diff --git a/browsers/edge/microsoft-edge-faq.yml b/browsers/edge/microsoft-edge-faq.yml index 96038bd4ce..bfb48a3544 100644 --- a/browsers/edge/microsoft-edge-faq.yml +++ b/browsers/edge/microsoft-edge-faq.yml @@ -62,7 +62,7 @@ sections: - question: Will Internet Explorer 11 continue to receive updates? answer: | - We're committed to keeping Internet Explorer a supported, reliable, and safe browser. Internet Explorer is still a component of Windows and follows the support lifecycle of the OS on which it's installed. For details, see [Lifecycle FAQ - Internet Explorer](https://support.microsoft.com/help/17454/). While we continue to support and update Internet Explorer, the latest features and platform updates will only be available in Microsoft Edge. + We're committed to keeping Internet Explorer a supported, reliable, and safe browser. Internet Explorer is still a component of Windows and follows the support lifecycle of the OS on which it's installed. For details, see [Lifecycle FAQ - Internet Explorer](/lifecycle/faq/internet-explorer-microsoft-edge). While we continue to support and update Internet Explorer, the latest features and platform updates will only be available in Microsoft Edge. - question: How do I find out which version of Microsoft Edge I have? answer: | diff --git a/browsers/internet-explorer/kb-support/ie-edge-faqs.yml b/browsers/internet-explorer/kb-support/ie-edge-faqs.yml index 50862d688d..f7f8874d78 100644 --- a/browsers/internet-explorer/kb-support/ie-edge-faqs.yml +++ b/browsers/internet-explorer/kb-support/ie-edge-faqs.yml @@ -148,7 +148,7 @@ sections: - question: | Where to find Internet Explorer security zones registry entries answer: | - Most of the Internet Zone entries can be found in [Internet Explorer security zones registry entries for advanced users](https://support.microsoft.com/help/182569/internet-explorer-security-zones-registry-entries-for-advanced-users). + Most of the Internet Zone entries can be found in [Internet Explorer security zones registry entries for advanced users](/troubleshoot/browsers/ie-security-zones-registry-entries). This article was written for Internet Explorer 6 but is still applicable to Internet Explorer 11. @@ -193,7 +193,7 @@ sections: answer: | Internet Explorer 11 is the last major version of Internet Explorer. Internet Explorer 11 will continue receiving security updates and technical support for the lifecycle of the version of Windows on which it is installed. - For more information, see [Lifecycle FAQ — Internet Explorer and Edge](https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer). + For more information, see [Lifecycle FAQ — Internet Explorer and Edge](/lifecycle/faq/internet-explorer-microsoft-edge). - question: | How to configure TLS (SSL) for Internet Explorer diff --git a/smb/cloud-mode-business-setup.md b/smb/cloud-mode-business-setup.md index 50f1527699..67a2d8f5cb 100644 --- a/smb/cloud-mode-business-setup.md +++ b/smb/cloud-mode-business-setup.md @@ -34,7 +34,7 @@ In this walkthrough, we'll show you how to deploy and manage a full cloud IT sol - Create policies and app deployment rules - Log in as a user and start using your Windows device -Go to the Microsoft Business site and select **Products** to learn more about pricing and purchasing options for your business. +Go to [Microsoft 365 for business](https://www.microsoft.com/microsoft-365/business) to learn more about pricing and purchasing options for your business. ## Prerequisites @@ -50,16 +50,17 @@ Here's a few things to keep in mind before you get started: To set up a cloud infrastructure for your organization, follow the steps in this section. ### 1.1 Set up Office 365 for business -See Set up Office 365 for business to learn more about the setup steps for businesses and nonprofits who have Office 365. You can watch video and learn how to: + +See [Microsoft 365 admin center for business](/microsoft-365/admin) and [Microsoft 365 resources for nonprofits](https://www.microsoft.com/nonprofits/microsoft-365) to learn more about the setup steps for businesses and nonprofits who have Office 365. You can learn how to: - Plan your setup - Create Office 365 accounts and how to add your domain. - Install Office -To set up your Microsoft 365 for business tenant, see Get Started with Microsoft 365 for business. +To set up your Microsoft 365 for business tenant, see [Get Started with Microsoft 365 for business](/microsoft-365/business-video/what-is-microsoft-365). If you're new at setting up Office 365, and you'd like to see how it's done, you can follow these steps to get started: -1. Go to the Office 365 page in the Microsoft Business site. Select **Try now** to use the Microsoft 365 Business Standard Trial or select **Buy now** to sign up for Microsoft 365 Business Standard. In this walkthrough, we'll select **Try now**. +1. Go to [Try or buy a Microsoft 365 for business subscription](/microsoft-365/commerce/try-or-buy-microsoft-365). In this walkthrough, we'll select **Try now**. **Figure 1** - Try or buy Office 365 @@ -68,7 +69,7 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you 2. Fill out the sign up form and provide information about you and your company. 3. Create a user ID and password to use to sign into your account. - This step creates an onmicrosoft.com email address. You can use this email address to sign in to the various admin centers. Save your sign-in info so you can use it to sign into https://portal.office.com (the admin portal). + This step creates an `onmicrosoft.com` email address. You can use this email address to sign in to the various admin centers. Save your sign-in info so you can use it to sign into [https://portal.office.com](https://portal.office.com) (the admin portal). 4. Select **Create my account** and then enter the phone number you used in step 2 to verify your identity. You'll be asked to enter your verification code. 5. Select **You're ready to go...** which will take you to the Microsoft 365 admin center. @@ -78,7 +79,7 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you **Figure 2** - Microsoft 365 admin center - ![Opens the Microsoft 365 admin center.](images/office365_portal.png) + :::image type="content" alt-text="Opens the Microsoft 365 admin center." source="images/office365_portal.png"::: 6. Select the **Admin** tile to go to the admin center. @@ -88,22 +89,22 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you **Figure 3** - Admin center - ![Complete the Office 365 setup in the Microsoft 365 admin center.](images/office365_admin_portal.png) + :::image type="content" alt-text="Complete the Office 365 setup in the Microsoft 365 admin center." source="images/office365_admin_portal.png"::: -8. Go back to the admin center to add or buy a domain. +8. Go back to the [admin center](https://portal.office.com/adminportal/home#/homepage) to add or buy a domain. 1. Select the **Domains** option. **Figure 4** - Option to add or buy a domain - ![Add or buy a domain in admin center.](images/office365_buy_domain.png) + :::image type="content" alt-text="Add or buy a domain in admin center." source="images/office365_buy_domain.png"::: 2. In the **Home > Domains** page, you will see the Microsoft-provided domain, such as `fabrikamdesign.onmicrosoft.com`. **Figure 5** - Microsoft-provided domain - ![Microsoft-provided domain.](images/office365_ms_provided_domain.png) + :::image type="content" alt-text="Microsoft-provided domain." source="images/office365_ms_provided_domain.png"::: - If you already have a domain, select **+ Add domain** to add your existing domain. If you select this option, you'll be required to verify that you own the domain. Follow the steps in the wizard to verify your domain. - If you don't already own a domain, select **+ Buy domain**. If you're using a trial plan, you'll be required to upgrade your trial plan in order to buy a domain. Choose the subscription plan to use for your business and provide the details to complete your order. @@ -112,7 +113,7 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you **Figure 6** - Domains - ![Verify your domains in the admin center.](images/office365_additional_domain.png) + :::image type="content" alt-text="Verify your domains in the admin center." source="images/office365_additional_domain.png"::: ### 1.2 Add users and assign product licenses Once you've set up Office and added your domain, it's time to add users so they have access to Office 365. People in your organization need an account before they can sign in and access Office 365. The easiest way to add users is to add them one at a time in the Microsoft 365 admin center. @@ -121,55 +122,55 @@ When adding users, you can also assign admin privileges to certain users in your **To add users and assign product licenses** -1. In the admin center, select **Users > Active users**. +1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Users > Active users**. **Figure 7** - Add users - ![Add Office 365 users.](images/office365_users.png) + :::image type="content" alt-text="Add Office 365 users." source="images/office365_users.png"::: 2. In the **Home > Active users** page, add users individually or in bulk. - To add users one at a time, select **+ Add a user**. - If you select this option, you'll see the **New user** screen and you can add details about the new user including their name, user name, role, and so on. You also have the opportunity to assign **Product licenses**. For detailed step-by-step info on adding a user account, see *Add a user account in the admin center* in Add users individually or in bulk to Office 365 - Admin Help. + If you select this option, you'll see the **New user** screen and you can add details about the new user including their name, user name, role, and so on. You also have the opportunity to assign **Product licenses**. For detailed step-by-step info on adding a user account, see [Add users and assign licenses at the same time](/microsoft-365/admin/add-users/add-users). **Figure 8** - Add an individual user - ![Add an individual user.](images/office365_add_individual_user.png) + :::image type="content" alt-text="Add an individual user." source="images/office365_add_individual_user.png"::: - To add multiple users at once, select **More** and then choose **+ Import multiple users**. If you select this option, you'll need to create and upload a CSV file containing the list of users. - The **Import multiple users** screen includes a link where you can learn more about importing multiple users and also links for downloading a sample CSV file (one with headers only and another with headers and sample user information). For detailed step-by-step info on adding multiple users to Office 365, see Add several users at the same time to Office 365 - Admin Help. Once you've added all the users, don't forget to assign **Product licenses** to the new users. + The **Import multiple users** screen includes a link where you can learn more about importing multiple users and also links for downloading a sample CSV file (one with headers only and another with headers and sample user information). For detailed step-by-step info on adding multiple users to Office 365, see [Add users and assign licenses at the same time](/microsoft-365/admin/add-users/add-users). Once you've added all the users, don't forget to assign **Product licenses** to the new users. **Figure 9** - Import multiple users - ![Import multiple users.](images/office365_import_multiple_users.png) + :::image type="content" alt-text="Import multiple users." source="images/office365_import_multiple_users.png"::: 3. Verify that all the users you added appear in the list of **Active users**. The **Status** should indicate the product licenses that were assigned to them. **Figure 10** - List of active users - ![Verify users and assigned product licenses.](images/o365_active_users.png) + :::image type="content" alt-text="Verify users and assigned product licenses." source="images/o365_active_users.png"::: ### 1.3 Add Microsoft Intune -Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see What is Intune? +Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see [Microsoft Intune is an MDM and MAM provider](/mem/intune/fundamentals/what-is-intune). **To add Microsoft Intune to your tenant** -1. In the admin center, select **Billing > Purchase services**. +1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Billing > Purchase services**. 2. In the **Home > Purchase services** screen, search for **Microsoft Intune**. Hover over **Microsoft Intune** to see the options to start a free 30-day trial or to buy now. 3. Confirm your order to enable access to Microsoft Intune. 4. In the admin center, the Intune licenses will show as available and ready to be assigned to users. Select **Users > Active users** and then edit the product licenses assigned to the users to turn on **Intune A Direct**. **Figure 11** - Assign Intune licenses - ![Assign Microsoft Intune licenses to users.](images/o365_assign_intune_license.png) + :::image type="content" alt-text="Assign Microsoft Intune licenses to users." source="images/o365_assign_intune_license.png"::: 5. In the admin center, confirm that **Intune** shows up in the list under **Admin centers**. If it doesn't, sign out and then sign back in and then check again. 6. Select **Intune**. This step opens the Endpoint Manager admin center. **Figure 12** - Microsoft Intune management portal - ![Microsoft Intune management portal.](images/intune_portal_home.png) + :::image type="content" alt-text="Microsoft Intune management portal." source="images/intune_portal_home.png"::: Intune should now be added to your tenant. We'll come back to Intune later when we [Configure Microsoft Store for Business for app distribution](#17-configure-microsoft-store-for-business-for-app-distribution). @@ -178,7 +179,7 @@ Microsoft Azure is an open and flexible cloud platform that enables you to quick **To add Azure AD to your domain** -1. In the admin center, select **Admin centers > Azure AD**. +1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Admin centers > Azure AD**. > [!NOTE] > You will need Azure AD Premium to configure automatic MDM enrollment with Intune. @@ -187,57 +188,57 @@ Microsoft Azure is an open and flexible cloud platform that enables you to quick **Figure 13** - Access to Azure AD is not available - ![Access to Azure AD not available.](images/azure_ad_access_not_available.png) + :::image type="content" alt-text="Access to Azure AD not available." source="images/azure_ad_access_not_available.png"::: 3. From the error message, select the country/region for your business. The region should match with the location you specified when you signed up for Office 365. 4. Select **Azure subscription**. This step will take you to a free trial sign up screen. **Figure 14** - Sign up for Microsoft Azure - ![Sign up for Microsoft Azure.](images/azure_ad_sign_up_screen.png) + :::image type="content" alt-text="Sign up for Microsoft Azure." source="images/azure_ad_sign_up_screen.png"::: 5. In the **Free trial sign up** screen, fill in the required information and then click **Sign up**. 6. After you sign up, you should see the message that your subscription is ready. Click **Start managing my service**. **Figure 15** - Start managing your Azure subscription - ![Start managing your Azure subscription.](images/azure_ad_successful_signup.png) + :::image type="content" alt-text="Start managing your Azure subscription." source="images/azure_ad_successful_signup.png"::: - This step will take you to the Microsoft Azure portal. + This step will take you to the [Microsoft Azure portal](https://portal.azure.com). ### 1.5 Add groups in Azure AD -This section is the walkthrough is optional. However, we recommend that you create groups in Azure AD to manage access to corporate resources, such as apps, policies and settings, and so on. For more information, see Managing access to resources with Azure Active Directory groups. +This section is the walkthrough is optional. However, we recommend that you create groups in Azure AD to manage access to corporate resources, such as apps, policies and settings, and so on. For more information, see [Managing access to resources with Azure Active Directory groups](/azure/active-directory/active-directory-manage-groups. -To add Azure AD group(s), we will use the classic Azure portal (https://manage.windowsazure.com). See Managing groups in Azure Active Directory for more information about managing groups. +To add Azure AD group(s), use the [Microsoft Azure portal](https://portal.azure.com). See [Managing groups in Azure Active Directory](/azure/active-directory/active-directory-accessmanagement-manage-groups) for more information about managing groups. **To add groups in Azure AD** -1. If this is the first time you're setting up your directory, when you navigate to the **Azure Active Directory** node in the classic Azure portal, you will see a screen informing you that your directory is ready for use. +1. If this is the first time you're setting up your directory, when you navigate to the **Azure Active Directory** node, you will see a screen informing you that your directory is ready for use. Afterwards, you should see a list of active directories. In the following example, **Fabrikam Design** is the active directory. **Figure 16** - Azure first sign-in screen - ![Select Azure AD.](images/azure_portal_classic_configure_directory.png) + :::image type="content" alt-text="Select Azure AD." source="images/azure_portal_classic_configure_directory.png"::: 2. Select the directory (such as Fabrikam Design) to go to the directory's home page. **Figure 17** - Directory home page - ![Directory home page.](images/azure_portal_classic_directory_ready.png) + :::image type="content" alt-text="Directory home page." source="images/azure_portal_classic_directory_ready.png"::: 3. From the menu options on top, select **Groups**. **Figure 18** - Azure AD groups - ![Add groups in Azure AD.](images/azure_portal_classic_groups.png) + :::image type="content" alt-text="Add groups in Azure AD." source="images/azure_portal_classic_groups.png"::: 4. Select **Add a group** (from the top) or **Add group** at the bottom. 5. In the **Add Group** window, add a name, group type, and description for the group and click the checkmark to save your changes. The new group will appear on the groups list. **Figure 19** - Newly added group in Azure AD - ![Verify the new group appears on the list.](images/azure_portal_classic_all_users_group.png) + :::image type="content" alt-text="Verify the new group appears on the list." source="images/azure_portal_classic_all_users_group.png"::: 6. In the **Groups** tab, select the arrow next to the group (such as **All users**), add members to the group, and then save your changes. @@ -245,34 +246,34 @@ To add Azure AD group(s), we will use the this blog post to learn how you can combine login, Azure AD Join, and Intune MDM enrollment into an easy step so that you can bring your devices into a managed state that complies with the policies for your organization. We will use this blog post as our guide for this part of the walkthrough. +You can read the [Windows 10, Azure AD and Microsoft Intune blog post](https://blogs.technet.microsoft.com/enterprisemobility/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/) to learn how you can combine login, Azure AD Join, and Intune MDM enrollment into an easy step so that you can bring your devices into a managed state that complies with the policies for your organization. We will use this blog post as our guide for this part of the walkthrough. > [!IMPORTANT] > We will use the classic Azure portal instead of the new portal to configure automatic MDM enrollment with Intune. **To enable automatic MDM enrollment** -1. In the classic Azure portal, click on your company's Azure Active Directory to go back to the main window. Select **Applications** from the list of directory menu options. +1. In the Azure portal, click on your company's Azure Active Directory to go back to the main window. Select **Applications** from the list of directory menu options. The list of applications for your company will appear. **Microsoft Intune** will be one of the applications on the list. **Figure 21** - List of applications for your company - ![List of applications for your company.](images/azure_portal_classic_applications.png) + :::image type="content" alt-text="List of applications for your company." source="images/azure_portal_classic_applications.png"::: 2. Select **Microsoft Intune** to configure the application. 3. In the Microsoft Intune configuration page, click **Configure** to start automatic MDM enrollment configuration with Intune. **Figure 22** - Configure Microsoft Intune in Azure - ![Configure Microsoft Intune in Azure.](images/azure_portal_classic_configure_intune_app.png) + :::image type="content" alt-text="Configure Microsoft Intune in Azure." source="images/azure_portal_classic_configure_intune_app.png"::: 4. In the Microsoft Intune configuration page: - In the **Properties** section, you should see a list of URLs for MDM discovery, MDM terms of use, and MDM compliance. @@ -291,66 +292,66 @@ You can read Microsoft Intune management portal and Microsoft Store for Business. +In this part of the walkthrough, use the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and [Microsoft Store for Business](https://businessstore.microsoft.com/Store/Apps). **To associate your Store account with Intune and configure synchronization** -1. From the Microsoft Intune management portal, select **Admin**. +1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 2. In the **Administration** workspace, click **Mobile Device Management**. If this is the first item you're using the portal, click **manage mobile devices** in the **Mobile Device Management** window. The page will refresh and you'll have new options under **Mobile Device Management**. **Figure 24** - Mobile device management - ![Set up mobile device management in Intune.](images/intune_admin_mdm_configure.png) + :::image type="content" alt-text="Set up mobile device management in Intune." source="images/intune_admin_mdm_configure.png"::: -3. Sign into Microsoft Store for Business using the same tenant account that you used to sign into Intune. +3. Sign into [Microsoft Store for Business](https://businessstore.microsoft.com/Store/Apps) using the same tenant account that you used to sign into Intune. 