** The count of the number of this particular object type present on this device. - **SystemProcessorPrefetchW** The count of the number of this particular object type present on this device. - **SystemProcessorSse2** The count of the number of this particular object type present on this device. -- **SystemTouch** The count of SystemTouch objects present on this machine. -- **SystemWim** The count of SystemWim objects present on this machine. +- **SystemTouch** The count of the number of this particular object type present on this device. +- **SystemWim** The count of the number of this particular object type present on this device. - **SystemWindowsActivationStatus** The count of SystemWindowsActivationStatus objects present on this machine. -- **SystemWlan** The count of SystemWlan objects present on this machine. +- **SystemWlan** The count of the number of this particular object type present on this device. - **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device. @@ -156,7 +156,7 @@ The following fields are available: - **IsBootCritical** Is the device boot critical? - **SdbEntries** An array of fields indicating the SDB entries that apply to this device. - **WuDriverCoverage** Is there a driver uplevel for this device according to Windows Update? -- **WuDriverUpdateId** The Windows Update ID of the applicable up-level driver +- **WuDriverUpdateId** The Windows Update ID of the applicable uplevel driver - **WuPopulatedFromId** The expected up-level driver matching ID based on driver coverage from Windows Update @@ -1306,7 +1306,7 @@ The following fields are available: - **AppraiserTaskExitCode** The Appraiser task exist code. - **AppraiserTaskLastRun** The last runtime for the Appraiser task. - **CensusVersion** The version of Census that generated the current data for this device. -- **IEVersion** IE version running on the device. +- **IEVersion** Retrieves which version of Internet Explorer is running on this device. ### Census.Battery @@ -1518,7 +1518,7 @@ The following fields are available: - **ProcessorManufacturer** Name of the processor manufacturer. - **ProcessorModel** Name of the processor model. - **ProcessorPhysicalCores** Number of physical cores in the processor. -- **ProcessorUpdateRevision** Microcode revision +- **ProcessorUpdateRevision** Microcode revision. - **ProcessorUpdateStatus** Enum value that represents the processor microcode load status. - **SocketCount** Count of CPU sockets. - **SpeculationControl** If the system has enabled protections needed to validate the speculation control vulnerability. @@ -1712,35 +1712,16 @@ The following fields are available: - **sig** A common schema signature that identifies new and modified event schemas. -### Common Data Extensions.cs1 - -Contains all common data extensions that were originally part of the 1.0 schema. - -The following fields are available: - -- **dblp** A bitfield that is set to a non-zero value if the event in the newer schema has an equivalent event from the 1.0 schema. -- **esc** The event sequence clock. -- **ev** The version of the event. -- **locale** The client language locale on the device. -- **scid** The Service Config ID of the running title that sent the event. -- **users** A comma-separated list of all users logged into the device when the event was created. The user ID is encoded. Example: x:12345678 - - ### Common Data Extensions.device Describes the device-related fields. The following fields are available: -- **authId** The ID of the device associated with this event. For Microsoft Account tickets, this is expected to be the MSA Global ID. -- **authSecId** The secondary ID of the device associated with this event. For Microsoft Account tickets, this is expected to be the MSA Hardware ID. - **deviceClass** The device classification. For example, Desktop, Server, or Mobile. -- **id** A unique device ID. - **localId** A locally-defined unique ID for the device. This is not the human-readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId - **make** Device manufacturer. - **model** Device model. -- **orgAuthId** ID used to authenticate the orgId. -- **orgId** Organization ID associated with the event. ### Common Data Extensions.Envelope @@ -1754,10 +1735,8 @@ The following fields are available: - **ext_app** Describes the properties of the running application. This extension could be populated by either a client app or a web app. See [Common Data Extensions.app](#common-data-extensionsapp). - **ext_container** Describes the properties of the container for events logged within a container. See [Common Data Extensions.container](#common-data-extensionscontainer). - **ext_cs** Describes properties related to the schema of the event. See [Common Data Extensions.cs](#common-data-extensionscs). -- **ext_cs1** If the field doesn't exist in the newer schema, this contains the fields from an earlier schema. See [Common Data Extensions.cs1](#common-data-extensionscs1). - **ext_device** Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice). - **ext_ingest** Describes the fields added dynamically by the service. See [Common Data Extensions.ingest](#common-data-extensionsingest). -- **ext_loc** Describes the location from which the event was logged. See [Common Data Extensions.loc](#common-data-extensionsloc). - **ext_os** Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos). - **ext_receipts** Describes the fields related to time as provided by the client for debugging purposes. See [Common Data Extensions.receipts](#common-data-extensionsreceipts). - **ext_sdk** Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk). @@ -1778,24 +1757,7 @@ Describes the fields that are added by the ingestion service. The following fields are available: -- **auth** Used to assess the trustworthiness of the data. -- **client** The client name. -- **clientIp** The IP address seen by the service. This is not necessarily the client IP address, but could be a router or some other device. - **processedIngest** If the event already had an ingest extension and the client was authenticated as a first party, the ingest extension will be inserted as processedIngest. -- **quality** A bitfield added by the service to all events coming from a client device. -- **time** The time that the event was received by the service. -- **userAgent** For events that are not using the CUET component, this is the user agent of the browser. - - -### Common Data Extensions.loc - -Describes the location from which the event was logged. - -The following fields are available: - -- **country** 2 letter country code using the codes from the ISO 3166-1 alpha-2 standard. -- **id** Location ID based on the client's IP address. -- **tz** The time zone of the device. ### Common Data Extensions.os @@ -1840,7 +1802,6 @@ Describes the fields related to a user. The following fields are available: - **authId** This is an ID of the user associated with this event that is deduced from a token such as a Microsoft Account ticket or an XBOX token. -- **id** Unique user Id. Example: x:12345678. - **locale** The language and region. - **localId** Represents a unique user identity that is created locally and added by the client. This is not the user's account ID. @@ -1943,7 +1904,7 @@ The following fields are available: - **ErrorCode** Error code of action - **FlightId** Flight being used - **RelatedCV** CV of any other related events -- **Result** End result of action +- **Result** Phase Setup is in ### DeploymentTelemetry.Deployment_SetupBoxLaunch @@ -1968,9 +1929,9 @@ The following fields are available: - **ClientId** Client ID of user utilizing the D360 API - **ErrorCode** Error code of action - **FlightId** Flight being used -- **Quiet** Whether Setup will run in quiet mode or in full -- **RelatedCV** Correlation vector of any other related events -- **SetupMode** Phase that Setup is in +- **Quiet** Whether Setup run in quiet mode or in full +- **RelatedCV** CV of any other related events +- **SetupMode** Phase Setup is in ### DeploymentTelemetry.Deployment_Start @@ -2373,11 +2334,11 @@ Event to indicate that the Coordinator WaitForRebootUi call succeeded. The following fields are available: -- **CampaignID** Campaign ID being run. -- **ClientID** Client ID being run. -- **CoordinatorVersion** Coordinator version of DTU. -- **CV** Correlation vector. -- **hResult** HRESULT of the failure. +- **CampaignID** Campaign ID being run +- **ClientID** Client ID being run +- **CoordinatorVersion** Coordinator version of DTU +- **CV** Correlation vector +- **hResult** HRESULT of the failure ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSelection @@ -3531,10 +3492,10 @@ Event tells us effectiveness of new privacy experience. The following fields are available: -- **isAdmin** Whether the current user is an administrator or not +- **isAdmin** whether the person who is logging in is an admin - **isLaunching** Whether or not the privacy consent experience will be launched -- **isSilentElevation** Whether the current user has enabled silent elevation -- **privacyConsentState** The current state of the privacy consent experience +- **isSilentElevation** whether the user has most restrictive UAC controls +- **privacyConsentState** whether the user has completed privacy experience - **userRegionCode** The current user's region setting @@ -4176,7 +4137,7 @@ The following fields are available: - **ScenarioId** Indicates the update scenario. - **SessionId** Unique value for each update attempt. - **SetupMode** Mode of setup to be launched. -- **UpdateId** Unique ID for each Update. +- **UpdateId** Unique ID for each update. - **UserSession** Indicates whether install was invoked by user actions. @@ -4208,15 +4169,15 @@ The following fields are available: - **key19** UI interaction data - **key2** UI interaction data - **key20** UI interaction data -- **key21** Interaction data for the UI -- **key22** Interaction data for the UI -- **key23** Interaction data for the UI -- **key24** Interaction data for the UI -- **key25** Interaction data for the UI -- **key26** Interaction data for the UI -- **key27** Interaction data for the UI +- **key21** UI interaction data +- **key22** UI interaction data +- **key23** UI interaction data +- **key24** UI interaction data +- **key25** UI interaction data +- **key26** UI interaction data +- **key27** UI interaction data - **key28** Interaction data for the UI -- **key29** UI interaction data +- **key29** Interaction data for the UI - **key3** UI interaction data - **key30** UI interaction data - **key4** UI interaction data @@ -4225,8 +4186,8 @@ The following fields are available: - **key7** UI interaction data - **key8** UI interaction data - **key9** UI interaction data -- **PackageVersion** UI interaction data -- **schema** UI interaction data +- **PackageVersion** Current package version of UNP +- **schema** UI interaction type ### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignHeartbeat @@ -4878,10 +4839,10 @@ The FulfillmentComplete event is fired at the end of an app install or update. The following fields are available: - **CatalogId** The CatalogId is the name of the product catalog from which this app was chosen. -- **FailedRetry** Was the installation or update retry successful? -- **HResult** The HResult code of the operation. -- **PFN** The Package Family Name of the app that is being installed or updated. -- **ProductId** The product ID of the app that is being updated or installed. +- **FailedRetry** Tells us if the retry for an install or update was successful or not +- **HResult** Resulting HResult error/success code of this call +- **PFN** Package Family Name of the app that being installed or updated +- **ProductId** Product Id of the app that is being updated or installed ### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate @@ -5129,21 +5090,21 @@ This event collects information regarding the state of devices and drivers on th The following fields are available: - **activated** Whether the entire device manifest update is considered activated and in use. -- **analysisErrorCount** How many driver packages could not be analyzed because errors were hit during the analysis. +- **analysisErrorCount** How many driver packages that could not be analyzed because errors were hit during the analysis. - **flightId** Unique ID for each flight. -- **missingDriverCount** How many driver packages that were delivered by the device manifest are missing from the system. -- **missingUpdateCount** How many updates that were part of the device manifest are missing from the system. +- **missingDriverCount** How many driver packages that were delivered by the device manifest that are missing from the system. +- **missingUpdateCount** How many updates that were part of the device manifest that are missing from the system. - **objectId** Unique value for each diagnostics session. -- **publishedCount** How many drivers packages that were delivered by the device manifest are published and available to be used on devices. +- **publishedCount** How many drivers packages that were delivered by the device manifest that are published and available to be used on devices. - **relatedCV** Correlation vector value generated from the latest USO scan. - **scenarioId** Indicates the update scenario. - **sessionId** Unique value for each update session. -- **summary** A summary string that contains some basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match. +- **summary** A summary string that contains some basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match on. - **summaryAppendError** A Boolean indicating if there was an error appending more information to the summary string. -- **truncatedDeviceCount** How many devices are missing from the summary string because there is not enough room in the string. -- **truncatedDriverCount** How many driver packages are missing from the summary string because there is not enough room in the string. +- **truncatedDeviceCount** How many devices are missing from the summary string due to there not being enough room in the string. +- **truncatedDriverCount** How many driver packages are missing from the summary string due to there not being enough room in the string. - **unpublishedCount** How many drivers packages that were delivered by the device manifest that are still unpublished and unavailable to be used on devices. -- **updateId** Unique ID for each update. +- **updateId** Unique ID for each Update. ### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentCommit @@ -5466,7 +5427,7 @@ The following fields are available: - **displayNeededReason** List of reasons for needing display. - **eventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.). -- **filteredDeferReason** Applicable filtered reasons why reboot was postponed (such as user active, or low battery).. +- **filteredDeferReason** Applicable filtered reasons why reboot was postponed (such as user active, or low battery). - **gameModeReason** Name of the executable that caused the game mode state check to start. - **ignoredReason** List of reasons that were intentionally ignored. - **raisedDeferReason** Indicates all potential reasons for postponing restart (such as user active, or low battery). @@ -5485,7 +5446,7 @@ The following fields are available: - **deferReason** Reason why the device could not check for updates. - **detectionBlockingPolicy** State of update action. -- **detectionBlockreason** If we retry to scan +- **detectionBlockreason** Reason for detection not completing. - **detectionRetryMode** Indicates whether we will try to scan again. - **errorCode** State of update action - **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. @@ -5495,8 +5456,8 @@ The following fields are available: - **revisionNumber** Update revision number. - **scanTriggerSource** Source of the triggered scan. - **updateId** Update ID. -- **updateScenarioType** Update Session type -- **wuDeviceid** Device ID +- **updateScenarioType** The update session type. +- **wuDeviceid** Unique device ID used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.DisplayNeeded @@ -5608,7 +5569,7 @@ This event indicates that the update is no longer applicable to this device. The following fields are available: -- **EventPublishedTime** Time when this event was generated +- **EventPublishedTime** Time when this event was generated. - **flightID** The specific ID of the Windows Insider build. - **revisionNumber** Update revision number. - **updateId** Unique Windows Update ID. @@ -5656,7 +5617,7 @@ The following fields are available: - **deferReason** Reason for install not completing. - **errorCode** The error code reppresented by a hexadecimal value. - **eventScenario** End-to-end update session ID. -- **flightID** Unique update ID +- **flightID** The specific ID of the Windows Insider build the device is getting. - **flightUpdate** Indicates whether the update is a Windows Insider build. - **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates. - **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress. @@ -5876,7 +5837,7 @@ The following fields are available: - **scheduledRebootTime** Time scheduled for the reboot. - **scheduledRebootTimeInUTC** Time scheduled for the reboot, in UTC. - **updateId** Identifies which update is being scheduled. -- **wuDeviceid** Unique DeviceID +- **wuDeviceid** Unique device ID used by Windows Update. ### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerFirstReadyToReboot @@ -5891,8 +5852,8 @@ This event is sent when MUSE broker schedules a task. The following fields are available: -- **TaskArgument** The arguments with which the task is scheduled. -- **TaskName** Name of the task. +- **TaskArgument** The arguments which the task is scheduled with +- **TaskName** Name of the task ## Windows Update mitigation events @@ -5903,21 +5864,21 @@ This event sends data specific to the CleanupSafeOsImages mitigation used for OS The following fields are available: -- **ClientId** Unique identifier for each flight. -- **FlightId** Unique GUID that identifies each instances of setuphost.exe. -- **InstanceId** The update scenario in which the mitigation was executed. -- **MitigationScenario** Number of mounted images. -- **MountedImageCount** Number of mounted images that were under %systemdrive%\$Windows.~BT. -- **MountedImageMatches** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. -- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. -- **MountedImagesRemoved** Number of mounted images that were not under %systemdrive%\$Windows.~BT. -- **MountedImagesSkipped** Correlation vector value generated from the latest USO scan. -- **RelatedCV** HResult of this operation. -- **Result** ID indicating the mitigation scenario. -- **ScenarioId** Indicates whether the scenario was supported. -- **ScenarioSupported** Unique value for each update attempt. -- **SessionId** Unique ID for each Update. -- **UpdateId** Unique ID for the Windows Update client. +- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightId** Unique identifier for each flight. +- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. +- **MitigationScenario** The update scenario in which the mitigation was executed. +- **MountedImageCount** Number of mounted images. +- **MountedImageMatches** Number of mounted images that were under %systemdrive%\$Windows.~BT. +- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. +- **MountedImagesRemoved** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. +- **MountedImagesSkipped** Number of mounted images that were not under %systemdrive%\$Windows.~BT. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **Result** HResult of this operation. +- **ScenarioId** ID indicating the mitigation scenario. +- **ScenarioSupported** Indicates whether the scenario was supported. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each Update. - **WuId** Unique ID for the Windows Update client. From 9728b81771119723324622947b782a83f11a952a Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Tue, 28 Aug 2018 09:18:16 -0700 Subject: [PATCH 07/24] new build --- ...ndows-diagnostic-events-and-fields-1803.md | 112 +++++++++--------- 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index 93151bfa7d..4b05b60b0d 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -1,4 +1,4 @@ ---- +- description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. title: Windows 10, version 1803 basic diagnostic events and fields (Windows 10) keywords: privacy, telemetry @@ -9,7 +9,7 @@ ms.pagetype: security localizationpriority: high author: brianlic-msft ms.author: brianlic -ms.date: 08/27/2018 +ms.date: 08/28/2018 --- @@ -83,7 +83,7 @@ The following fields are available: - **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device. - **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. - **InventoryApplicationFile** The count of the number of this particular object type present on this device. -- **InventoryLanguagePack** The count of InventoryLanguagePack objects present on this machine. +- **InventoryLanguagePack** The count of the number of this particular object type present on this device. - **InventoryMediaCenter** The count of the number of this particular object type present on this device. - **InventorySystemBios** The count of the number of this particular object type present on this device. - **InventoryTest** The count of the number of this particular object type present on this device. @@ -95,10 +95,10 @@ The following fields are available: - **SystemProcessorNx** The count of the number of this particular object type present on this device. - **SystemProcessorPrefetchW** The count of the number of this particular object type present on this device. - **SystemProcessorSse2** The count of the number of this particular object type present on this device. -- **SystemTouch** The count of the number of this particular object type present on this device. -- **SystemWim** The count of the number of this particular object type present on this device. +- **SystemTouch** The count of SystemTouch objects present on this machine. +- **SystemWim** The count of SystemWim objects present on this machine. - **SystemWindowsActivationStatus** The count of SystemWindowsActivationStatus objects present on this machine. -- **SystemWlan** The count of the number of this particular object type present on this device. +- **SystemWlan** The count of SystemWlan objects present on this machine. - **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device. @@ -1518,7 +1518,7 @@ The following fields are available: - **ProcessorManufacturer** Name of the processor manufacturer. - **ProcessorModel** Name of the processor model. - **ProcessorPhysicalCores** Number of physical cores in the processor. -- **ProcessorUpdateRevision** Microcode revision. +- **ProcessorUpdateRevision** Microcode revision - **ProcessorUpdateStatus** Enum value that represents the processor microcode load status. - **SocketCount** Count of CPU sockets. - **SpeculationControl** If the system has enabled protections needed to validate the speculation control vulnerability. @@ -1853,7 +1853,7 @@ The following fields are available: ### Ms.Device.DeviceInventoryChange -No content is currently available. +Describes the installation state for all hardware and software components available on a particular device. The following fields are available: @@ -1904,7 +1904,7 @@ The following fields are available: - **ErrorCode** Error code of action - **FlightId** Flight being used - **RelatedCV** CV of any other related events -- **Result** Phase Setup is in +- **Result** End result of action ### DeploymentTelemetry.Deployment_SetupBoxLaunch @@ -1915,7 +1915,7 @@ The following fields are available: - **ClientId** Client ID of user utilizing the D360 API - **FlightId** Flight being used -- **Quiet** Whether Setup run in quiet mode or in full +- **Quiet** Whether Setup will run in quiet mode or in full - **RelatedCV** CV of any other related events - **SetupMode** Phase Setup is in @@ -1929,9 +1929,9 @@ The following fields are available: - **ClientId** Client ID of user utilizing the D360 API - **ErrorCode** Error code of action - **FlightId** Flight being used -- **Quiet** Whether Setup run in quiet mode or in full -- **RelatedCV** CV of any other related events -- **SetupMode** Phase Setup is in +- **Quiet** Whether Setup will run in quiet mode or in full +- **RelatedCV** Correlation vector of any other related events +- **SetupMode** Phase that Setup is in ### DeploymentTelemetry.Deployment_Start @@ -1988,18 +1988,18 @@ The following fields are available: ### TelClientSynthetic.HeartBeat_5 -Fired by UTC as a heartbeat signal. +This event sends data about the health and quality of the diagnostic data from the given device, to help keep Windows up to date. It also enables data analysts to determine how 'trusted' the data is from a given device. The following fields are available: - **AgentConnectionErrorsCount** Number of non-timeout errors associated with the host/agent channel. -- **CensusExitCode** Last exit code of�Census task. +- **CensusExitCode** Last exit code of Census task. - **CensusStartTime** Time of last Census run. - **CensusTaskEnabled** True if Census is enabled, false otherwise. - **CompressedBytesUploaded** Number of compressed bytes uploaded. - **ConsumerDroppedCount** Number of events dropped at consumer layer of telemetry client. - **CriticalDataDbDroppedCount** Number of critical data sampled events dropped at the database layer. -- **CriticalDataThrottleDroppedCount** Number of critical data sampled events dropped due to�throttling. +- **CriticalDataThrottleDroppedCount** Number of critical data sampled events dropped due to throttling. - **CriticalOverflowEntersCounter** Number of times critical overflow mode was entered in event DB. - **DbCriticalDroppedCount** Total number of dropped critical events in event DB. - **DbDroppedCount** Number of events dropped due to DB fullness. @@ -2023,14 +2023,14 @@ The following fields are available: - **LastAgentConnectionError** Last non-timeout error encountered in the host/agent channel. - **LastEventSizeOffender** Event name of last event which exceeded max event size. - **LastInvalidHttpCode** Last invalid HTTP code received from Vortex. -- **MaxActiveAgentConnectionCount** Maximum number of active agents during this�heartbeat timeframe. +- **MaxActiveAgentConnectionCount** Maximum number of active agents during this heartbeat timeframe. - **MaxInUseScenarioCounter** Soft maximum number of scenarios loaded by UTC. - **PreviousHeartBeatTime** Time of last heartbeat event (allows chaining of events). - **SettingsHttpAttempts** Number of attempts to contact OneSettings service. -- **SettingsHttpFailures** Number of failures from contacting�OneSettings service. +- **SettingsHttpFailures** Number of failures from contacting OneSettings service. - **ThrottledDroppedCount** Number of events dropped due to throttling of noisy providers. - **UploaderDroppedCount** Number of events dropped at the uploader layer of telemetry client. -- **VortexFailuresTimeout** Number of time out failures�received from Vortex. +- **VortexFailuresTimeout** Number of time out failures received from Vortex. - **VortexHttpAttempts** Number of attempts to contact Vortex. - **VortexHttpFailures4xx** Number of 400-499 error codes received from Vortex. - **VortexHttpFailures5xx** Number of 500-599 error codes received from Vortex. @@ -3927,28 +3927,28 @@ Ensures Windows Updates are secure and complete. Event helps to identify whether The following fields are available: - **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request. -- **EndpointUrl** The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments. -- **EventScenario** The purpose of this event, such as scan started, scan succeeded, or scan failed. -- **ExtendedStatusCode** The secondary status code of the event. +- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. +- **EventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. - **LeafCertId** Integral ID from the FragmentSigning data for certificate that failed. - **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. -- **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce +- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce - **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID). -- **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable. +- **RawMode** Raw unparsed mode string from the SLS response. May be null if not applicable. - **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable. - **RevisionId** The revision ID for a specific piece of content. - **RevisionNumber** The revision number for a specific piece of content. -- **ServiceGuid** Identifies the service to which the software distribution client is connected, Example: Windows Update or Windows Store +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc) - **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate. - **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate. -- **SHA256OfTimestampToken** A base64-encoded string of hash of the timestamp token blob. +- **SHA256OfTimestampToken** Base64 string of hash of the timestamp token blob - **SignatureAlgorithm** The hash algorithm for the metadata signature. -- **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast -- **StatusCode** The status code of the event. -- **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token. -- **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed. +- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". +- **StatusCode** Result code of the event (success, cancellation, failure code HResult) +- **TimestampTokenCertThumbprint** Thumbprint of the encoded timestamp token. +- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is itself malformed and decoding failed. - **UpdateId** The update ID for a specific piece of content. -- **ValidityWindowInDays** The validity window that's in effect when verifying the timestamp. +- **ValidityWindowInDays** Validity window in effect when verifying the timestamp ## Update events @@ -4137,7 +4137,7 @@ The following fields are available: - **ScenarioId** Indicates the update scenario. - **SessionId** Unique value for each update attempt. - **SetupMode** Mode of setup to be launched. -- **UpdateId** Unique ID for each update. +- **UpdateId** Unique ID for each Update. - **UserSession** Indicates whether install was invoked by user actions. @@ -4185,8 +4185,8 @@ The following fields are available: - **key6** UI interaction data - **key7** UI interaction data - **key8** UI interaction data -- **key9** UI interaction data -- **PackageVersion** Current package version of UNP +- **key9** Current package version of UNP +- **PackageVersion** UI interaction type - **schema** UI interaction type @@ -4839,10 +4839,10 @@ The FulfillmentComplete event is fired at the end of an app install or update. The following fields are available: - **CatalogId** The CatalogId is the name of the product catalog from which this app was chosen. -- **FailedRetry** Tells us if the retry for an install or update was successful or not -- **HResult** Resulting HResult error/success code of this call -- **PFN** Package Family Name of the app that being installed or updated -- **ProductId** Product Id of the app that is being updated or installed +- **FailedRetry** Was the installation or update retry successful? +- **HResult** The HResult code of the operation. +- **PFN** The Package Family Name of the app that is being installed or updated. +- **ProductId** The product ID of the app that is being updated or installed. ### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate @@ -4942,18 +4942,18 @@ This event is sent when searching for update packages to install. It's used to h The following fields are available: -- **CatalogId** The Store Product ID for the product being installed. +- **CatalogId** The Store Catalog ID for the product being installed. - **ProductId** The Store Product ID for the product being installed. - **SkuId** Specfic edition of the app being updated. ### Microsoft.Windows.StoreAgent.Telemetry.UpdateAppOperationRequest -This event happens an app for a user needs to be updated. It's used to help keep Windows up-to-date and secure. +This event occurs when an update is requested for an app to help keep Windows up-to-date and secure. The following fields are available: -- **PFamN** The name of the product that is requested for update. +- **PFamN** The name of the app that is requested for update. ## Windows Update CSP events @@ -5016,27 +5016,27 @@ The following fields are available: ### Microsoft.Windows.UpdateCsp.ExecuteRollBackQualityNotApplicable -The Execute Rollback Quality Not Applicable event sends basic telemetry on the applicability of the Quality Rollback, to support the functionality of Quality Rollback. This event provides critical information for feature because it will alert IT Admins that devices they are attempting to rollback Quality updates are not applicable. +This event informs you whether a rollback of Quality updates is applicable to the devices for that you are attempting to rollback. The following fields are available: -- **current** Result of currency check -- **dismOperationSucceeded** Dism uninstall operation status -- **oSVersion** Build number of the machine -- **paused** Machine's pause status -- **rebootRequestSucceeded** Reboot CSP call success status -- **wUfBConnected** Result of WUfB connection check +- **current** Result of currency check. +- **dismOperationSucceeded** Dism uninstall operation status. +- **oSVersion** Build number of the device. +- **paused** Indicates whether the device is paused. +- **rebootRequestSucceeded** Reboot CSP call success status. +- **wUfBConnected** Result of WUfB connection check. ### Microsoft.Windows.UpdateCsp.ExecuteRollBackQualityStarted -The Execute Rollback Quality Started event sends basic information on the start process to provide information that the Quality Rollback has started. +This event indicates that the Quality Rollback process has started. ### Microsoft.Windows.UpdateCsp.ExecuteRollBackQualitySucceeded -The Execute Rollback Quality Succeed event sends basic telemetry on the success of the rollback of the Quality/LCU builds. This functionality supports our feature by providing insights to IT Admins of the success of the Quality rollback. +This event sends basic telemetry on the success of the rollback of the Quality/LCU builds. @@ -5446,7 +5446,7 @@ The following fields are available: - **deferReason** Reason why the device could not check for updates. - **detectionBlockingPolicy** State of update action. -- **detectionBlockreason** Reason for detection not completing. +- **detectionBlockreason** If we retry to scan - **detectionRetryMode** Indicates whether we will try to scan again. - **errorCode** State of update action - **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. @@ -5456,8 +5456,8 @@ The following fields are available: - **revisionNumber** Update revision number. - **scanTriggerSource** Source of the triggered scan. - **updateId** Update ID. -- **updateScenarioType** The update session type. -- **wuDeviceid** Unique device ID used by Windows Update. +- **updateScenarioType** Update Session type +- **wuDeviceid** Device ID ### Microsoft.Windows.Update.Orchestrator.DisplayNeeded @@ -5837,7 +5837,7 @@ The following fields are available: - **scheduledRebootTime** Time scheduled for the reboot. - **scheduledRebootTimeInUTC** Time scheduled for the reboot, in UTC. - **updateId** Identifies which update is being scheduled. -- **wuDeviceid** Unique device ID used by Windows Update. +- **wuDeviceid** Unique DeviceID ### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerFirstReadyToReboot @@ -5852,8 +5852,8 @@ This event is sent when MUSE broker schedules a task. The following fields are available: -- **TaskArgument** The arguments which the task is scheduled with -- **TaskName** Name of the task +- **TaskArgument** The arguments with which the task is scheduled. +- **TaskName** Name of the task. ## Windows Update mitigation events From e8ac9f7c1ab9b0e6a2e1f9dbe8a10680d6c2e9fc Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Tue, 28 Aug 2018 09:37:16 -0700 Subject: [PATCH 08/24] typo --- .../basic-level-windows-diagnostic-events-and-fields-1803.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index 4b05b60b0d..4944cb6766 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -1,4 +1,4 @@ -- +--- description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. title: Windows 10, version 1803 basic diagnostic events and fields (Windows 10) keywords: privacy, telemetry From ec3f01256aa498283e6b354008c371cde70c0927 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Wed, 29 Aug 2018 09:10:17 -0700 Subject: [PATCH 09/24] new build --- ...ndows-diagnostic-events-and-fields-1803.md | 145 +++++++++--------- 1 file changed, 71 insertions(+), 74 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index 4944cb6766..1fcb6c7793 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -9,7 +9,7 @@ ms.pagetype: security localizationpriority: high author: brianlic-msft ms.author: brianlic -ms.date: 08/28/2018 +ms.date: 08/29/2018 --- @@ -88,17 +88,17 @@ The following fields are available: - **InventorySystemBios** The count of the number of this particular object type present on this device. - **InventoryTest** The count of the number of this particular object type present on this device. - **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device. -- **PCFP** An ID for the system, calculated by hashing hardware identifiers. +- **PCFP** The count of the number of this particular object type present on this device. - **SystemMemory** The count of the number of this particular object type present on this device. - **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device. - **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device. - **SystemProcessorNx** The count of the number of this particular object type present on this device. - **SystemProcessorPrefetchW** The count of the number of this particular object type present on this device. - **SystemProcessorSse2** The count of the number of this particular object type present on this device. -- **SystemTouch** The count of SystemTouch objects present on this machine. -- **SystemWim** The count of SystemWim objects present on this machine. -- **SystemWindowsActivationStatus** The count of SystemWindowsActivationStatus objects present on this machine. -- **SystemWlan** The count of SystemWlan objects present on this machine. +- **SystemTouch** The count of the number of this particular object type present on this device. +- **SystemWim** The count of the number of this particular object type present on this device. +- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device. +- **SystemWlan** The count of the number of this particular object type present on this device. - **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device. @@ -156,7 +156,7 @@ The following fields are available: - **IsBootCritical** Is the device boot critical? - **SdbEntries** An array of fields indicating the SDB entries that apply to this device. - **WuDriverCoverage** Is there a driver uplevel for this device according to Windows Update? -- **WuDriverUpdateId** The Windows Update ID of the applicable uplevel driver +- **WuDriverUpdateId** The Windows Update ID of the applicable up-level driver - **WuPopulatedFromId** The expected up-level driver matching ID based on driver coverage from Windows Update @@ -191,7 +191,6 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: - **AppraiserVersion** The version of the appraiser file generating the events. -- **SdbEntries** No content is currently available. ### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageRemove @@ -259,7 +258,6 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: - **AppraiserVersion** The version of the appraiser file generating the events. -- **SdbEntries** No content is currently available. ### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveRemove @@ -293,7 +291,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: - **AppraiserVersion** The version of the appraiser file generating the events. -- **SdbEntries** No content is currently available. +- **SdbEntries** Deprecated in RS3. ### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeRemove @@ -327,7 +325,6 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: - **AppraiserVersion** The version of the Appraiser file generating the events. -- **SdbEntries** An array of fields indicating the SDB entries that apply to this BIOS. ### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosRemove @@ -1518,7 +1515,7 @@ The following fields are available: - **ProcessorManufacturer** Name of the processor manufacturer. - **ProcessorModel** Name of the processor model. - **ProcessorPhysicalCores** Number of physical cores in the processor. -- **ProcessorUpdateRevision** Microcode revision +- **ProcessorUpdateRevision** Microcode revision. - **ProcessorUpdateStatus** Enum value that represents the processor microcode load status. - **SocketCount** Count of CPU sockets. - **SpeculationControl** If the system has enabled protections needed to validate the speculation control vulnerability. @@ -1904,7 +1901,7 @@ The following fields are available: - **ErrorCode** Error code of action - **FlightId** Flight being used - **RelatedCV** CV of any other related events -- **Result** End result of action +- **Result** Phase Setup is in ### DeploymentTelemetry.Deployment_SetupBoxLaunch @@ -1915,7 +1912,7 @@ The following fields are available: - **ClientId** Client ID of user utilizing the D360 API - **FlightId** Flight being used -- **Quiet** Whether Setup will run in quiet mode or in full +- **Quiet** Whether Setup run in quiet mode or in full - **RelatedCV** CV of any other related events - **SetupMode** Phase Setup is in @@ -2334,11 +2331,11 @@ Event to indicate that the Coordinator WaitForRebootUi call succeeded. The following fields are available: -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector -- **hResult** HRESULT of the failure +- **CampaignID** Campaign ID being run. +- **ClientID** Client ID being run. +- **CoordinatorVersion** Coordinator version of DTU. +- **CV** Correlation vector. +- **hResult** HRESULT of the failure. ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSelection @@ -3927,28 +3924,28 @@ Ensures Windows Updates are secure and complete. Event helps to identify whether The following fields are available: - **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request. -- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. -- **EventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc. -- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. +- **EndpointUrl** The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments. +- **EventScenario** The purpose of this event, such as scan started, scan succeeded, or scan failed. +- **ExtendedStatusCode** The secondary status code of the event. - **LeafCertId** Integral ID from the FragmentSigning data for certificate that failed. - **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. -- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce +- **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce - **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID). -- **RawMode** Raw unparsed mode string from the SLS response. May be null if not applicable. +- **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable. - **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable. - **RevisionId** The revision ID for a specific piece of content. - **RevisionNumber** The revision number for a specific piece of content. -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc) +- **ServiceGuid** Identifies the service to which the software distribution client is connected, Example: Windows Update or Windows Store - **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate. - **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate. -- **SHA256OfTimestampToken** Base64 string of hash of the timestamp token blob +- **SHA256OfTimestampToken** A base64-encoded string of hash of the timestamp token blob. - **SignatureAlgorithm** The hash algorithm for the metadata signature. -- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". -- **StatusCode** Result code of the event (success, cancellation, failure code HResult) -- **TimestampTokenCertThumbprint** Thumbprint of the encoded timestamp token. -- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is itself malformed and decoding failed. +- **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast +- **StatusCode** The status code of the event. +- **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token. +- **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed. - **UpdateId** The update ID for a specific piece of content. -- **ValidityWindowInDays** Validity window in effect when verifying the timestamp +- **ValidityWindowInDays** The validity window that's in effect when verifying the timestamp. ## Update events @@ -4137,7 +4134,7 @@ The following fields are available: - **ScenarioId** Indicates the update scenario. - **SessionId** Unique value for each update attempt. - **SetupMode** Mode of setup to be launched. -- **UpdateId** Unique ID for each Update. +- **UpdateId** Unique ID for each update. - **UserSession** Indicates whether install was invoked by user actions. @@ -4174,10 +4171,10 @@ The following fields are available: - **key23** UI interaction data - **key24** UI interaction data - **key25** UI interaction data -- **key26** UI interaction data +- **key26** Interaction data for the UI - **key27** UI interaction data -- **key28** Interaction data for the UI -- **key29** Interaction data for the UI +- **key28** UI interaction data +- **key29** UI interaction data - **key3** UI interaction data - **key30** UI interaction data - **key4** UI interaction data @@ -4185,8 +4182,8 @@ The following fields are available: - **key6** UI interaction data - **key7** UI interaction data - **key8** UI interaction data -- **key9** Current package version of UNP -- **PackageVersion** UI interaction type +- **key9** UI interaction data +- **PackageVersion** Current package version of UNP - **schema** UI interaction type @@ -4558,7 +4555,7 @@ The following fields are available: ### Microsoft.Windows.WER.MTT.Denominator -This event provides a denominator to calculate MTTF (mean-time-to-failure) for crashes and other errors to help keep Windows up to date. +No content is currently available. The following fields are available: @@ -4567,7 +4564,7 @@ The following fields are available: ### Microsoft.Windows.WER.MTT.Value -This is used for differential privacy. +This event is used for differential privacy. The following fields are available: @@ -4604,7 +4601,7 @@ The following fields are available: - **ProductId** The identity of the package or packages being installed. - **SystemAttemptNumber** The total number of automatic attempts at installation before it was canceled. - **UserAttemptNumber** The total number of user attempts at installation before it was canceled. -- **WUContentId** The Windows Update content ID +- **WUContentId** No content is currently available. ### Microsoft.Windows.StoreAgent.Telemetry.BeginGetInstalledContentIds @@ -4644,12 +4641,12 @@ The following fields are available: - **RelatedCV** Correlation Vector of a previous performed action on this product. - **SystemAttemptNumber** Total number of automatic attempts to install before it was canceled. - **UserAttemptNumber** Total number of user attempts to install before it was canceled. -- **WUContentId** The Windows Update content ID +- **WUContentId** No content is currently available. ### Microsoft.Windows.StoreAgent.Telemetry.CompleteInstallOperationRequest -This event is sent after the app installations or updates. It's used to help keep Windows up-to-date and secure +No content is currently available. The following fields are available: @@ -4682,12 +4679,12 @@ The following fields are available: - **ProductId** The Store Product ID for the product being installed. - **SystemAttemptNumber** The number of attempts by the system to acquire this product. - **UserAttemptNumber** The number of attempts by the user to acquire this product -- **WUContentId** The Windows Update content ID +- **WUContentId** No content is currently available. ### Microsoft.Windows.StoreAgent.Telemetry.EndDownload -This event happens during the app update or installation when content is being downloaded at the end of the process to report success or failure. It's used to help keep Windows up-to-date and secure. +This event is sent after an app is downloaded to help keep Windows up-to-date and secure. The following fields are available: @@ -4715,7 +4712,7 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.EndFrameworkUpdate -This event happens when an app update requires an updated Framework package and the process starts to download it. It's used to help keep Windows up-to-date and secure. +This event is sent when an app update requires an updated Framework package and the process starts to download it. It is used to help keep Windows up-to-date and secure. The following fields are available: @@ -4733,7 +4730,7 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.EndInstall -This event is sent after a product has been installed. It's used to help keep Windows up-to-date and secure. +This event is sent after a product has been installed to help keep Windows up-to-date and secure. The following fields are available: @@ -4755,7 +4752,7 @@ The following fields are available: - **ProductId** The Store Product ID for the product being installed. - **SystemAttemptNumber** The total number of system attempts. - **UserAttemptNumber** The total number of user attempts. -- **WUContentId** The Windows Update content ID +- **WUContentId** No content is currently available. ### Microsoft.Windows.StoreAgent.Telemetry.EndScanForUpdates @@ -4794,12 +4791,12 @@ The following fields are available: - **ProductId** The Store Product ID for the product being installed. - **SystemAttemptNumber** The total number of system attempts. - **UserAttemptNumber** The total number of user attempts. -- **WUContentId** The Windows Update content ID +- **WUContentId** No content is currently available. ### Microsoft.Windows.StoreAgent.Telemetry.EndStageUserData -This event is sent between download and installation to see if there is app data that needs to be restored from the cloud. It's used to keep Windows up-to-date and secure. +No content is currently available. The following fields are available: @@ -4820,7 +4817,7 @@ The following fields are available: - **ProductId** The Store Product ID for the product being installed. - **SystemAttemptNumber** The total number of system attempts. - **UserAttemptNumber** The total number of system attempts. -- **WUContentId** The Windows Update content ID +- **WUContentId** No content is currently available. ### Microsoft.Windows.StoreAgent.Telemetry.EndUpdateMetadataPrepare @@ -4834,31 +4831,31 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentComplete -The FulfillmentComplete event is fired at the end of an app install or update. We use this to track the very end of the install/update process. StoreAgent events are needed to help keep Windows pre-installed 1st party apps up to date and secure, such as the mail and calendar apps. App update failure can be unique across devices and without this data from every device we will not be able to track the success/failure and fix any future vulnerabilities related to these built in Windows Apps. +No content is currently available. The following fields are available: -- **CatalogId** The CatalogId is the name of the product catalog from which this app was chosen. -- **FailedRetry** Was the installation or update retry successful? -- **HResult** The HResult code of the operation. -- **PFN** The Package Family Name of the app that is being installed or updated. -- **ProductId** The product ID of the app that is being updated or installed. +- **CatalogId** No content is currently available. +- **FailedRetry** No content is currently available. +- **HResult** Resulting HResult error/success code of this call +- **PFN** Package Family Name of the app that being installed or updated +- **ProductId** Product Id of the app that is being updated or installed ### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate -The FulfillmentInitiate event is fired at the start of an app install or update. We use this to track the very beginning of the install/update process. StoreAgent events are needed to help keep Windows pre-installed 1st party apps up to date and secure, such as the mail and calendar apps. App update failure can be unique across devices and without this data from every device we will not be able to track the success/failure and fix any future vulnerabilities related to these built in Windows Apps. +No content is currently available. The following fields are available: -- **CatalogId** The CatalogId is the name of the product catalog from which this app was chosen. +- **CatalogId** No content is currently available. - **PFN** The Package Family Name of the app that is being installed or updated. - **ProductId** The product ID of the app that is being updated or installed. ### Microsoft.Windows.StoreAgent.Telemetry.InstallOperationRequest -This event happens at the beginning of the install process when an app update or new app is installed. It's used to help keep Windows up-to-date and secure. +No content is currently available. The following fields are available: @@ -4871,7 +4868,7 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.PauseInstallation -This event is sent when a product install or update is paused either by a user or the system. It's used to help keep Windows up-to-date and secure. +No content is currently available. The following fields are available: @@ -4894,12 +4891,12 @@ The following fields are available: - **RelatedCV** Correlation Vector of a previous performed action on this product. - **SystemAttemptNumber** The total number of system attempts. - **UserAttemptNumber** The total number of user attempts. -- **WUContentId** The Windows Update content ID +- **WUContentId** No content is currently available. ### Microsoft.Windows.StoreAgent.Telemetry.ResumeInstallation -This event happens when a product install or update is resumed either by a user or the system. It's used to help keep Windows up-to-date and secure. +No content is currently available. The following fields are available: @@ -4924,12 +4921,12 @@ The following fields are available: - **RelatedCV** Correlation Vector for the original install before it was resumed. - **SystemAttemptNumber** The total number of system attempts. - **UserAttemptNumber** The total number of user attempts. -- **WUContentId** The Windows Update content ID +- **WUContentId** No content is currently available. ### Microsoft.Windows.StoreAgent.Telemetry.ResumeOperationRequest -This event happens when a product install or update is resumed by a user and on installation retries. It's used to help keep Windows up-to-date and secure. +No content is currently available. The following fields are available: @@ -4938,7 +4935,7 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.SearchForUpdateOperationRequest -This event is sent when searching for update packages to install. It's used to help keep Windows up-to-date and secure. +No content is currently available. The following fields are available: @@ -4949,7 +4946,7 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.UpdateAppOperationRequest -This event occurs when an update is requested for an app to help keep Windows up-to-date and secure. +No content is currently available. The following fields are available: @@ -4966,7 +4963,7 @@ The following fields are available: - **current** Result of currency check. - **dismOperationSucceeded** Dism uninstall operation status. -- **hResult** Failure error code. +- **hResult** Failure Error code. - **oSVersion** Build number of the device. - **paused** Indicates whether the device is paused. - **rebootRequestSucceeded** Reboot CSP call success status. @@ -5051,7 +5048,7 @@ The following fields are available: - **background** Indicates whether the download is happening in the background. - **bytesRequested** Number of bytes requested for the download. - **callerName** Name of the API caller. -- **cdnUrl** Url of the source CDN +- **cdnUrl** The URL of the source CDN. - **costFlags** A set of flags representing network cost. - **deviceProfile** Identifies the usage or form factor (such as Desktop, Xbox, or VM). - **diceRoll** Random number used for determining if a client will use peering. @@ -5446,9 +5443,9 @@ The following fields are available: - **deferReason** Reason why the device could not check for updates. - **detectionBlockingPolicy** State of update action. -- **detectionBlockreason** If we retry to scan +- **detectionBlockreason** Reason for blocking detection - **detectionRetryMode** Indicates whether we will try to scan again. -- **errorCode** State of update action +- **errorCode** Error info - **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. - **flightID** The specific ID of the Windows Insider build the device is getting. - **interactive** Indicates whether the session was user initiated. @@ -5456,7 +5453,7 @@ The following fields are available: - **revisionNumber** Update revision number. - **scanTriggerSource** Source of the triggered scan. - **updateId** Update ID. -- **updateScenarioType** Update Session type +- **updateScenarioType** Source of the triggered scan - **wuDeviceid** Device ID @@ -5617,7 +5614,7 @@ The following fields are available: - **deferReason** Reason for install not completing. - **errorCode** The error code reppresented by a hexadecimal value. - **eventScenario** End-to-end update session ID. -- **flightID** The specific ID of the Windows Insider build the device is getting. +- **flightID** Unique update ID - **flightUpdate** Indicates whether the update is a Windows Insider build. - **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates. - **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress. @@ -5852,8 +5849,8 @@ This event is sent when MUSE broker schedules a task. The following fields are available: -- **TaskArgument** The arguments with which the task is scheduled. -- **TaskName** Name of the task. +- **TaskArgument** The arguments which the task is scheduled with +- **TaskName** Name of the task ## Windows Update mitigation events From 5d3e220d7667a53610e3a644271f490da3cfe492 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Wed, 29 Aug 2018 14:40:15 -0700 Subject: [PATCH 10/24] new build --- ...ndows-diagnostic-events-and-fields-1803.md | 102 ++++++++---------- 1 file changed, 45 insertions(+), 57 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index 1fcb6c7793..4187640306 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -83,22 +83,22 @@ The following fields are available: - **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device. - **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. - **InventoryApplicationFile** The count of the number of this particular object type present on this device. -- **InventoryLanguagePack** The count of the number of this particular object type present on this device. +- **InventoryLanguagePack** The count of InventoryLanguagePack objects present on this machine. - **InventoryMediaCenter** The count of the number of this particular object type present on this device. - **InventorySystemBios** The count of the number of this particular object type present on this device. - **InventoryTest** The count of the number of this particular object type present on this device. - **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device. -- **PCFP** The count of the number of this particular object type present on this device. -- **SystemMemory** The count of the number of this particular object type present on this device. +- **PCFP** An ID for the system, calculated by hashing hardware identifiers. +- **SystemMemory** The count of SystemMemory objects present on this machine. - **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device. - **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device. -- **SystemProcessorNx** The count of the number of this particular object type present on this device. -- **SystemProcessorPrefetchW** The count of the number of this particular object type present on this device. -- **SystemProcessorSse2** The count of the number of this particular object type present on this device. -- **SystemTouch** The count of the number of this particular object type present on this device. -- **SystemWim** The count of the number of this particular object type present on this device. -- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device. -- **SystemWlan** The count of the number of this particular object type present on this device. +- **SystemProcessorNx** The count of SystemProcessorNx objects present on this machine. +- **SystemProcessorPrefetchW** The count of SystemProcessorPrefetchW objects present on this machine. +- **SystemProcessorSse2** The count of SystemProcessorSse2 objects present on this machine. +- **SystemTouch** The count of SystemTouch objects present on this machine. +- **SystemWim** The count of SystemWim objects present on this machine. +- **SystemWindowsActivationStatus** The count of SystemWindowsActivationStatus objects present on this machine. +- **SystemWlan** The count of SystemWlan objects present on this machine. - **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device. @@ -154,7 +154,6 @@ The following fields are available: - **ActiveNetworkConnection** Is the device an active network device? - **AppraiserVersion** The version of the appraiser file generating the events. - **IsBootCritical** Is the device boot critical? -- **SdbEntries** An array of fields indicating the SDB entries that apply to this device. - **WuDriverCoverage** Is there a driver uplevel for this device according to Windows Update? - **WuDriverUpdateId** The Windows Update ID of the applicable up-level driver - **WuPopulatedFromId** The expected up-level driver matching ID based on driver coverage from Windows Update @@ -291,7 +290,6 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: - **AppraiserVersion** The version of the appraiser file generating the events. -- **SdbEntries** Deprecated in RS3. ### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeRemove @@ -1733,7 +1731,6 @@ The following fields are available: - **ext_container** Describes the properties of the container for events logged within a container. See [Common Data Extensions.container](#common-data-extensionscontainer). - **ext_cs** Describes properties related to the schema of the event. See [Common Data Extensions.cs](#common-data-extensionscs). - **ext_device** Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice). -- **ext_ingest** Describes the fields added dynamically by the service. See [Common Data Extensions.ingest](#common-data-extensionsingest). - **ext_os** Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos). - **ext_receipts** Describes the fields related to time as provided by the client for debugging purposes. See [Common Data Extensions.receipts](#common-data-extensionsreceipts). - **ext_sdk** Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk). @@ -1748,15 +1745,6 @@ The following fields are available: - **ver** Represents the major and minor version of the extension. -### Common Data Extensions.ingest - -Describes the fields that are added by the ingestion service. - -The following fields are available: - -- **processedIngest** If the event already had an ingest extension and the client was authenticated as a first party, the ingest extension will be inserted as processedIngest. - - ### Common Data Extensions.os Describes some properties of the operating system. @@ -1912,7 +1900,7 @@ The following fields are available: - **ClientId** Client ID of user utilizing the D360 API - **FlightId** Flight being used -- **Quiet** Whether Setup run in quiet mode or in full +- **Quiet** Whether Setup will run in quiet mode or in full - **RelatedCV** CV of any other related events - **SetupMode** Phase Setup is in @@ -1926,9 +1914,9 @@ The following fields are available: - **ClientId** Client ID of user utilizing the D360 API - **ErrorCode** Error code of action - **FlightId** Flight being used -- **Quiet** Whether Setup will run in quiet mode or in full -- **RelatedCV** Correlation vector of any other related events -- **SetupMode** Phase that Setup is in +- **Quiet** Whether Setup run in quiet mode or in full +- **RelatedCV** CV of any other related events +- **SetupMode** Phase Setup is in ### DeploymentTelemetry.Deployment_Start @@ -2331,11 +2319,11 @@ Event to indicate that the Coordinator WaitForRebootUi call succeeded. The following fields are available: -- **CampaignID** Campaign ID being run. -- **ClientID** Client ID being run. -- **CoordinatorVersion** Coordinator version of DTU. -- **CV** Correlation vector. -- **hResult** HRESULT of the failure. +- **CampaignID** Campaign ID being run +- **ClientID** Client ID being run +- **CoordinatorVersion** Coordinator version of DTU +- **CV** Correlation vector +- **hResult** HRESULT of the failure ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSelection @@ -3716,7 +3704,7 @@ Download process event for target update on Windows Update client. See EventScen The following fields are available: -- **ActiveDownloadTime** Number of seconds the update was actively being downloaded. +- **ActiveDownloadTime** How long the download took, in seconds, excluding time where the update wasn't actively being downloaded.Number of seconds the update was actively being downloaded. - **AppXBlockHashValidationFailureCount** A count of the number of blocks that have failed validation after being downloaded. - **AppXDownloadScope** Indicates the scope of the download for application content. For streaming install scenarios, AllContent - non-streaming download, RequiredOnly - streaming download requested content required for launch, AutomaticOnly - streaming download requested automatic streams for the app, and Unknown - for events sent before download scope is determined by the Windows Update client. - **BiosFamily** The family of the BIOS (Basic Input Output System). @@ -3931,7 +3919,7 @@ The following fields are available: - **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. - **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce - **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID). -- **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable. +- **RawMode** Raw unparsed mode string from the SLS response. May be null if not applicable. - **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable. - **RevisionId** The revision ID for a specific piece of content. - **RevisionNumber** The revision number for a specific piece of content. @@ -3942,10 +3930,10 @@ The following fields are available: - **SignatureAlgorithm** The hash algorithm for the metadata signature. - **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast - **StatusCode** The status code of the event. -- **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token. +- **TimestampTokenCertThumbprint** Thumbprint of the encoded timestamp token. - **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed. - **UpdateId** The update ID for a specific piece of content. -- **ValidityWindowInDays** The validity window that's in effect when verifying the timestamp. +- **ValidityWindowInDays** Validity window in effect when verifying the timestamp ## Update events @@ -4171,16 +4159,16 @@ The following fields are available: - **key23** UI interaction data - **key24** UI interaction data - **key25** UI interaction data -- **key26** Interaction data for the UI +- **key26** UI interaction data - **key27** UI interaction data - **key28** UI interaction data -- **key29** UI interaction data +- **key29** Interaction data for the UI - **key3** UI interaction data - **key30** UI interaction data - **key4** UI interaction data - **key5** UI interaction data -- **key6** UI interaction data -- **key7** UI interaction data +- **key6** Current package version of UNP +- **key7** UI interaction type - **key8** UI interaction data - **key9** UI interaction data - **PackageVersion** Current package version of UNP @@ -4555,7 +4543,7 @@ The following fields are available: ### Microsoft.Windows.WER.MTT.Denominator -No content is currently available. +This event provides a denominator to calculate MTTF (mean-time-to-failure) for crashes and other errors, to help keep Windows up to date. The following fields are available: @@ -4837,9 +4825,9 @@ The following fields are available: - **CatalogId** No content is currently available. - **FailedRetry** No content is currently available. -- **HResult** Resulting HResult error/success code of this call -- **PFN** Package Family Name of the app that being installed or updated -- **ProductId** Product Id of the app that is being updated or installed +- **HResult** The HResult code of the operation. +- **PFN** The Package Family Name of the app that is being installed or updated. +- **ProductId** The product ID of the app that is being updated or installed. ### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate @@ -5008,12 +4996,12 @@ The following fields are available: - **oSVersion** Build number of the device. - **paused** Indicates whether the device is paused. - **rebootRequestSucceeded** Reboot CSP call success status -- **wUfBConnected** Result of WUfB connection check +- **wUfBConnected** Result of Windows Update for Business connection check. ### Microsoft.Windows.UpdateCsp.ExecuteRollBackQualityNotApplicable -This event informs you whether a rollback of Quality updates is applicable to the devices for that you are attempting to rollback. +This event informs you whether a rollback of Quality updates is applicable to the devices that you are attempting to rollback. The following fields are available: @@ -5054,7 +5042,7 @@ The following fields are available: - **diceRoll** Random number used for determining if a client will use peering. - **doClientVersion** The version of the Delivery Optimization client. - **doErrorCode** The Delivery Optimization error code that was returned. -- **downloadMode** The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100). +- **downloadMode** The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100).) - **downloadModeSrc** Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9). - **errorCode** The error code that was returned. - **experimentId** ID used to correlate client/services calls that are part of the same test during A/B testing. @@ -5087,21 +5075,21 @@ This event collects information regarding the state of devices and drivers on th The following fields are available: - **activated** Whether the entire device manifest update is considered activated and in use. -- **analysisErrorCount** How many driver packages that could not be analyzed because errors were hit during the analysis. +- **analysisErrorCount** How many driver packages could not be analyzed because errors were hit during the analysis. - **flightId** Unique ID for each flight. -- **missingDriverCount** How many driver packages that were delivered by the device manifest that are missing from the system. -- **missingUpdateCount** How many updates that were part of the device manifest that are missing from the system. +- **missingDriverCount** How many driver packages that were delivered by the device manifest are missing from the system. +- **missingUpdateCount** How many updates that were part of the device manifest are missing from the system. - **objectId** Unique value for each diagnostics session. -- **publishedCount** How many drivers packages that were delivered by the device manifest that are published and available to be used on devices. +- **publishedCount** How many drivers packages that were delivered by the device manifest are published and available to be used on devices. - **relatedCV** Correlation vector value generated from the latest USO scan. - **scenarioId** Indicates the update scenario. - **sessionId** Unique value for each update session. -- **summary** A summary string that contains some basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match on. +- **summary** A summary string that contains some basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match. - **summaryAppendError** A Boolean indicating if there was an error appending more information to the summary string. -- **truncatedDeviceCount** How many devices are missing from the summary string due to there not being enough room in the string. -- **truncatedDriverCount** How many driver packages are missing from the summary string due to there not being enough room in the string. +- **truncatedDeviceCount** How many devices are missing from the summary string because there is not enough room in the string. +- **truncatedDriverCount** How many driver packages are missing from the summary string because there is not enough room in the string. - **unpublishedCount** How many drivers packages that were delivered by the device manifest that are still unpublished and unavailable to be used on devices. -- **updateId** Unique ID for each Update. +- **updateId** Unique ID for each update. ### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentCommit @@ -5443,7 +5431,7 @@ The following fields are available: - **deferReason** Reason why the device could not check for updates. - **detectionBlockingPolicy** State of update action. -- **detectionBlockreason** Reason for blocking detection +- **detectionBlockreason** If we retry to scan - **detectionRetryMode** Indicates whether we will try to scan again. - **errorCode** Error info - **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. @@ -5453,7 +5441,7 @@ The following fields are available: - **revisionNumber** Update revision number. - **scanTriggerSource** Source of the triggered scan. - **updateId** Update ID. -- **updateScenarioType** Source of the triggered scan +- **updateScenarioType** Update Session type - **wuDeviceid** Device ID @@ -5834,7 +5822,7 @@ The following fields are available: - **scheduledRebootTime** Time scheduled for the reboot. - **scheduledRebootTimeInUTC** Time scheduled for the reboot, in UTC. - **updateId** Identifies which update is being scheduled. -- **wuDeviceid** Unique DeviceID +- **wuDeviceid** Unique device ID used by Windows Update. ### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerFirstReadyToReboot From 8844a3bfdcaae06632832bf44552ef870da7acb0 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Thu, 30 Aug 2018 08:41:44 -0700 Subject: [PATCH 11/24] new build --- ...ndows-diagnostic-events-and-fields-1803.md | 365 +++++++++--------- 1 file changed, 182 insertions(+), 183 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index 4187640306..667d057d3b 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -9,7 +9,7 @@ ms.pagetype: security localizationpriority: high author: brianlic-msft ms.author: brianlic -ms.date: 08/29/2018 +ms.date: 08/30/2018 --- @@ -83,22 +83,22 @@ The following fields are available: - **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device. - **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. - **InventoryApplicationFile** The count of the number of this particular object type present on this device. -- **InventoryLanguagePack** The count of InventoryLanguagePack objects present on this machine. +- **InventoryLanguagePack** The count of the number of this particular object type present on this device. - **InventoryMediaCenter** The count of the number of this particular object type present on this device. - **InventorySystemBios** The count of the number of this particular object type present on this device. - **InventoryTest** The count of the number of this particular object type present on this device. - **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device. - **PCFP** An ID for the system, calculated by hashing hardware identifiers. -- **SystemMemory** The count of SystemMemory objects present on this machine. +- **SystemMemory** The count of the number of this particular object type present on this device. - **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device. - **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device. -- **SystemProcessorNx** The count of SystemProcessorNx objects present on this machine. -- **SystemProcessorPrefetchW** The count of SystemProcessorPrefetchW objects present on this machine. -- **SystemProcessorSse2** The count of SystemProcessorSse2 objects present on this machine. +- **SystemProcessorNx** The count of the number of this particular object type present on this device. +- **SystemProcessorPrefetchW** The count of the number of this particular object type present on this device. +- **SystemProcessorSse2** The count of the number of this particular object type present on this device. - **SystemTouch** The count of SystemTouch objects present on this machine. -- **SystemWim** The count of SystemWim objects present on this machine. +- **SystemWim** The count of the number of this particular object type present on this device. - **SystemWindowsActivationStatus** The count of SystemWindowsActivationStatus objects present on this machine. -- **SystemWlan** The count of SystemWlan objects present on this machine. +- **SystemWlan** The count of the number of this particular object type present on this device. - **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device. @@ -145,7 +145,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd -This event sends compatibility data for a PNP device, to help keep Windows up-to-date. +This event sends compatibility data for a PNP device, to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -155,7 +155,7 @@ The following fields are available: - **AppraiserVersion** The version of the appraiser file generating the events. - **IsBootCritical** Is the device boot critical? - **WuDriverCoverage** Is there a driver uplevel for this device according to Windows Update? -- **WuDriverUpdateId** The Windows Update ID of the applicable up-level driver +- **WuDriverUpdateId** The Windows Update ID of the applicable uplevel driver - **WuPopulatedFromId** The expected up-level driver matching ID based on driver coverage from Windows Update @@ -183,7 +183,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageAdd -This event sends compatibility database data about driver packages to help keep Windows up-to-date. +This event sends compatibility database data about driver packages to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -223,7 +223,6 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: - **AppraiserVersion** The version of the appraiser file generating the events. -- **SdbEntries** No content is currently available. ### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockRemove @@ -1914,9 +1913,9 @@ The following fields are available: - **ClientId** Client ID of user utilizing the D360 API - **ErrorCode** Error code of action - **FlightId** Flight being used -- **Quiet** Whether Setup run in quiet mode or in full -- **RelatedCV** CV of any other related events -- **SetupMode** Phase Setup is in +- **Quiet** Whether Setup will run in quiet mode or in full +- **RelatedCV** Correlation vector of any other related events +- **SetupMode** Phase that Setup is in ### DeploymentTelemetry.Deployment_Start @@ -1978,13 +1977,13 @@ This event sends data about the health and quality of the diagnostic data from t The following fields are available: - **AgentConnectionErrorsCount** Number of non-timeout errors associated with the host/agent channel. -- **CensusExitCode** Last exit code of Census task. +- **CensusExitCode** Last exit code of�Census task. - **CensusStartTime** Time of last Census run. - **CensusTaskEnabled** True if Census is enabled, false otherwise. - **CompressedBytesUploaded** Number of compressed bytes uploaded. - **ConsumerDroppedCount** Number of events dropped at consumer layer of telemetry client. - **CriticalDataDbDroppedCount** Number of critical data sampled events dropped at the database layer. -- **CriticalDataThrottleDroppedCount** Number of critical data sampled events dropped due to throttling. +- **CriticalDataThrottleDroppedCount** Number of critical data sampled events dropped due to�throttling. - **CriticalOverflowEntersCounter** Number of times critical overflow mode was entered in event DB. - **DbCriticalDroppedCount** Total number of dropped critical events in event DB. - **DbDroppedCount** Number of events dropped due to DB fullness. @@ -2008,14 +2007,14 @@ The following fields are available: - **LastAgentConnectionError** Last non-timeout error encountered in the host/agent channel. - **LastEventSizeOffender** Event name of last event which exceeded max event size. - **LastInvalidHttpCode** Last invalid HTTP code received from Vortex. -- **MaxActiveAgentConnectionCount** Maximum number of active agents during this heartbeat timeframe. +- **MaxActiveAgentConnectionCount** Maximum number of active agents during this�heartbeat timeframe. - **MaxInUseScenarioCounter** Soft maximum number of scenarios loaded by UTC. - **PreviousHeartBeatTime** Time of last heartbeat event (allows chaining of events). - **SettingsHttpAttempts** Number of attempts to contact OneSettings service. -- **SettingsHttpFailures** Number of failures from contacting OneSettings service. +- **SettingsHttpFailures** Number of failures from contacting�OneSettings service. - **ThrottledDroppedCount** Number of events dropped due to throttling