4. Accept the EULA. 5. In the Store portal, select **Settings > Management tools** to go to the management tools page. 6. In the **Management tools** page, find **Microsoft Intune** on the list and click **Activate** to get Intune ready to use with Microsoft Store for Business. **Figure 25** - Activate Intune as the Store management tool - ![Activate Intune from the Store portal.](images/wsfb_management_tools_activate.png) + :::image type="content" alt-text="Activate Intune from the Store portal." source="images/wsfb_management_tools_activate.png"::: -7. Go back to the Intune management portal, select **Admin > Mobile Device Management**, expand **Windows**, and then choose **Store for Business**. +7. Go back to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Admin > Mobile Device Management**, expand **Windows**, and then choose **Store for Business**. 8. In the **Microsoft Store for Business** page, select **Configure Sync** to sync your Store for Business volume-purchased apps with Intune. **Figure 26** - Configure Store for Business sync in Intune - ![Configure Store for Business sync in Intune.](images/intune_admin_mdm_store_sync.png) + :::image type="content" alt-text="Configure Store for Business sync in Intune." source="images/intune_admin_mdm_store_sync.png"::: 9. In the **Configure Microsoft Store for Business app sync** dialog box, check **Enable Microsoft Store for Business sync**. In the **Language** dropdown list, choose the language in which you want apps from the Store to be displayed in the Intune console and then click **OK**. **Figure 27** - Enable Microsoft Store for Business sync in Intune - ![Enable Store for Business sync in Intune.](images/intune_configure_store_app_sync_dialog.png) + :::image type="content" alt-text="Enable Store for Business sync in Intune." source="images/intune_configure_store_app_sync_dialog.png"::: The **Microsoft Store for Business** page will refresh and it will show the details from the sync. **To buy apps from the Store** -In your Microsoft Store for Business portal, you can see the list of apps that you own by going to **Manage > Inventory**. You should see the following apps in your inventory: +In your [Microsoft Store for Business portal](https://businessstore.microsoft.com/Store/Apps), you can see the list of apps that you own by going to **Manage > Inventory**. You should see the following apps in your inventory: - Sway - OneNote - PowerPoint Mobile - Excel Mobile - Word Mobile -In the Intune management portal, select **Apps > Apps > Volume-Purchased Apps** and verify that you can see the same list of apps appear on Intune. +In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps > Apps > Volume-Purchased Apps** and verify that you can see the same list of apps appear on Intune. In the following example, we'll show you how to buy apps through the Microsoft Store for Business and then make sure the apps appear on Intune. **Example 1 - Add other apps like Reader and InstaNote** -1. In the Microsoft Store for Business portal, click **Shop**, scroll down to the **Made by Microsoft** category, and click **Show all** to see all the Microsoft apps in the list. +1. In the [Microsoft Store for Business portal](https://businessstore.microsoft.com/Store/Apps), click **Shop**, scroll down to the **Made by Microsoft** category, and click **Show all** to see all the Microsoft apps in the list. **Figure 28** - Shop for Store apps - ![Shop for Store apps.](images/wsfb_shop_microsoft_apps.png) + :::image type="content" alt-text="Shop for Store apps." source="images/wsfb_shop_microsoft_apps.png"::: 2. Click to select an app, such as **Reader**. This opens the app page. 3. In the app's Store page, click **Get the app**. You should see a dialog that confirms your order. Click **Close**. This will refresh the app's Store page. @@ -360,7 +361,7 @@ In the following example, we'll show you how to buy apps through the Microsoft S **Figure 29** - App inventory shows the purchased apps - ![Confirm that your inventory shows purchased apps.](images/wsfb_manage_inventory_newapps.png) + :::image type="content" alt-text="Confirm that your inventory shows purchased apps." source="images/wsfb_manage_inventory_newapps.png"::: > [!NOTE] > Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune to sync all your purchased apps. You can force a sync to make this process happen faster. For more info, see [To sync recently purchased apps](#forceappsync). @@ -369,18 +370,18 @@ In the following example, we'll show you how to buy apps through the Microsoft S If you need to sync your most recently purchased apps and have it appear in your catalog, you can do this by forcing a sync. -1. In the Intune management portal, select **Admin > Mobile Device Management > Windows > Store for Business**. +1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Admin > Mobile Device Management > Windows > Store for Business**. 2. In the **Microsoft Store for Business** page, click **Sync now** to force a sync. **Figure 30** - Force a sync in Intune - ![Force a sync in Intune.](images/intune_admin_mdm_forcesync.png) + :::image type="content" alt-text="Force a sync in Intune." source="images/intune_admin_mdm_forcesync.png"::: **To view purchased apps** -- In the Intune management portal, select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly. +- In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly. **To add more apps** -- If you have other apps that you want to deploy or manage, you must add it to Microsoft Intune. To deploy Win32 apps and Web links, see Add apps for enrolled devices to Intune for more info on how to do this. +- If you have other apps that you want to deploy or manage, you must add it to Microsoft Intune. To deploy Win32 apps and Web links, see [Add apps to Microsoft Intune](/mem/intune/apps/apps-add) for more info on how to do this. ## 2. Set up devices @@ -395,7 +396,7 @@ To set up new Windows devices, go through the Windows initial device setup or fi **Figure 31** - First screen in Windows device setup - ![First screen in Windows device setup.](images/win10_hithere.png) + :::image type="content" alt-text="First screen in Windows device setup." source="images/win10_hithere.png"::: > [!NOTE] > During setup, if you don't have a Wi-Fi network configured, make sure you connect the device to the Internet through a wired/Ethernet connection. @@ -405,13 +406,13 @@ To set up new Windows devices, go through the Windows initial device setup or fi **Figure 32** - Choose how you'll connect your Windows device - ![Choose how you'll connect the Windows device.](images/win10_choosehowtoconnect.png) + :::image type="content" alt-text="Choose how you'll connect the Windows device." source="images/win10_choosehowtoconnect.png"::: 4. In the **Let's get you signed in** screen, sign in using a user account you added in section [1.2 Add users and assign product licenses](#12-add-users-and-assign-product-licenses). We suggest signing in as one of the global administrators. Later, sign in on another device using one of the non-admin accounts. **Figure 33** - Sign in using one of the accounts you added - ![Sign in using one of the accounts you added.](images/win10_signin_admin_account.png) + :::image type="content" alt-text="Sign in using one of the accounts you added." source="images/win10_signin_admin_account.png"::: 5. If this is the first time you're signing in, you will be asked to update your password. Update the password and continue with sign-in and setup. @@ -425,16 +426,16 @@ Verify that the device is set up correctly and boots without any issues. 2. Confirm that the Store and built-in apps are working. ### 2.3 Verify the device is Azure AD joined -In the Intune management portal, verify that the device is joined to Azure AD and shows up as being managed in Microsoft Intune. +In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), verify that the device is joined to Azure AD and shows up as being managed in Microsoft Intune. **To verify if the device is joined to Azure AD** 1. Check the device name on your PC. On your Windows PC, select **Settings > System > About** and then check **PC name**. **Figure 34** - Check the PC name on your device - ![Check the PC name on your device.](images/win10_settings_pcname.png) + :::image type="content" alt-text="Check the PC name on your device." source="images/win10_settings_pcname.png"::: -2. Log in to the Intune management portal. +2. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 3. Select **Groups** and then go to **Devices**. 4. In the **All Devices** page, look at the list of devices and select the entry that matches the name of your PC. - Check that the device name appears in the list. Select the device and it will also show the current logged-in user in the **General Information** section. @@ -443,7 +444,7 @@ In the Intune management **Figure 35** - Check that the device appears in Intune - ![Check that the device appears in Intune.](images/intune_groups_devices_list.png) + :::image type="content" alt-text="Check that the device appears in Intune." source="images/intune_groups_devices_list.png"::: ## 3. Manage device settings and features You can use Microsoft Intune admin settings and policies to manage features on your organization's mobile devices and computers. For more info, see [Manage settings and features on your devices with Microsoft Intune policies](/intune/deploy-use/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies). @@ -454,7 +455,7 @@ In this section, we'll show you how to reconfigure app deployment settings and a In some cases, if an app is missing from the device, you need to reconfigure the deployment settings for the app and set the app to require installation as soon as possible. **To reconfigure app deployment settings** -1. In the Intune management portal, select **Apps** and go to **Apps > Volume-Purchased Apps**. +1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps** and go to **Apps > Volume-Purchased Apps**. 2. Select the app, right-click, then select **Manage Deployment...**. 3. Select the group(s) whose apps will be managed, and then click **Add** to add the group. 4. Click **Next** at the bottom of the app deployment settings window or select **Deployment Action** on the left column to check the deployment settings for the app. @@ -462,7 +463,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the **Figure 36** - Reconfigure an app's deployment setting in Intune - ![Reconfigure app deployment settings in Intune.](images/intune_apps_deploymentaction.png) + :::image type="content" alt-text="Reconfigure app deployment settings in Intune." source="images/intune_apps_deploymentaction.png"::: 6. Click **Finish**. 7. Repeat steps 2-6 for other apps that you want to deploy to the device(s) as soon as possible. @@ -472,12 +473,12 @@ In some cases, if an app is missing from the device, you need to reconfigure the **Figure 37** - Confirm that additional apps were deployed to the device - ![Confirm that additional apps were deployed to the device.](images/win10_deploy_apps_immediately.png) + :::image type="content" alt-text="Confirm that additional apps were deployed to the device." source="images/win10_deploy_apps_immediately.png"::: ### 3.2 Configure other settings in Intune **To disable the camera** -1. In the Intune management portal, select **Policy > Configuration Policies**. +1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices > Configuration Policies**. 2. In the **Policies** window, click **Add** to create a new policy. 3. On the **Create a New Policy** page, click **Windows** to expand the group, select **General Configuration (Windows 10 Desktop and Mobile and later)**, choose **Create and Deploy a Custom Policy**, and then click **Create Policy**. 4. On the **Create Policy** page, select **Device Capabilities**. @@ -488,7 +489,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the **Figure 38** - Add a configuration policy - ![Add a configuration policy.](images/intune_policy_disablecamera.png) + :::image type="content" alt-text="Add a configuration policy." source="images/intune_policy_disablecamera.png"::: 7. Click **Save Policy**. A confirmation window will pop up. 8. On the **Deploy Policy** confirmation window, select **Yes** to deploy the policy now. @@ -497,16 +498,16 @@ In some cases, if an app is missing from the device, you need to reconfigure the **Figure 39** - The new policy should appear in the **Policies** list. - ![New policy appears on the list.](images/intune_policies_newpolicy_deployed.png) + :::image type="content" alt-text="New policy appears on the list." source="images/intune_policies_newpolicy_deployed.png"::: **To turn off Windows Hello and PINs during device setup** -1. In the Intune management portal, select **Admin**. +1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 2. Go to **Mobile Device Management > Windows > Windows Hello for Business**. 3. In the **Windows Hello for Business** page, select **Disable Windows Hello for Business on enrolled devices**. **Figure 40** - Policy to disable Windows Hello for Business - ![Disable Windows Hello for Business.](images/intune_policy_disable_windowshello.png) + :::image type="content" alt-text="Disable Windows Hello for Business." source="images/intune_policy_disable_windowshello.png"::: 4. Click **Save**. @@ -533,49 +534,49 @@ For other devices, such as those personally-owned by employees who need to conne **Figure 41** - Add an Azure AD account to the device - ![Add an Azure AD account to the device.](images/win10_add_new_user_join_aad.png) + :::image type="content" alt-text="Add an Azure AD account to the device." source="images/win10_add_new_user_join_aad.png"::: 4. In the **Let's get you signed in** window, enter the work credentials for the account and then click **Sign in** to authenticate the user. **Figure 42** - Enter the account details - ![Enter the account details.](images/win10_add_new_user_account_aadwork.png) + :::image type="content" alt-text="Enter the account details." source="images/win10_add_new_user_account_aadwork.png"::: 5. You will be asked to update the password so enter a new password. 6. Verify the details to make sure you're connecting to the right organization and then click **Join**. **Figure 43** - Make sure this is your organization - ![Make sure this is your organization.](images/win10_confirm_organization_details.png) + :::image type="content" alt-text="Make sure this is your organization." source="images/win10_confirm_organization_details.png"::: 7. You will see a confirmation window that says the device is now connected to your organization. Click **Done**. **Figure 44** - Confirmation that the device is now connected - ![Confirmation that the device is now connected.](images/win10_confirm_device_connected_to_org.png) + :::image type="content" alt-text="Confirmation that the device is now connected." source="images/win10_confirm_device_connected_to_org.png"::: 8. The **Connect to work or school** window will refresh and will now include an entry that shows you're connected to your organization's Azure AD. This means the device is now registered in Azure AD and enrolled in MDM and the account should have access to the organization's resources. **Figure 45** - Device is now enrolled in Azure AD - ![Device is enrolled in Azure AD.](images/win10_device_enrolled_in_aad.png) + :::image type="content" alt-text="Device is enrolled in Azure AD." source="images/win10_device_enrolled_in_aad.png"::: -9. You can confirm that the new device and user are showing up as Intune-managed by going to the Intune management portal and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later. +9. You can confirm that the new device and user are showing up as Intune-managed by going to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later. ### 4.2 Add a new user You can add new users to your tenant simply by adding them to the Microsoft 365 groups. Adding new users to Microsoft 365 groups automatically adds them to the corresponding groups in Microsoft Intune. -See [Add users to Office 365](/microsoft-365/admin/add-users/add-users) to learn more. Once you're done adding new users, go to the Intune management portal and verify that the same users were added to the Intune groups as well. +See [Add users to Office 365](/microsoft-365/admin/add-users/add-users) to learn more. Once you're done adding new users, go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and verify that the same users were added to the Intune groups as well. ## Get more info ### For IT admins To learn more about the services and tools mentioned in this walkthrough, and learn what other tasks you can do, follow these links: -- Set up Office 365 for business -- Common admin tasks in Office 365 including email and OneDrive in Manage Office 365 -- More info about managing devices, apps, data, troubleshooting, and more in Intune documentation +- [Set up Office 365 for business](/microsoft-365/admin/setup) +- Common admin tasks in Office 365 including email and OneDrive in [Manage Office 365](/microsoft-365/admin/) +- More info about managing devices, apps, data, troubleshooting, and more in the [/mem/intune/](/mem/intune/) - Learn more about Windows client in the [Windows client documentation for IT Pros](/windows/resources/). -- Info about distributing apps to your employees, managing apps, managing settings, and more in Microsoft Store for Business +- Info about distributing apps to your employees, managing apps, managing settings, and more in [Microsoft Store for Business](/microsoft-store/) ### For information workers Whether it's in the classroom, getting the most out of your devices, or learning some of the cool things you can do, we've got teachers covered. Follow these links for more info: diff --git a/store-for-business/manage-users-and-groups-microsoft-store-for-business.md b/store-for-business/manage-users-and-groups-microsoft-store-for-business.md index a417157bc2..717074d334 100644 --- a/store-for-business/manage-users-and-groups-microsoft-store-for-business.md +++ b/store-for-business/manage-users-and-groups-microsoft-store-for-business.md @@ -44,5 +44,5 @@ If you created a new Azure AD directory when you signed up for Store for Busines You can use the [Office 365 admin dashboard](https://portal.office.com/adminportal) or [Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=691086) to add user accounts to your Azure AD directory. If you'll be using Azure management portal, you'll need an active subscription to [Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=708617). For more information, see: -- [Add user accounts using Office 365 admin dashboard](https://support.office.com/en-us/article/add-users-individually-or-in-bulk-to-office-365-admin-help-1970f7d6-03b5-442f-b385-5880b9c256ec) +- [Add user accounts using Office 365 admin dashboard](/microsoft-365/admin/add-users) - [Add user accounts using Azure management portal](/azure/active-directory/fundamentals/add-users-azure-active-directory) \ No newline at end of file diff --git a/store-for-business/troubleshoot-microsoft-store-for-business.md b/store-for-business/troubleshoot-microsoft-store-for-business.md index f54b676866..febe7110b0 100644 --- a/store-for-business/troubleshoot-microsoft-store-for-business.md +++ b/store-for-business/troubleshoot-microsoft-store-for-business.md @@ -56,7 +56,7 @@ The private store for your organization is a page in Microsoft Store app that co ## Troubleshooting Microsoft Store for Business integration with Microsoft Endpoint Configuration Manager -If you encounter any problems when integrating Microsoft Store for Business with Configuration Manager, use the [troubleshooting guide](https://support.microsoft.com/help/4010214/understand-and-troubleshoot-microsoft-store-for-business-integration-w). +If you encounter any problems when integrating Microsoft Store for Business with Configuration Manager, use the [troubleshooting guide](/troubleshoot/mem/configmgr/troubleshoot-microsoft-store-for-business-integration). ## Still having trouble? diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md index cbe270cf7d..6899ee3213 100644 --- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md +++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md @@ -63,7 +63,7 @@ The computer on which you are installing the Office Deployment Tool must have th | Prerequisite | Description | |----------------------|--------------------| -| Prerequisite software | .Net Framework 4 | +| Prerequisite software | .NET Framework 4 | | Supported operating systems | 64-bit version of Windows 10/11
64-bit version of Windows 8 or 8.1
64-bit version of Windows 7 | >[!NOTE] @@ -120,7 +120,7 @@ The XML file included in the Office Deployment Tool specifies the product detail |--------------|----------------------------|----------------| | Add element | Specifies which products and languages the package will include. | N/A | | **OfficeClientEdition** (attribute of **Add** element) | Specifies whether Office 2016 32-bit or 64-bit edition will be used. **OfficeClientEdition**  must be set to a valid value for the operation to succeed. | `OfficeClientEdition="32"`
`OfficeClientEdition="64"` | - | Product element | Specifies the application. Project 2016 and Visio 2016 must be specified here as added products to include them in the applications.
For more information about Product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](https://support.microsoft.com/kb/2842297). | `Product ID ="O365ProPlusRetail"`
`Product ID ="VisioProRetail"`
`Product ID ="ProjectProRetail"` | + | Product element | Specifies the application. Project 2016 and Visio 2016 must be specified here as added products to include them in the applications.
For more information about Product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](/office365/troubleshoot/installation). | `Product ID ="O365ProPlusRetail"`
`Product ID ="VisioProRetail"`
`Product ID ="ProjectProRetail"` | | Language element | Specifies which language the applications support. | `Language ID="en-us"` | | Version (attribute of **Add** element) | Optional. Specifies which build the package will use.
Defaults to latest advertised build (as defined in v32.CAB at the Office source). | `16.1.2.3` | | SourcePath (attribute of **Add** element) | Specifies the location the applications will be saved to. | `Sourcepath = "\\Server\Office2016"` | diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md index 49d851c6f6..8a7c060339 100644 --- a/windows/client-management/advanced-troubleshooting-boot-problems.md +++ b/windows/client-management/advanced-troubleshooting-boot-problems.md @@ -231,7 +231,7 @@ If Windows cannot load the system registry hive into memory, you must restore th If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced. > [!NOTE] -> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](https://support.microsoft.com/en-us/help/4509719/the-system-registry-is-no-longer-backed-up-to-the-regback-folder-start). +> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder) ## Kernel Phase @@ -414,4 +414,4 @@ If the dump file shows an error that is related to a driver (for example, window 5. Copy all the hives from the Regback folder, paste them in the Config folder, and then try to start the computer in Normal mode. > [!NOTE] -> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](https://support.microsoft.com/en-us/help/4509719/the-system-registry-is-no-longer-backed-up-to-the-regback-folder-start). +> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder). diff --git a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md index 043d6d76df..49d26516fa 100644 --- a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md +++ b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md @@ -37,9 +37,8 @@ It is important to understand the different Wi-Fi components involved, their exp The intention of this troubleshooter is to show how to find a starting point in the verbosity of wireless_dbg ETW and home in on the responsible components that are causing the connection problem. ### Known Issues and fixes -** ** -| **OS version** | **Fixed in** | +| OS version | Fixed in | | --- | --- | | **Windows 10, version 1803** | [KB4284848](https://support.microsoft.com/help/4284848) | | **Windows 10, version 1709** | [KB4284822](https://support.microsoft.com/help/4284822) | @@ -54,13 +53,13 @@ Make sure that you install the latest Windows updates, cumulative updates, and r - [Windows 10 version 1511](https://support.microsoft.com/help/4000824) - [Windows 8.1 and Windows Server 2012 R2](https://support.microsoft.com/help/4009470) - [Windows Server 2012](https://support.microsoft.com/help/4009471) -- [Windows 7 SP1 and Windows Server 2008 R2 SP1](https://support.microsoft.com/help/40009469) +- [Windows 7 SP1 and Windows Server 2008 R2 SP1](https://support.microsoft.com/help/4009469) ## Data Collection 1. Network Capture with ETW. Enter the following at an elevated command prompt: - ```cmd + ```console netsh trace start wireless_dbg capture=yes overwrite=yes maxsize=4096 tracefile=c:\tmp\wireless.etl ``` 2. Reproduce the issue. @@ -70,12 +69,12 @@ Make sure that you install the latest Windows updates, cumulative updates, and r - If intermittent connection drops trigger stop command on a script (ping or test network constantly until fail, then netsh trace stop). 3. Stop the trace by entering the following command: - ```cmd + ```console netsh trace stop ``` 4. To convert the output file to text format: - ```cmd + ```console netsh trace convert c:\tmp\wireless.etl ``` @@ -105,39 +104,39 @@ The wifi connection state machine has the following states: Standard wifi connections tend to transition between states such as: -**Connecting** +- Connecting -Reset --> Ihv_Configuring --> Configuring --> Associating --> Authenticating --> Connected + Reset --> Ihv_Configuring --> Configuring --> Associating --> Authenticating --> Connected -**Disconnecting** +- Disconnecting -Connected --> Roaming --> Wait_For_Disconnected --> Disconnected --> Reset + Connected --> Roaming --> Wait_For_Disconnected --> Disconnected --> Reset ->Filtering the ETW trace with the [TextAnalysisTool](https://github.com/TextAnalysisTool/Releases) (TAT) is an easy first step to determine where a failed connection setup is breaking down. A useful [wifi filter file](#wifi-filter-file) is included at the bottom of this article. +Filtering the ETW trace with the [TextAnalysisTool](https://github.com/TextAnalysisTool/Releases) (TAT) is an easy first step to determine where a failed connection setup is breaking down. A useful [wifi filter file](#wifi-filter-file) is included at the bottom of this article. Use the **FSM transition** trace filter to see the connection state machine. You can see [an example](#textanalysistool-example) of this filter applied in the TAT at the bottom of this page. The following is an example of a good connection setup: -
+```console
 44676 [2]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.658 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Disconnected to State: Reset
 45473 [1]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.667 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Reset to State: Ihv_Configuring
 45597 [3]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.708 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Ihv_Configuring to State: Configuring
 46085 [2]0F24.17E0::‎2018‎-‎09‎-‎17 10:22:14.710 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Configuring to State: Associating
 47393 [1]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.879 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Associating to State: Authenticating
 49465 [2]0F24.17E0::‎2018‎-‎09‎-‎17 10:22:14.990 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Authenticating to State: Connected
-
+``` The following is an example of a failed connection setup: -
+```console
 44676 [2]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.658 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Disconnected to State: Reset
 45473 [1]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.667 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Reset to State: Ihv_Configuring
 45597 [3]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.708 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Ihv_Configuring to State: Configuring
 46085 [2]0F24.17E0::‎2018‎-‎09‎-‎17 10:22:14.710 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Configuring to State: Associating
 47393 [1]0F24.1020::‎2018‎-‎09‎-‎17 10:22:14.879 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Associating to State: Authenticating
 49465 [2]0F24.17E0::‎2018‎-‎09‎-‎17 10:22:14.990 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Authenticating to State: Roaming
-
+``` By identifying the state at which the connection fails, one can focus more specifically in the trace on logs just prior to the last known good state. @@ -155,7 +154,7 @@ Enable the **FSM transition, SecMgr Transition,** and **AuthMgr Transition** fil Continuing with the example above, the combined filters look like this: -
+```console
 [2] 0C34.2FF0::08/28/17-13:24:28.693 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
 Reset to State: Ihv_Configuring
 [2] 0C34.2FF0::08/28/17-13:24:28.693 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
@@ -173,7 +172,7 @@ Associating to State: Authenticating
 [2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
 [2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
 Authenticating to State: Roaming
-
+``` > [!NOTE] > In the next to last line the SecMgr transition is suddenly deactivating:
@@ -182,7 +181,7 @@ Authenticating to State: Roaming Enabling the **Microsoft-Windows-WLAN-AutoConfig** filter will show more detail leading to the DEACTIVATE transition: -
+```console
 [3] 0C34.2FE8::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
 Associating to State: Authenticating
 [1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
@@ -196,7 +195,7 @@ Associating to State: Authenticating
  [2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
 [2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
 Authenticating to State: Roaming
-
+``` The trail backwards reveals a **Port Down** notification: @@ -208,7 +207,7 @@ Below, the MSM is the native wifi stack. These are Windows native wifi drivers w Enable trace filter for **[Microsoft-Windows-NWifi]:** -
+```console
 [3] 0C34.2FE8::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
 Associating to State: Authenticating
 [1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
@@ -222,12 +221,14 @@ Associating to State: Authenticating
 [2] 0C34.2FF0::08/28/17-13:24:29.751 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition WAIT FOR AUTH SUCCESS (7) --> DEACTIVATE (11)
  [2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
 [2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: 
-Authenticating to State: Roaming
+Authenticating to State: Roaming +``` In the trace above, we see the line: -
-[0]0000.0000::‎08/28/17-13:24:29.127 [Microsoft-Windows-NWiFi]DisAssoc: 0x8A1514B62510 Reason: 0x4
+```console +[0]0000.0000::‎08/28/17-13:24:29.127 [Microsoft-Windows-NWiFi]DisAssoc: 0x8A1514B62510 Reason: 0x4 +``` This is followed by **PHY_STATE_CHANGE** and **PORT_DOWN** events due to a disassociate coming from the Access Point (AP), as an indication to deny the connection. This could be due to invalid credentials, connection parameters, loss of signal/roaming, and various other reasons for aborting a connection. The action here would be to examine the reason for the disassociate sent from the indicated AP MAC (8A:15:14:B6:25:10). This would be done by examining internal logging/tracing from the AP. @@ -238,7 +239,7 @@ This is followed by **PHY_STATE_CHANGE** and **PORT_DOWN** events due to a disas ## Example ETW capture -
+```console
 C:\tmp>netsh trace start wireless_dbg capture=yes overwrite=yes maxsize=4096 tracefile=c:\tmp\wireless.etl
 
 Trace configuration:
@@ -279,7 +280,7 @@ C:\tmp>dir
 01/09/2019  02:59 PM         2,786,540 wireless.txt
                3 File(s)     10,395,004 bytes
                2 Dir(s)  46,648,332,288 bytes free
-
+``` ## Wifi filter file diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index 5a346bc6b9..5c5047248c 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -73,7 +73,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu > When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com. > [!NOTE] - > If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in this [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e). + > If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in this [support article](/troubleshoot/windows-server/remote/remote-desktop-connection-6-prompts-credentials). ## Supported configurations diff --git a/windows/client-management/group-policies-for-enterprise-and-education-editions.md b/windows/client-management/group-policies-for-enterprise-and-education-editions.md index c9150ce005..3d50f1d30a 100644 --- a/windows/client-management/group-policies-for-enterprise-and-education-editions.md +++ b/windows/client-management/group-policies-for-enterprise-and-education-editions.md @@ -32,7 +32,7 @@ In Windows 10, version 1607, the following Group Policy settings apply only to W | **Do not show Windows Tips** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](/windows/configuration/windows-spotlight) | | **Force a specific default lock screen image** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](/windows/configuration/windows-spotlight) | | **Start layout** | User Configuration\Administrative Templates\Start Menu and Taskbar | In Windows 10, version 1703, this policy setting can be applied to Windows 10 Pro. For more info, see [Manage Windows 10 Start layout options and policies](/windows/configuration/windows-10-start-layout-options-and-policies) | -| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application

User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/kb/3135657). | +| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application

User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application | For more info, see [Knowledge Base article# 3135657](/troubleshoot/windows-client/group-policy/cannot-disable-microsoft-store). | | **Only display the private store within the Microsoft Store app** | Computer Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Microsoft Store app

User Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Microsoft Store app | For more info, see [Manage access to private store](/microsoft-store/manage-access-to-private-store) | | **Don't search the web or display web results** | Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results | For more info, see [Cortana integration in your enterprise](/windows/configuration/cortana-at-work/cortana-at-work-overview) | diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md index 4e6bcdad77..56a3adc040 100644 --- a/windows/client-management/manage-settings-app-with-group-policy.md +++ b/windows/client-management/manage-settings-app-with-group-policy.md @@ -26,7 +26,7 @@ To make use of the Settings App group policies on Windows server 2016, install f >[!Note] >Each server that you want to manage access to the Settings App must be patched. -If your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management, to centrally manage the new policies, copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra). +If your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management, to centrally manage the new policies, copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store). This policy is available for both User and Computer depending on the version of the OS. Windows Server 2016 with KB 4457127 applied will have both User and Computer policy. Windows 10, version 1703, added Computer policy for the Settings app. Windows 10, version 1809, added User policy for the Settings app. diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index 2bfc3e5170..d45e85d719 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -42,7 +42,7 @@ The name of the folder in which you store the mandatory profile must use the cor | Windows 10, versions 1507 and 1511 | N/A | v5 | | Windows 10, versions 1607, 1703, 1709, 1803, 1809, 1903 and 1909 | Windows Server 2016 and Windows Server 2019 | v6 | -For more information, see [Deploy Roaming User Profiles, Appendix B](/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#appendix-b-profile-version-reference-information) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](https://support.microsoft.com/kb/3056198). +For more information, see [Deploy Roaming User Profiles, Appendix B](/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#appendix-b-profile-version-reference-information) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](/troubleshoot/windows-server/user-profiles-and-logon/roaming-user-profiles-versioning). ## Mandatory user profile diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index df97fdd306..c77b8f6df6 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -49,9 +49,10 @@ For this policy to work, you must verify that the MDM service provider allows th ## Verify auto-enrollment requirements and settings To ensure that the auto-enrollment feature is working as expected, you must verify that various requirements and settings are configured correctly. The following steps demonstrate required settings using the Intune service: + 1. Verify that the user who is going to enroll the device has a valid Intune license. - ![Intune license verification.](images/auto-enrollment-intune-license-verification.png) + :::image type="content" alt-text="Intune license verification." source="images/auto-enrollment-intune-license-verification.png" lightbox="images/auto-enrollment-intune-license-verification.png"::: 2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Intune. For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](./azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md). @@ -83,7 +84,7 @@ The following steps demonstrate required settings using the Intune service: 6. Some tenants might have both **Microsoft Intune** and **Microsoft Intune Enrollment** under **Mobility**. Make sure that your auto-enrollment settings are configured under **Microsoft Intune** instead of **Microsoft Intune Enrollment**. - ![Mobility setting MDM intune.](images/auto-enrollment-microsoft-intune-setting.png) + :::image type="content" alt-text="Mobility setting MDM intune." source="images/auto-enrollment-microsoft-intune-setting.png" lightbox="images/auto-enrollment-microsoft-intune-setting.png"::: 7. Verify that the *Enable Automatic MDM enrollment using default Azure AD credentials* group policy (**Local Group Policy Editor > Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is properly deployed to all devices which should be enrolled into Intune. You may contact your domain administrators to verify if the group policy has been deployed successfully. @@ -92,7 +93,7 @@ You may contact your domain administrators to verify if the group policy has bee 9. Verify that Microsoft Intune should allow enrollment of Windows devices. - ![Enrollment of Windows devices.](images/auto-enrollment-enrollment-of-windows-devices.png) + :::image type="content" alt-text="Enrollment of Windows devices." source="images/auto-enrollment-enrollment-of-windows-devices.png" lightbox="images/auto-enrollment-enrollment-of-windows-devices.png"::: ## Configure the auto-enrollment Group Policy for a single PC @@ -113,12 +114,11 @@ Requirements: 3. In **Local Computer Policy**, click **Administrative Templates** > **Windows Components** > **MDM**. - > [!div class="mx-imgBorder"] - > ![MDM policies.](images/autoenrollment-mdm-policies.png) + :::image type="content" alt-text="MDM policies." source="images/autoenrollment-mdm-policies.png" lightbox="images/autoenrollment-mdm-policies.png"::: 4. Double-click **Enable automatic MDM enrollment using default Azure AD credentials** (previously called **Auto MDM Enrollment with AAD Token** in Windows 10, version 1709). For ADMX files in Windows 10, version 1903 and later, select **User Credential** as the Selected Credential Type to use. - ![MDM autoenrollment policy.](images/autoenrollment-policy.png) + :::image type="content" alt-text="MDM autoenrollment policy." source="images/autoenrollment-policy.png" lightbox="images/autoenrollment-policy.png"::: 5. Click **Enable**, and select **User Credential** from the dropdown **Select Credential Type to Use**, then click **OK**. @@ -159,7 +159,7 @@ Requirements: 3. In **Task Scheduler Library**, open **Microsoft > Windows** , then click **EnterpriseMgmt**. - ![Auto-enrollment scheduled task.](images/autoenrollment-scheduled-task.png) + :::image type="content" alt-text="Auto-enrollment scheduled task." source="images/autoenrollment-scheduled-task.png" lightbox="images/autoenrollment-scheduled-task.png"::: To see the result of the task, move the scroll bar to the right to see the **Last Run Result**. Note that **0x80180026** is a failure message (MENROLL\_E_DEVICE\_MANAGEMENT_BLOCKED). You can see the logs in the **History** tab. @@ -222,7 +222,7 @@ Requirements: 5. Copy PolicyDefinitions folder to **\\SYSVOL\contoso.com\policies\PolicyDefinitions**. - If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain. + If this folder does not exist, then be aware that you will be switching to a [central policy store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) for your entire domain. 