of noisy providers. - **UploaderDroppedCount** Number of events dropped at the uploader layer of telemetry client. -- **VortexFailuresTimeout** Number of time out failures received from Vortex. +- **VortexFailuresTimeout** Number of time out failures�received from Vortex. - **VortexHttpAttempts** Number of attempts to contact Vortex. - **VortexHttpFailures4xx** Number of 400-499 error codes received from Vortex. - **VortexHttpFailures5xx** Number of 500-599 error codes received from Vortex. @@ -3918,22 +3917,22 @@ The following fields are available: - **LeafCertId** Integral ID from the FragmentSigning data for certificate that failed. - **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. - **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce -- **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID). -- **RawMode** Raw unparsed mode string from the SLS response. May be null if not applicable. +- **MetadataSignature** Base64 string of the signature associated with the update metadata (specified by revision id) +- **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable. - **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable. -- **RevisionId** The revision ID for a specific piece of content. -- **RevisionNumber** The revision number for a specific piece of content. +- **RevisionId** Identifies the revision of this specific piece of content +- **RevisionNumber** Identifies the revision number of this specific piece of content - **ServiceGuid** Identifies the service to which the software distribution client is connected, Example: Windows Update or Windows Store - **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate. -- **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate. -- **SHA256OfTimestampToken** A base64-encoded string of hash of the timestamp token blob. -- **SignatureAlgorithm** The hash algorithm for the metadata signature. +- **SHA256OfLeafCertPublicKey** Base64 encoding of hash of the Base64CertData in the FragmentSigning data of leaf certificate. +- **SHA256OfTimestampToken** Base64 string of hash of the timestamp token blob +- **SignatureAlgorithm** Hash algorithm for the metadata signature - **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast - **StatusCode** The status code of the event. -- **TimestampTokenCertThumbprint** Thumbprint of the encoded timestamp token. -- **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed. -- **UpdateId** The update ID for a specific piece of content. -- **ValidityWindowInDays** Validity window in effect when verifying the timestamp +- **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token. +- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is itself malformed and decoding failed. +- **UpdateId** Identifier associated with the specific piece of content +- **ValidityWindowInDays** The validity window that's in effect when verifying the timestamp. ## Update events @@ -3961,11 +3960,11 @@ This event sends data for the download request phase of updating Windows via the The following fields are available: - **DeletedCorruptFiles** Boolean indicating whether corrupt payload was deleted. -- **DownloadRequests** No content is currently available. +- **DownloadRequests** Number of times a download was retried. - **ErrorCode** The error code returned for the current download request phase. -- **ExtensionName** No content is currently available. +- **ExtensionName** Indicates whether the payload is related to Operating System content or a plugin. - **FlightId** Unique ID for each flight. -- **InternalFailureResult** No content is currently available. +- **InternalFailureResult** Indicates a non-fatal error from a plugin. - **ObjectId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360) - **PackageCountOptional** Number of optional packages requested. - **PackageCountRequired** Number of required packages requested. @@ -4046,9 +4045,9 @@ This event sends data for the install phase of updating Windows. The following fields are available: - **ErrorCode** The error code returned for the current install phase. -- **ExtensionName** No content is currently available. +- **ExtensionName** Indicates whether the payload is related to Operating System content or a plugin. - **FlightId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360). -- **InternalFailureResult** No content is currently available. +- **InternalFailureResult** Indicates a non-fatal error from a plugin. - **ObjectId** Correlation vector value generated from the latest USO scan. - **RelatedCV** Correlation vector value generated from the latest USO scan. - **Result** The result for the current install phase. @@ -4130,17 +4129,17 @@ The following fields are available: ### Microsoft.Windows.UpdateNotificationPipeline.JavascriptJavascriptCriticalGenericMessage -Event to indicate that Javascript is reporting a schema and a set of values for critical telemetry. +This event indicates that Javascript is reporting a schema and a set of values for critical telemetry. The following fields are available: -- **CampaignConfigVersion** Config version of current campaign -- **CampaignID** Currently running campaign on UNP -- **ConfigCatalogVersion** Current catalog version of UNP -- **ContentVersion** Content version of the current campaign on UNP -- **CV** Correlation vector -- **DetectorVersion** Most recently run detector version for the current campaign on UNP -- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user +- **CampaignConfigVersion** Configuration version of the current campaign. +- **CampaignID** ID of the currently running campaign. +- **ConfigCatalogVersion** Current catalog version of the update notification. +- **ContentVersion** Content version of the current update notification campaign. +- **CV** Correlation vector. +- **DetectorVersion** Most recently run detector version for the current campaign. +- **GlobalEventCounter** Client side counter that indicates the ordering of events sent by this user. - **key1** UI interaction data - **key10** UI interaction data - **key11** UI interaction data @@ -4153,42 +4152,42 @@ The following fields are available: - **key18** UI interaction data - **key19** UI interaction data - **key2** UI interaction data -- **key20** UI interaction data -- **key21** UI interaction data -- **key22** UI interaction data -- **key23** UI interaction data -- **key24** UI interaction data -- **key25** UI interaction data -- **key26** UI interaction data -- **key27** UI interaction data -- **key28** UI interaction data -- **key29** Interaction data for the UI +- **key20** Interaction data for the UI +- **key21** Interaction data for the UI +- **key22** Interaction data for the UI +- **key23** Interaction data for the UI +- **key24** Interaction data for the UI +- **key25** Interaction data for the UI +- **key26** Interaction data for the UI +- **key27** Interaction data for the UI +- **key28** Interaction data for the UI +- **key29** UI interaction data - **key3** UI interaction data - **key30** UI interaction data - **key4** UI interaction data - **key5** UI interaction data -- **key6** Current package version of UNP -- **key7** UI interaction type +- **key6** UI interaction data +- **key7** UI interaction data - **key8** UI interaction data - **key9** UI interaction data -- **PackageVersion** Current package version of UNP -- **schema** UI interaction type +- **PackageVersion** Current package version of the update notification. +- **schema** UI interaction type. ### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignHeartbeat -This event is sent at the start of each campaign, to be used as a heartbeat +This event is sent at the start of each campaign, to be used as a heartbeat. The following fields are available: -- **CampaignConfigVersion** Configuration version for the current campaign -- **CampaignID** Currently campaign that's running on UNP -- **ConfigCatalogVersion** Current catalog version of UNP -- **ContentVersion** Content version for the current campaign on UNP -- **CV** Correlation vector -- **DetectorVersion** Most recently run detector version for the current campaign on UNP -- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user -- **PackageVersion** Current UNP package version +- **CampaignConfigVersion** Configuration version for the current campaign. +- **CampaignID** Current campaign that is running on Update Notification Pipeline. +- **ConfigCatalogVersion** Current catalog version of Update Notification Pipeline. +- **ContentVersion** Content version for the current campaign on Update Notification Pipeline. +- **CV** Correlation vector. +- **DetectorVersion** Most recently run detector version for the current campaign on Update Notification Pipeline. +- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user. +- **PackageVersion** Current package version for Update Notification Pipeline. ### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignManagerCleaningCampaign @@ -4261,16 +4260,16 @@ The following fields are available: ### FacilitatorTelemetry.DCATDownload -Datapoint that determines whether or not machines received additional/critical supplemental content during an OS Upgrade. +This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up-to-date and secure. The following fields are available: - **DownloadSize** Download size of payload. - **ElapsedTime** Time taken to download payload. -- **MediaFallbackUsed** Used to determine if we used Media CompDBs to figure out package requirements for upgrade -- **ResultCode** Result returned by Facilitator’s DCAT call -- **Scenario** Dynamic Update scenario (Image DU, or Setup DU) -- **Type** Which type of package was downloaded +- **MediaFallbackUsed** Used to determine if we used Media CompDBs to figure out package requirements for the upgrade. +- **ResultCode** Result returned by the Facilitator DCAT call. +- **Scenario** Dynamic Update scenario (Image DU, or Setup DU). +- **Type** Type of package that was downloaded. ### FacilitatorTelemetry.InitializeDU @@ -4288,7 +4287,7 @@ The following fields are available: ### Setup360Telemetry.Downlevel -This event sends data indicating that the device has invoked the downlevel phase of the upgrade. It's used to help keep Windows up-to-date and secure. +This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up-to-date and secure. The following fields are available: @@ -4298,19 +4297,19 @@ The following fields are available: - **HostOsSkuName** The operating system edition which is running Setup360 instance (downlevel OS). - **InstanceId** A unique GUID that identifies each instance of setuphost.exe. - **ReportId** In the Windows Update scenario, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. -- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback -- **Setup360Result** The result of Setup360. It's an HRESULT error code that can be used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT +- **Setup360Extended** More detailed information about phase/action when the potential failure occurred. +- **Setup360Mode** The phase of Setup360 (for example, Predownload, Install, Finalize, Rollback). +- **Setup360Result** The result of Setup360 (HRESULT used to diagnose errors). +- **Setup360Scenario** The Setup360 flow type (for example, Boot, Media, Update, MCT). - **SetupVersionBuildNumber** The build number of Setup360 (build number of the target OS). -- **State** Exit state of given Setup360 run. Example: succeeded, failed, blocked, cancelled -- **TestId** A string that uniquely identifies a group of events. +- **State** Exit state of given Setup360 run. Example: succeeded, failed, blocked, cancelled. +- **TestId** An ID that uniquely identifies a group of events. - **WuId** This is the Windows Update Client ID. In the Windows Update scenario, this is the same as the clientId. ### Setup360Telemetry.Finalize -This event sends data indicating that the device has invoked the finalize phase of the upgrade, to help keep Windows up-to-date. +This event sends data indicating that the device has started the phase of finalizing the upgrade, to help keep Windows up-to-date and secure. The following fields are available: @@ -4320,19 +4319,19 @@ The following fields are available: - **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). - **InstanceId** A unique GUID that identifies each instance of setuphost.exe - **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. -- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback +- **Setup360Extended** More detailed information about the phase/action when the potential failure occurred. +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. - **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled -- **TestId** A string to uniquely identify a group of events. +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. +- **TestId** ID that uniquely identifies a group of events. - **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. ### Setup360Telemetry.OsUninstall -The event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10. Specifically, the Setup360Telemetry.OSUninstall indicates the outcome of an OS uninstall. +This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10. Specifically, it indicates the outcome of an OS uninstall. The following fields are available: @@ -4342,19 +4341,19 @@ The following fields are available: - **HostOsSkuName** The OS edition which is running the Setup360 instance (previous OS). - **InstanceId** A unique GUID that identifies each instance of setuphost.exe. - **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim. -- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback +- **Setup360Extended** Detailed information about the phase or action when the potential failure occurred. +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. - **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled -- **TestId** A string to uniquely identify a group of events. +- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. +- **TestId** ID that uniquely identifies a group of events. - **WuId** Windows Update client ID. ### Setup360Telemetry.PostRebootInstall -This event sends data indicating that the device has invoked the postrebootinstall phase of the upgrade, to help keep Windows up-to-date. +This event sends data indicating that the device has invoked the post reboot install phase of the upgrade, to help keep Windows up-to-date. The following fields are available: @@ -4384,21 +4383,21 @@ The following fields are available: - **FlightData** Unique value that identifies the flight. - **HostOSBuildNumber** The build number of the previous OS. - **HostOsSkuName** The OS edition which is running Setup360 instance (previous operating system). -- **InstanceId** A unique GUID that identifies each instance of setuphost.exe +- **InstanceId** A unique GUID that identifies each instance of setuphost.exe. - **ReportId** Using Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. -- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback +- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred. +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. - **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled -- **TestId** A string to uniquely identify a group of events. +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled. +- **TestId** ID that uniquely identifies a group of events. - **WuId** This is the Windows Update Client ID. Using Windows Update, this is the same as the clientId. ### Setup360Telemetry.PreDownloadUX -This event sends data regarding OS Updates and Upgrades from Windows 7.X, Windows 8.X, Windows 10 and RS. Specifically the Setup360Telemetry.PredownloadUX indicates the outcome of the PredownloadUX portion of the update process +This event sends data regarding OS Updates and Upgrades from Windows 7.X, Windows 8.X, Windows 10 and RS, to help keep Windows up-to-date and secure. Specifically, it indicates the outcome of the PredownloadUX portion of the update process. The following fields are available: @@ -4408,19 +4407,19 @@ The following fields are available: - **HostOsSkuName** The OS edition which is running the Setup360 instance (previous operating system). - **InstanceId** Unique GUID that identifies each instance of setuphost.exe. - **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim. -- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback +- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred. +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. - **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Examplle: Boot, Media, Update, MCT +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. - **SetupVersionBuildNumber** The build number of Setup360 (build number of the target OS). -- **State** The exit state of the Setup360 run. Example: succeeded, failed, blocked, cancelled -- **TestId** A string to uniquely identify a group of events. +- **State** The exit state of the Setup360 run. Example: succeeded, failed, blocked, cancelled. +- **TestId** ID that uniquely identifies a group of events. - **WuId** Windows Update client ID. ### Setup360Telemetry.PreInstallQuiet -This event sends data indicating that the device has invoked the preinstall quiet phase of the upgrade, to help keep Windows up to date. +This event sends data indicating that the device has invoked the preinstall quiet phase of the upgrade, to help keep Windows up-to-date. The following fields are available: @@ -4430,19 +4429,19 @@ The following fields are available: - **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). - **InstanceId** A unique GUID that identifies each instance of setuphost.exe - **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. -- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback etc. +- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred. +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. - **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors. -- **Setup360Scenario** Setup360 flow type (Boot, Media, Update, MCT) +- **Setup360Scenario** Setup360 flow type (Boot, Media, Update, MCT). - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. - **TestId** A string to uniquely identify a group of events. - **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. ### Setup360Telemetry.PreInstallUX -This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10. Specifically, the Setup360Telemetry.PreinstallUX indicates the outcome of the PreinstallUX portion of the update process. +This event sends data regarding OS updates and upgrades from Windows 7, Windows 8, and Windows 10, to help keep Windows up-to-date. Specifically, it indicates the outcome of the PreinstallUX portion of the update process. The following fields are available: @@ -4452,12 +4451,12 @@ The following fields are available: - **HostOsSkuName** The OS edition which is running the Setup360 instance (previous OS). - **InstanceId** A unique GUID that identifies each instance of setuphost.exe. - **ReportId** For Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, this is the GUID for the install.wim. -- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback +- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred. +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. - **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type, Example: Boot, Media, Update, MCT +- **Setup360Scenario** The Setup360 flow type, Example: Boot, Media, Update, MCT. - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. - **TestId** A string to uniquely identify a group of events. - **WuId** Windows Update client ID. @@ -4468,7 +4467,7 @@ This event sends data about OS deployment scenarios, to help keep Windows up-to- The following fields are available: -- **ClientId** Retrieves the upgrade ID: Upgrades via Windows Update - specifies the WU clientID. All other deployment - static string. +- **ClientId** Retrieves the upgrade ID. In the Windows Update scenario, this will be the Windows Update client ID. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. - **FieldName** Retrieves the data point. - **FlightData** Specifies a unique identifier for each group of Windows Insider builds. - **InstanceId** Retrieves a unique identifier for each instance of a setup session. @@ -4479,7 +4478,7 @@ The following fields are available: ### Setup360Telemetry.Setup360DynamicUpdate -This event helps determine whether or not the device received supplemental content during an operating system upgrade. +This event helps determine whether the device received supplemental content during an operating system upgrade, to help keep Windows up-to-date. The following fields are available: @@ -4505,12 +4504,12 @@ The following fields are available: - **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). - **InstanceId** A unique GUID that identifies each instance of setuphost.exe - **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. -- **Setup360Extended** Extension of result - more granular information about phase/action when the potential failure happened -- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback +- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred. +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. - **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. - **TestId** A string to uniquely identify a group of events. - **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. @@ -4589,7 +4588,7 @@ The following fields are available: - **ProductId** The identity of the package or packages being installed. - **SystemAttemptNumber** The total number of automatic attempts at installation before it was canceled. - **UserAttemptNumber** The total number of user attempts at installation before it was canceled. -- **WUContentId** No content is currently available. +- **WUContentId** Licensing identity of this package. ### Microsoft.Windows.StoreAgent.Telemetry.BeginGetInstalledContentIds @@ -4629,12 +4628,12 @@ The following fields are available: - **RelatedCV** Correlation Vector of a previous performed action on this product. - **SystemAttemptNumber** Total number of automatic attempts to install before it was canceled. - **UserAttemptNumber** Total number of user attempts to install before it was canceled. -- **WUContentId** No content is currently available. +- **WUContentId** The Windows Update content ID. ### Microsoft.Windows.StoreAgent.Telemetry.CompleteInstallOperationRequest -No content is currently available. +This event is sent at the end of app installations or updates to help keep Windows up-to-date and secure. The following fields are available: @@ -4667,7 +4666,7 @@ The following fields are available: - **ProductId** The Store Product ID for the product being installed. - **SystemAttemptNumber** The number of attempts by the system to acquire this product. - **UserAttemptNumber** The number of attempts by the user to acquire this product -- **WUContentId** No content is currently available. +- **WUContentId** The Windows Update content ID. ### Microsoft.Windows.StoreAgent.Telemetry.EndDownload @@ -4740,7 +4739,7 @@ The following fields are available: - **ProductId** The Store Product ID for the product being installed. - **SystemAttemptNumber** The total number of system attempts. - **UserAttemptNumber** The total number of user attempts. -- **WUContentId** No content is currently available. +- **WUContentId** The Windows Update content ID. ### Microsoft.Windows.StoreAgent.Telemetry.EndScanForUpdates @@ -4758,7 +4757,7 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.EndSearchUpdatePackages -This event is sent after searching for update packages to install. It's used to help keep Windows up-to-date and secure. +This event is sent after searching for update packages to install. It is used to help keep Windows up-to-date and secure. The following fields are available: @@ -4779,12 +4778,12 @@ The following fields are available: - **ProductId** The Store Product ID for the product being installed. - **SystemAttemptNumber** The total number of system attempts. - **UserAttemptNumber** The total number of user attempts. -- **WUContentId** No content is currently available. +- **WUContentId** The Windows Update content ID. ### Microsoft.Windows.StoreAgent.Telemetry.EndStageUserData -No content is currently available. +This event is sent after restoring user data (if any) that needs to be restored following a product install. It is used to keep Windows up-to-date and secure. The following fields are available: @@ -4805,7 +4804,7 @@ The following fields are available: - **ProductId** The Store Product ID for the product being installed. - **SystemAttemptNumber** The total number of system attempts. - **UserAttemptNumber** The total number of system attempts. -- **WUContentId** No content is currently available. +- **WUContentId** The Windows Update content ID. ### Microsoft.Windows.StoreAgent.Telemetry.EndUpdateMetadataPrepare @@ -4819,31 +4818,31 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentComplete -No content is currently available. +This event is sent at the end of an app install or update to help keep Windows up-to-date and secure. The following fields are available: -- **CatalogId** No content is currently available. -- **FailedRetry** No content is currently available. -- **HResult** The HResult code of the operation. -- **PFN** The Package Family Name of the app that is being installed or updated. -- **ProductId** The product ID of the app that is being updated or installed. +- **CatalogId** The name of the product catalog from which this app was chosen. +- **FailedRetry** Indicates whether the installation or update retry was successful. +- **HResult** Resulting HResult error/success code of this call +- **PFN** Package Family Name of the app that being installed or updated +- **ProductId** Product Id of the app that is being updated or installed ### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate -No content is currently available. +This event is sent at the beginning of an app install or update to help keep Windows up-to-date and secure. The following fields are available: -- **CatalogId** No content is currently available. +- **CatalogId** The name of the product catalog from which this app was chosen. - **PFN** The Package Family Name of the app that is being installed or updated. - **ProductId** The product ID of the app that is being updated or installed. ### Microsoft.Windows.StoreAgent.Telemetry.InstallOperationRequest -No content is currently available. +This event is sent when a product install or update is initiated, to help keep Windows up-to-date and secure. The following fields are available: @@ -4856,7 +4855,7 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.PauseInstallation -No content is currently available. +This event is sent when a product install or update is paused (either by a user or the system), to help keep Windows up-to-date and secure. The following fields are available: @@ -4879,12 +4878,12 @@ The following fields are available: - **RelatedCV** Correlation Vector of a previous performed action on this product. - **SystemAttemptNumber** The total number of system attempts. - **UserAttemptNumber** The total number of user attempts. -- **WUContentId** No content is currently available. +- **WUContentId** The Windows Update content ID. ### Microsoft.Windows.StoreAgent.Telemetry.ResumeInstallation -No content is currently available. +This event is sent when a product install or update is resumed (either by a user or the system), to help keep Windows up-to-date and secure. The following fields are available: @@ -4909,12 +4908,12 @@ The following fields are available: - **RelatedCV** Correlation Vector for the original install before it was resumed. - **SystemAttemptNumber** The total number of system attempts. - **UserAttemptNumber** The total number of user attempts. -- **WUContentId** No content is currently available. +- **WUContentId** The Windows Update content ID. ### Microsoft.Windows.StoreAgent.Telemetry.ResumeOperationRequest -No content is currently available. +This event is sent when a product install or update is resumed by a user or on installation retries, to help keep Windows up-to-date and secure. The following fields are available: @@ -4923,7 +4922,7 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.SearchForUpdateOperationRequest -No content is currently available. +This event is sent when searching for update packages to install, to help keep Windows up-to-date and secure. The following fields are available: @@ -4934,7 +4933,7 @@ The following fields are available: ### Microsoft.Windows.StoreAgent.Telemetry.UpdateAppOperationRequest -No content is currently available. +This event occurs when an update is requested for an app, to help keep Windows up-to-date and secure. The following fields are available: @@ -4992,7 +4991,7 @@ The following fields are available: - **current** Result of currency check. - **dismOperationSucceeded** Dism uninstall operation status. -- **hResult** Failure error code. +- **hResult** Failure Error code. - **oSVersion** Build number of the device. - **paused** Indicates whether the device is paused. - **rebootRequestSucceeded** Reboot CSP call success status @@ -5431,9 +5430,9 @@ The following fields are available: - **deferReason** Reason why the device could not check for updates. - **detectionBlockingPolicy** State of update action. -- **detectionBlockreason** If we retry to scan +- **detectionBlockreason** Reason for detection not completing. - **detectionRetryMode** Indicates whether we will try to scan again. -- **errorCode** Error info +- **errorCode** State of update action - **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. - **flightID** The specific ID of the Windows Insider build the device is getting. - **interactive** Indicates whether the session was user initiated. @@ -5441,8 +5440,8 @@ The following fields are available: - **revisionNumber** Update revision number. - **scanTriggerSource** Source of the triggered scan. - **updateId** Update ID. -- **updateScenarioType** Update Session type -- **wuDeviceid** Device ID +- **updateScenarioType** The update session type. +- **wuDeviceid** Unique device ID used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.DisplayNeeded @@ -5554,7 +5553,7 @@ This event indicates that the update is no longer applicable to this device. The following fields are available: -- **EventPublishedTime** Time when this event was generated. +- **EventPublishedTime** Time when this event was generated - **flightID** The specific ID of the Windows Insider build. - **revisionNumber** Update revision number. - **updateId** Unique Windows Update ID. @@ -5602,7 +5601,7 @@ The following fields are available: - **deferReason** Reason for install not completing. - **errorCode** The error code reppresented by a hexadecimal value. - **eventScenario** End-to-end update session ID. -- **flightID** Unique update ID +- **flightID** The specific ID of the Windows Insider build the device is getting. - **flightUpdate** Indicates whether the update is a Windows Insider build. - **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates. - **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress. @@ -5822,7 +5821,7 @@ The following fields are available: - **scheduledRebootTime** Time scheduled for the reboot. - **scheduledRebootTimeInUTC** Time scheduled for the reboot, in UTC. - **updateId** Identifies which update is being scheduled. -- **wuDeviceid** Unique device ID used by Windows Update. +- **wuDeviceid** Unique DeviceID ### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerFirstReadyToReboot @@ -5837,8 +5836,8 @@ This event is sent when MUSE broker schedules a task. The following fields are available: -- **TaskArgument** The arguments which the task is scheduled with -- **TaskName** Name of the task +- **TaskArgument** The arguments with which the task is scheduled. +- **TaskName** Name of the task. ## Windows Update mitigation events @@ -5849,21 +5848,21 @@ This event sends data specific to the CleanupSafeOsImages mitigation used for OS The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightId** Unique identifier for each flight. -- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. -- **MitigationScenario** The update scenario in which the mitigation was executed. -- **MountedImageCount** Number of mounted images. -- **MountedImageMatches** Number of mounted images that were under %systemdrive%\$Windows.~BT. -- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. -- **MountedImagesRemoved** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. -- **MountedImagesSkipped** Number of mounted images that were not under %systemdrive%\$Windows.~BT. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **Result** HResult of this operation. -- **ScenarioId** ID indicating the mitigation scenario. -- **ScenarioSupported** Indicates whether the scenario was supported. -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each Update. +- **ClientId** Unique identifier for each flight. +- **FlightId** Unique GUID that identifies each instances of setuphost.exe. +- **InstanceId** The update scenario in which the mitigation was executed. +- **MitigationScenario** Number of mounted images. +- **MountedImageCount** Number of mounted images that were under %systemdrive%\$Windows.~BT. +- **MountedImageMatches** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. +- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. +- **MountedImagesRemoved** Number of mounted images that were not under %systemdrive%\$Windows.~BT. +- **MountedImagesSkipped** Correlation vector value generated from the latest USO scan. +- **RelatedCV** HResult of this operation. +- **Result** ID indicating the mitigation scenario. +- **ScenarioId** Indicates whether the scenario was supported. +- **ScenarioSupported** Unique value for each update attempt. +- **SessionId** Unique ID for each Update. +- **UpdateId** Unique ID for the Windows Update client. - **WuId** Unique ID for the Windows Update client. @@ -5873,19 +5872,19 @@ This event sends data specific to the FixAppXReparsePoints mitigation used for O The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightId** Unique identifier for each flight. -- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. -- **MitigationScenario** The update scenario in which the mitigation was executed. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **ReparsePointsFailed** Number of reparse points that are corrupted but we failed to fix them. -- **ReparsePointsFixed** Number of reparse points that were corrupted and were fixed by this mitigation. -- **ReparsePointsSkipped** Number of reparse points that are not corrupted and no action is required. -- **Result** HResult of this operation. -- **ScenarioId** ID indicating the mitigation scenario. -- **ScenarioSupported** Indicates whether the scenario was supported. -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each Update. +- **ClientId** Unique identifier for each flight. +- **FlightId** Unique GUID that identifies each instances of setuphost.exe. +- **InstanceId** The update scenario in which the mitigation was executed. +- **MitigationScenario** Correlation vector value generated from the latest USO scan. +- **RelatedCV** Number of reparse points that are corrupted but we failed to fix them. +- **ReparsePointsFailed** Number of reparse points that were corrupted and were fixed by this mitigation. +- **ReparsePointsFixed** Number of reparse points that are not corrupted and no action is required. +- **ReparsePointsSkipped** HResult of this operation. +- **Result** ID indicating the mitigation scenario. +- **ScenarioId** Indicates whether the scenario was supported. +- **ScenarioSupported** Unique value for each update attempt. +- **SessionId** Unique ID for each Update. +- **UpdateId** Unique ID for the Windows Update client. - **WuId** Unique ID for the Windows Update client. From 7c811c4de9592ced75a0c45ed8ed171c143ec8d7 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Fri, 31 Aug 2018 08:46:21 -0700 Subject: [PATCH 12/24] new build --- ...ndows-diagnostic-events-and-fields-1803.md | 308 +++++++++--------- 1 file changed, 154 insertions(+), 154 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index 667d057d3b..b9393f21fb 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -9,7 +9,7 @@ ms.pagetype: security localizationpriority: high author: brianlic-msft ms.author: brianlic -ms.date: 08/30/2018 +ms.date: 08/31/2018 --- @@ -97,7 +97,7 @@ The following fields are available: - **SystemProcessorSse2** The count of the number of this particular object type present on this device. - **SystemTouch** The count of SystemTouch objects present on this machine. - **SystemWim** The count of the number of this particular object type present on this device. -- **SystemWindowsActivationStatus** The count of SystemWindowsActivationStatus objects present on this machine. +- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device. - **SystemWlan** The count of the number of this particular object type present on this device. - **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device. @@ -1211,7 +1211,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.TelemetryRunHealth -A summary event indicating the parameters and result of a telemetry run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up-to-date. +This event indicates the parameters and result of a telemetry (diagnostic) run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up-to-date. The following fields are available: @@ -1505,16 +1505,16 @@ The following fields are available: - **MMSettingOverride** Microcode setting of the processor. - **MMSettingOverrideMask** Microcode setting override of the processor. - **PreviousUpdateRevision** Previous microcode revision. -- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system. -- **ProcessorClockSpeed** Clock speed of the processor in MHz. -- **ProcessorCores** Number of logical cores in the processor. -- **ProcessorIdentifier** Processor Identifier of a manufacturer. -- **ProcessorManufacturer** Name of the processor manufacturer. -- **ProcessorModel** Name of the processor model. +- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system. The complete list of values can be found in DimProcessorArchitecture. +- **ProcessorClockSpeed** Retrieves the clock speed of the processor in MHz. +- **ProcessorCores** Retrieves the number of cores in the processor. +- **ProcessorIdentifier** The processor identifier of a manufacturer. +- **ProcessorManufacturer** Retrieves the name of the processor's manufacturer. +- **ProcessorModel** Retrieves the name of the processor model. - **ProcessorPhysicalCores** Number of physical cores in the processor. -- **ProcessorUpdateRevision** Microcode revision. +- **ProcessorUpdateRevision** Retrieves the processor architecture of the installed operating system. - **ProcessorUpdateStatus** Enum value that represents the processor microcode load status. -- **SocketCount** Count of CPU sockets. +- **SocketCount** Number of physical CPU sockets of the machine. - **SpeculationControl** If the system has enabled protections needed to validate the speculation control vulnerability. @@ -1899,7 +1899,7 @@ The following fields are available: - **ClientId** Client ID of user utilizing the D360 API - **FlightId** Flight being used -- **Quiet** Whether Setup will run in quiet mode or in full +- **Quiet** Whether Setup run in quiet mode or in full - **RelatedCV** CV of any other related events - **SetupMode** Phase Setup is in @@ -1913,9 +1913,9 @@ The following fields are available: - **ClientId** Client ID of user utilizing the D360 API - **ErrorCode** Error code of action - **FlightId** Flight being used -- **Quiet** Whether Setup will run in quiet mode or in full -- **RelatedCV** Correlation vector of any other related events -- **SetupMode** Phase that Setup is in +- **Quiet** Whether Setup run in quiet mode or in full +- **RelatedCV** CV of any other related events +- **SetupMode** Phase Setup is in ### DeploymentTelemetry.Deployment_Start @@ -1977,13 +1977,13 @@ This event sends data about the health and quality of the diagnostic data from t The following fields are available: - **AgentConnectionErrorsCount** Number of non-timeout errors associated with the host/agent channel. -- **CensusExitCode** Last exit code of�Census task. +- **CensusExitCode** The last exit code of the Census task. - **CensusStartTime** Time of last Census run. - **CensusTaskEnabled** True if Census is enabled, false otherwise. - **CompressedBytesUploaded** Number of compressed bytes uploaded. - **ConsumerDroppedCount** Number of events dropped at consumer layer of telemetry client. - **CriticalDataDbDroppedCount** Number of critical data sampled events dropped at the database layer. -- **CriticalDataThrottleDroppedCount** Number of critical data sampled events dropped due to�throttling. +- **CriticalDataThrottleDroppedCount** The number of critical data sampled events that were dropped because of throttling. - **CriticalOverflowEntersCounter** Number of times critical overflow mode was entered in event DB. - **DbCriticalDroppedCount** Total number of dropped critical events in event DB. - **DbDroppedCount** Number of events dropped due to DB fullness. @@ -2007,14 +2007,14 @@ The following fields are available: - **LastAgentConnectionError** Last non-timeout error encountered in the host/agent channel. - **LastEventSizeOffender** Event name of last event which exceeded max event size. - **LastInvalidHttpCode** Last invalid HTTP code received from Vortex. -- **MaxActiveAgentConnectionCount** Maximum number of active agents during this�heartbeat timeframe. +- **MaxActiveAgentConnectionCount** The maximum number of active agents during this heartbeat timeframe. - **MaxInUseScenarioCounter** Soft maximum number of scenarios loaded by UTC. - **PreviousHeartBeatTime** Time of last heartbeat event (allows chaining of events). - **SettingsHttpAttempts** Number of attempts to contact OneSettings service. -- **SettingsHttpFailures** Number of failures from contacting�OneSettings service. +- **SettingsHttpFailures** The number of failures from contacting the OneSettings service. - **ThrottledDroppedCount** Number of events dropped due to throttling of noisy providers. - **UploaderDroppedCount** Number of events dropped at the uploader layer of telemetry client. -- **VortexFailuresTimeout** Number of time out failures�received from Vortex. +- **VortexFailuresTimeout** The number of timeout failures received from Vortex. - **VortexHttpAttempts** Number of attempts to contact Vortex. - **VortexHttpFailures4xx** Number of 400-499 error codes received from Vortex. - **VortexHttpFailures5xx** Number of 500-599 error codes received from Vortex. @@ -2030,15 +2030,15 @@ The following fields are available: - **CompressedBytesUploaded** Number of compressed bytes uploaded. - **CriticalDataDbDroppedCount** Number of critical data sampled events dropped at the database layer. -- **CriticalOverflowEntersCounter** Number of times critical overflow mode was entered in event DB. -- **DbCriticalDroppedCount** Total number of dropped critical events in event DB. -- **DbDroppedCount** Number of events dropped at the DB layer. -- **DbDroppedFailureCount** Number of events dropped due to DB failures. -- **DbDroppedFullCount** Number of events dropped due to DB fullness. +- **CriticalOverflowEntersCounter** Number of times critical overflow mode was entered in event database. +- **DbCriticalDroppedCount** Total number of dropped critical events in event database. +- **DbDroppedCount** Number of events dropped at the database layer. +- **DbDroppedFailureCount** Number of events dropped due to database failures. +- **DbDroppedFullCount** Number of events dropped due to database being full. - **EnteringCriticalOverflowDroppedCounter** Number of events dropped due to critical overflow mode being initiated. - **EventsPersistedCount** Number of events that reached the PersistEvent stage. -- **EventSubStoreResetCounter** Number of times event DB was reset. -- **EventSubStoreResetSizeSum** Total size of event DB across all resets reports in this instance. +- **EventSubStoreResetCounter** Number of times event database was reset. +- **EventSubStoreResetSizeSum** Total size of event database across all resets reports in this instance. - **EventsUploaded** Number of events uploaded. - **HeartBeatSequenceNumber** The sequence number of this heartbeat. - **InvalidHttpCodeCount** Number of invalid HTTP codes received from contacting Vortex. @@ -2060,7 +2060,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCheckApplicability -Event to indicate that the Coordinator CheckApplicability call succeeded. +This event indicates that the Coordinator CheckApplicability call succeeded. The following fields are available: @@ -2318,11 +2318,11 @@ Event to indicate that the Coordinator WaitForRebootUi call succeeded. The following fields are available: -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector -- **hResult** HRESULT of the failure +- **CampaignID** Campaign ID being run. +- **ClientID** Client ID being run. +- **CoordinatorVersion** Coordinator version of DTU. +- **CV** Correlation vector. +- **hResult** HRESULT of the failure. ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSelection @@ -3476,10 +3476,10 @@ Event tells us effectiveness of new privacy experience. The following fields are available: -- **isAdmin** whether the person who is logging in is an admin +- **isAdmin** Whether the current user is an administrator or not - **isLaunching** Whether or not the privacy consent experience will be launched -- **isSilentElevation** whether the user has most restrictive UAC controls -- **privacyConsentState** whether the user has completed privacy experience +- **isSilentElevation** Whether the current user has enabled silent elevation +- **privacyConsentState** The current state of the privacy consent experience - **userRegionCode** The current user's region setting @@ -3603,7 +3603,7 @@ The following fields are available: - **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null. - **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. - **CapabilityDetectoidGuid** The GUID for a hardware applicability detectoid that could not be evaluated. -- **CDNCountryCode** Two letter country abbreviation for the CDN's location. +- **CDNCountryCode** Two letter country abbreviation for the Content Distribution Network (CDN) location. - **CDNId** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. - **ClientVersion** The version number of the software distribution client. - **Context** Gives context on where the error has occurred. Example: AutoEnable, GetSLSData, AddService, Misc, or Unknown @@ -3703,7 +3703,7 @@ Download process event for target update on Windows Update client. See EventScen The following fields are available: -- **ActiveDownloadTime** How long the download took, in seconds, excluding time where the update wasn't actively being downloaded.Number of seconds the update was actively being downloaded. +- **ActiveDownloadTime** Number of seconds the update was actively being downloaded. - **AppXBlockHashValidationFailureCount** A count of the number of blocks that have failed validation after being downloaded. - **AppXDownloadScope** Indicates the scope of the download for application content. For streaming install scenarios, AllContent - non-streaming download, RequiredOnly - streaming download requested content required for launch, AutomaticOnly - streaming download requested automatic streams for the app, and Unknown - for events sent before download scope is determined by the Windows Update client. - **BiosFamily** The family of the BIOS (Basic Input Output System). @@ -3719,7 +3719,7 @@ The following fields are available: - **BytesDownloaded** Number of bytes that were downloaded for an individual piece of content (not the entire bundle). - **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. - **CbsDownloadMethod** Indicates whether the download was a full-file download or a partial/delta download. -- **CDNCountryCode** Two letter country abbreviation for the CDN's location. +- **CDNCountryCode** Two letter country abbreviation for the Content Distribution Network (CDN) location. - **CDNId** ID which defines which CDN the software distribution client downloaded the content from. - **ClientVersion** The version number of the software distribution client. - **CurrentMobileOperator** The mobile operator the device is currently connected to. @@ -3917,21 +3917,21 @@ The following fields are available: - **LeafCertId** Integral ID from the FragmentSigning data for certificate that failed. - **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. - **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce -- **MetadataSignature** Base64 string of the signature associated with the update metadata (specified by revision id) +- **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID). - **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable. - **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable. -- **RevisionId** Identifies the revision of this specific piece of content -- **RevisionNumber** Identifies the revision number of this specific piece of content +- **RevisionId** The revision ID for a specific piece of content. +- **RevisionNumber** The revision number for a specific piece of content. - **ServiceGuid** Identifies the service to which the software distribution client is connected, Example: Windows Update or Windows Store - **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate. -- **SHA256OfLeafCertPublicKey** Base64 encoding of hash of the Base64CertData in the FragmentSigning data of leaf certificate. -- **SHA256OfTimestampToken** Base64 string of hash of the timestamp token blob -- **SignatureAlgorithm** Hash algorithm for the metadata signature +- **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate. +- **SHA256OfTimestampToken** A base64-encoded string of hash of the timestamp token blob. +- **SignatureAlgorithm** The hash algorithm for the metadata signature. - **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast - **StatusCode** The status code of the event. - **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token. -- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is itself malformed and decoding failed. -- **UpdateId** Identifier associated with the specific piece of content +- **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed. +- **UpdateId** The update ID for a specific piece of content. - **ValidityWindowInDays** The validity window that's in effect when verifying the timestamp. @@ -3939,7 +3939,7 @@ The following fields are available: ### Update360Telemetry.UpdateAgentCommit -This event collects information regarding the commit phase of the new UUP (Unified Update Platform) update scenario, which is leveraged by both Mobile and Desktop. +This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The following fields are available: @@ -3955,7 +3955,7 @@ The following fields are available: ### Update360Telemetry.UpdateAgentDownloadRequest -This event sends data for the download request phase of updating Windows via the new UUP (Unified Update Platform) scenario. Applicable to PC and Mobile. +This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to PC and Mobile. The following fields are available: @@ -3965,7 +3965,7 @@ The following fields are available: - **ExtensionName** Indicates whether the payload is related to Operating System content or a plugin. - **FlightId** Unique ID for each flight. - **InternalFailureResult** Indicates a non-fatal error from a plugin. -- **ObjectId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360) +- **ObjectId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360). - **PackageCountOptional** Number of optional packages requested. - **PackageCountRequired** Number of required packages requested. - **PackageCountTotal** Total number of packages needed. @@ -3980,13 +3980,13 @@ The following fields are available: - **RelatedCV** Correlation vector value generated from the latest USO scan. - **Result** Outcome of the download request phase of update. - **ScenarioId** Indicates the update scenario. -- **SessionId** Unique value for each attempt (same value for initialize, download, install commit phases) +- **SessionId** Unique value for each attempt (same value for initialize, download, install commit phases). - **UpdateId** Unique ID for each update. ### Update360Telemetry.UpdateAgentExpand -This event collects information regarding the expansion phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. +This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The following fields are available: @@ -4006,7 +4006,7 @@ The following fields are available: ### Update360Telemetry.UpdateAgentFellBackToCanonical -This event collects information when express could not be used and we fall back to canonical during the new UUP (Unified Update Platform) update scenario, which is leveraged by both Mobile and Desktop. +This event collects information when express could not be used and we fall back to canonical during the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. The following fields are available: @@ -4022,7 +4022,7 @@ The following fields are available: ### Update360Telemetry.UpdateAgentInitialize -The UpdateAgentInitialize event sends data for the initialize phase of updating Windows via the new UUP (Unified Update Platform) scenario. Applicable to both PCs and Mobile. +This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario, which is applicable to both PCs and Mobile. The following fields are available: @@ -4074,7 +4074,7 @@ The following fields are available: ### Update360Telemetry.UpdateAgentModeStart -The UpdateAgentModeStart event sends data for the start of each mode during the process of updating Windows via the new UUP (Unified Update Platform) scenario. Applicable to both PCs and Mobile. +This event sends data for the start of each mode during the process of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to both PCs and Mobile. The following fields are available: @@ -4090,23 +4090,23 @@ The following fields are available: ### Update360Telemetry.UpdateAgentPostRebootResult -This event collects information for both Mobile and Desktop regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario +This event collects information for both Mobile and Desktop regarding the post reboot phase of the new Unified Update Platform (UUP) update scenario. The following fields are available: -- **ErrorCode** The error code returned for the current post reboot phase -- **FlightId** The unique identifier for each flight -- **ObjectId** Unique value for each Update Agent mode -- **PostRebootResult** Indicates the Hresult -- **RelatedCV** Correlation vector value generated from the latest USO scan -- **ScenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate +- **ErrorCode** The error code returned for the current post reboot phase. +- **FlightId** The specific ID of the Windows Insider build the device is getting. +- **ObjectId** Unique value for each Update Agent mode. +- **PostRebootResult** Indicates the Hresult. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **ScenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. - **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each update +- **UpdateId** Unique ID for each update. ### Update360Telemetry.UpdateAgentSetupBoxLaunch -The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new UUP (Unified Update Plaform) scenario. This event is only applicable to PCs. +The UpdateAgent_SetupBoxLaunch event sends data for the launching of the setup box when updating Windows via the new Unified Update Platform (UUP) scenario. This event is only applicable to PCs. The following fields are available: @@ -4121,7 +4121,7 @@ The following fields are available: - **ScenarioId** Indicates the update scenario. - **SessionId** Unique value for each update attempt. - **SetupMode** Mode of setup to be launched. -- **UpdateId** Unique ID for each update. +- **UpdateId** Unique ID for each Update. - **UserSession** Indicates whether install was invoked by user actions. @@ -4152,20 +4152,20 @@ The following fields are available: - **key18** UI interaction data - **key19** UI interaction data - **key2** UI interaction data -- **key20** Interaction data for the UI -- **key21** Interaction data for the UI -- **key22** Interaction data for the UI -- **key23** Interaction data for the UI -- **key24** Interaction data for the UI -- **key25** Interaction data for the UI -- **key26** Interaction data for the UI -- **key27** Interaction data for the UI -- **key28** Interaction data for the UI +- **key20** UI interaction data +- **key21** UI interaction data +- **key22** UI interaction data +- **key23** UI interaction data +- **key24** UI interaction data +- **key25** UI interaction data +- **key26** UI interaction data +- **key27** UI interaction data +- **key28** UI interaction data - **key29** UI interaction data - **key3** UI interaction data - **key30** UI interaction data -- **key4** UI interaction data -- **key5** UI interaction data +- **key4** Current package version of UNP +- **key5** UI interaction type - **key6** UI interaction data - **key7** UI interaction data - **key8** UI interaction data @@ -4192,68 +4192,68 @@ The following fields are available: ### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignManagerCleaningCampaign -This event indicates that the Campaign Manager is cleaning up the campaign content +This event indicates that the Campaign Manager is cleaning up the campaign content. The following fields are available: -- **CampaignConfigVersion** Configuration version for the current campaign -- **CampaignID** Current campaign that's running on UNP -- **ConfigCatalogVersion** Current catalog version of UNP -- **ContentVersion** Content version for the current campaign on UNP +- **CampaignConfigVersion** Configuration version for the current campaign. +- **CampaignID** The current campaign that is running on Update Notification Pipeline (UNP). +- **ConfigCatalogVersion** The current catalog version of the Update Notification Pipeline (UNP). +- **ContentVersion** Content version for the current campaign on UNP. - **CV** Correlation vector -- **DetectorVersion** Most recently run detector version for the current campaign on UNP -- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user -- **PackageVersion** Current UNP package version +- **DetectorVersion** Most recently run detector version for the current campaign on UNP. +- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user. +- **PackageVersion** Current UNP package version. ### Microsoft.Windows.UpdateNotificationPipeline.UnpCampaignManagerGetIsCamppaignCompleteFailed -This event is sent when a campaign completion status query fails +This event is sent when a campaign completion status query fails. The following fields are available: -- **CampaignConfigVersion** Configuration version for the current campaign -- **CampaignID** Current campaign that's running on UNP -- **ConfigCatalogVersion** Current catalog version of UNP -- **ContentVersion** Content version for the current campaign on UNP -- **CV** Correlation vector -- **DetectorVersion** Most recently run detector version for the current campaign on UNP -- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user -- **hresult** HRESULT of the failure -- **PackageVersion** Current UNP package version +- **CampaignConfigVersion** Configuration version for the current campaign. +- **CampaignID** Current campaign that is running on Update Notification Pipeline (UNP). +- **ConfigCatalogVersion** Current catalog version of UNP. +- **ContentVersion** Content version for the current campaign on UNP. +- **CV** Correlation vector. +- **DetectorVersion** Most recently run detector version for the current campaign on UNP. +- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user. +- **hresult** HRESULT of the failure. +- **PackageVersion** Current UNP package version. ### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignManagerHeartbeat -This event is sent at the start of the CampaignManager event and is intended to be used as a heartbeat +This event is sent at the start of the CampaignManager event and is intended to be used as a heartbeat. The following fields are available: -- **CampaignConfigVersion** Configuration version for the current campaign -- **CampaignID** Currently campaign that's running on UNP -- **ConfigCatalogVersion** Current catalog version of UNP -- **ContentVersion** Content version for the current campaign on UNP -- **CV** Correlation vector -- **DetectorVersion** Most recently run detector version for the current campaign on UNP -- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user -- **PackageVersion** Current UNP package version +- **CampaignConfigVersion** Configuration version for the current campaign. +- **CampaignID** Currently campaign that is running on Update Notification Pipeline (UNP). +- **ConfigCatalogVersion** Current catalog version of UNP. +- **ContentVersion** Content version for the current campaign on UNP. +- **CV** Correlation vector. +- **DetectorVersion** Most recently run detector version for the current campaign on UNP. +- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user. +- **PackageVersion** Current UNP package version. ### Microsoft.Windows.UpdateNotificationPipeline.UnpCampaignManagerRunCampaignFailed -This event is sent when the Campaign Manager encounters an unexpected error while running the campaign +This event is sent when the Campaign Manager encounters an unexpected error while running the campaign. The following fields are available: -- **CampaignConfigVersion** Configuration version for the current campaign -- **CampaignID** Currently campaign that's running on UNP -- **ConfigCatalogVersion** Current catalog version of UNP -- **ContentVersion** Content version for the current campaign on UNP -- **CV** Correlation vector -- **DetectorVersion** Most recently run detector version for the current campaign on UNP -- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user -- **hresult** HRESULT of the failure -- **PackageVersion** Current UNP package version +- **CampaignConfigVersion** Configuration version for the current campaign. +- **CampaignID** Currently campaign that's running on Update Notification Pipeline (UNP). +- **ConfigCatalogVersion** Current catalog version of UNP. +- **ContentVersion** Content version for the current campaign on UNP. +- **CV** Correlation vector. +- **DetectorVersion** Most recently run detector version for the current campaign on UNP. +- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user. +- **hresult** HRESULT of the failure. +- **PackageVersion** Current UNP package version. ## Upgrade events @@ -4344,9 +4344,9 @@ The following fields are available: - **Setup360Extended** Detailed information about the phase or action when the potential failure occurred. - **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. - **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. +- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled - **TestId** ID that uniquely identifies a group of events. - **WuId** Windows Update client ID. @@ -4824,9 +4824,9 @@ The following fields are available: - **CatalogId** The name of the product catalog from which this app was chosen. - **FailedRetry** Indicates whether the installation or update retry was successful. -- **HResult** Resulting HResult error/success code of this call -- **PFN** Package Family Name of the app that being installed or updated -- **ProductId** Product Id of the app that is being updated or installed +- **HResult** The HResult code of the operation. +- **PFN** The Package Family Name of the app that is being installed or updated. +- **ProductId** The product ID of the app that is being updated or installed. ### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate @@ -4953,7 +4953,7 @@ The following fields are available: - **hResult** Failure Error code. - **oSVersion** Build number of the device. - **paused** Indicates whether the device is paused. -- **rebootRequestSucceeded** Reboot CSP call success status. +- **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status. - **wUfBConnected** Result of WUfB connection check. @@ -4967,7 +4967,7 @@ The following fields are available: - **dismOperationSucceeded** Dism uninstall operation status. - **oSVersion** Build number of the device. - **paused** Indicates whether the device is paused. -- **rebootRequestSucceeded** Reboot CSP call success status. +- **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status. - **wUfBConnected** Result of WUfB connection check. @@ -4994,7 +4994,7 @@ The following fields are available: - **hResult** Failure Error code. - **oSVersion** Build number of the device. - **paused** Indicates whether the device is paused. -- **rebootRequestSucceeded** Reboot CSP call success status +- **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status. - **wUfBConnected** Result of Windows Update for Business connection check. @@ -5008,7 +5008,7 @@ The following fields are available: - **dismOperationSucceeded** Dism uninstall operation status. - **oSVersion** Build number of the device. - **paused** Indicates whether the device is paused. -- **rebootRequestSucceeded** Reboot CSP call success status. +- **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status. - **wUfBConnected** Result of WUfB connection check. @@ -5035,13 +5035,13 @@ The following fields are available: - **background** Indicates whether the download is happening in the background. - **bytesRequested** Number of bytes requested for the download. - **callerName** Name of the API caller. -- **cdnUrl** The URL of the source CDN. +- **cdnUrl** The URL of the source CDN - **costFlags** A set of flags representing network cost. - **deviceProfile** Identifies the usage or form factor (such as Desktop, Xbox, or VM). - **diceRoll** Random number used for determining if a client will use peering. - **doClientVersion** The version of the Delivery Optimization client. - **doErrorCode** The Delivery Optimization error code that was returned. -- **downloadMode** The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100).) +- **downloadMode** DownloadMode used (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100) - **downloadModeSrc** Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9). - **errorCode** The error code that was returned. - **experimentId** ID used to correlate client/services calls that are part of the same test during A/B testing. @@ -5074,21 +5074,21 @@ This event collects information regarding the state of devices and drivers on th The following fields are available: - **activated** Whether the entire device manifest update is considered activated and in use. -- **analysisErrorCount** How many driver packages could not be analyzed because errors were hit during the analysis. +- **analysisErrorCount** How many driver packages that could not be analyzed because errors were hit during the analysis. - **flightId** Unique ID for each flight. -- **missingDriverCount** How many driver packages that were delivered by the device manifest are missing from the system. -- **missingUpdateCount** How many updates that were part of the device manifest are missing from the system. +- **missingDriverCount** How many driver packages that were delivered by the device manifest that are missing from the system. +- **missingUpdateCount** How many updates that were part of the device manifest that are missing from the system. - **objectId** Unique value for each diagnostics session. -- **publishedCount** How many drivers packages that were delivered by the device manifest are published and available to be used on devices. +- **publishedCount** How many drivers packages that were delivered by the device manifest that are published and available to be used on devices. - **relatedCV** Correlation vector value generated from the latest USO scan. - **scenarioId** Indicates the update scenario. - **sessionId** Unique value for each update session. -- **summary** A summary string that contains some basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match. +- **summary** A summary string that contains some basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match on. - **summaryAppendError** A Boolean indicating if there was an error appending more information to the summary string. -- **truncatedDeviceCount** How many devices are missing from the summary string because there is not enough room in the string. -- **truncatedDriverCount** How many driver packages are missing from the summary string because there is not enough room in the string. +- **truncatedDeviceCount** How many devices are missing from the summary string due to there not being enough room in the string. +- **truncatedDriverCount** How many driver packages are missing from the summary string due to there not being enough room in the string. - **unpublishedCount** How many drivers packages that were delivered by the device manifest that are still unpublished and unavailable to be used on devices. -- **updateId** Unique ID for each update. +- **updateId** Unique ID for each Update. ### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentCommit @@ -5430,9 +5430,9 @@ The following fields are available: - **deferReason** Reason why the device could not check for updates. - **detectionBlockingPolicy** State of update action. -- **detectionBlockreason** Reason for detection not completing. +- **detectionBlockreason** Reason for blocking detection - **detectionRetryMode** Indicates whether we will try to scan again. -- **errorCode** State of update action +- **errorCode** Error info - **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. - **flightID** The specific ID of the Windows Insider build the device is getting. - **interactive** Indicates whether the session was user initiated. @@ -5440,8 +5440,8 @@ The following fields are available: - **revisionNumber** Update revision number. - **scanTriggerSource** Source of the triggered scan. - **updateId** Update ID. -- **updateScenarioType** The update session type. -- **wuDeviceid** Unique device ID used by Windows Update. +- **updateScenarioType** Source of the triggered scan +- **wuDeviceid** Device ID ### Microsoft.Windows.Update.Orchestrator.DisplayNeeded @@ -5479,7 +5479,7 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.DTUCompletedWhenWuFlightPendingCommit -This event indicates that DTU completed installation of the ESD, when Windows Update was already in Pending Commit phase of the feature update. +This event indicates that DTU completed installation of the electronic software delivery (ESD), when Windows Update was already in Pending Commit phase of the feature update. The following fields are available: @@ -5525,7 +5525,7 @@ This event is sent during update scan, download, or install, and indicates that The following fields are available: -- **configVersion** Escalation config version on device. +- **configVersion** Escalation config version on device . - **downloadElapsedTime** Indicates how long since the download is required on device. - **downloadRiskLevel** At-risk level of download phase. - **installElapsedTime** Indicates how long since the install is required on device. @@ -5553,7 +5553,7 @@ This event indicates that the update is no longer applicable to this device. The following fields are available: -- **EventPublishedTime** Time when this event was generated +- **EventPublishedTime** Time when this event was generated. - **flightID** The specific ID of the Windows Insider build. - **revisionNumber** Update revision number. - **updateId** Unique Windows Update ID. @@ -5848,21 +5848,21 @@ This event sends data specific to the CleanupSafeOsImages mitigation used for OS The following fields are available: -- **ClientId** Unique identifier for each flight. -- **FlightId** Unique GUID that identifies each instances of setuphost.exe. -- **InstanceId** The update scenario in which the mitigation was executed. -- **MitigationScenario** Number of mounted images. -- **MountedImageCount** Number of mounted images that were under %systemdrive%\$Windows.~BT. -- **MountedImageMatches** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. -- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. -- **MountedImagesRemoved** Number of mounted images that were not under %systemdrive%\$Windows.~BT. -- **MountedImagesSkipped** Correlation vector value generated from the latest USO scan. -- **RelatedCV** HResult of this operation. -- **Result** ID indicating the mitigation scenario. -- **ScenarioId** Indicates whether the scenario was supported. -- **ScenarioSupported** Unique value for each update attempt. -- **SessionId** Unique ID for each Update. -- **UpdateId** Unique ID for the Windows Update client. +- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightId** Unique identifier for each flight. +- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. +- **MitigationScenario** The update scenario in which the mitigation was executed. +- **MountedImageCount** Number of mounted images. +- **MountedImageMatches** Number of mounted images that were under %systemdrive%\$Windows.~BT. +- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. +- **MountedImagesRemoved** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. +- **MountedImagesSkipped** Number of mounted images that were not under %systemdrive%\$Windows.~BT. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **Result** HResult of this operation. +- **ScenarioId** ID indicating the mitigation scenario. +- **ScenarioSupported** Indicates whether the scenario was supported. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each Update. - **WuId** Unique ID for the Windows Update client. From 6c3ca167782aef8f811c971e5ceae215fadff9ba Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Tue, 4 Sep 2018 15:22:11 -0700 Subject: [PATCH 13/24] new build --- ...ndows-diagnostic-events-and-fields-1803.md | 186 +++++++++--------- 1 file changed, 93 insertions(+), 93 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index b9393f21fb..0680896ceb 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -9,7 +9,7 @@ ms.pagetype: security localizationpriority: high author: brianlic-msft ms.author: brianlic -ms.date: 08/31/2018 +ms.date: 09/04/2018 --- @@ -83,7 +83,7 @@ The following fields are available: - **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device. - **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. - **InventoryApplicationFile** The count of the number of this particular object type present on this device. -- **InventoryLanguagePack** The count of the number of this particular object type present on this device. +- **InventoryLanguagePack** The count of InventoryLanguagePack objects present on this machine. - **InventoryMediaCenter** The count of the number of this particular object type present on this device. - **InventorySystemBios** The count of the number of this particular object type present on this device. - **InventoryTest** The count of the number of this particular object type present on this device. @@ -97,7 +97,7 @@ The following fields are available: - **SystemProcessorSse2** The count of the number of this particular object type present on this device. - **SystemTouch** The count of SystemTouch objects present on this machine. - **SystemWim** The count of the number of this particular object type present on this device. -- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device. +- **SystemWindowsActivationStatus** The count of SystemWindowsActivationStatus objects present on this machine. - **SystemWlan** The count of the number of this particular object type present on this device. - **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device. @@ -155,7 +155,7 @@ The following fields are available: - **AppraiserVersion** The version of the appraiser file generating the events. - **IsBootCritical** Is the device boot critical? - **WuDriverCoverage** Is there a driver uplevel for this device according to Windows Update? -- **WuDriverUpdateId** The Windows Update ID of the applicable uplevel driver +- **WuDriverUpdateId** The Windows Update ID of the applicable up-level driver - **WuPopulatedFromId** The expected up-level driver matching ID based on driver coverage from Windows Update @@ -1300,7 +1300,7 @@ The following fields are available: - **AppraiserTaskExitCode** The Appraiser task exist code. - **AppraiserTaskLastRun** The last runtime for the Appraiser task. - **CensusVersion** The version of Census that generated the current data for this device. -- **IEVersion** Retrieves which version of Internet Explorer is running on this device. +- **IEVersion** IE version running on the device. ### Census.Battery @@ -1505,16 +1505,16 @@ The following fields are available: - **MMSettingOverride** Microcode setting of the processor. - **MMSettingOverrideMask** Microcode setting override of the processor. - **PreviousUpdateRevision** Previous microcode revision. -- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system. The complete list of values can be found in DimProcessorArchitecture. -- **ProcessorClockSpeed** Retrieves the clock speed of the processor in MHz. -- **ProcessorCores** Retrieves the number of cores in the processor. -- **ProcessorIdentifier** The processor identifier of a manufacturer. -- **ProcessorManufacturer** Retrieves the name of the processor's manufacturer. -- **ProcessorModel** Retrieves the name of the processor model. +- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system. +- **ProcessorClockSpeed** Clock speed of the processor in MHz. +- **ProcessorCores** Number of logical cores in the processor. +- **ProcessorIdentifier** Processor Identifier of a manufacturer. +- **ProcessorManufacturer** Name of the processor manufacturer. +- **ProcessorModel** Name of the processor model. - **ProcessorPhysicalCores** Number of physical cores in the processor. -- **ProcessorUpdateRevision** Retrieves the processor architecture of the installed operating system. +- **ProcessorUpdateRevision** Microcode revision - **ProcessorUpdateStatus** Enum value that represents the processor microcode load status. -- **SocketCount** Number of physical CPU sockets of the machine. +- **SocketCount** Count of CPU sockets. - **SpeculationControl** If the system has enabled protections needed to validate the speculation control vulnerability. @@ -1913,9 +1913,9 @@ The following fields are available: - **ClientId** Client ID of user utilizing the D360 API - **ErrorCode** Error code of action - **FlightId** Flight being used -- **Quiet** Whether Setup run in quiet mode or in full -- **RelatedCV** CV of any other related events -- **SetupMode** Phase Setup is in +- **Quiet** Whether Setup will run in quiet mode or in full +- **RelatedCV** Correlation vector of any other related events +- **SetupMode** Phase that Setup is in ### DeploymentTelemetry.Deployment_Start @@ -2318,11 +2318,11 @@ Event to indicate that the Coordinator WaitForRebootUi call succeeded. The following fields are available: -- **CampaignID** Campaign ID being run. -- **ClientID** Client ID being run. -- **CoordinatorVersion** Coordinator version of DTU. -- **CV** Correlation vector. -- **hResult** HRESULT of the failure. +- **CampaignID** Campaign ID being run +- **ClientID** Client ID being run +- **CoordinatorVersion** Coordinator version of DTU +- **CV** Correlation vector +- **hResult** HRESULT of the failure ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSelection @@ -3476,10 +3476,10 @@ Event tells us effectiveness of new privacy experience. The following fields are available: -- **isAdmin** Whether the current user is an administrator or not +- **isAdmin** whether the person who is logging in is an admin - **isLaunching** Whether or not the privacy consent experience will be launched -- **isSilentElevation** Whether the current user has enabled silent elevation -- **privacyConsentState** The current state of the privacy consent experience +- **isSilentElevation** whether the user has most restrictive UAC controls +- **privacyConsentState** whether the user has completed privacy experience - **userRegionCode** The current user's region setting @@ -3703,7 +3703,7 @@ Download process event for target update on Windows Update client. See EventScen The following fields are available: -- **ActiveDownloadTime** Number of seconds the update was actively being downloaded. +- **ActiveDownloadTime** How long the download took, in seconds, excluding time where the update wasn't actively being downloaded.Number of seconds the update was actively being downloaded. - **AppXBlockHashValidationFailureCount** A count of the number of blocks that have failed validation after being downloaded. - **AppXDownloadScope** Indicates the scope of the download for application content. For streaming install scenarios, AllContent - non-streaming download, RequiredOnly - streaming download requested content required for launch, AutomaticOnly - streaming download requested automatic streams for the app, and Unknown - for events sent before download scope is determined by the Windows Update client. - **BiosFamily** The family of the BIOS (Basic Input Output System). @@ -4140,32 +4140,32 @@ The following fields are available: - **CV** Correlation vector. - **DetectorVersion** Most recently run detector version for the current campaign. - **GlobalEventCounter** Client side counter that indicates the ordering of events sent by this user. -- **key1** UI interaction data -- **key10** UI interaction data -- **key11** UI interaction data -- **key12** UI interaction data -- **key13** UI interaction data -- **key14** UI interaction data -- **key15** UI interaction data -- **key16** UI interaction data -- **key17** UI interaction data -- **key18** UI interaction data -- **key19** UI interaction data -- **key2** UI interaction data -- **key20** UI interaction data -- **key21** UI interaction data -- **key22** UI interaction data -- **key23** UI interaction data -- **key24** UI interaction data -- **key25** UI interaction data -- **key26** UI interaction data +- **key1** Interaction data for the UI +- **key10** Interaction data for the UI +- **key11** Interaction data for the UI +- **key12** Interaction data for the UI +- **key13** Interaction data for the UI +- **key14** Interaction data for the UI +- **key15** Interaction data for the UI +- **key16** Interaction data for the UI +- **key17** Interaction data for the UI +- **key18** Interaction data for the UI +- **key19** Interaction data for the UI +- **key2** Interaction data for the UI +- **key20** Interaction data for the UI +- **key21** Interaction data for the UI +- **key22** Interaction data for the UI +- **key23** Interaction data for the UI +- **key24** Interaction data for the UI +- **key25** Interaction data for the UI +- **key26** Interaction data for the UI - **key27** UI interaction data - **key28** UI interaction data - **key29** UI interaction data -- **key3** UI interaction data +- **key3** Interaction data for the UI - **key30** UI interaction data -- **key4** Current package version of UNP -- **key5** UI interaction type +- **key4** Interaction data for the UI +- **key5** UI interaction data - **key6** UI interaction data - **key7** UI interaction data - **key8** UI interaction data @@ -4346,7 +4346,7 @@ The following fields are available: - **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. - **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled +- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. - **TestId** ID that uniquely identifies a group of events. - **WuId** Windows Update client ID. @@ -4991,7 +4991,7 @@ The following fields are available: - **current** Result of currency check. - **dismOperationSucceeded** Dism uninstall operation status. -- **hResult** Failure Error code. +- **hResult** Failure error code. - **oSVersion** Build number of the device. - **paused** Indicates whether the device is paused. - **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status. @@ -5041,7 +5041,7 @@ The following fields are available: - **diceRoll** Random number used for determining if a client will use peering. - **doClientVersion** The version of the Delivery Optimization client. - **doErrorCode** The Delivery Optimization error code that was returned. -- **downloadMode** DownloadMode used (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100) +- **downloadMode** The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100). - **downloadModeSrc** Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9). - **errorCode** The error code that was returned. - **experimentId** ID used to correlate client/services calls that are part of the same test during A/B testing. @@ -5074,21 +5074,21 @@ This event collects information regarding the state of devices and drivers on th The following fields are available: - **activated** Whether the entire device manifest update is considered activated and in use. -- **analysisErrorCount** How many driver packages that could not be analyzed because errors were hit during the analysis. +- **analysisErrorCount** How many driver packages could not be analyzed because errors were hit during the analysis. - **flightId** Unique ID for each flight. -- **missingDriverCount** How many driver packages that were delivered by the device manifest that are missing from the system. -- **missingUpdateCount** How many updates that were part of the device manifest that are missing from the system. +- **missingDriverCount** How many driver packages that were delivered by the device manifest are missing from the system. +- **missingUpdateCount** How many updates that were part of the device manifest are missing from the system. - **objectId** Unique value for each diagnostics session. -- **publishedCount** How many drivers packages that were delivered by the device manifest that are published and available to be used on devices. +- **publishedCount** How many drivers packages that were delivered by the device manifest are published and available to be used on devices. - **relatedCV** Correlation vector value generated from the latest USO scan. - **scenarioId** Indicates the update scenario. - **sessionId** Unique value for each update session. -- **summary** A summary string that contains some basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match on. +- **summary** A summary string that contains some basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match. - **summaryAppendError** A Boolean indicating if there was an error appending more information to the summary string. -- **truncatedDeviceCount** How many devices are missing from the summary string due to there not being enough room in the string. -- **truncatedDriverCount** How many driver packages are missing from the summary string due to there not being enough room in the string. +- **truncatedDeviceCount** How many devices are missing from the summary string because there is not enough room in the string. +- **truncatedDriverCount** How many driver packages are missing from the summary string because there is not enough room in the string. - **unpublishedCount** How many drivers packages that were delivered by the device manifest that are still unpublished and unavailable to be used on devices. -- **updateId** Unique ID for each Update. +- **updateId** Unique ID for each update. ### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentCommit @@ -5430,9 +5430,9 @@ The following fields are available: - **deferReason** Reason why the device could not check for updates. - **detectionBlockingPolicy** State of update action. -- **detectionBlockreason** Reason for blocking detection +- **detectionBlockreason** Reason for detection not completing. - **detectionRetryMode** Indicates whether we will try to scan again. -- **errorCode** Error info +- **errorCode** The returned error code. - **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. - **flightID** The specific ID of the Windows Insider build the device is getting. - **interactive** Indicates whether the session was user initiated. @@ -5440,8 +5440,8 @@ The following fields are available: - **revisionNumber** Update revision number. - **scanTriggerSource** Source of the triggered scan. - **updateId** Update ID. -- **updateScenarioType** Source of the triggered scan -- **wuDeviceid** Device ID +- **updateScenarioType** The update session type. +- **wuDeviceid** Unique device ID used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.DisplayNeeded @@ -5601,7 +5601,7 @@ The following fields are available: - **deferReason** Reason for install not completing. - **errorCode** The error code reppresented by a hexadecimal value. - **eventScenario** End-to-end update session ID. -- **flightID** The specific ID of the Windows Insider build the device is getting. +- **flightID** Unique update ID - **flightUpdate** Indicates whether the update is a Windows Insider build. - **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates. - **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress. @@ -5836,8 +5836,8 @@ This event is sent when MUSE broker schedules a task. The following fields are available: -- **TaskArgument** The arguments with which the task is scheduled. -- **TaskName** Name of the task. +- **TaskArgument** The arguments which the task is scheduled with +- **TaskName** Name of the task ## Windows Update mitigation events @@ -5848,21 +5848,21 @@ This event sends data specific to the CleanupSafeOsImages mitigation used for OS The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightId** Unique identifier for each flight. -- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. -- **MitigationScenario** The update scenario in which the mitigation was executed. -- **MountedImageCount** Number of mounted images. -- **MountedImageMatches** Number of mounted images that were under %systemdrive%\$Windows.~BT. -- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. -- **MountedImagesRemoved** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. -- **MountedImagesSkipped** Number of mounted images that were not under %systemdrive%\$Windows.~BT. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **Result** HResult of this operation. -- **ScenarioId** ID indicating the mitigation scenario. -- **ScenarioSupported** Indicates whether the scenario was supported. -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each Update. +- **ClientId** Unique identifier for each flight. +- **FlightId** Unique GUID that identifies each instances of setuphost.exe. +- **InstanceId** The update scenario in which the mitigation was executed. +- **MitigationScenario** Number of mounted images. +- **MountedImageCount** Number of mounted images that were under %systemdrive%\$Windows.~BT. +- **MountedImageMatches** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. +- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. +- **MountedImagesRemoved** Number of mounted images that were not under %systemdrive%\$Windows.~BT. +- **MountedImagesSkipped** Correlation vector value generated from the latest USO scan. +- **RelatedCV** HResult of this operation. +- **Result** ID indicating the mitigation scenario. +- **ScenarioId** Indicates whether the scenario was supported. +- **ScenarioSupported** Unique value for each update attempt. +- **SessionId** Unique ID for each Update. +- **UpdateId** Unique ID for the Windows Update client. - **WuId** Unique ID for the Windows Update client. @@ -5872,19 +5872,19 @@ This event sends data specific to the FixAppXReparsePoints mitigation used for O The following fields are available: -- **ClientId** Unique identifier for each flight. -- **FlightId** Unique GUID that identifies each instances of setuphost.exe. -- **InstanceId** The update scenario in which the mitigation was executed. -- **MitigationScenario** Correlation vector value generated from the latest USO scan. -- **RelatedCV** Number of reparse points that are corrupted but we failed to fix them. -- **ReparsePointsFailed** Number of reparse points that were corrupted and were fixed by this mitigation. -- **ReparsePointsFixed** Number of reparse points that are not corrupted and no action is required. -- **ReparsePointsSkipped** HResult of this operation. -- **Result** ID indicating the mitigation scenario. -- **ScenarioId** Indicates whether the scenario was supported. -- **ScenarioSupported** Unique value for each update attempt. -- **SessionId** Unique ID for each Update. -- **UpdateId** Unique ID for the Windows Update client. +- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightId** Unique identifier for each flight. +- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. +- **MitigationScenario** The update scenario in which the mitigation was executed. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **ReparsePointsFailed** Number of reparse points that are corrupted but we failed to fix them. +- **ReparsePointsFixed** Number of reparse points that were corrupted and were fixed by this mitigation. +- **ReparsePointsSkipped** Number of reparse points that are not corrupted and no action is required. +- **Result** HResult of this operation. +- **ScenarioId** ID indicating the mitigation scenario. +- **ScenarioSupported** Indicates whether the scenario was supported. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each Update. - **WuId** Unique ID for the Windows Update client. From 180c87e9cbed214a37e08789ba88ba6bac9ceb53 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Wed, 5 Sep 2018 08:25:52 -0700 Subject: [PATCH 14/24] new build --- ...ndows-diagnostic-events-and-fields-1803.md | 118 +++++++++--------- 1 file changed, 59 insertions(+), 59 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index 0680896ceb..e0b7fc29a8 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -9,7 +9,7 @@ ms.pagetype: security localizationpriority: high author: brianlic-msft ms.author: brianlic -ms.date: 09/04/2018 +ms.date: 09/05/2018 --- @@ -83,7 +83,7 @@ The following fields are available: - **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device. - **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. - **InventoryApplicationFile** The count of the number of this particular object type present on this device. -- **InventoryLanguagePack** The count of InventoryLanguagePack objects present on this machine. +- **InventoryLanguagePack** The count of the number of this particular object type present on this device. - **InventoryMediaCenter** The count of the number of this particular object type present on this device. - **InventorySystemBios** The count of the number of this particular object type present on this device. - **InventoryTest** The count of the number of this particular object type present on this device. @@ -114,8 +114,8 @@ The following fields are available: - **AppraiserVersion** The version of the appraiser file that is generating the events. - **AvDisplayName** If the app is an antivirus app, this is its display name. - **CompatModelIndex** The compatibility prediction for this file. -- **HasCitData** Is the file present in CIT data? -- **HasUpgradeExe** Does the antivirus app have an upgrade.exe file? +- **HasCitData** Indicates whether the file is present in CIT data. +- **HasUpgradeExe** Indicates whether the anti-virus app has an upgrade.exe file. - **IsAv** Is the file an antivirus reporting EXE? - **ResolveAttempted** This will always be an empty string when sent. - **SdbEntries** An array of fields that indicates the SDB entries that apply to this file. @@ -145,17 +145,17 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd -This event sends compatibility data for a PNP device, to help keep Windows up to date. +This event sends compatibility data for a Plug and Play device, to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: -- **ActiveNetworkConnection** Is the device an active network device? +- **ActiveNetworkConnection** Indicates whether the device is an active network device. - **AppraiserVersion** The version of the appraiser file generating the events. -- **IsBootCritical** Is the device boot critical? -- **WuDriverCoverage** Is there a driver uplevel for this device according to Windows Update? -- **WuDriverUpdateId** The Windows Update ID of the applicable up-level driver +- **IsBootCritical** Indicates whether the device boot is critical. +- **WuDriverCoverage** Indicates whether there is a driver uplevel for this device, according to Windows Update. +- **WuDriverUpdateId** The Windows Update ID of the applicable uplevel driver. - **WuPopulatedFromId** The expected up-level driver matching ID based on driver coverage from Windows Update @@ -354,9 +354,9 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: -- **AppraiserVersion** The version of the appraiser file generating the events. +- **AppraiserVersion** The version of the appraiser file that is generating the events. - **BlockAlreadyInbox** The uplevel runtime block on the file already existed on the current OS. -- **BlockingApplication** Are there any application issues that interfere with upgrade due to the file in question? +- **BlockingApplication** Indicates whether there are any application issues that interfere with the upgrade due to the file in question. - **DisplayGenericMessage** Will be a generic message be shown for this file? - **HardBlock** This file is blocked in the SDB. - **HasUxBlockOverride** Does the file have a block that is overridden by a tag in the SDB? @@ -399,7 +399,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DecisionDevicePnpAdd -This event sends compatibility decision data about a PNP device to help keep Windows up-to-date. +This event sends compatibility decision data about a PNP device to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -447,7 +447,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DecisionDriverPackageAdd -This event sends decision data about driver package compatibility to help keep Windows up-to-date. +This event sends decision data about driver package compatibility to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -485,7 +485,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockAdd -This event sends compatibility decision data about blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up-to-date. +This event sends compatibility decision data about blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -559,7 +559,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPostUpgradeAdd -This event sends compatibility decision data about entries that require reinstall after upgrade. It's used to help keep Windows up-to-date. +This event sends compatibility decision data about entries that require reinstall after upgrade. It's used to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -585,7 +585,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DecisionMediaCenterAdd -This event sends decision data about the presence of Windows Media Center, to help keep Windows up-to-date. +This event sends decision data about the presence of Windows Media Center, to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -624,7 +624,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DecisionSystemBiosAdd -This event sends compatibility decision data about the BIOS to help keep Windows up-to-date. +This event sends compatibility decision data about the BIOS to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -673,14 +673,14 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.InventoryApplicationFileAdd -This event represents the basic metadata about a file on the system. The file must be part of an app and either have a block in the compatibility database or are part of an anti-virus program. +This event represents the basic metadata about a file on the system. The file must be part of an app and either have a block in the compatibility database or be part of an antivirus program. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: - **AppraiserVersion** The version of the Appraiser file generating the events. -- **BinaryType** A binary type. Example: UNINITIALIZED, ZERO_BYTE, DATA_ONLY, DOS_MODULE, NE16_MODULE, PE32_UNKNOWN, PE32_I386, PE32_ARM, PE64_UNKNOWN, PE64_AMD64, PE64_ARM64, PE64_IA64, PE32_CLR_32, PE32_CLR_IL, PE32_CLR_IL_PREFER32, PE64_CLR_64 +- **BinaryType** A binary type. Example: UNINITIALIZED, ZERO_BYTE, DATA_ONLY, DOS_MODULE, NE16_MODULE, PE32_UNKNOWN, PE32_I386, PE32_ARM, PE64_UNKNOWN, PE64_AMD64, PE64_ARM64, PE64_IA64, PE32_CLR_32, PE32_CLR_IL, PE32_CLR_IL_PREFER32, PE64_CLR_64. - **BinFileVersion** An attempt to clean up FileVersion at the client that tries to place the version into 4 octets. - **BinProductVersion** An attempt to clean up ProductVersion at the client that tries to place the version into 4 octets. - **BoeProgramId** If there is no entry in Add/Remove Programs, this is the ProgramID that is generated from the file metadata. @@ -720,15 +720,15 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.InventoryLanguagePackAdd -This event sends data about the number of language packs installed on the system, to help keep Windows up-to-date. +This event sends data about the number of language packs installed on the system, to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. -- **HasLanguagePack** Does this device have 2 or more language packs? -- **LanguagePackCount** How many language packs are installed? +- **HasLanguagePack** Indicates whether this device has 2 or more language packs. +- **LanguagePackCount** The number of language packs are installed. ### Microsoft.Windows.Appraiser.General.InventoryLanguagePackRemove @@ -2318,11 +2318,11 @@ Event to indicate that the Coordinator WaitForRebootUi call succeeded. The following fields are available: -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector -- **hResult** HRESULT of the failure +- **CampaignID** Campaign ID being run. +- **ClientID** Client ID being run. +- **CoordinatorVersion** Coordinator version of DTU. +- **CV** Correlation vector. +- **hResult** HRESULT of the failure. ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSelection @@ -3476,10 +3476,10 @@ Event tells us effectiveness of new privacy experience. The following fields are available: -- **isAdmin** whether the person who is logging in is an admin +- **isAdmin** Whether the current user is an administrator or not - **isLaunching** Whether or not the privacy consent experience will be launched -- **isSilentElevation** whether the user has most restrictive UAC controls -- **privacyConsentState** whether the user has completed privacy experience +- **isSilentElevation** Whether the current user has enabled silent elevation +- **privacyConsentState** The current state of the privacy consent experience - **userRegionCode** The current user's region setting @@ -4121,7 +4121,7 @@ The following fields are available: - **ScenarioId** Indicates the update scenario. - **SessionId** Unique value for each update attempt. - **SetupMode** Mode of setup to be launched. -- **UpdateId** Unique ID for each Update. +- **UpdateId** Unique ID for each update. - **UserSession** Indicates whether install was invoked by user actions. @@ -4140,7 +4140,7 @@ The following fields are available: - **CV** Correlation vector. - **DetectorVersion** Most recently run detector version for the current campaign. - **GlobalEventCounter** Client side counter that indicates the ordering of events sent by this user. -- **key1** Interaction data for the UI +- **key1** UI interaction data - **key10** Interaction data for the UI - **key11** Interaction data for the UI - **key12** Interaction data for the UI @@ -4162,9 +4162,9 @@ The following fields are available: - **key27** UI interaction data - **key28** UI interaction data - **key29** UI interaction data -- **key3** Interaction data for the UI +- **key3** UI interaction data - **key30** UI interaction data -- **key4** Interaction data for the UI +- **key4** UI interaction data - **key5** UI interaction data - **key6** UI interaction data - **key7** UI interaction data @@ -4824,9 +4824,9 @@ The following fields are available: - **CatalogId** The name of the product catalog from which this app was chosen. - **FailedRetry** Indicates whether the installation or update retry was successful. -- **HResult** The HResult code of the operation. -- **PFN** The Package Family Name of the app that is being installed or updated. -- **ProductId** The product ID of the app that is being updated or installed. +- **HResult** Resulting HResult error/success code of this call +- **PFN** Package Family Name of the app that being installed or updated +- **ProductId** Product Id of the app that is being updated or installed ### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate @@ -5035,7 +5035,7 @@ The following fields are available: - **background** Indicates whether the download is happening in the background. - **bytesRequested** Number of bytes requested for the download. - **callerName** Name of the API caller. -- **cdnUrl** The URL of the source CDN +- **cdnUrl** The URL of the source Content Distribution Network (CDN). - **costFlags** A set of flags representing network cost. - **deviceProfile** Identifies the usage or form factor (such as Desktop, Xbox, or VM). - **diceRoll** Random number used for determining if a client will use peering. @@ -5432,7 +5432,7 @@ The following fields are available: - **detectionBlockingPolicy** State of update action. - **detectionBlockreason** Reason for detection not completing. - **detectionRetryMode** Indicates whether we will try to scan again. -- **errorCode** The returned error code. +- **errorCode** State of update action - **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. - **flightID** The specific ID of the Windows Insider build the device is getting. - **interactive** Indicates whether the session was user initiated. @@ -5440,8 +5440,8 @@ The following fields are available: - **revisionNumber** Update revision number. - **scanTriggerSource** Source of the triggered scan. - **updateId** Update ID. -- **updateScenarioType** The update session type. -- **wuDeviceid** Unique device ID used by Windows Update. +- **updateScenarioType** Update Session type +- **wuDeviceid** Device ID ### Microsoft.Windows.Update.Orchestrator.DisplayNeeded @@ -5525,7 +5525,7 @@ This event is sent during update scan, download, or install, and indicates that The following fields are available: -- **configVersion** Escalation config version on device . +- **configVersion** Escalation config version on device. - **downloadElapsedTime** Indicates how long since the download is required on device. - **downloadRiskLevel** At-risk level of download phase. - **installElapsedTime** Indicates how long since the install is required on device. @@ -5553,7 +5553,7 @@ This event indicates that the update is no longer applicable to this device. The following fields are available: -- **EventPublishedTime** Time when this event was generated. +- **EventPublishedTime** Time when this event was generated - **flightID** The specific ID of the Windows Insider build. - **revisionNumber** Update revision number. - **updateId** Unique Windows Update ID. @@ -5821,7 +5821,7 @@ The following fields are available: - **scheduledRebootTime** Time scheduled for the reboot. - **scheduledRebootTimeInUTC** Time scheduled for the reboot, in UTC. - **updateId** Identifies which update is being scheduled. -- **wuDeviceid** Unique DeviceID +- **wuDeviceid** Unique device ID used by Windows Update. ### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerFirstReadyToReboot @@ -5848,21 +5848,21 @@ This event sends data specific to the CleanupSafeOsImages mitigation used for OS The following fields are available: -- **ClientId** Unique identifier for each flight. -- **FlightId** Unique GUID that identifies each instances of setuphost.exe. -- **InstanceId** The update scenario in which the mitigation was executed. -- **MitigationScenario** Number of mounted images. -- **MountedImageCount** Number of mounted images that were under %systemdrive%\$Windows.~BT. -- **MountedImageMatches** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. -- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. -- **MountedImagesRemoved** Number of mounted images that were not under %systemdrive%\$Windows.~BT. -- **MountedImagesSkipped** Correlation vector value generated from the latest USO scan. -- **RelatedCV** HResult of this operation. -- **Result** ID indicating the mitigation scenario. -- **ScenarioId** Indicates whether the scenario was supported. -- **ScenarioSupported** Unique value for each update attempt. -- **SessionId** Unique ID for each Update. -- **UpdateId** Unique ID for the Windows Update client. +- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightId** Unique identifier for each flight. +- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. +- **MitigationScenario** The update scenario in which the mitigation was executed. +- **MountedImageCount** Number of mounted images. +- **MountedImageMatches** Number of mounted images that were under %systemdrive%\$Windows.~BT. +- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. +- **MountedImagesRemoved** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. +- **MountedImagesSkipped** Number of mounted images that were not under %systemdrive%\$Windows.~BT. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **Result** HResult of this operation. +- **ScenarioId** ID indicating the mitigation scenario. +- **ScenarioSupported** Indicates whether the scenario was supported. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each Update. - **WuId** Unique ID for the Windows Update client. From 3d026868c6d6bb8a42d9137b57363111c1c8f1f9 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Wed, 5 Sep 2018 13:02:45 -0700 Subject: [PATCH 15/24] new build --- .../basic-level-windows-diagnostic-events-and-fields-1803.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index e0b7fc29a8..22c615bd2b 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -13,7 +13,7 @@ ms.date: 09/05/2018 --- -# Windows 10, version 1803 basic level Windows diagnostic events and fields +# Windows 10, version 1803 basic level Windows diagnostic events and fields > [!IMPORTANT] From c7a4923e53a29f7deed7b6940215203303c98ede Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Thu, 6 Sep 2018 08:53:09 -0700 Subject: [PATCH 16/24] new build --- ...ndows-diagnostic-events-and-fields-1803.md | 471 ++++++++++-------- 1 file changed, 257 insertions(+), 214 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index 22c615bd2b..833ad00fa9 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -9,11 +9,11 @@ ms.pagetype: security localizationpriority: high author: brianlic-msft ms.author: brianlic -ms.date: 09/05/2018 +ms.date: 09/06/2018 --- -# Windows 10, version 1803 basic level Windows diagnostic events and fields +# Windows 10, version 1803 basic level Windows diagnostic events and fields > [!IMPORTANT] @@ -92,13 +92,13 @@ The following fields are available: - **SystemMemory** The count of the number of this particular object type present on this device. - **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device. - **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device. -- **SystemProcessorNx** The count of the number of this particular object type present on this device. -- **SystemProcessorPrefetchW** The count of the number of this particular object type present on this device. -- **SystemProcessorSse2** The count of the number of this particular object type present on this device. +- **SystemProcessorNx** The count of SystemProcessorNx objects present on this machine. +- **SystemProcessorPrefetchW** The count of SystemProcessorPrefetchW objects present on this machine. +- **SystemProcessorSse2** The count of SystemProcessorSse2 objects present on this machine. - **SystemTouch** The count of SystemTouch objects present on this machine. -- **SystemWim** The count of the number of this particular object type present on this device. +- **SystemWim** The count of SystemWim objects present on this machine. - **SystemWindowsActivationStatus** The count of SystemWindowsActivationStatus objects present on this machine. -- **SystemWlan** The count of the number of this particular object type present on this device. +- **SystemWlan** The count of SystemWlan objects present on this machine. - **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device. @@ -156,7 +156,7 @@ The following fields are available: - **IsBootCritical** Indicates whether the device boot is critical. - **WuDriverCoverage** Indicates whether there is a driver uplevel for this device, according to Windows Update. - **WuDriverUpdateId** The Windows Update ID of the applicable uplevel driver. -- **WuPopulatedFromId** The expected up-level driver matching ID based on driver coverage from Windows Update +- **WuPopulatedFromId** The expected uplevel driver matching ID based on driver coverage from Windows Update. ### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpRemove @@ -1014,7 +1014,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.SystemProcessorPrefetchWAdd -This event sends data indicating whether the system supports the PrefetchW CPU requirement, to help keep Windows up-to-date. +This event sends data indicating whether the system supports the PrefetchW CPU requirement, to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -1049,7 +1049,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.SystemProcessorSse2Add -This event sends data indicating whether the system supports the SSE2 CPU requirement, to help keep Windows up-to-date. +This event sends data indicating whether the system supports the SSE2 CPU requirement, to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -1084,7 +1084,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.SystemTouchAdd -This event sends data indicating whether the system supports touch, to help keep Windows up-to-date. +This event sends data indicating whether the system supports touch, to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -1119,7 +1119,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.SystemWimAdd -This event sends data indicating whether the operating system is running from a compressed WIM file, to help keep Windows up-to-date. +This event sends data indicating whether the operating system is running from a compressed Windows Imaging Format (WIM) file, to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -1154,7 +1154,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusAdd -This event sends data indicating whether the current operating system is activated, to help keep Windows up-to-date. +This event sends data indicating whether the current operating system is activated, to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -1211,7 +1211,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.TelemetryRunHealth -This event indicates the parameters and result of a telemetry (diagnostic) run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up-to-date. +This event indicates the parameters and result of a telemetry (diagnostic) run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up to date. The following fields are available: @@ -1219,7 +1219,7 @@ The following fields are available: - **AppraiserDataVersion** The version of the data files being used by the Appraiser telemetry run. - **AppraiserProcess** The name of the process that launched Appraiser. - **AppraiserVersion** The file version (major, minor and build) of the Appraiser DLL, concatenated without dots. -- **AuxFinal** Obsolete, always set to false +- **AuxFinal** Obsolete, always set to false. - **AuxInitial** Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app. - **DeadlineDate** A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan. - **EnterpriseRun** Indicates if the telemetry run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter. @@ -1251,11 +1251,11 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: - **AppraiserVersion** The version of the Appraiser file that is generating the events. -- **BlockingApplication** Same as NeedsDismissAction +- **BlockingApplication** Same as NeedsDismissAction. - **NeedsDismissAction** Indicates if a dismissible message is needed to warn the user about a potential loss of data due to DRM deprecation. - **WmdrmApiResult** Raw value of the API used to gather DRM state. - **WmdrmCdRipped** Indicates if the system has any files encrypted with personal DRM, which was used for ripped CDs. -- **WmdrmIndicators** WmdrmCdRipped OR WmdrmPurchased +- **WmdrmIndicators** WmdrmCdRipped OR WmdrmPurchased. - **WmdrmInUse** WmdrmIndicators AND dismissible block in setup was not dismissed. - **WmdrmNonPermanent** Indicates if the system has any files with non-permanent licenses. - **WmdrmPurchased** Indicates if the system has any files with permanent licenses. @@ -1332,7 +1332,7 @@ This event sends data about Azure presence, type, and cloud domain use in order The following fields are available: -- **AADDeviceId** Azure Active Directory device id. +- **AADDeviceId** Azure Active Directory device ID. - **AzureOSIDPresent** Represents the field used to identify an Azure machine. - **AzureVMType** Represents whether the instance is Azure VM PAAS, Azure VM IAAS or any other VMs. - **CDJType** Represents the type of cloud domain joined for the machine. @@ -1366,7 +1366,7 @@ The following fields are available: ### Census.Flighting -This event sends Windows Insider data from customers participating in improvement testing and feedback programs, to help keep Windows up-to-date. +This event sends Windows Insider data from customers participating in improvement testing and feedback programs, to help keep Windows up to date. The following fields are available: @@ -1381,7 +1381,7 @@ The following fields are available: ### Census.Hardware -This event sends data about the device, including hardware type, OEM brand, model line, model, telemetry level setting, and TPM support, to help keep Windows up-to-date. +This event sends data about the device, including hardware type, OEM brand, model line, model, telemetry level setting, and TPM support, to help keep Windows up to date. The following fields are available: @@ -1520,17 +1520,17 @@ The following fields are available: ### Census.Security -This event provides information on about security settings used to help keep Windows up-to-date and secure. +This event provides information on about security settings used to help keep Windows up to date and secure. The following fields are available: -- **AvailableSecurityProperties** This field helps to enumerate and report state on the relevant security properties for Device Guard +- **AvailableSecurityProperties** This field helps to enumerate and report state on the relevant security properties for Device Guard. - **CGRunning** Credential Guard isolates and hardens key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector. This field tells if Credential Guard is running. -- **DGState** This field summarizes Device Guard state -- **HVCIRunning** Hypervisor Code Integrity (HVCI) enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s functionality to force all software running in kernel mode to safely allocate memory. This field tells if HVCI is running -- **IsSawGuest** Describes whether the device is running as a Secure Admin Workstation Guest -- **IsSawHost** Describes whether the device is running as a Secure Admin Workstation Host -- **RequiredSecurityProperties** This field describes the required security properties to enable virtualization-based security +- **DGState** This field summarizes the Device Guard state. +- **HVCIRunning** Hypervisor Code Integrity (HVCI) enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s functionality to force all software running in kernel mode to safely allocate memory. This field tells if HVCI is running. +- **IsSawGuest** Indicates whether the device is running as a Secure Admin Workstation Guest. +- **IsSawHost** Indicates whether the device is running as a Secure Admin Workstation Host. +- **RequiredSecurityProperties** Describes the required security properties to enable virtualization-based security. - **SecureBootCapable** Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting. - **SModeState** The Windows S mode trail state. - **VBSState** Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation. VBS has a tri-state that can be Disabled, Enabled, or Running. @@ -1570,8 +1570,8 @@ This event sends data about the current user's default preferences for browser a The following fields are available: -- **DefaultApp** The current uer's default program selected for the following extension or protocol: .html,.htm,.jpg,.jpeg,.png,.mp3,.mp4, .mov,.pdf -- **DefaultBrowserProgId** The ProgramId of the current user's default browser +- **DefaultApp** The current uer's default program selected for the following extension or protocol: .html, .htm, .jpg, .jpeg, .png, .mp3, .mp4, .mov, .pdf. +- **DefaultBrowserProgId** The ProgramId of the current user's default browser. ### Census.UserDisplay @@ -1646,11 +1646,11 @@ The following fields are available: - **OSWUAutoUpdateOptions** Retrieves the auto update settings on the device. - **UninstallActive** A flag that represents when a device has uninstalled a previous upgrade recently. - **UpdateServiceURLConfigured** Retrieves if the device is managed by Windows Server Update Services (WSUS). -- **WUDeferUpdatePeriod** Retrieves if deferral is set for Updates -- **WUDeferUpgradePeriod** Retrieves if deferral is set for Upgrades +- **WUDeferUpdatePeriod** Retrieves if deferral is set for Updates. +- **WUDeferUpgradePeriod** Retrieves if deferral is set for Upgrades. - **WUDODownloadMode** Retrieves whether DO is turned on and how to acquire/distribute updates Delivery Optimization (DO) allows users to deploy previously downloaded WU updates to other devices on the same network. - **WUMachineId** Retrieves the Windows Update (WU) Machine Identifier. -- **WUPauseState** Retrieves WU setting to determine if updates are paused +- **WUPauseState** Retrieves WU setting to determine if updates are paused. - **WUServer** Retrieves the HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default). @@ -1662,8 +1662,8 @@ The following fields are available: - **XboxConsolePreferredLanguage** Retrieves the preferred language selected by the user on Xbox console. - **XboxConsoleSerialNumber** Retrieves the serial number of the Xbox console. -- **XboxLiveDeviceId** Retrieves the unique device id of the console. -- **XboxLiveSandboxId** Retrieves the developer sandbox