6. Wait for the SYSVOL DFSR replication to be completed for the policy to be available. @@ -249,21 +249,21 @@ To collect Event Viewer logs: 3. Search for event ID 75, which represents a successful auto-enrollment. Here is an example screenshot that shows the auto-enrollment completed successfully: - ![Event ID 75.](images/auto-enrollment-troubleshooting-event-id-75.png) + :::image type="content" alt-text="Event ID 75." source="images/auto-enrollment-troubleshooting-event-id-75.png" lightbox="images/auto-enrollment-troubleshooting-event-id-75.png"::: If you cannot find event ID 75 in the logs, it indicates that the auto-enrollment failed. This can happen because of the following reasons: - The enrollment failed with error. In this case, search for event ID 76, which represents failed auto-enrollment. Here is an example screenshot that shows that the auto-enrollment failed: - ![Event ID 76.](images/auto-enrollment-troubleshooting-event-id-76.png) + :::image type="content" alt-text="Event ID 76." source="images/auto-enrollment-troubleshooting-event-id-76.png" lightbox="images/auto-enrollment-troubleshooting-event-id-76.png"::: - To troubleshoot, check the error code that appears in the event. See [Troubleshooting Windows device enrollment problems in Microsoft Intune](https://support.microsoft.com/en-ph/help/4469913/troubleshooting-windows-device-enrollment-problems-in-microsoft-intune) for more information. + To troubleshoot, check the error code that appears in the event. See [Troubleshooting Windows device enrollment problems in Microsoft Intune](/troubleshoot/mem/intune/troubleshoot-windows-enrollment-errors) for more information. - The auto-enrollment did not trigger at all. In this case, you will not find either event ID 75 or event ID 76. To know the reason, you must understand the internal mechanisms happening on the device as described in the following section. The auto-enrollment process is triggered by a task (**Microsoft > Windows > EnterpriseMgmt**) within the task-scheduler. This task appears if the *Enable automatic MDM enrollment using default Azure AD credentials* group policy (**Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is successfully deployed to the target machine as shown in the following screenshot: - ![Task scheduler.](images/auto-enrollment-task-scheduler.png) + :::image type="content" alt-text="Task scheduler." source="images/auto-enrollment-task-scheduler.png" lightbox="images/auto-enrollment-task-scheduler.png"::: > [!Note] > This task isn't visible to standard users - run Scheduled Tasks with administrative credentials to find the task. @@ -272,24 +272,24 @@ To collect Event Viewer logs: **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational**. Look for an entry where the task scheduler created by enrollment client for automatically enrolling in MDM from AAD is triggered by event ID 107. - ![Event ID 107.](images/auto-enrollment-event-id-107.png) + :::image type="content" alt-text="Event ID 107." source="images/auto-enrollment-event-id-107.png" lightbox="images/auto-enrollment-event-id-107.png"::: When the task is completed, a new event ID 102 is logged. - ![Event ID 102.](images/auto-enrollment-event-id-102.png) + :::image type="content" alt-text="Event ID 102." source="images/auto-enrollment-event-id-102.png" lightbox="images/auto-enrollment-event-id-102.png"::: Note that the task scheduler log displays event ID 102 (task completed) regardless of the auto-enrollment success or failure. This means that the task scheduler log is only useful to confirm if the auto-enrollment task is triggered or not. It does not indicate the success or failure of auto-enrollment. If you cannot see from the log that task Schedule created by enrollment client for automatically enrolling in MDM from AAD is initiated, there is possibly issue with the group policy. Immediately run the command `gpupdate /force` in command prompt to get the GPO applied. If this still does not help, further troubleshooting on the Active Directory is required. One frequently seen error is related to some outdated enrollment entries in the registry on the target client device (**HKLM > Software > Microsoft > Enrollments**). If a device has been enrolled (can be any MDM solution and not only Intune), some enrollment information added into the registry is seen: - ![Outdated enrollment entries.](images/auto-enrollment-outdated-enrollment-entries.png) + :::image type="content" alt-text="Outdated enrollment entries." source="images/auto-enrollment-outdated-enrollment-entries.png" lightbox="images/auto-enrollment-outdated-enrollment-entries.png"::: By default, these entries are removed when the device is un-enrolled, but occasionally the registry key remains even after un-enrollment. In this case, `gpupdate /force` fails to initiate the auto-enrollment task and error code 2149056522 is displayed in the **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational** event log file under event ID 7016. A resolution to this issue is to remove the registry key manually. If you do not know which registry key to remove, go for the key which displays most entries as the screenshot above. All other keys will display fewer entries as shown in the following screenshot: - ![Manually deleted entries.](images/auto-enrollment-activation-verification-less-entries.png) + :::image type="content" alt-text="Manually deleted entries." source="images/auto-enrollment-activation-verification-less-entries.png" lightbox="images/auto-enrollment-activation-verification-less-entries.png"::: ### Related topics @@ -298,7 +298,7 @@ To collect Event Viewer logs: - [Link a Group Policy Object](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732979(v=ws.11)) - [Filter Using Security Groups](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc752992(v=ws.11)) - [Enforce a Group Policy Object Link](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753909(v=ws.11)) -- [Group Policy Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) +- [Group Policy Central Store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) - [Getting started with Cloud Native Windows Endpoints](/mem/cloud-native-windows-endpoints) - [A Framework for Windows endpoint management transformation](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/a-framework-for-windows-endpoint-management-transformation/ba-p/2460684) - [Success with remote Windows Autopilot and Hybrid Azure Active Director join](https://techcommunity.microsoft.com/t5/intune-customer-success/success-with-remote-windows-autopilot-and-hybrid-azure-active/ba-p/2749353) diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index 059e52a062..e0a043830c 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -241,7 +241,7 @@ The data type is integer. Supported operation is Get.

Added in Windows 10, version 1703. Node for the Skype for Business settings. **InBoxApps/SkypeForBusiness/DomainName** -

Added in Windows 10, version 1703. Specifies the domain of the Skype for Business account when you are using Active Directory. For more information, see Set up Skype for Business Online. +

Added in Windows 10, version 1703. Specifies the domain of the Skype for Business account when you are using Active Directory. For more information, see Set up Skype for Business Online.

The data type is string. Supported operation is Get and Replace. diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md index e5443eceaa..cc92de3f11 100644 --- a/windows/client-management/troubleshoot-stop-errors.md +++ b/windows/client-management/troubleshoot-stop-errors.md @@ -85,7 +85,7 @@ To troubleshoot Stop error messages, follow these general steps: > >To do this, see [How to perform a clean boot in Windows](https://support.microsoft.com/help/929135). > - >You can disable a driver by following the steps in [How to temporarily deactivate the kernel mode filter driver in Windows](https://support.microsoft.com/help/816071). + >You can disable a driver by following the steps in [How to temporarily deactivate the kernel mode filter driver in Windows](/troubleshoot/windows-server/performance/deactivate-kernel-mode-filter-driver). > >You may also want to consider the option of rolling back changes or reverting to the last-known working state. For more information, see [Roll Back a Device Driver to a Previous Version](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732648(v=ws.11)). @@ -129,9 +129,9 @@ More information on how to use Dumpchk.exe to check your dump files: ### Pagefile Settings -- [Introduction of page file in Long-Term Servicing Channel and Semi-Annual Channel of Windows](https://support.microsoft.com/help/4133658) -- [How to determine the appropriate page file size for 64-bit versions of Windows](https://support.microsoft.com/help/2860880) -- [How to generate a kernel or a complete memory dump file in Windows Server 2008 and Windows Server 2008 R2](https://support.microsoft.com/help/969028) +- [Introduction of page file in Long-Term Servicing Channel and Semi-Annual Channel of Windows](/windows/client-management/introduction-page-file) +- [How to determine the appropriate page file size for 64-bit versions of Windows](/windows/client-management/determine-appropriate-page-file-size) +- [How to generate a kernel or a complete memory dump file in Windows Server 2008 and Windows Server 2008 R2](/windows/client-management/generate-kernel-or-complete-crash-dump) ### Memory dump analysis @@ -169,13 +169,13 @@ You can use the tools such as Windows Software Development KIT (SDK) and Symbols 6. Click on **Open Crash Dump**, and then open the memory.dmp file that you copied. See the example below. - ![WinDbg img.](images/windbg.png) + :::image type="content" alt-text="WinDbg img." source="images/windbg.png" lightbox="images/windbg.png"::: 7. There should be a link that says **!analyze -v** under **Bugcheck Analysis**. Click that link. This will enter the command !analyze -v in the prompt at the bottom of the page. 8. A detailed bugcheck analysis will appear. See the example below. - ![Bugcheck analysis.](images/bugcheck-analysis.png) + :::image type="content" alt-text="Bugcheck analysis." source="images/bugcheck-analysis.png" lightbox="images/bugcheck-analysis.png"::: 9. Scroll down to the section where it says **STACK_TEXT**. There will be rows of numbers with each row followed by a colon and some text. That text should tell you what DLL is causing the crash and if applicable what service is crashing the DLL. diff --git a/windows/client-management/troubleshoot-tcpip-rpc-errors.md b/windows/client-management/troubleshoot-tcpip-rpc-errors.md index 808a919eef..6601c0c57d 100644 --- a/windows/client-management/troubleshoot-tcpip-rpc-errors.md +++ b/windows/client-management/troubleshoot-tcpip-rpc-errors.md @@ -38,7 +38,7 @@ Before getting in to troubleshooting the *RPC server unavailable- error Client A wants to execute some functions or wants to make use of a service running on the remote server, will first establish the connection with the Remote Server by doing a three-way handshake. -![Diagram illustrating connection to remote server.](images/rpc-flow.png) +:::image type="content" alt-text="Diagram illustrating connection to remote server." source="images/rpc-flow.png" lightbox="images/rpc-flow.png"::: RPC ports can be given from a specific range as well. ### Configure RPC dynamic port allocation @@ -47,7 +47,7 @@ Remote Procedure Call (RPC) dynamic port allocation is used by server applicatio Customers using firewalls may want to control which ports RPC is using so that their firewall router can be configured to forward only these Transmission Control Protocol (UDP and TCP) ports. Many RPC servers in Windows let you specify the server port in custom configuration items such as registry entries. When you can specify a dedicated server port, you know what traffic flows between the hosts across the firewall, and you can define what traffic is allowed in a more directed manner. -As a server port, please choose a port outside of the range you may want to specify below. You can find a comprehensive list of server ports that are used in Windows and major Microsoft products in the article [Service overview and network port requirements for Windows](https://support.microsoft.com/help/832017). +As a server port, please choose a port outside of the range you may want to specify below. You can find a comprehensive list of server ports that are used in Windows and major Microsoft products in the article [Service overview and network port requirements for Windows](/troubleshoot/windows-server/networking/service-overview-and-network-port-requirements). The article also lists the RPC servers and which RPC servers can be configured to use custom server ports beyond the facilities the RPC runtime offers. Some firewalls also allow for UUID filtering where it learns from a RPC Endpoint Mapper request for a RPC interface UUID. The response has the server port number, and a subsequent RPC Bind on this port is then allowed to pass. @@ -110,13 +110,13 @@ If you would like to do a deep dive as to how it works, see [RPC over IT/Pro](ht The best thing to always troubleshoot RPC issues before even getting in to traces is by making use of tools like **PortQry**. You can quickly determine if you are able to make a connection by running the command: -```cmd +```console Portqry.exe -n -e 135 ``` This would give you a lot of output to look for, but you should be looking for *ip_tcp- and the port number in the brackets, which tells whether you were successfully able to get a dynamic port from EPM and also make a connection to it. If the above fails, you can typically start collecting simultaneous network traces. Something like this from the output of “PortQry”: -```cmd +```console Portqry.exe -n 169.254.0.2 -e 135 ``` Partial output below: @@ -141,17 +141,20 @@ The one in bold is the ephemeral port number that you made a connection to succe You can run the commands below to leverage Windows inbuilt netsh captures, to collect a simultaneous trace. Remember to execute the below on an “Admin CMD”, it requires elevation. - On the client - ```cmd + + ```console Netsh trace start scenario=netconnection capture=yes tracefile=c:\client_nettrace.etl maxsize=512 overwrite=yes report=yes ``` - On the Server - ```cmd + + ```console Netsh trace start scenario=netconnection capture=yes tracefile=c:\server_nettrace.etl maxsize=512 overwrite=yes report=yes ``` Now try to reproduce your issue from the client machine and as soon as you feel the issue has been reproduced, go ahead and stop the traces using the command -```cmd + +```console Netsh trace stop ``` @@ -163,13 +166,13 @@ Open the traces in [Microsoft Network Monitor 3.4](troubleshoot-tcpip-netmon.md) - Now check if you are getting a response from the server. If you get a response, note the dynamic port number that you have been allocated to use. - ![Screenshot of Network Monitor with dynamic port highlighted.](images/tcp-ts-23.png) + :::image type="content" alt-text="Screenshot of Network Monitor with dynamic port highlighted." source="images/tcp-ts-23.png" lightbox="images/tcp-ts-23.png"::: - Check if we are connecting successfully to this Dynamic port successfully. - The filter should be something like this: `tcp.port==` and `ipv4.address==` - ![Screenshot of Network Monitor with filter applied.](images/tcp-ts-24.png) + :::image type="content" alt-text="Screenshot of Network Monitor with filter applied." source="images/tcp-ts-24.png" lightbox="images/tcp-ts-24.png"::: This should help you verify the connectivity and isolate if any network issues are seen. @@ -178,7 +181,7 @@ This should help you verify the connectivity and isolate if any network issues a The most common reason why we would see the RPC server unavailable is when the dynamic port that the client tries to connect is not reachable. The client side trace would then show TCP SYN retransmits for the dynamic port. -![Screenshot of Network Monitor with TCP SYN retransmits.](images/tcp-ts-25.png) +:::image type="content" alt-text="Screenshot of Network Monitor with TCP SYN retransmits." source="images/tcp-ts-25.png" lightbox="images/tcp-ts-25.png"::: The port cannot be reachable due to one of the following reasons: diff --git a/windows/client-management/troubleshoot-windows-freeze.md b/windows/client-management/troubleshoot-windows-freeze.md index a255ead455..9d73bacae3 100644 --- a/windows/client-management/troubleshoot-windows-freeze.md +++ b/windows/client-management/troubleshoot-windows-freeze.md @@ -133,7 +133,7 @@ If the computer is no longer frozen and now is running in a good state, use the To allow the operating system to generate a memory dump file at an NMI interruption, set the value of the [NMICrashDump](/previous-versions/windows/it-pro/windows-server-2003/cc783271(v=ws.10)) registry entry to `1` (REG_DWORD). Then, restart the computer to apply this change. > [!NOTE] - > This is applicable only for Windows 7, Windows Server 2008 R2, and earlier versions of Windows. For Windows 8 Windows Server 2012, and later versions of Windows, the NMICrashDump registry key is no longer required, and an NMI interruption will result in [a Stop error that follows a memory dump data collection](https://support.microsoft.com/help/2750146). + > This is applicable only for Windows 7, Windows Server 2008 R2, and earlier versions of Windows. For Windows 8 Windows Server 2012, and later versions of Windows, the NMICrashDump registry key is no longer required, and an NMI interruption will result in [a Stop error that follows a memory dump data collection](/troubleshoot/windows-client/performance/nmi-hardware-failure-error). 