id if the device is internal to MS. +- **XboxLiveDeviceId** Retrieves the unique device ID of the console. +- **XboxLiveSandboxId** Retrieves the developer sandbox ID if the device is internal to Microsoft. ## Common data extensions @@ -1866,94 +1866,75 @@ The following fields are available: ### DeploymentTelemetry.Deployment_End -Event to indicate that a Deployment 360 API has completed. +This event indicates that a Deployment 360 API has completed. The following fields are available: -- **ClientId** Client ID of user utilizing the D360 API -- **ErrorCode** Error code of action -- **FlightId** Flight being used -- **Mode** Phase in upgrade -- **RelatedCV** CV of any other related events -- **Result** End result of action +- **ClientId** Client ID of the user utilizing the D360 API. +- **ErrorCode** Error code of action. +- **FlightId** The specific ID of the Windows Insider build the device is getting. +- **Mode** Phase in upgrade. +- **RelatedCV** The correction vector (CV) of any other related events +- **Result** End result of the action. ### DeploymentTelemetry.Deployment_Initialize -Event to indicate that the Deployment 360 APIs have been initialized for use. +This event indicates that the Deployment 360 APIs have been initialized for use. The following fields are available: -- **ClientId** Client ID of user utilizing the D360 API -- **ErrorCode** Error code of action -- **FlightId** Flight being used -- **RelatedCV** CV of any other related events -- **Result** Phase Setup is in +- **ClientId** Client ID of user utilizing the D360 API. +- **ErrorCode** Error code of the action. +- **FlightId** The specific ID of the Windows Insider build the device is getting. +- **RelatedCV** The correlation vector of any other related events. +- **Result** End result of the action. ### DeploymentTelemetry.Deployment_SetupBoxLaunch -Event to indicate that the Deployment 360 APIs have launched Setup Box. +This event indicates that the Deployment 360 APIs have launched Setup Box. The following fields are available: -- **ClientId** Client ID of user utilizing the D360 API -- **FlightId** Flight being used -- **Quiet** Whether Setup run in quiet mode or in full -- **RelatedCV** CV of any other related events -- **SetupMode** Phase Setup is in +- **ClientId** The client ID of the user utilizing the D360 API. +- **FlightId** The specific ID of the Windows Insider build the device is getting. +- **Quiet** Whether Setup will run in quiet mode or full mode. +- **RelatedCV** The correlation vector (CV) of any other related events. +- **SetupMode** The current setup phase. ### DeploymentTelemetry.Deployment_SetupBoxResult -Event to indicate that the Deployment 360 APIs have received a return from Setup Box. +This event indicates that the Deployment 360 APIs have received a return from Setup Box. The following fields are available: -- **ClientId** Client ID of user utilizing the D360 API -- **ErrorCode** Error code of action -- **FlightId** Flight being used -- **Quiet** Whether Setup will run in quiet mode or in full -- **RelatedCV** Correlation vector of any other related events -- **SetupMode** Phase that Setup is in +- **ClientId** Client ID of the user utilizing the D360 API. +- **ErrorCode** Error code of the action. +- **FlightId** The specific ID of the Windows Insider build the device is getting. +- **Quiet** Indicates whether Setup will run in quiet mode or full mode. +- **RelatedCV** The correlation vector (CV) of any other related events. +- **SetupMode** The current Setup phase. ### DeploymentTelemetry.Deployment_Start -Event to indicate that a Deployment 360 API has been called. +This event indicates that a Deployment 360 API has been called. The following fields are available: -- **ClientId** Client ID of user utilizing the D360 API -- **FlightId** Flight being used -- **Mode** Phase in upgrade -- **RelatedCV** CV of any other related events +- **ClientId** Client ID of the user utilizing the D360 API. +- **FlightId** The specific ID of the Windows Insider build the device is getting. +- **Mode** The current phase of the upgrade. +- **RelatedCV** The correlation vector (CV) of any other related events. ## Diagnostic data events -### TelClientSynthetic.AuthorizationInfo_RuntimeTransition - -Fired by UTC at state transitions to signal what data we are allowed to collect. - -The following fields are available: - -- **CanAddMsaToMsTelemetry** True if we can add MSA PUID and CID to telemetry, false otherwise. -- **CanCollectAnyTelemetry** True if we are allowed to collect partner telemetry, false otherwise. -- **CanCollectCoreTelemetry** True if we can collect CORE/Basic telemetry, false otherwise. -- **CanCollectHeartbeats** True if we can collect heartbeat telemetry, false otherwise. -- **CanCollectOsTelemetry** True if we can collect diagnostic data telemetry, false otherwise. -- **CanCollectWindowsAnalyticsEvents** True if we can collect Windows Analytics data, false otherwise. -- **CanPerformDiagnosticEscalations** True if we can perform diagnostic escalation collection, false otherwise. -- **CanPerformTraceEscalations** True if we can perform trace escalation collection, false otherwise. -- **CanReportScenarios** True if we can report scenario completions, false otherwise. -- **PreviousPermissions** Bitmask of previous telemetry state. -- **TransitionFromEverythingOff** True if we are transitioning from all telemetry being disabled, false otherwise. - - ### TelClientSynthetic.AuthorizationInfo_Startup -Fired by UTC at startup to signal what data we are allowed to collect. +This event sends data indicating that a device has undergone a change of telemetry opt-in level detected at UTC startup, to help keep Windows up to date. The telemetry opt-in level signals what data we are allowed to collect. The following fields are available: @@ -2024,7 +2005,7 @@ The following fields are available: ### TelClientSynthetic.HeartBeat_Aria_5 -Telemetry client ARIA heartbeat event. +This event is the telemetry client ARIA heartbeat. The following fields are available: @@ -2073,7 +2054,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCheckApplicabilityGenericFailure -Event to indicate that we have received an unexpected error in the DTU Coordinators CheckApplicability call. +This event indicatse that we have received an unexpected error in the Direct to Update (DTU) Coordinators CheckApplicability call. The following fields are available: @@ -2086,7 +2067,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCleanupGenericFailure -Event to indicate that we have received an unexpected error in the DTU Coordinator Cleanup call. +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Cleanup call. The following fields are available: @@ -2099,7 +2080,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCleanupSuccess -Event to indicate that the Coordinator Cleanup call succeeded. +This event indicates that the Coordinator Cleanup call succeeded. The following fields are available: @@ -2111,7 +2092,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCommitGenericFailure -Commit call. +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Commit call. The following fields are available: @@ -2124,7 +2105,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorCommitSuccess -Event to indicate that the Coordinator Commit call succeeded. +This event indicates that the Coordinator Commit call succeeded. The following fields are available: @@ -2136,7 +2117,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadGenericFailure -Event to indicate that we have received an unexpected error in the DTU Coordinator Download call. +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Download call. The following fields are available: @@ -2149,7 +2130,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadIgnoredFailure -Event to indicate that we have received an error in the DTU Coordinator Download call that will be ignored. +This event indicates that we have received an error in the Direct to Update (DTU) Coordinator Download call that will be ignored. The following fields are available: @@ -2162,7 +2143,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorDownloadSuccess -Event to indicate that the Coordinator Download call succeeded. +This event indicates that the Coordinator Download call succeeded. The following fields are available: @@ -2174,7 +2155,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorHandleShutdownGenericFailure -Event to indicate that we have received an unexpected error in the DTU Coordinator HandleShutdown call. +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator HandleShutdown call. The following fields are available: @@ -2187,7 +2168,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorHandleShutdownSuccess -Event to indicate that the Coordinator HandleShutdown call succeeded. +This event indicates that the Coordinator HandleShutdown call succeeded. The following fields are available: @@ -2199,7 +2180,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInitializeGenericFailure -Event to indicate that we have received an unexpected error in the DTU Coordinator Initialize call. +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Initialize call. The following fields are available: @@ -2212,7 +2193,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInitializeSuccess -Event to indicate that the Coordinator Initialize call succeeded. +This event indicates that the Coordinator Initialize call succeeded. The following fields are available: @@ -2224,7 +2205,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInstallGenericFailure -Event to indicate that we have received an unexpected error in the DTU Coordinator Install call. +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator Install call. The following fields are available: @@ -2237,7 +2218,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInstallIgnoredFailure -Event to indicate that we have received an error in the DTU Coordinator Install call that will be ignored. +This event indicates that we have received an error in the Direct to Update (DTU) Coordinator Install call that will be ignored. The following fields are available: @@ -2250,7 +2231,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorInstallSuccess -Event to indicate that the Coordinator Install call succeeded. +This event indicates that the Coordinator Install call succeeded. The following fields are available: @@ -2262,7 +2243,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorProgressCallBack -Event to indicate Coordinator's progress callback has been called. +This event indicates that the Coordinator's progress callback has been called. The following fields are available: @@ -2276,7 +2257,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorSetCommitReadyGenericFailure -Event to indicate that we have received an unexpected error in the DTU Coordinator SetCommitReady call. +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator SetCommitReady call. The following fields are available: @@ -2289,7 +2270,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorSetCommitReadySuccess -Event to indicate that the Coordinator SetCommitReady call succeeded. +This event indicates that the Coordinator SetCommitReady call succeeded. The following fields are available: @@ -2301,7 +2282,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiGenericFailure -Event to indicate that we have received an unexpected error in the DTU Coordinator WaitForRebootUi call. +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Coordinator WaitForRebootUi call. The following fields are available: @@ -2314,7 +2295,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiNotShown -Event to indicate that the Coordinator WaitForRebootUi call succeeded. +This event indicates that the Coordinator WaitForRebootUi call succeeded. The following fields are available: @@ -2327,7 +2308,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSelection -Event to indicate the user selected an option on the Reboot UI. +This event indicates that the user selected an option on the Reboot UI. The following fields are available: @@ -2340,7 +2321,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSuccess -Event to indicate that the Coordinator WaitForRebootUi call succeeded. +This event indicates that the Coordinator WaitForRebootUi call succeeded. The following fields are available: @@ -2352,7 +2333,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilityGenericFailure -Event to indicate that we have received an unexpected error in the DTU Handler CheckApplicability call. +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler CheckApplicability call. The following fields are available: @@ -2366,7 +2347,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilityInternalGenericFailure -Event to indicate that we have received an unexpected error in the DTU Handler CheckApplicabilityInternal call. +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler CheckApplicabilityInternal call. The following fields are available: @@ -2379,7 +2360,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilityInternalSuccess -Event to indicate that the Handler CheckApplicabilityInternal call succeeded. +This event indicates that the Handler CheckApplicabilityInternal call succeeded. The following fields are available: @@ -2392,7 +2373,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilitySuccess -Event to indicate that the Handler CheckApplicability call succeeded. +This event indicates that the Handler CheckApplicability call succeeded. The following fields are available: @@ -2406,7 +2387,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckIfCoordinatorMinApplicableVersionGenericFailure -Event to indicate that we have received an unexpected error in the DTU Handler CheckIfCoordinatorMinApplicableVersion call. +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler CheckIfCoordinatorMinApplicableVersion call. The following fields are available: @@ -2419,7 +2400,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckIfCoordinatorMinApplicableVersionSuccess -Event to indicate that the Handler CheckIfCoordinatorMinApplicableVersion call succeeded. +This event indicates that the Handler CheckIfCoordinatorMinApplicableVersion call succeeded. The following fields are available: @@ -2432,7 +2413,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUHandlerCommitGenericFailure -Event to indicate that we have received an unexpected error in the DTU Handler Commit call. +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Commit call. The following fields are available: @@ -2446,7 +2427,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUHandlerCommitSuccess -Event to indicate that the Handler Commit call succeeded. +This event indicates that the Handler Commit call succeeded. The following fields are available: @@ -2459,7 +2440,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabAlreadyDownloaded -Event to indicate that the Handler Download and Extract cab returned a value indicating that the cab trying to be downloaded has already been downloaded. +This event indicates that the Handler Download and Extract cab returned a value indicating that the cab has already been downloaded. The following fields are available: @@ -2471,7 +2452,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabFailure -Event to indicate that the Handler Download and Extract cab call failed. +This event indicates that the Handler Download and Extract cab call failed. The following fields are available: @@ -2485,7 +2466,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabSuccess -Event to indicate that the Handler Download and Extract cab call succeeded. +This event indicates that the Handler Download and Extract cab call succeeded. The following fields are available: @@ -2497,7 +2478,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadGenericFailure -Event to indicate that we have received an unexpected error in the DTU Handler Download call. +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Download call. The following fields are available: @@ -2510,7 +2491,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadSuccess -Event to indicate that the Handler Download call succeeded. +This event indicates that the Handler Download call succeeded. The following fields are available: @@ -2522,7 +2503,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUHandlerInitializeGenericFailure -Event to indicate that we have received an unexpected error in the DTU Handler Initialize call. +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Initialize call. The following fields are available: @@ -2536,7 +2517,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUHandlerInitializeSuccess -Event to indicate that the Handler Initialize call succeeded. +This event indicates that the Handler Initialize call succeeded. The following fields are available: @@ -2549,7 +2530,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUHandlerInstallGenericFailure -Event to indicate that we have received an unexpected error in the DTU Handler Install call. +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler Install call. The following fields are available: @@ -2562,7 +2543,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUHandlerInstallSuccess -Event to indicate that the Coordinator Install call succeeded. +This event indicates that the Coordinator Install call succeeded. The following fields are available: @@ -2574,7 +2555,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUHandlerSetCommitReadyGenericFailure -Event to indicate that we have received an unexpected error in the DTU Handler SetCommitReady call. +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler SetCommitReady call. The following fields are available: @@ -2587,7 +2568,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUHandlerSetCommitReadySuccess -Event to indicate that the Handler SetCommitReady call succeeded. +This event indicates that the Handler SetCommitReady call succeeded. The following fields are available: @@ -2599,7 +2580,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUHandlerWaitForRebootUiGenericFailure -Event to indicate that we have received an unexpected error in the DTU Handler WaitForRebootUi call. +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler WaitForRebootUi call. The following fields are available: @@ -2612,7 +2593,7 @@ The following fields are available: ### Microsoft.Windows.DirectToUpdate.DTUHandlerWaitForRebootUiSuccess -Event to indicate that the Handler WaitForRebootUi call succeeded. +This event indicates that the Handler WaitForRebootUi call succeeded. The following fields are available: @@ -2626,23 +2607,23 @@ The following fields are available: ### Microsoft.Windows.Upgrade.Uninstall.UninstallFailed -This event sends diagnostic data about failures when uninstalling a feature update, to help resolve any issues preventing customers from reverting to a known state +This event sends diagnostic data about failures when uninstalling a feature update, to help resolve any issues preventing customers from reverting to a known state. The following fields are available: -- **failureReason** Provides data about the uninstall initialization operation failure -- **hr** Provides the Win32 error code for the operation failure +- **failureReason** Provides data about the uninstall initialization operation failure. +- **hr** Provides the Win32 error code for the operation failure. ### Microsoft.Windows.Upgrade.Uninstall.UninstallFinalizedAndRebootTriggered -Indicates that the uninstall was properly configured and that a system reboot was initiated +This event indicates that the uninstall was properly configured and that a system reboot was initiated. ### Microsoft.Windows.Upgrade.Uninstall.UninstallGoBackButtonClicked -This event sends basic metadata about the starting point of uninstalling a feature update which helps us ensure customers can safely revert to a well-known state if the update caused any problems. +This event sends basic metadata about the starting point of uninstalling a feature update, which helps ensure customers can safely revert to a well-known state if the update caused any problems. @@ -2709,7 +2690,7 @@ The following fields are available: - **Language** The language code of the program. - **MsiPackageCode** A GUID that describes the MSI Package. Multiple 'Products' (apps) can make up an MsiPackage. - **MsiProductCode** A GUID that describe the MSI Product. -- **Name** The name of the application +- **Name** The name of the application. - **OSVersionAtInstallTime** The four octets from the OS version at the time of the application's install. - **PackageFullName** The package full name for a Store application. - **ProgramInstanceId** A hash of the file IDs in an app. @@ -2723,26 +2704,26 @@ The following fields are available: ### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkAdd -This event provides the basic metadata about the frameworks an application may depend on +This event provides the basic metadata about the frameworks an application may depend on. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: -- **FileId** A hash that uniquely identifies a file -- **Frameworks** The list of frameworks this file depends on -- **InventoryVersion** The version of the inventory file generating the events +- **FileId** A hash that uniquely identifies a file. +- **Frameworks** The list of frameworks this file depends on. +- **InventoryVersion** The version of the inventory file generating the events. ### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkStartSync -This event indicates that a new set of InventoryApplicationFrameworkAdd events will be sent +This event indicates that a new set of InventoryApplicationFrameworkAdd events will be sent. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: -- **InventoryVersion** The version of the inventory file generating the events +- **InventoryVersion** The version of the inventory file generating the events. ### Microsoft.Windows.Inventory.Core.InventoryApplicationRemove @@ -2769,7 +2750,7 @@ The following fields are available: ### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerAdd -This event sends basic metadata about a device container (such as a monitor or printer as opposed to a PNP device) to help keep Windows up-to-date. +This event sends basic metadata about a device container (such as a monitor or printer as opposed to a PNP device) to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -2880,18 +2861,18 @@ The following fields are available: ### Microsoft.Windows.Inventory.Core.InventoryDevicePnpAdd -This event represents the basic metadata about a PNP device and its associated driver +This event represents the basic metadata about a plug and play (PNP) device and its associated driver. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: -- **BusReportedDescription** System-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the computer. -- **Class** A unique identifier for the driver installed. -- **ClassGuid** Name of the .sys image file (or wudfrd.sys if using user mode driver framework). -- **COMPID** INF file name (the name could be renamed by OS, such as oemXX.inf) -- **ContainerId** The version of the inventory binary generating the events. -- **Description** The current error code for the device. +- **BusReportedDescription** The description of the device reported by the bux. +- **Class** The device setup class of the driver loaded for the device. +- **ClassGuid** The device class GUID from the driver package +- **COMPID** The device setup class guid of the driver loaded for the device. +- **ContainerId** The list of compat ids for the device. +- **Description** System-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the computer. - **DeviceState** The device description. - **DriverId** DeviceState is a bitmask of the following: DEVICE_IS_CONNECTED 0x0001 (currently only for container). DEVICE_IS_NETWORK_DEVICE 0x0002 (currently only for container). DEVICE_IS_PAIRED 0x0004 (currently only for container). DEVICE_IS_ACTIVE 0x0008 (currently never set). DEVICE_IS_MACHINE 0x0010 (currently only for container). DEVICE_IS_PRESENT 0x0020 (currently always set). DEVICE_IS_HIDDEN 0x0040. DEVICE_IS_PRINTER 0x0080 (currently only for container). DEVICE_IS_WIRELESS 0x0100. DEVICE_IS_WIRELESS_FAT 0x0200. The most common values are therefore: 32 (0x20)= device is present. 96 (0x60)= device is present but hidden. 288 (0x120)= device is a wireless device that is present - **DriverName** A unique identifier for the driver installed. @@ -2941,31 +2922,31 @@ The following fields are available: ### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassAdd -This event sends basic metadata about the USB hubs on the device +This event sends basic metadata about the USB hubs on the device. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: -- **InventoryVersion** The version of the inventory file generating the events -- **TotalUserConnectablePorts** Total number of connectable USB ports -- **TotalUserConnectableTypeCPorts** Total number of connectable USB Type C ports +- **InventoryVersion** The version of the inventory file generating the events. +- **TotalUserConnectablePorts** Total number of connectable USB ports. +- **TotalUserConnectableTypeCPorts** Total number of connectable USB Type C ports. ### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassStartSync -This event indicates that a new set of InventoryDeviceUsbHubClassAdd events will be sent +This event indicates that a new set of InventoryDeviceUsbHubClassAdd events will be sent. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: -- **InventoryVersion** The version of the inventory file generating the events +- **InventoryVersion** The version of the inventory file generating the events. ### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryAdd -This event provides the basic metadata about driver binaries running on the system +This event provides the basic metadata about driver binaries running on the system. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -2986,7 +2967,7 @@ The following fields are available: - **InventoryVersion** The version of the inventory file generating the events. - **Product** The product name that is included in the driver file. - **ProductVersion** The product version that is included in the driver file. -- **Service** The device service name +- **Service** No content is currently available. - **WdfVersion** The Windows Driver Framework version. @@ -3014,7 +2995,7 @@ The following fields are available: ### Microsoft.Windows.Inventory.Core.InventoryDriverPackageAdd -This event sends basic metadata about drive packages installed on the system to help keep Windows up-to-date. +This event sends basic metadata about drive packages installed on the system to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -3456,6 +3437,68 @@ The following fields are available: - **UptimeDeltaMS** Total time (in milliseconds) added to Uptime since the last event +## Other events + +### IO + +No content is currently available. + +The following fields are available: + +- **BytesRead** No content is currently available. +- **BytesWritten** No content is currently available. + + +### wilActivity + +No content is currently available. + +The following fields are available: + +- **callContext** No content is currently available. +- **currentContextId** No content is currently available. +- **currentContextMessage** No content is currently available. +- **currentContextName** No content is currently available. +- **failureCount** No content is currently available. +- **failureId** No content is currently available. +- **failureType** No content is currently available. +- **fileName** No content is currently available. +- **function** No content is currently available. +- **hresult** No content is currently available. +- **lineNumber** No content is currently available. +- **message** No content is currently available. +- **module** No content is currently available. +- **originatingContextId** No content is currently available. +- **originatingContextMessage** No content is currently available. +- **originatingContextName** No content is currently available. +- **threadId** No content is currently available. + + +### wilResult + +No content is currently available. + +The following fields are available: + +- **callContext** No content is currently available. +- **currentContextId** No content is currently available. +- **currentContextMessage** No content is currently available. +- **currentContextName** No content is currently available. +- **failureCount** No content is currently available. +- **failureId** No content is currently available. +- **failureType** No content is currently available. +- **fileName** No content is currently available. +- **function** No content is currently available. +- **hresult** No content is currently available. +- **lineNumber** No content is currently available. +- **message** No content is currently available. +- **module** No content is currently available. +- **originatingContextId** No content is currently available. +- **originatingContextMessage** No content is currently available. +- **originatingContextName** No content is currently available. +- **threadId** No content is currently available. + + ## Privacy consent logging events ### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted @@ -3476,10 +3519,10 @@ Event tells us effectiveness of new privacy experience. The following fields are available: -- **isAdmin** Whether the current user is an administrator or not +- **isAdmin** whether the person who is logging in is an admin - **isLaunching** Whether or not the privacy consent experience will be launched -- **isSilentElevation** Whether the current user has enabled silent elevation -- **privacyConsentState** The current state of the privacy consent experience +- **isSilentElevation** whether the user has most restrictive UAC controls +- **privacyConsentState** whether the user has completed privacy experience - **userRegionCode** The current user's region setting @@ -3703,7 +3746,7 @@ Download process event for target update on Windows Update client. See EventScen The following fields are available: -- **ActiveDownloadTime** How long the download took, in seconds, excluding time where the update wasn't actively being downloaded.Number of seconds the update was actively being downloaded. +- **ActiveDownloadTime** Number of seconds the update was actively being downloaded. - **AppXBlockHashValidationFailureCount** A count of the number of blocks that have failed validation after being downloaded. - **AppXDownloadScope** Indicates the scope of the download for application content. For streaming install scenarios, AllContent - non-streaming download, RequiredOnly - streaming download requested content required for launch, AutomaticOnly - streaming download requested automatic streams for the app, and Unknown - for events sent before download scope is determined by the Windows Update client. - **BiosFamily** The family of the BIOS (Basic Input Output System). @@ -3911,24 +3954,24 @@ Ensures Windows Updates are secure and complete. Event helps to identify whether The following fields are available: - **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request. -- **EndpointUrl** The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments. -- **EventScenario** The purpose of this event, such as scan started, scan succeeded, or scan failed. -- **ExtendedStatusCode** The secondary status code of the event. +- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. +- **EventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. - **LeafCertId** Integral ID from the FragmentSigning data for certificate that failed. - **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. -- **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce +- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce - **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID). -- **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable. +- **RawMode** Raw unparsed mode string from the SLS response. May be null if not applicable. - **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable. - **RevisionId** The revision ID for a specific piece of content. - **RevisionNumber** The revision number for a specific piece of content. -- **ServiceGuid** Identifies the service to which the software distribution client is connected, Example: Windows Update or Windows Store +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc) - **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate. - **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate. - **SHA256OfTimestampToken** A base64-encoded string of hash of the timestamp token blob. - **SignatureAlgorithm** The hash algorithm for the metadata signature. -- **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast -- **StatusCode** The status code of the event. +- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". +- **StatusCode** Result code of the event (success, cancellation, failure code HResult) - **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token. - **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed. - **UpdateId** The update ID for a specific piece of content. @@ -4121,7 +4164,7 @@ The following fields are available: - **ScenarioId** Indicates the update scenario. - **SessionId** Unique value for each update attempt. - **SetupMode** Mode of setup to be launched. -- **UpdateId** Unique ID for each update. +- **UpdateId** Unique ID for each Update. - **UserSession** Indicates whether install was invoked by user actions. @@ -4141,24 +4184,24 @@ The following fields are available: - **DetectorVersion** Most recently run detector version for the current campaign. - **GlobalEventCounter** Client side counter that indicates the ordering of events sent by this user. - **key1** UI interaction data -- **key10** Interaction data for the UI -- **key11** Interaction data for the UI -- **key12** Interaction data for the UI -- **key13** Interaction data for the UI -- **key14** Interaction data for the UI -- **key15** Interaction data for the UI -- **key16** Interaction data for the UI -- **key17** Interaction data for the UI -- **key18** Interaction data for the UI -- **key19** Interaction data for the UI -- **key2** Interaction data for the UI -- **key20** Interaction data for the UI -- **key21** Interaction data for the UI -- **key22** Interaction data for the UI -- **key23** Interaction data for the UI -- **key24** Interaction data for the UI -- **key25** Interaction data for the UI -- **key26** Interaction data for the UI +- **key10** UI interaction data +- **key11** UI interaction data +- **key12** UI interaction data +- **key13** UI interaction data +- **key14** UI interaction data +- **key15** UI interaction data +- **key16** UI interaction data +- **key17** UI interaction data +- **key18** UI interaction data +- **key19** UI interaction data +- **key2** UI interaction data +- **key20** UI interaction data +- **key21** UI interaction data +- **key22** UI interaction data +- **key23** UI interaction data +- **key24** UI interaction data +- **key25** UI interaction data +- **key26** UI interaction data - **key27** UI interaction data - **key28** UI interaction data - **key29** UI interaction data @@ -4824,9 +4867,9 @@ The following fields are available: - **CatalogId** The name of the product catalog from which this app was chosen. - **FailedRetry** Indicates whether the installation or update retry was successful. -- **HResult** Resulting HResult error/success code of this call -- **PFN** Package Family Name of the app that being installed or updated -- **ProductId** Product Id of the app that is being updated or installed +- **HResult** The HResult code of the operation. +- **PFN** The Package Family Name of the app that is being installed or updated. +- **ProductId** The product ID of the app that is being updated or installed. ### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate @@ -4950,7 +4993,7 @@ The following fields are available: - **current** Result of currency check. - **dismOperationSucceeded** Dism uninstall operation status. -- **hResult** Failure Error code. +- **hResult** Failure error code. - **oSVersion** Build number of the device. - **paused** Indicates whether the device is paused. - **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status. @@ -4991,7 +5034,7 @@ The following fields are available: - **current** Result of currency check. - **dismOperationSucceeded** Dism uninstall operation status. -- **hResult** Failure error code. +- **hResult** Failure Error code. - **oSVersion** Build number of the device. - **paused** Indicates whether the device is paused. - **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status. @@ -5035,7 +5078,7 @@ The following fields are available: - **background** Indicates whether the download is happening in the background. - **bytesRequested** Number of bytes requested for the download. - **callerName** Name of the API caller. -- **cdnUrl** The URL of the source Content Distribution Network (CDN). +- **cdnUrl** The URL of the source CDN - **costFlags** A set of flags representing network cost. - **deviceProfile** Identifies the usage or form factor (such as Desktop, Xbox, or VM). - **diceRoll** Random number used for determining if a client will use peering. @@ -5440,8 +5483,8 @@ The following fields are available: - **revisionNumber** Update revision number. - **scanTriggerSource** Source of the triggered scan. - **updateId** Update ID. -- **updateScenarioType** Update Session type -- **wuDeviceid** Device ID +- **updateScenarioType** The update session type. +- **wuDeviceid** Unique device ID used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.DisplayNeeded @@ -5601,7 +5644,7 @@ The following fields are available: - **deferReason** Reason for install not completing. - **errorCode** The error code reppresented by a hexadecimal value. - **eventScenario** End-to-end update session ID. -- **flightID** Unique update ID +- **flightID** The specific ID of the Windows Insider build the device is getting. - **flightUpdate** Indicates whether the update is a Windows Insider build. - **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates. - **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress. @@ -5821,7 +5864,7 @@ The following fields are available: - **scheduledRebootTime** Time scheduled for the reboot. - **scheduledRebootTimeInUTC** Time scheduled for the reboot, in UTC. - **updateId** Identifies which update is being scheduled. -- **wuDeviceid** Unique device ID used by Windows Update. +- **wuDeviceid** Unique DeviceID ### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerFirstReadyToReboot @@ -5848,21 +5891,21 @@ This event sends data specific to the CleanupSafeOsImages mitigation used for OS The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightId** Unique identifier for each flight. -- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. -- **MitigationScenario** The update scenario in which the mitigation was executed. -- **MountedImageCount** Number of mounted images. -- **MountedImageMatches** Number of mounted images that were under %systemdrive%\$Windows.~BT. -- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. -- **MountedImagesRemoved** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. -- **MountedImagesSkipped** Number of mounted images that were not under %systemdrive%\$Windows.~BT. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **Result** HResult of this operation. -- **ScenarioId** ID indicating the mitigation scenario. -- **ScenarioSupported** Indicates whether the scenario was supported. -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each Update. +- **ClientId** Unique identifier for each flight. +- **FlightId** Unique GUID that identifies each instances of setuphost.exe. +- **InstanceId** The update scenario in which the mitigation was executed. +- **MitigationScenario** Number of mounted images. +- **MountedImageCount** Number of mounted images that were under %systemdrive%\$Windows.~BT. +- **MountedImageMatches** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. +- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. +- **MountedImagesRemoved** Number of mounted images that were not under %systemdrive%\$Windows.~BT. +- **MountedImagesSkipped** Correlation vector value generated from the latest USO scan. +- **RelatedCV** HResult of this operation. +- **Result** ID indicating the mitigation scenario. +- **ScenarioId** Indicates whether the scenario was supported. +- **ScenarioSupported** Unique value for each update attempt. +- **SessionId** Unique ID for each Update. +- **UpdateId** Unique ID for the Windows Update client. - **WuId** Unique ID for the Windows Update client. From b539428c05ce4627bd659b5697cd773dda9c8415 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Fri, 7 Sep 2018 08:44:13 -0700 Subject: [PATCH 17/24] new build --- ...ndows-diagnostic-events-and-fields-1803.md | 160 +++++++++--------- 1 file changed, 80 insertions(+), 80 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index 833ad00fa9..106429c136 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -9,7 +9,7 @@ ms.pagetype: security localizationpriority: high author: brianlic-msft ms.author: brianlic -ms.date: 09/06/2018 +ms.date: 09/07/2018 --- @@ -93,7 +93,7 @@ The following fields are available: - **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device. - **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device. - **SystemProcessorNx** The count of SystemProcessorNx objects present on this machine. -- **SystemProcessorPrefetchW** The count of SystemProcessorPrefetchW objects present on this machine. +- **SystemProcessorPrefetchW** The count of the number of this particular object type present on this device. - **SystemProcessorSse2** The count of SystemProcessorSse2 objects present on this machine. - **SystemTouch** The count of SystemTouch objects present on this machine. - **SystemWim** The count of SystemWim objects present on this machine. @@ -1300,7 +1300,7 @@ The following fields are available: - **AppraiserTaskExitCode** The Appraiser task exist code. - **AppraiserTaskLastRun** The last runtime for the Appraiser task. - **CensusVersion** The version of Census that generated the current data for this device. -- **IEVersion** IE version running on the device. +- **IEVersion** Retrieves which version of Internet Explorer is running on this device. ### Census.Battery @@ -2644,13 +2644,13 @@ The following fields are available: - **InventoryApplicationFile** A count of application file objects in cache. - **InventoryApplicationFramework** A count of application framework objects in cache. - **InventoryApplicationShortcut** A count of application shortcut objects in cache. -- **InventoryDeviceContainer** A count of device container objects in cache -- **InventoryDeviceInterface** A count of PNP device interface objects in cache -- **InventoryDeviceMediaClass** A count of device media objects in cache -- **InventoryDevicePnp** A count of devicepnp objects in cache +- **InventoryDeviceContainer** A count of device container objects in cache. +- **InventoryDeviceInterface** A count of Plug and Play device interface objects in cache. +- **InventoryDeviceMediaClass** A count of device media objects in cache. +- **InventoryDevicePnp** A count of device Plug and Play objects in cache. - **InventoryDeviceUsbHubClass** A count of device usb objects in cache -- **InventoryDriverBinary** A count of driver binary objects in cache -- **InventoryDriverPackage** A count of device objects in cache +- **InventoryDriverBinary** A count of driver binary objects in cache. +- **InventoryDriverPackage** A count of device objects in cache. - **InventoryMiscellaneousOfficeAddIn** A count of office add-in objects in cache. - **InventoryMiscellaneousOfficeAddInUsage** A count of office add-in usage objects in cache. - **InventoryMiscellaneousOfficeIdentifiers** A count of office identifier objects in cache. @@ -2685,7 +2685,7 @@ The following fields are available: - **InstallDate** The date the application was installed (a best guess based on folder creation date heuristics). - **InstallDateArpLastModified** The date of the registry ARP key for a given application. Hints at install date but not always accurate. Passed as an array. Example: 4/11/2015 00:00:00 - **InstallDateFromLinkFile** The estimated date of install based on the links to the files. Passed as an array. -- **InstallDateMsi** The install date if the application was installed via MSI. Passed as an array. +- **InstallDateMsi** The install date if the application was installed via Microsoft Installer (MSI). Passed as an array. - **InventoryVersion** The version of the inventory file generating the events. - **Language** The language code of the program. - **MsiPackageCode** A GUID that describes the MSI Package. Multiple 'Products' (apps) can make up an MsiPackage. @@ -2696,7 +2696,7 @@ The following fields are available: - **ProgramInstanceId** A hash of the file IDs in an app. - **Publisher** The Publisher of the application. Location pulled from depends on the 'Source' field. - **RootDirPath** The path to the root directory where the program was installed. -- **Source** How the program was installed (ARP, MSI, Appx, etc...) +- **Source** How the program was installed (for example, ARP, MSI, Appx). - **StoreAppType** A sub-classification for the type of Microsoft Store app, such as UWP or Win8StoreApp. - **Type** One of ("Application", "Hotfix", "BOE", "Service", "Unknown"). Application indicates Win32 or Appx app, Hotfix indicates app updates (KBs), BOE indicates it's an app with no ARP or MSI entry, Service indicates that it is a service. Application and BOE are the ones most likely seen. - **Version** The version number of the program. @@ -2750,7 +2750,7 @@ The following fields are available: ### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerAdd -This event sends basic metadata about a device container (such as a monitor or printer as opposed to a PNP device) to help keep Windows up to date. +This event sends basic metadata about a device container (such as a monitor or printer as opposed to a Plug and Play device) to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -2766,7 +2766,7 @@ The following fields are available: - **IsNetworked** Is this a networked device? - **IsPaired** Does the device container require pairing? - **Manufacturer** The manufacturer name for the device container. -- **ModelId** A model GUID. +- **ModelId** A unique model ID. - **ModelName** The model name. - **ModelNumber** The model number for the device container. - **PrimaryCategory** The primary category for the device container. @@ -2837,7 +2837,7 @@ The following fields are available: ### Microsoft.Windows.Inventory.Core.InventoryDeviceMediaClassAdd -This event sends additional metadata about a PNP device that is specific to a particular class of devices to help keep Windows up to date while reducing overall size of data payload. +This event sends additional metadata about a Plug and Play device that is specific to a particular class of devices to help keep Windows up to date while reducing overall size of data payload. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -2967,7 +2967,7 @@ The following fields are available: - **InventoryVersion** The version of the inventory file generating the events. - **Product** The product name that is included in the driver file. - **ProductVersion** The product version that is included in the driver file. -- **Service** No content is currently available. +- **Service** The name of the service that is installed for the device. - **WdfVersion** The Windows Driver Framework version. @@ -3354,13 +3354,13 @@ The following fields are available: ### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorAdd -These events represent the basic metadata about the OS indicators installed on the system which are used for keeping the device up-to-date. +These events represent the basic metadata about the OS indicators installed on the system which are used for keeping the device up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: -- **IndicatorValue** The indicator value +- **IndicatorValue** The indicator value. ### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorRemove @@ -3441,62 +3441,62 @@ The following fields are available: ### IO -No content is currently available. +This event indicates the number of bytes read from or read by the OS and written to or written by the OS upon system startup. The following fields are available: -- **BytesRead** No content is currently available. -- **BytesWritten** No content is currently available. +- **BytesRead** The total number of bytes read from or read by the OS upon system startup. +- **BytesWritten** The total number of bytes written to or written by the OS upon system startup. ### wilActivity -No content is currently available. +This event provides a Windows Internal Library context used for Product and Service diagnostics. The following fields are available: -- **callContext** No content is currently available. -- **currentContextId** No content is currently available. -- **currentContextMessage** No content is currently available. -- **currentContextName** No content is currently available. -- **failureCount** No content is currently available. -- **failureId** No content is currently available. -- **failureType** No content is currently available. -- **fileName** No content is currently available. -- **function** No content is currently available. -- **hresult** No content is currently available. -- **lineNumber** No content is currently available. -- **message** No content is currently available. -- **module** No content is currently available. -- **originatingContextId** No content is currently available. -- **originatingContextMessage** No content is currently available. -- **originatingContextName** No content is currently available. -- **threadId** No content is currently available. +- **callContext** The function where the failure occurred. +- **currentContextId** The ID of the current call context where the failure occurred. +- **currentContextMessage** The message of the current call context where the failure occurred. +- **currentContextName** The name of the current call context where the failure occurred. +- **failureCount** The number of failures for this failure ID. +- **failureId** The ID of the failure that occurred. +- **failureType** The type of the failure that occurred. +- **fileName** The file name where the failure occurred. +- **function** The function where the failure occurred. +- **hresult** The HResult of the overall activity. +- **lineNumber** The line number where the failure occurred. +- **message** The message of the failure that occurred. +- **module** The module where the failure occurred. +- **originatingContextId** The ID of the originating call context that resulted in the failure. +- **originatingContextMessage** The message of the originating call context that resulted in the failure. +- **originatingContextName** The name of the originating call context that resulted in the failure. +- **threadId** The ID of the thread on which the activity is executing. ### wilResult -No content is currently available. +This event provides a Windows Internal Library context used for Product and Service diagnostics. The following fields are available: -- **callContext** No content is currently available. -- **currentContextId** No content is currently available. -- **currentContextMessage** No content is currently available. -- **currentContextName** No content is currently available. -- **failureCount** No content is currently available. -- **failureId** No content is currently available. -- **failureType** No content is currently available. -- **fileName** No content is currently available. -- **function** No content is currently available. -- **hresult** No content is currently available. -- **lineNumber** No content is currently available. -- **message** No content is currently available. -- **module** No content is currently available. -- **originatingContextId** No content is currently available. -- **originatingContextMessage** No content is currently available. -- **originatingContextName** No content is currently available. -- **threadId** No content is currently available. +- **callContext** The call context stack where failure occurred. +- **currentContextId** The ID of the current call context where the failure occurred. +- **currentContextMessage** The message of the current call context where the failure occurred. +- **currentContextName** The name of the current call context where the failure occurred. +- **failureCount** The number of failures for this failure ID. +- **failureId** The ID of the failure that occurred. +- **failureType** The type of the failure that occurred. +- **fileName** The file name where the failure occurred. +- **function** The function where the failure occurred. +- **hresult** The HResult of the overall activity. +- **lineNumber** The line number where the failure occurred. +- **message** The message of the failure that occurred. +- **module** The module where the failure occurred. +- **originatingContextId** The ID of the originating call context that resulted in the failure. +- **originatingContextMessage** The message of the originating call context that resulted in the failure. +- **originatingContextName** The name of the originating call context that resulted in the failure. +- **threadId** The ID of the thread on which the activity is executing. ## Privacy consent logging events @@ -3519,10 +3519,10 @@ Event tells us effectiveness of new privacy experience. The following fields are available: -- **isAdmin** whether the person who is logging in is an admin +- **isAdmin** Whether the current user is an administrator or not - **isLaunching** Whether or not the privacy consent experience will be launched -- **isSilentElevation** whether the user has most restrictive UAC controls -- **privacyConsentState** whether the user has completed privacy experience +- **isSilentElevation** Whether the current user has enabled silent elevation +- **privacyConsentState** The current state of the privacy consent experience - **userRegionCode** The current user's region setting @@ -3530,7 +3530,7 @@ The following fields are available: ### Microsoft.Windows.Sediment.OSRSS.UrlState -Event indicating the state OSRSS service is in while attempting a download from the URL. +This event indicates the state the Operating System Remediation System Service (OSRSS) is in while attempting a download from the URL. The following fields are available: @@ -3954,24 +3954,24 @@ Ensures Windows Updates are secure and complete. Event helps to identify whether The following fields are available: - **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request. -- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. -- **EventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc. -- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. +- **EndpointUrl** The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments. +- **EventScenario** The purpose of this event, such as scan started, scan succeeded, or scan failed. +- **ExtendedStatusCode** The secondary status code of the event. - **LeafCertId** Integral ID from the FragmentSigning data for certificate that failed. - **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. -- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce +- **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce - **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID). -- **RawMode** Raw unparsed mode string from the SLS response. May be null if not applicable. +- **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable. - **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable. - **RevisionId** The revision ID for a specific piece of content. - **RevisionNumber** The revision number for a specific piece of content. -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc) +- **ServiceGuid** Identifies the service to which the software distribution client is connected, Example: Windows Update or Windows Store - **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate. - **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate. - **SHA256OfTimestampToken** A base64-encoded string of hash of the timestamp token blob. - **SignatureAlgorithm** The hash algorithm for the metadata signature. -- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". -- **StatusCode** Result code of the event (success, cancellation, failure code HResult) +- **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast +- **StatusCode** The status code of the event. - **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token. - **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed. - **UpdateId** The update ID for a specific piece of content. @@ -4203,8 +4203,8 @@ The following fields are available: - **key25** UI interaction data - **key26** UI interaction data - **key27** UI interaction data -- **key28** UI interaction data -- **key29** UI interaction data +- **key28** Interaction data for the UI +- **key29** Interaction data for the UI - **key3** UI interaction data - **key30** UI interaction data - **key4** UI interaction data @@ -4387,7 +4387,7 @@ The following fields are available: - **Setup360Extended** Detailed information about the phase or action when the potential failure occurred. - **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. - **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). - **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. - **TestId** ID that uniquely identifies a group of events. @@ -4867,9 +4867,9 @@ The following fields are available: - **CatalogId** The name of the product catalog from which this app was chosen. - **FailedRetry** Indicates whether the installation or update retry was successful. -- **HResult** The HResult code of the operation. -- **PFN** The Package Family Name of the app that is being installed or updated. -- **ProductId** The product ID of the app that is being updated or installed. +- **HResult** Resulting HResult error/success code of this call +- **PFN** Package Family Name of the app that being installed or updated +- **ProductId** Product Id of the app that is being updated or installed ### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate @@ -4993,7 +4993,7 @@ The following fields are available: - **current** Result of currency check. - **dismOperationSucceeded** Dism uninstall operation status. -- **hResult** Failure error code. +- **hResult** Failure Error code. - **oSVersion** Build number of the device. - **paused** Indicates whether the device is paused. - **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status. @@ -5034,7 +5034,7 @@ The following fields are available: - **current** Result of currency check. - **dismOperationSucceeded** Dism uninstall operation status. -- **hResult** Failure Error code. +- **hResult** Failure error code. - **oSVersion** Build number of the device. - **paused** Indicates whether the device is paused. - **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status. @@ -5084,7 +5084,7 @@ The following fields are available: - **diceRoll** Random number used for determining if a client will use peering. - **doClientVersion** The version of the Delivery Optimization client. - **doErrorCode** The Delivery Optimization error code that was returned. -- **downloadMode** The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100). +- **downloadMode** The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100).) - **downloadModeSrc** Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9). - **errorCode** The error code that was returned. - **experimentId** ID used to correlate client/services calls that are part of the same test during A/B testing. @@ -5454,7 +5454,7 @@ The following fields are available: - **displayNeededReason** List of reasons for needing display. - **eventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.). -- **filteredDeferReason** Applicable filtered reasons why reboot was postponed (such as user active, or low battery). +- **filteredDeferReason** Applicable filtered reasons why reboot was postponed (such as user active, or low battery).. - **gameModeReason** Name of the executable that caused the game mode state check to start. - **ignoredReason** List of reasons that were intentionally ignored. - **raisedDeferReason** Indicates all potential reasons for postponing restart (such as user active, or low battery). @@ -5475,7 +5475,7 @@ The following fields are available: - **detectionBlockingPolicy** State of update action. - **detectionBlockreason** Reason for detection not completing. - **detectionRetryMode** Indicates whether we will try to scan again. -- **errorCode** State of update action +- **errorCode** The returned error code. - **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. - **flightID** The specific ID of the Windows Insider build the device is getting. - **interactive** Indicates whether the session was user initiated. @@ -5596,7 +5596,7 @@ This event indicates that the update is no longer applicable to this device. The following fields are available: -- **EventPublishedTime** Time when this event was generated +- **EventPublishedTime** Time when this event was generated. - **flightID** The specific ID of the Windows Insider build. - **revisionNumber** Update revision number. - **updateId** Unique Windows Update ID. From d7c2294644d8581b0457fb8a97e8189ab2d7b5d7 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Sat, 8 Sep 2018 11:41:10 -0700 Subject: [PATCH 18/24] new build --- ...ndows-diagnostic-events-and-fields-1803.md | 449 +++++++++--------- 1 file changed, 223 insertions(+), 226 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index 106429c136..0f325de817 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -9,7 +9,7 @@ ms.pagetype: security localizationpriority: high author: brianlic-msft ms.author: brianlic -ms.date: 09/07/2018 +ms.date: 09/08/2018 --- @@ -83,21 +83,21 @@ The following fields are available: - **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device. - **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. - **InventoryApplicationFile** The count of the number of this particular object type present on this device. -- **InventoryLanguagePack** The count of the number of this particular object type present on this device. +- **InventoryLanguagePack** The count of InventoryLanguagePack objects present on this machine. - **InventoryMediaCenter** The count of the number of this particular object type present on this device. - **InventorySystemBios** The count of the number of this particular object type present on this device. - **InventoryTest** The count of the number of this particular object type present on this device. - **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device. - **PCFP** An ID for the system, calculated by hashing hardware identifiers. -- **SystemMemory** The count of the number of this particular object type present on this device. +- **SystemMemory** The count of SystemMemory objects present on this machine. - **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device. - **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device. - **SystemProcessorNx** The count of SystemProcessorNx objects present on this machine. -- **SystemProcessorPrefetchW** The count of the number of this particular object type present on this device. -- **SystemProcessorSse2** The count of SystemProcessorSse2 objects present on this machine. -- **SystemTouch** The count of SystemTouch objects present on this machine. +- **SystemProcessorPrefetchW** The count of SystemProcessorPrefetchW objects present on this machine. +- **SystemProcessorSse2** The count of the number of this particular object type present on this device. +- **SystemTouch** The count of the number of this particular object type present on this device. - **SystemWim** The count of SystemWim objects present on this machine. -- **SystemWindowsActivationStatus** The count of SystemWindowsActivationStatus objects present on this machine. +- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device. - **SystemWlan** The count of SystemWlan objects present on this machine. - **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device. @@ -1505,16 +1505,16 @@ The following fields are available: - **MMSettingOverride** Microcode setting of the processor. - **MMSettingOverrideMask** Microcode setting override of the processor. - **PreviousUpdateRevision** Previous microcode revision. -- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system. -- **ProcessorClockSpeed** Clock speed of the processor in MHz. -- **ProcessorCores** Number of logical cores in the processor. -- **ProcessorIdentifier** Processor Identifier of a manufacturer. -- **ProcessorManufacturer** Name of the processor manufacturer. -- **ProcessorModel** Name of the processor model. +- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system. The complete list of values can be found in DimProcessorArchitecture. +- **ProcessorClockSpeed** Retrieves the clock speed of the processor in MHz. +- **ProcessorCores** Retrieves the number of cores in the processor. +- **ProcessorIdentifier** The processor identifier of a manufacturer. +- **ProcessorManufacturer** Retrieves the name of the processor's manufacturer. +- **ProcessorModel** Retrieves the name of the processor model. - **ProcessorPhysicalCores** Number of physical cores in the processor. -- **ProcessorUpdateRevision** Microcode revision +- **ProcessorUpdateRevision** Retrieves the processor architecture of the installed operating system. - **ProcessorUpdateStatus** Enum value that represents the processor microcode load status. -- **SocketCount** Count of CPU sockets. +- **SocketCount** Number of physical CPU sockets of the machine. - **SpeculationControl** If the system has enabled protections needed to validate the speculation control vulnerability. @@ -2058,9 +2058,9 @@ This event indicatse that we have received an unexpected error in the Direct to The following fields are available: -- **CampaignID** Campaign ID being run. -- **ClientID** Client ID being run. -- **CoordinatorVersion** Coordinator version of DTU. +- **CampaignID** ID of the campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. - **CV** Correlation vector. - **hResult** HRESULT of the failure. @@ -2250,7 +2250,6 @@ The following fields are available: - **CampaignID** Campaign ID being run. - **ClientID** Client ID being run. - **CoordinatorVersion** Coordinator version of DTU. -- **Current Deploy Phase's percentage completed** Trigger which fired UXLauncher. - **CV** Correlation vector. - **DeployPhase** Current Deploy Phase. @@ -2274,9 +2273,9 @@ This event indicates that the Coordinator SetCommitReady call succeeded. The following fields are available: -- **CampaignID** Campaign ID being run. -- **ClientID** Client ID being run. -- **CoordinatorVersion** Coordinator version of DTU. +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. - **CV** Correlation vector. @@ -2300,8 +2299,8 @@ This event indicates that the Coordinator WaitForRebootUi call succeeded. The following fields are available: - **CampaignID** Campaign ID being run. -- **ClientID** Client ID being run. -- **CoordinatorVersion** Coordinator version of DTU. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. - **CV** Correlation vector. - **hResult** HRESULT of the failure. @@ -2312,11 +2311,11 @@ This event indicates that the user selected an option on the Reboot UI. The following fields are available: -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector -- **rebootUiSelection** Selection on the Reboot UI +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **rebootUiSelection** Selection on the Reboot UI. ### Microsoft.Windows.DirectToUpdate.DTUCoordinatorWaitForRebootUiSuccess @@ -2325,10 +2324,10 @@ This event indicates that the Coordinator WaitForRebootUi call succeeded. The following fields are available: -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. ### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilityGenericFailure @@ -2351,11 +2350,11 @@ This event indicates that we have received an unexpected error in the Direct to The following fields are available: -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector -- **hResult** HRESULT of the failure +- **CampaignID** ID of the campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **hResult** HRESULT of the failure. ### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilityInternalSuccess @@ -2364,11 +2363,11 @@ This event indicates that the Handler CheckApplicabilityInternal call succeeded. The following fields are available: -- **ApplicabilityResult** Result of CheckApplicability function -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector +- **ApplicabilityResult** The result of the applicability check. +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. ### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilitySuccess @@ -2377,12 +2376,12 @@ This event indicates that the Handler CheckApplicability call succeeded. The following fields are available: -- **ApplicabilityResult** Result of CheckApplicability function -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector -- **CV_new** New correlation vector +- **ApplicabilityResult** The result code indicating whether the update is applicable. +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **CV_new** New correlation vector. ### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckIfCoordinatorMinApplicableVersionGenericFailure @@ -2404,11 +2403,11 @@ This event indicates that the Handler CheckIfCoordinatorMinApplicableVersion cal The following fields are available: -- **CampaignID** Campaign ID being run -- **CheckIfCoordinatorMinApplicableVersionResult** Result of CheckIfCoordinatorMinApplicableVersion function -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector +- **CampaignID** ID of the update campaign being run. +- **CheckIfCoordinatorMinApplicableVersionResult** Result of CheckIfCoordinatorMinApplicableVersion function. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. ### Microsoft.Windows.DirectToUpdate.DTUHandlerCommitGenericFailure @@ -2417,12 +2416,12 @@ This event indicates that we have received an unexpected error in the Direct to The following fields are available: -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector -- **CV_new** New correlation vector -- **hResult** HRESULT of the failure +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **CV_new** New correlation vector. +- **hResult** HRESULT of the failure. ### Microsoft.Windows.DirectToUpdate.DTUHandlerCommitSuccess @@ -2431,11 +2430,11 @@ This event indicates that the Handler Commit call succeeded. The following fields are available: -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector -- **CV_new** New correlation vector +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **CV_new** New correlation vector. ### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabAlreadyDownloaded @@ -2456,12 +2455,12 @@ This event indicates that the Handler Download and Extract cab call failed. The following fields are available: -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector -- **DownloadAndExtractCabFunction_failureReason** Reason why the DownloadAndExtractCab function failed -- **hResult** HRESULT of the failure +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **DownloadAndExtractCabFunction_failureReason** Reason why the update download and extract process failed. +- **hResult** HRESULT of the failure. ### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadAndExtractCabSuccess @@ -2470,10 +2469,10 @@ This event indicates that the Handler Download and Extract cab call succeeded. The following fields are available: -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. ### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadGenericFailure @@ -2482,11 +2481,11 @@ This event indicates that we have received an unexpected error in the Direct to The following fields are available: -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector -- **hResult** HRESULT of the failure +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **hResult** HRESULT of the failure. ### Microsoft.Windows.DirectToUpdate.DTUHandlerDownloadSuccess @@ -2495,10 +2494,10 @@ This event indicates that the Handler Download call succeeded. The following fields are available: -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. ### Microsoft.Windows.DirectToUpdate.DTUHandlerInitializeGenericFailure @@ -2507,12 +2506,12 @@ This event indicates that we have received an unexpected error in the Direct to The following fields are available: -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector -- **DownloadAndExtractCabFunction_hResult** HRESULT of the DownloadAndExtractCab function -- **hResult** HRESULT of the failure +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **DownloadAndExtractCabFunction_hResult** HRESULT of the download and extract. +- **hResult** HRESULT of the failure. ### Microsoft.Windows.DirectToUpdate.DTUHandlerInitializeSuccess @@ -2521,11 +2520,11 @@ This event indicates that the Handler Initialize call succeeded. The following fields are available: -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector -- **DownloadAndExtractCabFunction_hResult** HRESULT of the DownloadAndExtractCab function +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **DownloadAndExtractCabFunction_hResult** HRESULT of the download and extraction. ### Microsoft.Windows.DirectToUpdate.DTUHandlerInstallGenericFailure @@ -2534,11 +2533,11 @@ This event indicates that we have received an unexpected error in the Direct to The following fields are available: -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector -- **hResult** HRESULT of the failure +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **hResult** HRESULT of the failure. ### Microsoft.Windows.DirectToUpdate.DTUHandlerInstallSuccess @@ -2547,10 +2546,10 @@ This event indicates that the Coordinator Install call succeeded. The following fields are available: -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector +- **CampaignID** ID of the update campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. ### Microsoft.Windows.DirectToUpdate.DTUHandlerSetCommitReadyGenericFailure @@ -2572,10 +2571,10 @@ This event indicates that the Handler SetCommitReady call succeeded. The following fields are available: -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector +- **CampaignID** ID of the campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. ### Microsoft.Windows.DirectToUpdate.DTUHandlerWaitForRebootUiGenericFailure @@ -2584,11 +2583,11 @@ This event indicates that we have received an unexpected error in the Direct to The following fields are available: -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector -- **hResult** HRESULT of the failure +- **CampaignID** The ID of the campaigning being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. +- **hResult** The HRESULT of the failure. ### Microsoft.Windows.DirectToUpdate.DTUHandlerWaitForRebootUiSuccess @@ -2597,10 +2596,10 @@ This event indicates that the Handler WaitForRebootUi call succeeded. The following fields are available: -- **CampaignID** Campaign ID being run -- **ClientID** Client ID being run -- **CoordinatorVersion** Coordinator version of DTU -- **CV** Correlation vector +- **CampaignID** ID of the campaign being run. +- **ClientID** ID of the client receiving the update. +- **CoordinatorVersion** Coordinator version of Direct to Update. +- **CV** Correlation vector. ## Feature update events @@ -2867,12 +2866,12 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: -- **BusReportedDescription** The description of the device reported by the bux. -- **Class** The device setup class of the driver loaded for the device. -- **ClassGuid** The device class GUID from the driver package -- **COMPID** The device setup class guid of the driver loaded for the device. -- **ContainerId** The list of compat ids for the device. -- **Description** System-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the computer. +- **BusReportedDescription** System-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the computer. +- **Class** A unique identifier for the driver installed. +- **ClassGuid** Name of the .sys image file (or wudfrd.sys if using user mode driver framework). +- **COMPID** INF file name (the name could be renamed by OS, such as oemXX.inf) +- **ContainerId** The version of the inventory binary generating the events. +- **Description** The current error code for the device. - **DeviceState** The device description. - **DriverId** DeviceState is a bitmask of the following: DEVICE_IS_CONNECTED 0x0001 (currently only for container). DEVICE_IS_NETWORK_DEVICE 0x0002 (currently only for container). DEVICE_IS_PAIRED 0x0004 (currently only for container). DEVICE_IS_ACTIVE 0x0008 (currently never set). DEVICE_IS_MACHINE 0x0010 (currently only for container). DEVICE_IS_PRESENT 0x0020 (currently always set). DEVICE_IS_HIDDEN 0x0040. DEVICE_IS_PRINTER 0x0080 (currently only for container). DEVICE_IS_WIRELESS 0x0100. DEVICE_IS_WIRELESS_FAT 0x0200. The most common values are therefore: 32 (0x20)= device is present. 96 (0x60)= device is present but hidden. 