4. When the computer exhibits the problem, hold down the right **Ctrl** key, and press the **Scroll Lock** key two times to generate a memory dump file. @@ -158,17 +158,17 @@ Learn how to use Dumpchk.exe to check your dump files: You can use Windows Performance Monitor to examine how programs that you run affect your computer's performance, both in real time and by collecting log data for later analysis. To create performance counter and event trace log collections on local and remote systems, run the following commands in a command prompt as administrator: -```cmd +```console Logman create counter LOGNAME_Long -u DOMAIN\USERNAME * -f bincirc -v mmddhhmm -max 500 -c "\\COMPUTERNAME\LogicalDisk(*)\*" "\\COMPUTERNAME\Memory\*" "\\COMPUTERNAME\Network Interface(*)\*" "\\COMPUTERNAME\Paging File(*)\*" "\\COMPUTERNAME\PhysicalDisk(*)\*" "\\COMPUTERNAME\Process(*)\*" "\\COMPUTERNAME\Redirector\*" "\\COMPUTERNAME\Server\*" "\\COMPUTERNAME\System\*" "\\COMPUTERNAME\Terminal Services\*" "\\COMPUTERNAME\Processor(*)\*" "\\COMPUTERNAME\Cache\*" -si 00:05:00 ``` -```cmd +```console Logman create counter LOGNAME_Short -u DOMAIN\USERNAME * -f bincirc -v mmddhhmm -max 500 -c "\\COMPUTERNAME\LogicalDisk(*)\*" "\\COMPUTERNAME\Memory\*" "\\COMPUTERNAME\Network Interface(*)\*" "\\COMPUTERNAME\Paging File(*)\*" "\\COMPUTERNAME\PhysicalDisk(*)\*" "\\COMPUTERNAME\Process(*)\*" "\\COMPUTERNAME\Redirector\*" "\\COMPUTERNAME\Server\*" "\\COMPUTERNAME\System\*" "\\COMPUTERNAME\Terminal Services\*" "\\COMPUTERNAME\Processor(*)\*" "\\COMPUTERNAME\Cache\*" -si 00:00:10 ``` Then, you can start or stop the log by running the following commands: -```cmd +```console logman start LOGNAME_Long / LOGNAME_Short logman stop LOGNAME_Long / LOGNAME_Short ``` @@ -283,6 +283,6 @@ The memory dump process occurs by pressing the RIGHT CTRL + SCROLL LOCK + SCROLL On Windows Server 2008, you may not have enough free disk space to generate a complete memory dump file on the system volume. There's a [hotfix](https://support.microsoft.com/help/957517) that allows for the data collection even though there isn't sufficient space on the system drive to store the memory dump file. -Additionally, on Windows Server 2008 Service Pack (SP2), there's a second option if the system drive doesn't have sufficient space. Namely, you can use the DedicatedDumpFile registry entry. To learn how to use the registry entry, see [New behavior in Windows Vista and Windows Server 2008](https://support.microsoft.com/help/969028). +Additionally, on Windows Server 2008 Service Pack (SP2), there's a second option if the system drive doesn't have sufficient space. Namely, you can use the DedicatedDumpFile registry entry. To learn how to use the registry entry, see [New behavior in Windows Vista and Windows Server 2008](/windows/client-management/generate-kernel-or-complete-crash-dump). For more information, see [How to use the DedicatedDumpFile registry value to overcome space limitations on the system drive](https://blogs.msdn.com/b/ntdebugging/archive/2010/04/02/how-to-use-the-dedicateddumpfile-registry-value-to-overcome-space-limitations-on-the-system-drive-when-capturing-a-system-memory-dump.aspx). \ No newline at end of file diff --git a/windows/configuration/cortana-at-work/cortana-at-work-o365.md b/windows/configuration/cortana-at-work/cortana-at-work-o365.md index 2241f9d819..3a9e871905 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-o365.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-o365.md @@ -20,7 +20,7 @@ Your employees can use Cortana to help manage their day and be more productive b **See also:** -[Known issues for Windows Desktop Search and Cortana in Windows 10](https://support.microsoft.com/help/3206883/known-issues-for-windows-desktop-search-and-cortana-in-windows-10). +[Known issues for Windows Desktop Search and Cortana in Windows 10](/troubleshoot/windows-client/shell-experience/windows-desktop-search-and-cortana-issues). ### Before you begin There are a few things to be aware of before you start using Cortana in Windows 10, versions 1909 and earlier. diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md index d61c30032f..ea48de4346 100644 --- a/windows/configuration/kiosk-single-app.md +++ b/windows/configuration/kiosk-single-app.md @@ -205,7 +205,7 @@ Clear-AssignedAccess >[!IMPORTANT] ->When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](https://support.microsoft.com/help/324737/how-to-turn-on-automatic-logon-in-windows). +>When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](/troubleshoot/windows-server/user-profiles-and-logon/turn-on-automatic-logon). When you use the **Provision kiosk devices** wizard in Windows Configuration Designer, you can configure the kiosk to run either a Universal Windows app or a Windows desktop application. diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md index 6b2320ac1e..1cd8c9fbff 100644 --- a/windows/configuration/lock-down-windows-10-to-specific-apps.md +++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md @@ -353,7 +353,7 @@ Starting with Windows 10 version 1809, you can configure the display name that w On domain-joined devices, local user accounts aren't shown on the sign-in screen by default. To show the **AutoLogonAccount** on the sign-in screen, enable the following Group Policy setting: **Computer Configuration > Administrative Templates > System > Logon > Enumerate local users on domain-joined computers**. (The corresponding MDM policy setting is [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers in the Policy CSP](/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-enumeratelocalusersondomainjoinedcomputers).) >[!IMPORTANT] ->When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](https://support.microsoft.com/help/324737/how-to-turn-on-automatic-logon-in-windows). +>When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](/troubleshoot/windows-server/user-profiles-and-logon/turn-on-automatic-logon). ##### Config for individual accounts diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md index a655857a5f..000d733a4e 100644 --- a/windows/configuration/start-layout-troubleshoot.md +++ b/windows/configuration/start-layout-troubleshoot.md @@ -43,7 +43,7 @@ When troubleshooting basic Start issues (and for the most part, all other Window - `get-AppXPackage -Name Microsoft.Windows.ShellExperienceHost` - `get-AppXPackage -Name Microsoft.Windows.Cortana` - ![Example of output from cmdlets.](images/start-ts-1.png) + :::image type="content" alt-text="Example of output from cmdlets." source="images/start-ts-1.png" lightbox="images/start-ts-1.png"::: Failure messages will appear if they aren't installed @@ -189,7 +189,7 @@ Events for both PDC and Background Tasks Infrastructure Service will be recorded ### Symptom: Application tiles like Alarm, Calculator, and Edge are missing from Start menu and the Settings app fails to open on Windows 10, version 1709 when a local user profile is deleted -![Screenshots that show download icons on app tiles and missing app tiles.](images/start-ts-2.png) +:::image type="content" alt-text="Screenshots that show download icons on app tiles and missing app tiles." source="images/start-ts-2.png" lightbox="images/start-ts-2.png"::: **Cause**: This issue is known. The first-time sign-in experience is not detected and does not trigger the install of some apps. @@ -280,7 +280,7 @@ Additionally, users may see blank tiles if sign-in was attempted without network ### Symptom: Start Menu issues with Tile Data Layer corruption -**Cause**: Windows 10, version 1507 through the release of version 1607 uses a database for the Tile image information. This is called the Tile Data Layer database. (The feature was deprecated in [Windows 10 1703](https://support.microsoft.com/help/4014193/features-that-are-removed-or-deprecated-in-windows-10-creators-update).) +**Cause**: Windows 10, version 1507 through the release of version 1607 uses a database for the Tile image information. This is called the Tile Data Layer database. (The feature was deprecated in [Windows 10 1703](/windows/deployment/planning/windows-10-removed-features).) **Resolution** There are steps you can take to fix the icons, first is to confirm that is the issue that needs to be addressed. @@ -293,9 +293,9 @@ Additionally, users may see blank tiles if sign-in was attempted without network >[!Note] >Corruption recovery removes any manual pins from Start. Apps should still be visible, but you’ll need to re-pin any secondary tiles and/or pin app tiles to the main Start view. Aps that you have installed that are completely missing from “all apps” is unexpected, however. That implies the re-registration didn’t work. -- Open a command prompt, and run the following command: +Open a command prompt, and run the following command: -``` +```console C:\Windows\System32\tdlrecover.exe -reregister -resetlayout -resetcache ``` diff --git a/windows/configuration/stop-employees-from-using-microsoft-store.md b/windows/configuration/stop-employees-from-using-microsoft-store.md index e7d3bcc9da..ceb2627452 100644 --- a/windows/configuration/stop-employees-from-using-microsoft-store.md +++ b/windows/configuration/stop-employees-from-using-microsoft-store.md @@ -83,7 +83,7 @@ For more information on the rules available via AppLocker on the different suppo Applies to: Windows 10 Enterprise, Windows 10 Education > [!Note] -> Not supported on Windows 10 Pro, starting with version 1511. For more info, see [Knowledge Base article #3135657](https://support.microsoft.com/kb/3135657). +> Not supported on Windows 10 Pro, starting with version 1511. For more info, see [Knowledge Base article #3135657](/troubleshoot/windows-client/group-policy/cannot-disable-microsoft-store). You can also use Group Policy to manage access to Microsoft Store. diff --git a/windows/configuration/ue-v/uev-prepare-for-deployment.md b/windows/configuration/ue-v/uev-prepare-for-deployment.md index 08853f5b22..31455009a3 100644 --- a/windows/configuration/ue-v/uev-prepare-for-deployment.md +++ b/windows/configuration/ue-v/uev-prepare-for-deployment.md @@ -22,7 +22,7 @@ Before you deploy User Experience Virtualization (UE-V), review this topic for i ## Plan your UE-V deployment -With UE-V, you can synchronize user-defined application and operating system settings across all the devices that a user works from. Use UE-V to synchronize settings for Windows applications and custom applications, such as third-party and line of business applications. +With UE-V, you can synchronize user-defined application and operating system settings across all the devices that a user works from. Use UE-V to synchronize settings for Windows applications and custom applications, such as third-party and line-of-business applications. Whether you want to synchronize settings for only default Windows applications or for both Windows and custom applications, you’ll need to first deploy the features required to use UE-V. @@ -44,7 +44,7 @@ If you want to use UE-V to synchronize user-defined settings for custom applicat The workflow diagram below illustrates a typical UE-V deployment and the decisions you need to be prepared to make. -![UE-V deployment preparation.](images/uev-deployment-preparation.png) +:::image type="content" alt-text="UE-V deployment preparation." source="images/uev-deployment-preparation.png"::: @@ -311,7 +315,7 @@ The UE-V settings storage location and settings template catalog support storing - [Information about roaming profiles from the Directory Services team](https://blogs.technet.microsoft.com/askds/tag/roaming-profiles/) - - [Information about Microsoft support policy for a DFS-R and DFS-N deployment scenario](https://support.microsoft.com/kb/2533009) + - [Information about Microsoft support policy for a DFS-R and DFS-N deployment scenario](/troubleshoot/windows-server/networking/support-policy-for-dfsr-dfsn-deployment) In addition, because SYSVOL uses DFSR for replication, SYSVOL cannot be used for UE-V data file replication. @@ -329,16 +333,16 @@ Computers that run the UE-V service must use a time server to maintain a consist Before you proceed, ensure that your environment meets these requirements for using UE-V. -| **Operating system** | **Edition** | **Service pack** | **System architecture** | **Windows PowerShell** | **Microsoft .NET Framework** | +| Operating system | Edition | Service pack | System architecture | Windows PowerShell | Microsoft .NET Framework | |--------------------------|---------------|------------------|-------------------------|--------------------------|--------------------------------| | Windows 10, version 1607 | Windows 10 for Enterprise | NA | 32-bit or 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher | | Windows 8 and Windows 8.1 | Enterprise or Pro | None | 32-bit or 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher | | Windows Server 2012 and Windows Server 2012 R2 | Standard or Datacenter | None | 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher | -**Note** -- Windows Server 2012 operating systems come with .NET Framework 4.5 installed. The Windows 10 operating system comes with .NET Framework 4.6 installed. - -- The “Delete Roaming Cache” policy for mandatory profiles is not supported with UE-V and should not be used. +> [!NOTE] +> - Windows Server 2012 operating systems come with .NET Framework 4.5 installed. The Windows 10 operating system comes with .NET Framework 4.6 installed. +> +> - The “Delete Roaming Cache” policy for mandatory profiles is not supported with UE-V and should not be used. There are no special random access memory (RAM) requirements specific to UE-V. @@ -368,19 +372,19 @@ Enable this configuration using one of these methods: Restart the device to allow the settings to synchronize. -- >**Note** - These methods do not work for pooled virtual desktop infrastructure (VDI) environments. +> [!NOTE] +> These methods do not work for pooled virtual desktop infrastructure (VDI) environments. ->**Note** -If you set *SyncMethod = None*, any settings changes are saved directly to the server. If the network connection to the settings storage path is not found, then the settings changes are cached on the device and are synchronized the next time that the sync provider runs. If the settings storage path is not found and the user profile is removed from a pooled VDI environment on log off, settings changes are lost and the user must reapply the change when the computer is reconnected to the settings storage path. +> [!NOTE] +> If you set *SyncMethod = None*, any settings changes are saved directly to the server. If the network connection to the settings storage path is not found, then the settings changes are cached on the device and are synchronized the next time that the sync provider runs. If the settings storage path is not found and the user profile is removed from a pooled VDI environment on log off, settings changes are lost and the user must reapply the change when the computer is reconnected to the settings storage path. **Synchronization for external sync engines** The *SyncMethod=External* parameter specifies that if UE-V settings are written to a local folder on the user device, then any external sync engine (such as OneDrive for Business, Work Folders, Sharepoint, or Dropbox) can be used to apply these settings to the different devices that users access. **Support for shared VDI sessions** UE-V supports VDI sessions that are shared among end users. You can register and configure a special VDI template, which ensures that UE-V keeps all of its functionality intact for non-persistent VDI sessions. ->**Note** -If you do not enable VDI mode for non-persistent VDI sessions, certain features do not work, such as [back-up/restore and last known good (LKG)](uev-manage-administrative-backup-and-restore.md). +> [!NOTE] +> If you do not enable VDI mode for non-persistent VDI sessions, certain features do not work, such as [back-up/restore and last known good (LKG)](uev-manage-administrative-backup-and-restore.md). The VDI template is provided with UE-V and is typically available here after installation: C:\ProgramData\Microsoft\UEV\InboxTemplates diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md index 91fb17d0de..3a7b61d729 100644 --- a/windows/configuration/ue-v/uev-release-notes-1607.md +++ b/windows/configuration/ue-v/uev-release-notes-1607.md @@ -107,12 +107,12 @@ This section contains hotfixes and KB articles for UE-V. |------------|---------|--------| | 3018608 | UE-V - TemplateConsole.exe crashes when UE-V WMI classes are missing | [support.microsoft.com/kb/3018608](https://support.microsoft.com/kb/3018608) | | 2903501 | UE-V: User Experience Virtualization (UE-V) compatibility with user profiles | [support.microsoft.com/kb/2903501](https://support.microsoft.com/kb/2903501) | -| 2770042 | UE-V Registry Settings | [support.microsoft.com/kb/2770042](https://support.microsoft.com/kb/2770042) | +| 2770042 | UE-V Registry Settings | [support.microsoft.com/kb/2770042](/troubleshoot/windows-client/ue-v/ue-v-registry-settings) | | 2847017 | Internet Explorer settings replicated by UE-V | [support.microsoft.com/kb/2847017](https://support.microsoft.com/kb/2847017) | | 2769631 | How to repair a corrupted UE-V install | [support.microsoft.com/kb/2769631](https://support.microsoft.com/kb/2769631) | | 2850989 | Migrating MAPI profiles with Microsoft UE-V is not supported | [support.microsoft.com/kb/2850989](https://support.microsoft.com/kb/2850989) | | 2769586 | UE-V roams empty folders and registry keys | [support.microsoft.com/kb/2769586](https://support.microsoft.com/kb/2769586) | -| 2782997 | How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V) | [support.microsoft.com/kb/2782997](https://support.microsoft.com/kb/2782997) | +| 2782997 | How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V) | [support.microsoft.com/kb/2782997](/troubleshoot/windows-client/ue-v/enable-debug-logging) | | 2769570 | UE-V does not update the theme on RDS or VDI sessions | [support.microsoft.com/kb/2769570](https://support.microsoft.com/kb/2769570) | | 2850582 | How To Use Microsoft User Experience Virtualization With App-V Applications | [support.microsoft.com/kb/2850582](https://support.microsoft.com/kb/2850582) | | 3041879 | Current file versions for Microsoft User Experience Virtualization | [support.microsoft.com/kb/3041879](https://support.microsoft.com/kb/3041879) | diff --git a/windows/deployment/planning/windows-10-removed-features.md b/windows/deployment/planning/windows-10-removed-features.md index 3bd41f1ff6..79092a21ec 100644 --- a/windows/deployment/planning/windows-10-removed-features.md +++ b/windows/deployment/planning/windows-10-removed-features.md @@ -61,7 +61,7 @@ The following features and functionalities have been removed from the installed |Reader app | Functionality to be integrated into Microsoft Edge. | 1709 | |Reading List | Functionality to be integrated into Microsoft Edge. | 1709 | |Screen saver functionality in Themes | This functionality is disabled in Themes, and classified as **Removed** in this table. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 | -|Syskey.exe | Removing this nonsecure security feature. We recommend that users use BitLocker instead. For more information, see [4025993 Syskey.exe utility is no longer supported in Windows 10 RS3 and Windows Server 2016 RS3](https://support.microsoft.com/help/4025993/syskey-exe-utility-is-no-longer-supported-in-windows-10-rs3-and-window). | 1709 | +|Syskey.exe | Removing this nonsecure security feature. We recommend that users use BitLocker instead. For more information, see [4025993 Syskey.exe utility is no longer supported in Windows 10 RS3 and Windows Server 2016 RS3](/troubleshoot/windows-server/identity/syskey-exe-utility-is-no-longer-supported). | 1709 | |TCP Offload Engine | Removing this legacy code. This functionality was previously transitioned to the Stack TCP Engine. For more information, see [Why Are We Deprecating Network Performance Features?](https://blogs.technet.microsoft.com/askpfeplat/2017/06/13/why-are-we-deprecating-network-performance-features-kb4014193)| 1709 | |Tile Data Layer |To be replaced by the Tile Store.| 1709 | |Resilient File System (ReFS) (added: August 17, 2017)| Creation ability will be available in the following editions only: Windows 10 Enterprise and Windows 10 Pro for Workstations. Creation ability will be removed from all other editions. All other editions will have Read and Write ability. | 1709 | diff --git a/windows/deployment/update/quality-updates.md b/windows/deployment/update/quality-updates.md index 2f90ee99e0..2bd74d5b87 100644 --- a/windows/deployment/update/quality-updates.md +++ b/windows/deployment/update/quality-updates.md @@ -61,7 +61,7 @@ Some key considerations about OOB releases include: ## More information -For additional details about the different types of Windows updates like critical, security, drivers, service packs, and more, please see the [Description of the standard terminology used to describe Microsoft software updates](https://support.microsoft.com/help/824684) and [Introducing a new deployment service for driver and firmware updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-a-new-deployment-service-for-driver-and-firmware/ba-p/2176942). +For additional details about the different types of Windows updates like critical, security, drivers, service packs, and more, please see the [Description of the standard terminology used to describe Microsoft software updates](/troubleshoot/windows-client/deployment/standard-terminology-software-updates) and [Introducing a new deployment service for driver and firmware updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-a-new-deployment-service-for-driver-and-firmware/ba-p/2176942). ## Related topics diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index f454a8215c..9ebb4c84ec 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -118,7 +118,7 @@ Delivery Optimization also communicates with its cloud service by using HTTP/HTT #### What are the requirements if I use a proxy? -For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](./delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update). +For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](./delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](/windows/deployment/update/windows-update-troubleshooting). #### What hostnames should I allow through my firewall to support Delivery Optimization? diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index a7c678949a..fb16b23675 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -113,7 +113,7 @@ Specialized systems—such as devices that control medical equipment, point-of-s Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSC. Instead, it typically offers new LTSC releases every 2–3 years, and organizations can choose to install them as in-place upgrades or even skip releases over a 10-year life cycle. > [!NOTE] -> LTSC releases will support the currently released processors and chipsets at the time of release of the LTSC. As future CPU generations are released, support will be created through future LTSC releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](https://support.microsoft.com/help/18581/lifecycle-support-policy-faq-windows-products). +> LTSC releases will support the currently released processors and chipsets at the time of release of the LTSC. As future CPU generations are released, support will be created through future LTSC releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](/lifecycle/faq/windows). The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSC editions. This edition of Windows doesn’t include a number of applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps are not supported in the Enterprise LTSC editions, even if you install by using sideloading. diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md index 3fda1c0024..3f7a279aaa 100644 --- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md @@ -28,7 +28,7 @@ Here’s an example of what this process might look like: - **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before they’re available to the General Availability Channel. Typically, this population would be a few test devices that IT staff members use to evaluate pre-release builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program for Business. - **Identify excluded devices.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the General Availability Channel can offer. For those devices, install the Enterprise LTSC edition to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly. - **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that you’re looking for feedback rather than people to just “try it out” and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible. -- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download an .admx package and copy it to their [Central Store](https://support.microsoft.com/help/929841/how-to-create-the-central-store-for-group-policy-administrative-templa) (or to the [PolicyDefinitions](/previous-versions/dotnet/articles/bb530196(v=msdn.10)) directory in the SYSVOL folder of a domain controller if not using a Central Store). You can manage new group policies from the latest release of Windows by using Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) +- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download an .admx package and copy it to their [Central Store](/troubleshoot/windows-server/group-policy/create-central-store-domain-controller) (or to the [PolicyDefinitions](/previous-versions/dotnet/articles/bb530196(v=msdn.10)) directory in the SYSVOL folder of a domain controller if not using a Central Store). You can manage new group policies from the latest release of Windows by using Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) - **Choose a servicing tool.** Decide which product you’ll use to manage the Windows updates in your environment. If you’re currently using Windows Server Update Services (WSUS) or Microsoft Endpoint Manager to manage your Windows updates, you can continue using those products to manage Windows 10 or Windows 11 updates. Alternatively, you can use Windows Update for Business. In addition to which product you’ll use, consider how you’ll deliver the updates. Multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools). - **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those apps that are the most business critical. Because the expectation is that application compatibility with new versions of Windows will be high, only the most business-critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](/mem/configmgr/desktop-analytics/overview). diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md index a84632b0f8..8590d0c0cc 100644 --- a/windows/deployment/update/waas-wufb-group-policy.md +++ b/windows/deployment/update/waas-wufb-group-policy.md @@ -33,7 +33,7 @@ To manage updates with Windows Update for Business as described in this article, - Create Active Directory security groups that align with the deployment rings you use to phase deployment of updates. - Allow access to the Windows Update service. -- Download and install ADMX templates appropriate to your Windows 10 version. For more information, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759) and [Step-By-Step: Managing Windows 10 with Administrative templates](/archive/blogs/canitpro/step-by-step-managing-windows-10-with-administrative-templates). +- Download and install ADMX templates appropriate to your Windows 10 version. For more information, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) and [Step-By-Step: Managing Windows 10 with Administrative templates](/archive/blogs/canitpro/step-by-step-managing-windows-10-with-administrative-templates). ## Set up Windows Update for Business @@ -44,10 +44,15 @@ Follow these steps on a device running the Remote Server Administration Tools or ### Set up a ring 1. Start Group Policy Management Console (gpmc.msc). -2. Expand **Forest > Domains > *\**. + +2. Expand **Forest > Domains > *\*. + 3. Right-click *\* and select **Create a GPO in this domain and link it here**. -4. In the **New GPO** dialog box, enter *Windows Update for Business - Group 1* as the name of the new Group Policy Object. + +4. In the **New GPO** dialog box, enter **Windows Update for Business - Group 1** as the name of the new Group Policy Object. + 5. Right-click the **"Windows Update for Business - Group 1"** object, and then select **Edit**. + 6. In the Group Policy Management Editor, go to **Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update**. You are now ready to start assigning policies to this ring (group) of devices. @@ -70,8 +75,11 @@ Drivers are automatically enabled because they are beneficial to device systems. #### I want to receive pre-release versions of the next feature update 1. Ensure that you are enrolled in the Windows Insider Program for Business. This is a completely free program available to commercial customers to aid them in their validation of feature updates before they are released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates. + 2. Use Group Policy Management Console to go to: **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Manage preview builds** and set the policy to **Enable preview builds** for any of test devices you want to install pre-release builds. + 3. Use Group Policy Management Console to go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and feature updates are received**. In the **Options** pane, use the pulldown menu to select one of the preview builds. We recomment **Windows Insider Program Slow** for commercial customers using pre-release builds for validation. + 4. Select **OK**. #### I want to manage which released feature update my devices receive @@ -85,19 +93,19 @@ A Windows Update for Business administrator can defer or pause updates. You can In this example, there are three rings for quality updates. The first ring ("pilot") has a deferral period of 0 days. The second ring ("fast") has a deferral of five days. The third ring ("slow") has a deferral of ten days. -![illustration of devices divided into three rings.](images/waas-wufb-3-rings.png) +:::image type="content" alt-text="illustration of devices divided into three rings." source="images/waas-wufb-3-rings.png" lightbox="images/waas-wufb-3-rings.png"::: When the quality update is released, it is offered to devices in the pilot ring the next time they scan for updates. ##### Five days later The devices in the fast ring are offered the quality update the next time they scan for updates. -![illustration of devices with fast ring deployed.](images/waas-wufb-fast-ring.png) +:::image type="content" alt-text="illustration of devices with fast ring deployed." source="images/waas-wufb-fast-ring.png" lightbox="images/waas-wufb-fast-ring.png"::: ##### Ten days later Ten days after the quality update is released, it is offered to the devices in the slow ring the next time they scan for updates. -![illustration of devices with slow ring deployed.](images/waas-wufb-slow-ring.png) +:::image type="content" alt-text="illustration of devices with slow ring deployed." source="images/waas-wufb-slow-ring.png" lightbox="images/waas-wufb-slow-ring.png"::: If no problems occur, all of the devices that scan for updates will be offered the quality update within ten days of its release, in three waves. @@ -105,11 +113,11 @@ If no problems occur, all of the devices that scan for updates will be offered t In this example, some problem is discovered during the deployment of the update to the "pilot" ring. -![illustration of devices divided with pilot ring experiencing a problem.](images/waas-wufb-pilot-problem.png) +:::image type="content" alt-text="illustration of devices divided with pilot ring experiencing a problem." source="images/waas-wufb-pilot-problem.png" lightbox="images/waas-wufb-pilot-problem.png"::: At this point, the IT administrator can set a policy to pause the update. In this example, the admin selects the **Pause quality updates** check box. -![illustration of rings with pause quality update check box selected.](images/waas-wufb-pause.png) +:::image type="content" alt-text="illustration of rings with pause quality update check box selected." source="images/waas-wufb-pause.png" lightbox="images/waas-wufb-pause.png"::: Now all devices are paused from updating for 35 days. When the pause is removed, they will be offered the *next* quality update, which ideally will not have the same issue. If there is still an issue, the IT admin can pause updates again. diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md index 2ae8ed4834..fdb75805e5 100644 --- a/windows/deployment/update/windows-update-errors.md +++ b/windows/deployment/update/windows-update-errors.md @@ -99,7 +99,7 @@ The following table provides information about common errors you might run into | Message | Description | Mitigation | |---------|-------------|------------| -| WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the Wuident.cab file. | You might encounter this error when WSUS is not sending the self-update to the clients.

Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue. | +| WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the Wuident.cab file. | You might encounter this error when WSUS is not sending the self-update to the clients.

Review [KB920659](/troubleshoot/windows-server/deployment/wsus-selfupdate-not-send-automatic-updates) for instructions to resolve the issue. | ## 0x80244007 diff --git a/windows/deployment/update/windows-update-resources.md b/windows/deployment/update/windows-update-resources.md index 37a8ea37ae..fedd94b39a 100644 --- a/windows/deployment/update/windows-update-resources.md +++ b/windows/deployment/update/windows-update-resources.md @@ -30,13 +30,13 @@ The following resources provide additional information about using Windows Updat ## WSUS Troubleshooting -[Troubleshooting issues with WSUS client agents](https://support.microsoft.com/help/10132/) +[Troubleshooting issues with WSUS client agents](/troubleshoot/mem/configmgr/troubleshoot-issues-with-wsus-client-agents) -[How to troubleshoot WSUS](https://support.microsoft.com/help/4025764/) +[How to troubleshoot WSUS](/troubleshoot/mem/configmgr/troubleshoot-wsus-connection-failures) -[Error 80244007 when WSUS client scans for updates](https://support.microsoft.com/help/4096317/) +[Error 80244007 when WSUS client scans for updates](/troubleshoot/mem/configmgr/error-80244007-when-wsus-client-scans-updates) -[Updates may not be installed with Fast Startup in Windows 10](https://support.microsoft.com/help/4011287/) +[Updates may not be installed with Fast Startup in Windows 10](/troubleshoot/windows-client/deployment/updates-not-install-with-fast-startup) ## How do I reset Windows Update components? diff --git a/windows/deployment/update/windows-update-troubleshooting.md b/windows/deployment/update/windows-update-troubleshooting.md index 6b5410c4f1..50b478c5c9 100644 --- a/windows/deployment/update/windows-update-troubleshooting.md +++ b/windows/deployment/update/windows-update-troubleshooting.md @@ -154,7 +154,7 @@ Go to Services.msc and ensure that Windows Firewall Service is enabled. Stopping ## Issues arising from configuration of conflicting policies Windows Update provides a wide range configuration policy to control the behavior of the Windows Update service in a managed environment. While these policies let you configure the settings at a granular level, misconfiguration or setting conflicting policies may lead to unexpected behaviors. -For more information, see [How to configure automatic updates by using Group Policy or registry settings](https://support.microsoft.com/help/328010/how-to-configure-automatic-updates-by-using-group-policy-or-registry-s) for more information. +For more information, see [How to configure automatic updates by using Group Policy or registry settings](/windows/deployment/update/waas-wu-settings) for more information. ## Device cannot access update files diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md index 3d678e1787..cedd5aed0e 100644 --- a/windows/deployment/upgrade/log-files.md +++ b/windows/deployment/upgrade/log-files.md @@ -253,4 +253,4 @@ This analysis indicates that the Windows upgrade error can be resolved by deleti
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) -
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) \ No newline at end of file +
[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors) \ No newline at end of file diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index d9c4e34fd7..b82bc221dc 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -34,20 +34,25 @@ The Microsoft Virtual Agent provided by [Microsoft Support](https://support.micr ## List of fixes -

    -
  1. Remove nonessential external hardware, such as docks and USB devices. More information.
    2. -
  2. Check the system drive for errors and attempt repairs. More information.
    3. -
  3. Run the Windows Update troubleshooter. More information.
    4. -
  4. Attempt to restore and repair system files. More information.
    5. -
  5. Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. More information.
    6. -
  6. Temporarily uninstall non-Microsoft antivirus software. - More information.
    7. +1. Remove nonessential external hardware, such as docks and USB devices. [More information](#remove-external-hardware). -
  7. Uninstall all nonessential software. More information.
    8. -
  8. Update firmware and drivers. More information
    9. -
  9. Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. More information.