288 (0x120)= device is a wireless device that is present - **DriverName** A unique identifier for the driver installed. @@ -3381,6 +3380,16 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic ## Kernel events +### IO + +This event indicates the number of bytes read from or read by the OS and written to or written by the OS upon system startup. + +The following fields are available: + +- **BytesRead** The total number of bytes read from or read by the OS upon system startup. +- **BytesWritten** The total number of bytes written to or written by the OS upon system startup. + + ### Microsoft.Windows.Kernel.BootEnvironment.OsLaunch OS information collected during Boot, used to evaluate the success of the upgrade process. @@ -3437,68 +3446,6 @@ The following fields are available: - **UptimeDeltaMS** Total time (in milliseconds) added to Uptime since the last event -## Other events - -### IO - -This event indicates the number of bytes read from or read by the OS and written to or written by the OS upon system startup. - -The following fields are available: - -- **BytesRead** The total number of bytes read from or read by the OS upon system startup. -- **BytesWritten** The total number of bytes written to or written by the OS upon system startup. - - -### wilActivity - -This event provides a Windows Internal Library context used for Product and Service diagnostics. - -The following fields are available: - -- **callContext** The function where the failure occurred. -- **currentContextId** The ID of the current call context where the failure occurred. -- **currentContextMessage** The message of the current call context where the failure occurred. -- **currentContextName** The name of the current call context where the failure occurred. -- **failureCount** The number of failures for this failure ID. -- **failureId** The ID of the failure that occurred. -- **failureType** The type of the failure that occurred. -- **fileName** The file name where the failure occurred. -- **function** The function where the failure occurred. -- **hresult** The HResult of the overall activity. -- **lineNumber** The line number where the failure occurred. -- **message** The message of the failure that occurred. -- **module** The module where the failure occurred. -- **originatingContextId** The ID of the originating call context that resulted in the failure. -- **originatingContextMessage** The message of the originating call context that resulted in the failure. -- **originatingContextName** The name of the originating call context that resulted in the failure. -- **threadId** The ID of the thread on which the activity is executing. - - -### wilResult - -This event provides a Windows Internal Library context used for Product and Service diagnostics. - -The following fields are available: - -- **callContext** The call context stack where failure occurred. -- **currentContextId** The ID of the current call context where the failure occurred. -- **currentContextMessage** The message of the current call context where the failure occurred. -- **currentContextName** The name of the current call context where the failure occurred. -- **failureCount** The number of failures for this failure ID. -- **failureId** The ID of the failure that occurred. -- **failureType** The type of the failure that occurred. -- **fileName** The file name where the failure occurred. -- **function** The function where the failure occurred. -- **hresult** The HResult of the overall activity. -- **lineNumber** The line number where the failure occurred. -- **message** The message of the failure that occurred. -- **module** The module where the failure occurred. -- **originatingContextId** The ID of the originating call context that resulted in the failure. -- **originatingContextMessage** The message of the originating call context that resulted in the failure. -- **originatingContextName** The name of the originating call context that resulted in the failure. -- **threadId** The ID of the thread on which the activity is executing. - - ## Privacy consent logging events ### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted @@ -3580,6 +3527,56 @@ The following fields are available: - **wilActivity** Windows Error Reporting data collected when there is a failure in evaluating accounts to be deleted with the Transient Account Manager. See [wilActivity](#wilactivity). +### wilActivity + +This event provides a Windows Internal Library context used for Product and Service diagnostics. + +The following fields are available: + +- **callContext** The function where the failure occurred. +- **currentContextId** The ID of the current call context where the failure occurred. +- **currentContextMessage** The message of the current call context where the failure occurred. +- **currentContextName** The name of the current call context where the failure occurred. +- **failureCount** The number of failures for this failure ID. +- **failureId** The ID of the failure that occurred. +- **failureType** The type of the failure that occurred. +- **fileName** The file name where the failure occurred. +- **function** The function where the failure occurred. +- **hresult** The HResult of the overall activity. +- **lineNumber** The line number where the failure occurred. +- **message** The message of the failure that occurred. +- **module** The module where the failure occurred. +- **originatingContextId** The ID of the originating call context that resulted in the failure. +- **originatingContextMessage** The message of the originating call context that resulted in the failure. +- **originatingContextName** The name of the originating call context that resulted in the failure. +- **threadId** The ID of the thread on which the activity is executing. + + +### wilResult + +This event provides a Windows Internal Library context used for Product and Service diagnostics. + +The following fields are available: + +- **callContext** The call context stack where failure occurred. +- **currentContextId** The ID of the current call context where the failure occurred. +- **currentContextMessage** The message of the current call context where the failure occurred. +- **currentContextName** The name of the current call context where the failure occurred. +- **failureCount** The number of failures for this failure ID. +- **failureId** The ID of the failure that occurred. +- **failureType** The type of the failure that occurred. +- **fileName** The file name where the failure occurred. +- **function** The function where the failure occurred. +- **hresult** The HResult of the overall activity. +- **lineNumber** The line number where the failure occurred. +- **message** The message of the failure that occurred. +- **module** The module where the failure occurred. +- **originatingContextId** The ID of the originating call context that resulted in the failure. +- **originatingContextMessage** The message of the originating call context that resulted in the failure. +- **originatingContextName** The name of the originating call context that resulted in the failure. +- **threadId** The ID of the thread on which the activity is executing. + + ## SIH events ### SIHEngineTelemetry.EvalApplicability @@ -3960,21 +3957,21 @@ The following fields are available: - **LeafCertId** Integral ID from the FragmentSigning data for certificate that failed. - **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. - **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce -- **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID). +- **MetadataSignature** Base64 string of the signature associated with the update metadata (specified by revision id) - **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable. - **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable. -- **RevisionId** The revision ID for a specific piece of content. -- **RevisionNumber** The revision number for a specific piece of content. +- **RevisionId** Identifies the revision of this specific piece of content +- **RevisionNumber** Identifies the revision number of this specific piece of content - **ServiceGuid** Identifies the service to which the software distribution client is connected, Example: Windows Update or Windows Store - **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate. -- **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate. +- **SHA256OfLeafCertPublicKey** Base64 encoding of hash of the Base64CertData in the FragmentSigning data of leaf certificate. - **SHA256OfTimestampToken** A base64-encoded string of hash of the timestamp token blob. -- **SignatureAlgorithm** The hash algorithm for the metadata signature. +- **SignatureAlgorithm** Hash algorithm for the metadata signature - **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast - **StatusCode** The status code of the event. - **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token. - **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed. -- **UpdateId** The update ID for a specific piece of content. +- **UpdateId** Identifier associated with the specific piece of content - **ValidityWindowInDays** The validity window that's in effect when verifying the timestamp. @@ -4164,7 +4161,7 @@ The following fields are available: - **ScenarioId** Indicates the update scenario. - **SessionId** Unique value for each update attempt. - **SetupMode** Mode of setup to be launched. -- **UpdateId** Unique ID for each Update. +- **UpdateId** Unique ID for each update. - **UserSession** Indicates whether install was invoked by user actions. @@ -4321,7 +4318,7 @@ This event determines whether devices received additional or critical supplement The following fields are available: -- **DCATUrl** The DCAT URL we send the request to. +- **DCATUrl** The Delivery Catalog (DCAT) URL we send the request to. - **DownloadRequestAttributes** The attributes we send to DCAT. - **ResultCode** The result returned from the initialization of Facilitator with the URL/attributes. - **Scenario** Dynamic Update scenario (Image DU, or Setup DU). @@ -4387,7 +4384,7 @@ The following fields are available: - **Setup360Extended** Detailed information about the phase or action when the potential failure occurred. - **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. - **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). - **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. - **TestId** ID that uniquely identifies a group of events. @@ -4565,7 +4562,7 @@ Result of the WaaSMedic operation. The following fields are available: -- **detectionSummary** Result of each applicable detection that was ran. +- **detectionSummary** Result of each applicable detection that was run. - **featureAssessmentImpact** WaaS Assessment impact for feature updates. - **hrEngineResult** Error code from the engine operation. - **insufficientSessions** Device not eligible for diagnostics. @@ -4573,7 +4570,7 @@ The following fields are available: - **isWUConnected** Device is connected to Windows Update. - **noMoreActions** No more applicable diagnostics. - **qualityAssessmentImpact** WaaS Assessment impact for quality updates. -- **remediationSummary** Result of each applicable resolution that was ran. +- **remediationSummary** Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn the it back on. - **usingBackupFeatureAssessment** Relying on backup feature assessment. - **usingBackupQualityAssessment** Relying on backup quality assessment. - **usingCachedFeatureAssessment** WaaS Medic run did not get OS build age from the network on the previous run. @@ -4867,9 +4864,9 @@ The following fields are available: - **CatalogId** The name of the product catalog from which this app was chosen. - **FailedRetry** Indicates whether the installation or update retry was successful. -- **HResult** Resulting HResult error/success code of this call -- **PFN** Package Family Name of the app that being installed or updated -- **ProductId** Product Id of the app that is being updated or installed +- **HResult** The HResult code of the operation. +- **PFN** The Package Family Name of the app that is being installed or updated. +- **ProductId** The product ID of the app that is being updated or installed. ### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate @@ -4993,7 +4990,7 @@ The following fields are available: - **current** Result of currency check. - **dismOperationSucceeded** Dism uninstall operation status. -- **hResult** Failure Error code. +- **hResult** Failure error code. - **oSVersion** Build number of the device. - **paused** Indicates whether the device is paused. - **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status. @@ -5034,7 +5031,7 @@ The following fields are available: - **current** Result of currency check. - **dismOperationSucceeded** Dism uninstall operation status. -- **hResult** Failure error code. +- **hResult** Failure Error code. - **oSVersion** Build number of the device. - **paused** Indicates whether the device is paused. - **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status. @@ -5078,13 +5075,13 @@ The following fields are available: - **background** Indicates whether the download is happening in the background. - **bytesRequested** Number of bytes requested for the download. - **callerName** Name of the API caller. -- **cdnUrl** The URL of the source CDN +- **cdnUrl** The URL of the source Content Distribution Network (CDN). - **costFlags** A set of flags representing network cost. - **deviceProfile** Identifies the usage or form factor (such as Desktop, Xbox, or VM). - **diceRoll** Random number used for determining if a client will use peering. - **doClientVersion** The version of the Delivery Optimization client. - **doErrorCode** The Delivery Optimization error code that was returned. -- **downloadMode** The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100).) +- **downloadMode** The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100). - **downloadModeSrc** Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9). - **errorCode** The error code that was returned. - **experimentId** ID used to correlate client/services calls that are part of the same test during A/B testing. @@ -5454,7 +5451,7 @@ The following fields are available: - **displayNeededReason** List of reasons for needing display. - **eventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.). -- **filteredDeferReason** Applicable filtered reasons why reboot was postponed (such as user active, or low battery).. +- **filteredDeferReason** Applicable filtered reasons why reboot was postponed (such as user active, or low battery). - **gameModeReason** Name of the executable that caused the game mode state check to start. - **ignoredReason** List of reasons that were intentionally ignored. - **raisedDeferReason** Indicates all potential reasons for postponing restart (such as user active, or low battery). @@ -5473,9 +5470,9 @@ The following fields are available: - **deferReason** Reason why the device could not check for updates. - **detectionBlockingPolicy** State of update action. -- **detectionBlockreason** Reason for detection not completing. +- **detectionBlockreason** If we retry to scan - **detectionRetryMode** Indicates whether we will try to scan again. -- **errorCode** The returned error code. +- **errorCode** State of update action - **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. - **flightID** The specific ID of the Windows Insider build the device is getting. - **interactive** Indicates whether the session was user initiated. @@ -5483,8 +5480,8 @@ The following fields are available: - **revisionNumber** Update revision number. - **scanTriggerSource** Source of the triggered scan. - **updateId** Update ID. -- **updateScenarioType** The update session type. -- **wuDeviceid** Unique device ID used by Windows Update. +- **updateScenarioType** Device ID +- **wuDeviceid** Device ID ### Microsoft.Windows.Update.Orchestrator.DisplayNeeded @@ -5864,7 +5861,7 @@ The following fields are available: - **scheduledRebootTime** Time scheduled for the reboot. - **scheduledRebootTimeInUTC** Time scheduled for the reboot, in UTC. - **updateId** Identifies which update is being scheduled. -- **wuDeviceid** Unique DeviceID +- **wuDeviceid** Unique device ID used by Windows Update. ### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerFirstReadyToReboot @@ -5879,8 +5876,8 @@ This event is sent when MUSE broker schedules a task. The following fields are available: -- **TaskArgument** The arguments which the task is scheduled with -- **TaskName** Name of the task +- **TaskArgument** The arguments with which the task is scheduled. +- **TaskName** Name of the task. ## Windows Update mitigation events @@ -5891,21 +5888,21 @@ This event sends data specific to the CleanupSafeOsImages mitigation used for OS The following fields are available: -- **ClientId** Unique identifier for each flight. -- **FlightId** Unique GUID that identifies each instances of setuphost.exe. -- **InstanceId** The update scenario in which the mitigation was executed. -- **MitigationScenario** Number of mounted images. -- **MountedImageCount** Number of mounted images that were under %systemdrive%\$Windows.~BT. -- **MountedImageMatches** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. -- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. -- **MountedImagesRemoved** Number of mounted images that were not under %systemdrive%\$Windows.~BT. -- **MountedImagesSkipped** Correlation vector value generated from the latest USO scan. -- **RelatedCV** HResult of this operation. -- **Result** ID indicating the mitigation scenario. -- **ScenarioId** Indicates whether the scenario was supported. -- **ScenarioSupported** Unique value for each update attempt. -- **SessionId** Unique ID for each Update. -- **UpdateId** Unique ID for the Windows Update client. +- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightId** Unique identifier for each flight. +- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. +- **MitigationScenario** The update scenario in which the mitigation was executed. +- **MountedImageCount** Number of mounted images. +- **MountedImageMatches** Number of mounted images that were under %systemdrive%\$Windows.~BT. +- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. +- **MountedImagesRemoved** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. +- **MountedImagesSkipped** Number of mounted images that were not under %systemdrive%\$Windows.~BT. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **Result** HResult of this operation. +- **ScenarioId** ID indicating the mitigation scenario. +- **ScenarioSupported** Indicates whether the scenario was supported. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each Update. - **WuId** Unique ID for the Windows Update client. From 46cf6cfd89a6b3207855489f7430daa8e8811b72 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Mon, 10 Sep 2018 15:37:16 -0700 Subject: [PATCH 19/24] new build --- ...ndows-diagnostic-events-and-fields-1803.md | 130 +++++++++--------- 1 file changed, 62 insertions(+), 68 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index 0f325de817..55efbb3633 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -9,17 +9,12 @@ ms.pagetype: security localizationpriority: high author: brianlic-msft ms.author: brianlic -ms.date: 09/08/2018 +ms.date: 09/10/2018 --- # Windows 10, version 1803 basic level Windows diagnostic events and fields - -> [!IMPORTANT] -> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. - - **Applies to** - Windows 10, version 1803 @@ -34,7 +29,6 @@ Use this article to learn about diagnostic events, grouped by event area, and th You can learn more about Windows functional and diagnostic data through these articles: -- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md) - [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md) - [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) - [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) @@ -83,21 +77,21 @@ The following fields are available: - **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device. - **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. - **InventoryApplicationFile** The count of the number of this particular object type present on this device. -- **InventoryLanguagePack** The count of InventoryLanguagePack objects present on this machine. +- **InventoryLanguagePack** The count of the number of this particular object type present on this device. - **InventoryMediaCenter** The count of the number of this particular object type present on this device. - **InventorySystemBios** The count of the number of this particular object type present on this device. - **InventoryTest** The count of the number of this particular object type present on this device. - **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device. - **PCFP** An ID for the system, calculated by hashing hardware identifiers. -- **SystemMemory** The count of SystemMemory objects present on this machine. +- **SystemMemory** The count of the number of this particular object type present on this device. - **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device. - **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device. - **SystemProcessorNx** The count of SystemProcessorNx objects present on this machine. -- **SystemProcessorPrefetchW** The count of SystemProcessorPrefetchW objects present on this machine. -- **SystemProcessorSse2** The count of the number of this particular object type present on this device. -- **SystemTouch** The count of the number of this particular object type present on this device. +- **SystemProcessorPrefetchW** The count of the number of this particular object type present on this device. +- **SystemProcessorSse2** The count of SystemProcessorSse2 objects present on this machine. +- **SystemTouch** The count of SystemTouch objects present on this machine. - **SystemWim** The count of SystemWim objects present on this machine. -- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device. +- **SystemWindowsActivationStatus** The count of SystemWindowsActivationStatus objects present on this machine. - **SystemWlan** The count of SystemWlan objects present on this machine. - **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device. @@ -1505,16 +1499,16 @@ The following fields are available: - **MMSettingOverride** Microcode setting of the processor. - **MMSettingOverrideMask** Microcode setting override of the processor. - **PreviousUpdateRevision** Previous microcode revision. -- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system. The complete list of values can be found in DimProcessorArchitecture. -- **ProcessorClockSpeed** Retrieves the clock speed of the processor in MHz. -- **ProcessorCores** Retrieves the number of cores in the processor. -- **ProcessorIdentifier** The processor identifier of a manufacturer. -- **ProcessorManufacturer** Retrieves the name of the processor's manufacturer. -- **ProcessorModel** Retrieves the name of the processor model. +- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system. +- **ProcessorClockSpeed** Clock speed of the processor in MHz. +- **ProcessorCores** Number of logical cores in the processor. +- **ProcessorIdentifier** Processor Identifier of a manufacturer. +- **ProcessorManufacturer** Name of the processor manufacturer. +- **ProcessorModel** Name of the processor model. - **ProcessorPhysicalCores** Number of physical cores in the processor. -- **ProcessorUpdateRevision** Retrieves the processor architecture of the installed operating system. +- **ProcessorUpdateRevision** Microcode revision - **ProcessorUpdateStatus** Enum value that represents the processor microcode load status. -- **SocketCount** Number of physical CPU sockets of the machine. +- **SocketCount** Count of CPU sockets. - **SpeculationControl** If the system has enabled protections needed to validate the speculation control vulnerability. @@ -3466,10 +3460,10 @@ Event tells us effectiveness of new privacy experience. The following fields are available: -- **isAdmin** Whether the current user is an administrator or not +- **isAdmin** whether the person who is logging in is an admin - **isLaunching** Whether or not the privacy consent experience will be launched -- **isSilentElevation** Whether the current user has enabled silent elevation -- **privacyConsentState** The current state of the privacy consent experience +- **isSilentElevation** whether the user has most restrictive UAC controls +- **privacyConsentState** whether the user has completed privacy experience - **userRegionCode** The current user's region setting @@ -3951,26 +3945,26 @@ Ensures Windows Updates are secure and complete. Event helps to identify whether The following fields are available: - **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request. -- **EndpointUrl** The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments. -- **EventScenario** The purpose of this event, such as scan started, scan succeeded, or scan failed. -- **ExtendedStatusCode** The secondary status code of the event. -- **LeafCertId** Integral ID from the FragmentSigning data for certificate that failed. +- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. +- **EventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc. +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. +- **LeafCertId** Integral id from the FragmentSigning data for certificate which failed. - **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. -- **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce +- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce - **MetadataSignature** Base64 string of the signature associated with the update metadata (specified by revision id) -- **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable. +- **RawMode** Raw unparsed mode string from the SLS response. May be null if not applicable. - **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable. - **RevisionId** Identifies the revision of this specific piece of content - **RevisionNumber** Identifies the revision number of this specific piece of content -- **ServiceGuid** Identifies the service to which the software distribution client is connected, Example: Windows Update or Windows Store +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc) - **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate. - **SHA256OfLeafCertPublicKey** Base64 encoding of hash of the Base64CertData in the FragmentSigning data of leaf certificate. -- **SHA256OfTimestampToken** A base64-encoded string of hash of the timestamp token blob. +- **SHA256OfTimestampToken** Base64 string of hash of the timestamp token blob - **SignatureAlgorithm** Hash algorithm for the metadata signature -- **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast -- **StatusCode** The status code of the event. +- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". +- **StatusCode** Result code of the event (success, cancellation, failure code HResult) - **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token. -- **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed. +- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is itself malformed and decoding failed. - **UpdateId** Identifier associated with the specific piece of content - **ValidityWindowInDays** The validity window that's in effect when verifying the timestamp. @@ -4180,7 +4174,7 @@ The following fields are available: - **CV** Correlation vector. - **DetectorVersion** Most recently run detector version for the current campaign. - **GlobalEventCounter** Client side counter that indicates the ordering of events sent by this user. -- **key1** UI interaction data +- **key1** Interaction data for the UI - **key10** UI interaction data - **key11** UI interaction data - **key12** UI interaction data @@ -4191,24 +4185,24 @@ The following fields are available: - **key17** UI interaction data - **key18** UI interaction data - **key19** UI interaction data -- **key2** UI interaction data +- **key2** Interaction data for the UI - **key20** UI interaction data -- **key21** UI interaction data +- **key21** Interaction data for the UI - **key22** UI interaction data - **key23** UI interaction data - **key24** UI interaction data - **key25** UI interaction data - **key26** UI interaction data - **key27** UI interaction data -- **key28** Interaction data for the UI -- **key29** Interaction data for the UI -- **key3** UI interaction data +- **key28** UI interaction data +- **key29** UI interaction data +- **key3** Interaction data for the UI - **key30** UI interaction data -- **key4** UI interaction data +- **key4** Interaction data for the UI - **key5** UI interaction data - **key6** UI interaction data -- **key7** UI interaction data -- **key8** UI interaction data +- **key7** Interaction data for the UI +- **key8** Interaction data for the UI - **key9** UI interaction data - **PackageVersion** Current package version of the update notification. - **schema** UI interaction type. @@ -5031,7 +5025,7 @@ The following fields are available: - **current** Result of currency check. - **dismOperationSucceeded** Dism uninstall operation status. -- **hResult** Failure Error code. +- **hResult** Failure error code. - **oSVersion** Build number of the device. - **paused** Indicates whether the device is paused. - **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status. @@ -5075,7 +5069,7 @@ The following fields are available: - **background** Indicates whether the download is happening in the background. - **bytesRequested** Number of bytes requested for the download. - **callerName** Name of the API caller. -- **cdnUrl** The URL of the source Content Distribution Network (CDN). +- **cdnUrl** The URL of the source CDN - **costFlags** A set of flags representing network cost. - **deviceProfile** Identifies the usage or form factor (such as Desktop, Xbox, or VM). - **diceRoll** Random number used for determining if a client will use peering. @@ -5470,9 +5464,9 @@ The following fields are available: - **deferReason** Reason why the device could not check for updates. - **detectionBlockingPolicy** State of update action. -- **detectionBlockreason** If we retry to scan +- **detectionBlockreason** Reason for blocking detection - **detectionRetryMode** Indicates whether we will try to scan again. -- **errorCode** State of update action +- **errorCode** Error info - **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. - **flightID** The specific ID of the Windows Insider build the device is getting. - **interactive** Indicates whether the session was user initiated. @@ -5480,7 +5474,7 @@ The following fields are available: - **revisionNumber** Update revision number. - **scanTriggerSource** Source of the triggered scan. - **updateId** Update ID. -- **updateScenarioType** Device ID +- **updateScenarioType** Source of the triggered scan - **wuDeviceid** Device ID @@ -5565,7 +5559,7 @@ This event is sent during update scan, download, or install, and indicates that The following fields are available: -- **configVersion** Escalation config version on device. +- **configVersion** Escalation config version on device . - **downloadElapsedTime** Indicates how long since the download is required on device. - **downloadRiskLevel** At-risk level of download phase. - **installElapsedTime** Indicates how long since the install is required on device. @@ -5593,7 +5587,7 @@ This event indicates that the update is no longer applicable to this device. The following fields are available: -- **EventPublishedTime** Time when this event was generated. +- **EventPublishedTime** Time when this event was generated - **flightID** The specific ID of the Windows Insider build. - **revisionNumber** Update revision number. - **updateId** Unique Windows Update ID. @@ -5876,8 +5870,8 @@ This event is sent when MUSE broker schedules a task. The following fields are available: -- **TaskArgument** The arguments with which the task is scheduled. -- **TaskName** Name of the task. +- **TaskArgument** The arguments which the task is scheduled with +- **TaskName** Name of the task ## Windows Update mitigation events @@ -5888,21 +5882,21 @@ This event sends data specific to the CleanupSafeOsImages mitigation used for OS The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightId** Unique identifier for each flight. -- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. -- **MitigationScenario** The update scenario in which the mitigation was executed. -- **MountedImageCount** Number of mounted images. -- **MountedImageMatches** Number of mounted images that were under %systemdrive%\$Windows.~BT. -- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. -- **MountedImagesRemoved** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. -- **MountedImagesSkipped** Number of mounted images that were not under %systemdrive%\$Windows.~BT. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **Result** HResult of this operation. -- **ScenarioId** ID indicating the mitigation scenario. -- **ScenarioSupported** Indicates whether the scenario was supported. -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each Update. +- **ClientId** Unique identifier for each flight. +- **FlightId** Unique GUID that identifies each instances of setuphost.exe. +- **InstanceId** The update scenario in which the mitigation was executed. +- **MitigationScenario** Number of mounted images. +- **MountedImageCount** Number of mounted images that were under %systemdrive%\$Windows.~BT. +- **MountedImageMatches** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. +- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. +- **MountedImagesRemoved** Number of mounted images that were not under %systemdrive%\$Windows.~BT. +- **MountedImagesSkipped** Correlation vector value generated from the latest USO scan. +- **RelatedCV** HResult of this operation. +- **Result** ID indicating the mitigation scenario. +- **ScenarioId** Indicates whether the scenario was supported. +- **ScenarioSupported** Unique value for each update attempt. +- **SessionId** Unique ID for each Update. +- **UpdateId** Unique ID for the Windows Update client. - **WuId** Unique ID for the Windows Update client. From 9d720fe58a332e16ac63b28e18f2219227d0b1a8 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 10 Sep 2018 16:34:22 -0700 Subject: [PATCH 20/24] minor updates --- ...ced-hunting-windows-defender-advanced-threat-protection.md | 2 +- ...eshoot-siem-windows-defender-advanced-threat-protection.md | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md index 7b40ec9d0d..3eb5787182 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md @@ -72,7 +72,7 @@ The following tables are exposed as part of Advanced hunting: - **RegistryEvents** - Stores registry key creation, modification, rename and deletion events - **LogonEvents** - Stores login events - **ImageLoadEvents** - Stores load dll events -- **MiscEvents** - Stores several types of events, including Windows Defender blocks (Windows Defender Antivirus, Exploit Guard, Windows Defender SmartScreen, Windows Defender Application Guard, and Firewall), process injection events, access to LSASS processes, and others. +- **MiscEvents** - Stores several types of events, process injection events, access to LSASS processes, and others. These tables include data from the last 30 days. diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md index c90bb67da7..cd9048386c 100644 --- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md @@ -35,7 +35,9 @@ If your client secret expires or if you've misplaced the copy provided when you 3. Select your tenant. -4. Click **App registrations** > **All apps**, then select your SIEM tool application. The application name is `https://windowsdefenderatpsiemconnector`. +4. Click **App registrations**. Then in the applications list, select the application: + - For SIEM: `https://WindowsDefenderATPSiemConnector` + - For Threat intelligence API: `https://WindowsDefenderATPCustomerTiConnector` 5. Select **Keys** section, then provide a key description and specify the key validity duration. From fc1fbbb3867094c6744ce76207d1d07144897f38 Mon Sep 17 00:00:00 2001 From: andreiztm Date: Wed, 12 Sep 2018 19:25:51 +0300 Subject: [PATCH 21/24] Update docs to document new security property --- ...nable-virtualization-based-protection-of-code-integrity.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md index cb3e681ae8..0a7e07c36c 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -180,6 +180,7 @@ This field helps to enumerate and report state on the relevant security properti | **4.** | If present, Secure Memory Overwrite is available. | | **5.** | If present, NX protections are available. | | **6.** | If present, SMM mitigations are available. | +| **7.** | If present, Mode Based Execution Control is available. | #### InstanceIdentifier @@ -199,6 +200,7 @@ This field describes the required security properties to enable virtualization-b | **4.** | If present, Secure Memory Overwrite is needed. | | **5.** | If present, NX protections are needed. | | **6.** | If present, SMM mitigations are needed. | +| **7.** | If present, Mode Based Execution Control is needed. | #### SecurityServicesConfigured @@ -274,4 +276,4 @@ Set-VMSecurity -VMName -VirtualizationBasedSecurityOptOut $true - The Hyper-V virtual machine must be Generation 2, and running at least Windows Server 2016 or Windows 10. - HVCI and [nested virtualization](https://docs.microsoft.com/virtualization/hyper-v-on-windows/user-guide/nested-virtualization) cannot be enabled at the same time. - Virtual Fibre Channel adapters are not compatible with HVCI. Before attaching a virtual Fibre Channel Adapter to a virtual machine, you must first opt out of virtualization-based security using `Set-VMSecurity`. - - The AllowFullSCSICommandSet option for pass-through disks is not compatible with HVCI. Before configuring a pass-through disk with AllowFullSCSICommandSet, you must first opt out of virtualization-based security using `Set-VMSecurity`. \ No newline at end of file + - The AllowFullSCSICommandSet option for pass-through disks is not compatible with HVCI. Before configuring a pass-through disk with AllowFullSCSICommandSet, you must first opt out of virtualization-based security using `Set-VMSecurity`. From 9b9cfb75e6c8b6904de0f59bb6b9ac59d6e759f8 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 13 Sep 2018 14:06:54 +0000 Subject: [PATCH 22/24] Merged PR 11284: add Surface 2 and remove "point" updates --- ...atest-firmware-and-drivers-for-surface-devices.md | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md index d009237304..a023fdb141 100644 --- a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md +++ b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md @@ -9,7 +9,7 @@ ms.mktglfcycl: deploy ms.pagetype: surface, devices ms.sitesec: library author: brecords -ms.date: 12/07/2017 +ms.date: 09/13/2018 ms.author: jdecker ms.topic: article --- @@ -23,11 +23,7 @@ As easy as it is to keep Surface device drivers and firmware up to date automati On the Microsoft Download Center page for your device, you will find several files available. These files allow you to deploy drivers and firmware in various ways. You can read more about the different deployment methods for Surface drivers and firmware in [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md). -Driver and firmware updates for Surface devices are released in one of two ways: - -- **Point updates** are released for specific drivers or firmware revisions and provide the latest update for a specific component of the Surface device. - -- **Cumulative updates** provide comprehensive roundups of all of the latest files for the Surface device running that version of Windows. +Driver and firmware updates for Surface devices are **cumulative updates** which provide comprehensive roundups of all of the latest files for the Surface device running that version of Windows. Installation files for administrative tools, drivers for accessories, and updates for Windows are also available for some devices and are detailed here in this article. @@ -212,10 +208,10 @@ Download the following updates [for Surface Pro (Model 1514) from the Microsoft - Windows8.1-KB2969817-x64.msu – Fixes an issue that causes Surface devices to reboot twice after firmware updates are installed on all supported x64-based versions of Windows 8.1 -## Surface RT +## Surface devices with Windows RT -There are no downloadable firmware or driver updates available for Surface RT. Updates can only be applied using Windows Update. +There are no downloadable firmware or driver updates available for Surface devices with Windows RT, including Surface RT and Surface 2. Updates can only be applied using Windows Update. If you have additional questions on the driver pack and updates, please contact [Microsoft Surface support for business](https://www.microsoft.com/surface/support/business). From 0281c673997f1e5e58f7065891676ab4a88ceaab Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Thu, 13 Sep 2018 09:51:41 -0700 Subject: [PATCH 23/24] removing some whitespace --- .../basic-level-windows-diagnostic-events-and-fields-1803.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index 55efbb3633..2f0e8fbb61 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -35,8 +35,6 @@ You can learn more about Windows functional and diagnostic data through these ar - [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) - - ## Appraiser events ### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount From 1440307c26312d697c7010dea48960e112f42776 Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Thu, 13 Sep 2018 22:13:28 +0000 Subject: [PATCH 24/24] Merged PR 11299: Security alliance topics - Removed references to online contact and application forms --- .../intelligence/coordinated-malware-eradication.md | 2 +- .../intelligence/virus-information-alliance-criteria.md | 4 +--- .../intelligence/virus-initiative-criteria.md | 2 +- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md b/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md index 5c1f9d33d8..2f6a6ce43c 100644 --- a/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md +++ b/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md @@ -32,4 +32,4 @@ Organizations participating in the CME effort work together to help eradicate se Any organization that is involved in cybersecurity and antimalware or interested in fighting cybercrime can participate in CME campaigns by enrolling in the [Virus Information Alliance (VIA) program](virus-information-alliance-criteria.md). It ensures that everyone agrees to use the information and tools available for campaigns for their intended purpose (that is, the eradication of malware). -Please apply using our [membership application form](https://www.microsoft.com/security/portal/partnerships/apply.aspx) to get started. \ No newline at end of file +If your organization meets these criteria and would like to apply for membership, contact us at [mvi@microsoft.com](mailto:mvi@microsoft.com). Please indicate whether you would like to join CME, [VIA](./virus-information-alliance-criteria.md), or [MVI](./virus-initiative-criteria.md). \ No newline at end of file diff --git a/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md b/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md index d08b16e029..10e99ef924 100644 --- a/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md +++ b/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md @@ -46,6 +46,4 @@ To be eligible for VIA your organization must: 3. Be willing to sign and adhere to the VIA membership agreement. -If your organization wants to apply and meets this criteria, you can apply using our [membership application form](https://www.microsoft.com/security/portal/partnerships/apply.aspx). - -If you have any questions, you can also contact us using our [partnerships contact form](https://www.microsoft.com/security/portal/partnerships/contactus.aspx). \ No newline at end of file +If your organization meets these criteria and would like to apply for membership, contact us at [mvi@microsoft.com](mailto:mvi@microsoft.com). Please indicate whether you would like to join VIA, [MVI](./virus-initiative-criteria.md), or [CME](./coordinated-malware-eradication.md). \ No newline at end of file diff --git a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md index 6edc83eaba..26f3bbce30 100644 --- a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md +++ b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md @@ -54,4 +54,4 @@ Your organization must meet the following eligibility requirements to participat ### Apply to MVI -If your organization wants to apply and meets this criteria, you can apply using our [membership application form](https://www.microsoft.com/security/portal/partnerships/apply.aspx). \ No newline at end of file +If your organization meets these criteria and would like to apply for membership, contact us at [mvi@microsoft.com](mailto:mvi@microsoft.com). Please indicate whether you would like to join MVI, [VIA](./virus-information-alliance-criteria.md), or [CME](./coordinated-malware-eradication.md). \ No newline at end of file