    10. -
  10. Verify at least 16 GB of free space is available to upgrade a 32-bit OS, or 20 GB for a 64-bit OS. More information.
    11. -
+2. Check the system drive for errors and attempt repairs. [More information](#repair-the-system-drive). + +3. Run the Windows Update troubleshooter. [More information](#windows-update-troubleshooter). + +4. Attempt to restore and repair system files. [More information](#repair-system-files). + +5. Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. [More information](#update-windows). + +6. Temporarily uninstall non-Microsoft antivirus software. [More information](#uninstall-non-microsoft-antivirus-software). + +7. Uninstall all nonessential software. [More information](#uninstall-non-essential-software). + +8. Update firmware and drivers. [More information](#update-firmware-and-drivers). + +9. Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. [More information](#ensure-that-download-and-install-updates-is-selected). + +10. Verify at least 16 GB of free space is available to upgrade a 32-bit OS, or 20 GB for a 64-bit OS. [More information](#verify-disk-space). ## Step by step instructions @@ -81,14 +86,20 @@ The system drive is the drive that contains the [system partition](/windows-hard To check and repair errors on the system drive: 1. Click **Start**. -2. Type **command**. -3. Right-click **Command Prompt** and then left-click **Run as administrator**. -4. If you are prompted by UAC, click **Yes**. -5. Type **chkdsk /F** and press ENTER. -6. When you are prompted to schedule a check the next time the system restarts, type **Y**. -7. See the following example - ``` +2. Type **command**. + +3. Right-click **Command Prompt** and then left-click **Run as administrator**. + +4. If you are prompted by UAC, click **Yes**. + +5. Type **chkdsk /F** and press ENTER. + +6. When you are prompted to schedule a check the next time the system restarts, type **Y**. + +7. See the following example. + + ```console C:\WINDOWS\system32>chkdsk /F The type of the file system is NTFS. Cannot lock current drive. @@ -123,12 +134,16 @@ This fix is also described in detail at [answers.microsoft.com](https://answers. To check and repair system files: 1. Click **Start**. + 2. Type **command**. + 3. Right-click **Command Prompt** and then left-click **Run as administrator**. + 4. If you are prompted by UAC, click **Yes**. + 5. Type **sfc /scannow** and press ENTER. See the following example: - ``` + ```console C:\>sfc /scannow Beginning system scan. This process will take some time. @@ -140,7 +155,7 @@ To check and repair system files: ``` 6. If you are running Windows 8.1 or later, type **DISM.exe /Online /Cleanup-image /Restorehealth** and press ENTER (the DISM command options are not available for Windows 7). See the following example: - ``` + ```console C:\>DISM.exe /Online /Cleanup-image /Restorehealth Deployment Image Servicing and Management tool @@ -215,7 +230,7 @@ In the previous example, there is 703 GB of available free space on the system d To free up additional space on the system drive, begin by running Disk Cleanup. You can access Disk Cleanup by right-clicking the hard drive icon and then clicking Properties. See the following example: -![Disk cleanup.](../images/cleanup.png) +:::image type="content" alt-text="Disk cleanup." source="../images/cleanup.png"::: For instructions to run Disk Cleanup and other suggestions to free up hard drive space, see [Tips to free up drive space on your PC](https://support.microsoft.com/help/17421/windows-free-up-drive-space). @@ -240,4 +255,4 @@ If you downloaded the SetupDiag.exe program to your computer, then copied it to
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) -
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) \ No newline at end of file +
[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors) \ No newline at end of file diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md index 227541cee7..608df22ec5 100644 --- a/windows/deployment/upgrade/resolution-procedures.md +++ b/windows/deployment/upgrade/resolution-procedures.md @@ -45,7 +45,7 @@ See the following general troubleshooting procedures associated with a result co | :--- | :--- | :--- | | 0xC1900101 - 0x20004 | Uninstall antivirus applications.
Remove all unused SATA devices.
Remove all unused devices and drivers.
Update drivers and BIOS. | Windows Setup encountered an error during the SAFE_OS with the INSTALL_RECOVERY_ENVIRONMENT operation.
This is generally caused by out-of-date drivers. | | 0xC1900101 - 0x2000c | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
Contact your hardware vendor to obtain updated device drivers.
Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. | Windows Setup encountered an unspecified error during Wim apply in the WinPE phase.
This is generally caused by out-of-date drivers | -| 0xC1900101 - 0x20017 | Ensure that all that drivers are updated.
Open the Setuperr.log and Setupact.log files in the %windir%\Panther directory, and then locate the problem drivers.
For more information, see [Windows Vista, Windows 7, Windows Server 2008 R2, Windows 8.1, and Windows 10 setup log file locations](https://support.microsoft.com/en-us/help/927521/windows-vista-windows-7-windows-server-2008-r2-windows-8-1-and-windows).
Update or uninstall the problem drivers. | A driver has caused an illegal operation.
Windows was not able to migrate the driver, resulting in a rollback of the operating system.
This is a SafeOS boot failure, typically caused by drivers or non-Microsoft disk encryption software. | +| 0xC1900101 - 0x20017 | Ensure that all that drivers are updated.
Open the Setuperr.log and Setupact.log files in the %windir%\Panther directory, and then locate the problem drivers.
For more information, see [Windows Vista, Windows 7, Windows Server 2008 R2, Windows 8.1, and Windows 10 setup log file locations](/troubleshoot/windows-client/deployment/windows-setup-log-file-locations).
Update or uninstall the problem drivers. | A driver has caused an illegal operation.
Windows was not able to migrate the driver, resulting in a rollback of the operating system.
This is a SafeOS boot failure, typically caused by drivers or non-Microsoft disk encryption software. | | 0xC1900101 - 0x30018 | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
Contact your hardware vendor to obtain updated device drivers.
Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. | A device driver has stopped responding to setup.exe during the upgrade process. | | 0xC1900101 - 0x3000D | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
Update or uninstall the display driver. | Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.
This can occur due to a problem with a display driver. | | 0xC1900101 - 0x4000D | Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.
Review the rollback log and determine the stop code.
The rollback log is located in the $Windows.~BT\Sources\Rollback folder. An example analysis is shown below. This example is not representative of all cases:
 
Info SP Crash 0x0000007E detected
Info SP Module name :
Info SP Bugcheck parameter 1 : 0xFFFFFFFFC0000005
Info SP Bugcheck parameter 2 : 0xFFFFF8015BC0036A
Info SP Bugcheck parameter 3 : 0xFFFFD000E5D23728
Info SP Bugcheck parameter 4 : 0xFFFFD000E5D22F40
Info SP Cannot recover the system.
Info SP Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.
 
Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:
 
1. Make sure you have enough disk space.
2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.
3. Try changing video adapters.
4. Check with your hardware vendor for any BIOS updates.
5. Disable BIOS memory options such as caching or shadowing. | A rollback occurred due to a driver configuration issue.
Installation failed during the second boot phase while attempting the MIGRATE_DATA operation.
This can occur because of incompatible drivers. | @@ -188,6 +188,6 @@ Also see the following sequential list of modern setup (mosetup) error codes wit - [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) - [Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications) - [Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/home?category=Windows10ITPro) -- [Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) +- [Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors) - [Win 7 to Win 10 upgrade error (0x800707E7 - 0x3000D)](https://answers.microsoft.com/en-us/windows/forum/all/win-7-to-win-10-upgrade-error-0x800707e7-0x3000d/1273bc1e-8a04-44d4-a6b2-808c9feeb020)) - [Win 10 upgrade error: User profile suffix mismatch, 0x800707E7 - 0x3000D](https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/win-10-upgrade-error-user-profile-suffix-mismatch/0f006733-2af5-4b42-a2d4-863fad05273d?page=3) diff --git a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md index 7056b16082..e1749e6b58 100644 --- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md +++ b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md @@ -61,5 +61,5 @@ See the following topics in this article:
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) -
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) +
[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors)
\ No newline at end of file diff --git a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md index 09c6a58127..f81c8e5e88 100644 --- a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md +++ b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md @@ -85,7 +85,7 @@ When performing an operating system upgrade, Windows Setup uses phases described **Figure 1**: Phases of a successful Windows 10 upgrade (uninstall is not shown): -![Upgrade process.](../images/upgrade-process.png) +:::image type="content" alt-text="Upgrade process." source="../images/upgrade-process.png" lightbox="../images/upgrade-process.png"::: DU = Driver/device updates.
OOBE = Out of box experience.
@@ -97,4 +97,4 @@ WIM = Windows image (Microsoft)
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-/ifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) -
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) \ No newline at end of file +
[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors) \ No newline at end of file diff --git a/windows/deployment/upgrade/upgrade-error-codes.md b/windows/deployment/upgrade/upgrade-error-codes.md index 2b08e9adc9..95f6cd4f49 100644 --- a/windows/deployment/upgrade/upgrade-error-codes.md +++ b/windows/deployment/upgrade/upgrade-error-codes.md @@ -22,6 +22,7 @@ ms.collection: highpri >[!NOTE] >This is a 400 level topic (advanced). +> >See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article. If the upgrade process is not successful, Windows Setup will return two codes: @@ -147,4 +148,4 @@ For example: An extend code of **0x4000D**, represents a problem during phase 4 [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications) [Microsoft Windows Q & A](/answers/products/windows) -[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) +[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors) diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md index 88c583d5f3..19f8ab5ad8 100644 --- a/windows/deployment/upgrade/windows-10-upgrade-paths.md +++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md @@ -26,7 +26,7 @@ This topic provides a summary of available upgrade paths to Windows 10. You can If you are also migrating to a different edition of Windows, see [Windows 10 edition upgrade](windows-10-edition-upgrades.md). Methods and supported paths are described on this page to change the edition of Windows. These methods require that you input a license or product key for the new Windows edition prior to starting the upgrade process. Edition downgrade is also supported for some paths, but please note that applications and settings are not maintained when the Windows edition is downgraded. -- **Windows 10 version upgrade**: You can directly upgrade any General Availability Channel version of Windows 10 to a newer, supported General Availability Channel version of Windows 10, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) for availability and service information. +- **Windows 10 version upgrade**: You can directly upgrade any General Availability Channel version of Windows 10 to a newer, supported General Availability Channel version of Windows 10, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](/lifecycle/faq/windows) for availability and service information. - **In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 General Availability Channel](/windows/release-health/release-information)** to Windows 10 LTSC is not supported. Windows 10 LTSC 2015 did not block this in-place upgrade path. This issue was corrected in the Windows 10 LTSC 2016 release, which only allows data-only and clean install options. diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md index 50aad1782d..74fb942b19 100644 --- a/windows/deployment/upgrade/windows-error-reporting.md +++ b/windows/deployment/upgrade/windows-error-reporting.md @@ -32,7 +32,7 @@ To use Windows PowerShell, type the following commands from an elevated Windows > [!IMPORTANT] > The following source will be available only if you have updated from a previous version of Windows 10 to a new version. If you installed the current version and have not updated, the source named **WinSetupDiag02** will be unavailable. -```Powershell +```powershell $events = Get-WinEvent -FilterHashtable @{LogName="Application";ID="1001";Data="WinSetupDiag02"} $event = [xml]$events[0].ToXml() $event.Event.EventData.Data @@ -43,7 +43,8 @@ To use Event Viewer: 2. Click **Find**, and then search for **winsetupdiag02**. 3. Double-click the event that is highlighted. -Note: For legacy operating systems, the Event Name was WinSetupDiag01. +> [!NOTE] +> For legacy operating systems, the Event Name was WinSetupDiag01. Ten parameters are listed in the event: @@ -63,7 +64,7 @@ Ten parameters are listed in the event: The event will also contain links to log files that can be used to perform a detailed diagnosis of the error. An example of this event from a successful upgrade is shown below. -![Windows Error Reporting.](../images/event.png) +:::image type="content" alt-text="Windows Error Reporting." source="../images/event.png" lightbox="../images/event.png"::: ## Related topics @@ -71,4 +72,4 @@ The event will also contain links to log files that can be used to perform a det [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) [Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications) [Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) -[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) \ No newline at end of file +[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors) \ No newline at end of file diff --git a/windows/deployment/volume-activation/configure-client-computers-vamt.md b/windows/deployment/volume-activation/configure-client-computers-vamt.md index 5cbd41f410..ec417c9558 100644 --- a/windows/deployment/volume-activation/configure-client-computers-vamt.md +++ b/windows/deployment/volume-activation/configure-client-computers-vamt.md @@ -24,7 +24,7 @@ To enable the Volume Activation Management Tool (VAMT) to function correctly, ce Organizations where the VAMT will be widely used may benefit from making these changes inside the master image for Windows. -> [IMPORTANT] +> [!IMPORTANT] > This procedure only applies to clients running Windows Vista or later. For clients running Windows XP Service Pack 1, see [Connecting Through Windows Firewall](/windows/win32/wmisdk/connecting-to-wmi-remotely-with-vbscript). ## Configuring the Windows Firewall to allow VAMT access @@ -38,8 +38,8 @@ Enable the VAMT to access client computers using the **Windows Firewall** Contro 5. Select the **Windows Management Instrumentation (WMI)** checkbox. 6. Click **OK**. - **Warning**   - By default, Windows Firewall Exceptions only apply to traffic originating on the local subnet. To expand the exception to apply to multiple subnets, you need to change the exception settings in the Windows Firewall with Advanced Security, as described below. +> [!WARNING] +> By default, Windows Firewall Exceptions only apply to traffic originating on the local subnet. To expand the exception to apply to multiple subnets, you need to change the exception settings in the Windows Firewall with Advanced Security, as described below. ## Configure Windows Firewall to allow VAMT access across multiple subnets @@ -65,12 +65,12 @@ Enable the VAMT to access client computers across multiple subnets using the **W In certain scenarios, only a limited set of TCP/IP ports are allowed through a hardware firewall. Administrators must ensure that WMI (which relies on RPC over TCP/IP) is allowed through these types of firewalls. By default, the WMI port is a dynamically allocated random port above 1024. The following Microsoft knowledge article discusses how administrators can limit the range of dynamically-allocated ports. This is useful if, for example, the hardware firewall only allows traffic in a certain range of ports. - For more info, see [How to configure RPC dynamic port allocation to work with firewalls](https://support.microsoft.com/help/929851). + For more info, see [How to configure RPC dynamic port allocation to work with firewalls](/troubleshoot/windows-server/networking/default-dynamic-port-range-tcpip-chang). ## Create a registry value for the VAMT to access workgroup-joined computer -> [WARNING]   -> This section contains information about how to modify the registry. Make sure to back up the registry before you modify it; in addition, ensure that you know how to restore the registry, if a problem occurs. For more information about how to back up, restore, and modify the registry, see [Windows registry information for advanced users](https://support.microsoft.com/help/256986). +> [!WARNING] +> This section contains information about how to modify the registry. Make sure to back up the registry before you modify it; in addition, ensure that you know how to restore the registry, if a problem occurs. For more information about how to back up, restore, and modify the registry, see [Windows registry information for advanced users](/troubleshoot/windows-server/performance/windows-registry-advanced-users). On the client computer, create the following registry key using regedit.exe. @@ -81,7 +81,7 @@ On the client computer, create the following registry key using regedit.exe. - **Type: DWORD** - **Value Data: 1** - > [NOTE] + > [!NOTE] > To discover VAMT-manageable Windows computers in workgroups, you must enable network discovery on each client. ## Deployment options diff --git a/windows/deployment/windows-10-media.md b/windows/deployment/windows-10-media.md index 3595e295f0..d3de108475 100644 --- a/windows/deployment/windows-10-media.md +++ b/windows/deployment/windows-10-media.md @@ -53,7 +53,7 @@ Features on demand is a method for adding features to your Windows 10 image that
[Volume Activation for Windows 10](./volume-activation/volume-activation-windows-10.md)
[Plan for volume activation](./volume-activation/plan-for-volume-activation-client.md)
[VLSC downloads FAQ](https://www.microsoft.com/Licensing/servicecenter/Help/FAQDetails.aspx?id=150) -
[Download and burn an ISO file on the volume licensing site (VLSC)](https://support.microsoft.com/help/2472143/download-and-burn-an-iso-file-on-the-volume-licensing-site-vlsc) +
[Download and burn an ISO file on the volume licensing site (VLSC)](/troubleshoot/windows-client/deployment/iso-file-on-vlsc)   diff --git a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md index fa3ce2c285..c867fe681a 100644 --- a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md +++ b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md @@ -27,7 +27,7 @@ ms.technology: privacy > [!IMPORTANT] > The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](/windows/deployment/update/update-compliance-get-started) will continue to be supported. -> For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/en-us/help/4521815/windows-analytics-retirement). +> For more information, see [Windows Analytics retirement on January 31, 2020](/lifecycle/announcements/windows-analytics-retirement). Desktop Analytics reports are powered by diagnostic data not included in the Basic level. diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index ee509f813a..5348207c2b 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -31,7 +31,7 @@ ms.technology: privacy This article describes the network connections that Windows 10 and Windows 11 components make to Microsoft and the Windows Settings, Group Policies and registry settings available to IT Professionals to help manage the data shared with Microsoft. If you want to minimize connections from Windows to Microsoft services, or configure privacy settings, there are a number of settings for consideration. For example, you can configure diagnostic data to the lowest level for your edition of Windows and evaluate other connections Windows makes to Microsoft services you want to turn off using the instructions in this article. While it is possible to minimize network connections to Microsoft, there are many reasons why these communications are enabled by default, such as updating malware definitions and maintaining current certificate revocation lists. This data helps us deliver a secure, reliable, and up-to-date experience. -Microsoft provides a [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887) package that will allow your organization to quickly configure the settings covered in this document to restrict connections from Windows 10 and Windows 11 to Microsoft. The Windows Restricted Traffic Limited Baseline is based on [Group Policy Administrative Template](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) functionality and the package you download contains further instructions on how to deploy to devices in your organization. Since some of the settings can reduce the functionality and security configuration of your device, **before deploying Windows Restricted Traffic Limited Functionality Baseline** make sure you **choose the right settings configuration for your environment** and **ensure that Windows and Microsoft Defender Antivirus are fully up to date**. Failure to do so may result in errors or unexpected behavior. You should not extract this package to the windows\system32 folder because it will not apply correctly. +Microsoft provides a [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887) package that will allow your organization to quickly configure the settings covered in this document to restrict connections from Windows 10 and Windows 11 to Microsoft. The Windows Restricted Traffic Limited Baseline is based on [Group Policy Administrative Template](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) functionality and the package you download contains further instructions on how to deploy to devices in your organization. Since some of the settings can reduce the functionality and security configuration of your device, **before deploying Windows Restricted Traffic Limited Functionality Baseline** make sure you **choose the right settings configuration for your environment** and **ensure that Windows and Microsoft Defender Antivirus are fully up to date**. Failure to do so may result in errors or unexpected behavior. You should not extract this package to the windows\system32 folder because it will not apply correctly. > [!IMPORTANT] > - The downloadable Windows 10, version 1903 scripts/settings can be used on Windows 10, version 1909 devices. @@ -423,7 +423,7 @@ To turn off Insider Preview builds for Windows 10 and Windows 11: ### 8. Internet Explorer > [!NOTE] -> When attempting to use Internet Explorer on any edition of Windows Server be aware there are restrictions enforced by [Enhanced Security Configuration (ESC)](https://support.microsoft.com/help/815141/ie-enhanced-security-configuration-changes-browsing-experience). The following Group Policies and Registry Keys are for user interactive scenarios rather than the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings: +> When attempting to use Internet Explorer on any edition of Windows Server be aware there are restrictions enforced by [Enhanced Security Configuration (ESC)](/troubleshoot/browsers/enhanced-security-configuration-faq). The following Group Policies and Registry Keys are for user interactive scenarios rather than the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings: | Policy | Description | |------------------------------------------------------|-----------------------------------------------------------------------------------------------------| diff --git a/windows/privacy/manage-windows-11-endpoints.md b/windows/privacy/manage-windows-11-endpoints.md index 93a3b38255..f17e78125e 100644 --- a/windows/privacy/manage-windows-11-endpoints.md +++ b/windows/privacy/manage-windows-11-endpoints.md @@ -156,5 +156,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see: ## Related links -- [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) +- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) \ No newline at end of file diff --git a/windows/privacy/manage-windows-1709-endpoints.md b/windows/privacy/manage-windows-1709-endpoints.md index 68e5185b57..f3bc7923bd 100644 --- a/windows/privacy/manage-windows-1709-endpoints.md +++ b/windows/privacy/manage-windows-1709-endpoints.md @@ -32,16 +32,16 @@ Some Windows components, app, and related services transfer data to Microsoft ne This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later. Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). -Where applicable, each endpoint covered in this topic includes a link to specific details about how to control traffic to it. +Where applicable, each endpoint covered in this article includes a link to specific details about how to control traffic to it. We used the following methodology to derive these network endpoints: 1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. -2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device). +2. Leave the devices running idle for a week (that is, a user isn't interacting with the system/device). 3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic. 4. Compile reports on traffic going to public IP addresses. -5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory. -6. All traffic was captured in our lab using a IPV4 network. Therefore no IPV6 traffic is reported here. +5. The test virtual machine was logged in using a local account and wasn't joined to a domain or Azure Active Directory. +6. All traffic was captured in our lab using a IPV4 network. As such no IPV6 traffic is reported here. > [!NOTE] > Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time. @@ -60,7 +60,7 @@ If you [turn off traffic to this endpoint](manage-connections-from-windows-opera The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -69,7 +69,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a The following endpoints are used for Twitter updates. To turn off traffic for these endpoints, either uninstall Twitter or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -79,7 +79,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a The following endpoint is used for Facebook updates. To turn off traffic for this endpoint, either uninstall Facebook or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -88,7 +88,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office. To turn off traffic for this endpoint, either uninstall the Photos app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -97,7 +97,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a The following endpoint is used for Candy Crush Saga updates. To turn off traffic for this endpoint, either uninstall Candy Crush Saga or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -106,14 +106,14 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a The following endpoint is used for by the Microsoft Wallet app. To turn off traffic for this endpoint, either uninstall the Wallet app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| | system32\AppHostRegistrationVerifier.exe | HTTPS | wallet.microsoft.com | The following endpoint is used by the Groove Music app for update HTTP handler status. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-apps-for-websites), apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and won't be able to directly launch the app. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-apps-for-websites), apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and can't directly launch the app. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -122,28 +122,28 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper ## Cortana and Search The following endpoint is used to get images that are used for Microsoft Store suggestions. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block images that are used for Microsoft Store suggestions. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you'll block images that are used for Microsoft Store suggestions. | Source process | Protocol | Destination | |----------------|----------|------------| | searchui | HTTPS |store-images.s-microsoft.com | The following endpoint is used to update Cortana greetings, tips, and Live Tiles. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block updates to Cortana greetings, tips, and Live Tiles. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you'll block updates to Cortana greetings, tips, and Live Tiles. | Source process | Protocol | Destination | |----------------|----------|------------| | backgroundtaskhost | HTTPS | www.bing.com/client | The following endpoint is used to configure parameters, such as how often the Live Tile is updated. It's also used to activate experiments. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), parameters would not be updated and the device would no longer participate in experiments. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), parameters wouldn't be updated and the device would no longer participate in experiments. | Source process | Protocol | Destination | |----------------|----------|------------| | backgroundtaskhost | HTTPS | www.bing.com/proactive | The following endpoint is used by Cortana to report diagnostic and diagnostic data information. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and won't be able to fix them. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and can't fix them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -151,11 +151,11 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper ## Certificates -The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. +The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It's possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that isn't recommended because when root certificates are updated over time, applications and websites may stop working because they didn't receive an updated root certificate the application uses. -Additionally, it is used to download certificates that are publicly known to be fraudulent. +Additionally, it's used to download certificates that are publicly known to be fraudulent. These settings are critical for both Windows security and the overall security of the Internet. -We do not recommend blocking this endpoint. +We don't recommend blocking this endpoint. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device. | Source process | Protocol | Destination | @@ -294,7 +294,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper ## Office -The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). +The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges). You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. @@ -305,7 +305,7 @@ If you turn off traffic for these endpoints, users won't be able to save documen | | | *.e-msedge.net | | | | *.s-msedge.net | -The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). +The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges). You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. @@ -328,7 +328,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper |----------------|----------|------------| | onedrive | HTTP \ HTTPS | g.live.com/1rewlive5skydrive/ODSUProduction | -The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). +The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges). To turn off traffic for this endpoint, uninstall OneDrive for Business. In this case, your device will not able to get OneDrive for Business app updates. | Source process | Protocol | Destination | @@ -456,5 +456,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see: ## Related links -- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) +- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) \ No newline at end of file diff --git a/windows/privacy/manage-windows-1803-endpoints.md b/windows/privacy/manage-windows-1803-endpoints.md index 6dd29f8f5e..fdc72f92e7 100644 --- a/windows/privacy/manage-windows-1803-endpoints.md +++ b/windows/privacy/manage-windows-1803-endpoints.md @@ -32,16 +32,16 @@ Some Windows components, app, and related services transfer data to Microsoft ne This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later. Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). -Where applicable, each endpoint covered in this topic includes a link to specific details about how to control traffic to it. +Where applicable, each endpoint covered in this article includes a link to specific details about how to control traffic to it. We used the following methodology to derive these network endpoints: 1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. -2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device). +2. Leave the devices running idle for a week (that is, a user isn't interacting with the system/device). 3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic. 4. Compile reports on traffic going to public IP addresses. -5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory. -6. All traffic was captured in our lab using an IPV4 network. Therefore no IPV6 traffic is reported here. +5. The test virtual machine was logged in using a local account and wasn't joined to a domain or Azure Active Directory. +6. All traffic was captured in our lab using a IPV4 network. As such no IPV6 traffic is reported here. > [!NOTE] > Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time. @@ -61,7 +61,7 @@ If you [turn off traffic to this endpoint](manage-connections-from-windows-opera The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users will can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -70,7 +70,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a The following endpoints are used for Twitter updates. To turn off traffic for these endpoints, either uninstall Twitter or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users will can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -80,7 +80,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a The following endpoint is used for Facebook updates. To turn off traffic for this endpoint, either uninstall Facebook or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users will can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -89,7 +89,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office. To turn off traffic for this endpoint, either uninstall the Photos app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -98,7 +98,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a The following endpoint is used for Candy Crush Saga updates. To turn off traffic for this endpoint, either uninstall Candy Crush Saga or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -107,14 +107,14 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a The following endpoint is used for by the Microsoft Wallet app. To turn off traffic for this endpoint, either uninstall the Wallet app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Store apps cannot be installed or updated. -Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. +Additionally, the Microsoft Store can't revoke malicious Store apps and users can still open them. | Source process | Protocol | Destination | |----------------|----------|------------| | system32\AppHostRegistrationVerifier.exe | HTTPS | wallet.microsoft.com | The following endpoint is used by the Groove Music app for update HTTP handler status. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-apps-for-websites), apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and won't be able to directly launch the app. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-apps-for-websites), apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and can't directly launch the app. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -123,28 +123,28 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper ## Cortana and Search The following endpoint is used to get images that are used for Microsoft Store suggestions. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block images that are used for Microsoft Store suggestions. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you'll block images that are used for Microsoft Store suggestions. | Source process | Protocol | Destination | |----------------|----------|------------| | searchui | HTTPS |store-images.s-microsoft.com | The following endpoint is used to update Cortana greetings, tips, and Live Tiles. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block updates to Cortana greetings, tips, and Live Tiles. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you'll block updates to Cortana greetings, tips, and Live Tiles. | Source process | Protocol | Destination | |----------------|----------|------------| | backgroundtaskhost | HTTPS | www.bing.com/client | The following endpoint is used to configure parameters, such as how often the Live Tile is updated. It's also used to activate experiments. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), parameters would not be updated and the device would no longer participate in experiments. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), parameters wouldn't be updated and the device would no longer participate in experiments. | Source process | Protocol | Destination | |----------------|----------|------------| | backgroundtaskhost | HTTPS | www.bing.com/proactive | The following endpoint is used by Cortana to report diagnostic and diagnostic data information. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and won't be able to fix them. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and can't fix them. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -152,11 +152,11 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper ## Certificates -The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. +The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It's possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that isn't recommended because when root certificates are updated over time, applications and websites may stop working because they didn't receive an updated root certificate the application uses. -Additionally, it is used to download certificates that are publicly known to be fraudulent. +Additionally, it's used to download certificates that are publicly known to be fraudulent. These settings are critical for both Windows security and the overall security of the Internet. -We do not recommend blocking this endpoint. +We don't recommend blocking this endpoint. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device. | Source process | Protocol | Destination | @@ -166,7 +166,7 @@ If traffic to this endpoint is turned off, Windows no longer automatically downl ## Device authentication The following endpoint is used to authenticate a device. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), the device will not be authenticated. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), the device won't be authenticated. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -175,7 +175,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper ## Device metadata The following endpoint is used to retrieve device metadata. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-devinst), metadata will not be updated for the device. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-devinst), metadata won't be updated for the device. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -185,7 +185,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper ## Diagnostic Data The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, won't be sent back to Microsoft. | Source process | Protocol | Destination | |----------------|----------|------------| @@ -298,7 +298,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper ## Office -The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). +The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges). You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. @@ -310,7 +310,7 @@ If you turn off traffic for these endpoints, users won't be able to save documen | | | *.s-msedge.net | | | HTTPS | ocos-office365-s2s.msedge.net | -The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). +The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges). You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. @@ -333,7 +333,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper |----------------|----------|------------| | onedrive | HTTP \ HTTPS | g.live.com/1rewlive5skydrive/ODSUProduction | -The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). +The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges). To turn off traffic for this endpoint, uninstall OneDrive for Business. In this case, your device will not able to get OneDrive for Business app updates. | Source process | Protocol | Destination | @@ -461,5 +461,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see: ## Related links -- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) +- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) \ No newline at end of file diff --git a/windows/privacy/manage-windows-20H2-endpoints.md b/windows/privacy/manage-windows-20H2-endpoints.md index 9e953d592b..f891d0bf27 100644 --- a/windows/privacy/manage-windows-20H2-endpoints.md +++ b/windows/privacy/manage-windows-20H2-endpoints.md @@ -156,5 +156,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see: ## Related links -- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) +- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) \ No newline at end of file diff --git a/windows/privacy/manage-windows-21H1-endpoints.md b/windows/privacy/manage-windows-21H1-endpoints.md index b1f5e5b96d..51e80aa248 100644 --- a/windows/privacy/manage-windows-21H1-endpoints.md +++ b/windows/privacy/manage-windows-21H1-endpoints.md @@ -154,5 +154,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see: ## Related links -- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) +- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) \ No newline at end of file diff --git a/windows/privacy/manage-windows-21h2-endpoints.md b/windows/privacy/manage-windows-21h2-endpoints.md index 9ee456b4e0..6dc79e13de 100644 --- a/windows/privacy/manage-windows-21h2-endpoints.md +++ b/windows/privacy/manage-windows-21h2-endpoints.md @@ -154,5 +154,5 @@ To view endpoints for non-Enterprise Windows 10 editions, see: ## Related links -- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) +- [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) - [Network infrastructure requirements for Microsoft Intune](/mem/intune/fundamentals/intune-endpoints) \ No newline at end of file diff --git a/windows/security/threat-protection/auditing/event-4672.md b/windows/security/threat-protection/auditing/event-4672.md index af47315a26..863cb342a4 100644 --- a/windows/security/threat-protection/auditing/event-4672.md +++ b/windows/security/threat-protection/auditing/event-4672.md @@ -110,7 +110,7 @@ You typically will see many of these events in the event log, because every logo - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4673.md b/windows/security/threat-protection/auditing/event-4673.md index 6252059b6d..f815be18a8 100644 --- a/windows/security/threat-protection/auditing/event-4673.md +++ b/windows/security/threat-protection/auditing/event-4673.md @@ -90,7 +90,7 @@ Failure event generates when service call attempt fails. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4674.md b/windows/security/threat-protection/auditing/event-4674.md index 9f1b9914da..038e21fa18 100644 --- a/windows/security/threat-protection/auditing/event-4674.md +++ b/windows/security/threat-protection/auditing/event-4674.md @@ -93,7 +93,7 @@ Failure event generates when operation attempt fails. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md index fd44f24170..651edeee10 100644 --- a/windows/security/threat-protection/auditing/event-4688.md +++ b/windows/security/threat-protection/auditing/event-4688.md @@ -108,7 +108,7 @@ This event generates every time a new process starts. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY". + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY". - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: "Win81". @@ -132,7 +132,7 @@ This event generates every time a new process starts. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY". + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is "NT AUTHORITY". - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: "Win81". diff --git a/windows/security/threat-protection/auditing/event-4689.md b/windows/security/threat-protection/auditing/event-4689.md index 74412386d9..3d50a5e80d 100644 --- a/windows/security/threat-protection/auditing/event-4689.md +++ b/windows/security/threat-protection/auditing/event-4689.md @@ -85,7 +85,7 @@ This event generates every time a process has exited. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4690.md b/windows/security/threat-protection/auditing/event-4690.md index f588b637ce..84686b24aa 100644 --- a/windows/security/threat-protection/auditing/event-4690.md +++ b/windows/security/threat-protection/auditing/event-4690.md @@ -86,7 +86,7 @@ This event generates if an attempt was made to duplicate a handle to an object. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4691.md b/windows/security/threat-protection/auditing/event-4691.md index 45e0209fc6..c8ce062789 100644 --- a/windows/security/threat-protection/auditing/event-4691.md +++ b/windows/security/threat-protection/auditing/event-4691.md @@ -89,7 +89,7 @@ These events are generated for [ALPC Ports](/windows/win32/etw/alpc) access requ - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4692.md b/windows/security/threat-protection/auditing/event-4692.md index f68457c377..639cac22bf 100644 --- a/windows/security/threat-protection/auditing/event-4692.md +++ b/windows/security/threat-protection/auditing/event-4692.md @@ -96,7 +96,7 @@ Failure event generates when a Master Key backup operation fails for some reason - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4693.md b/windows/security/threat-protection/auditing/event-4693.md index 21e769eae0..e816c4c45b 100644 --- a/windows/security/threat-protection/auditing/event-4693.md +++ b/windows/security/threat-protection/auditing/event-4693.md @@ -93,7 +93,7 @@ Failure event generates when a Master Key restore operation fails for some reaso - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4696.md b/windows/security/threat-protection/auditing/event-4696.md index 37ca02dd04..dd8e59af94 100644 --- a/windows/security/threat-protection/auditing/event-4696.md +++ b/windows/security/threat-protection/auditing/event-4696.md @@ -92,7 +92,7 @@ This event generates every time a process runs using the non-current access toke - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. @@ -134,7 +134,7 @@ This event generates every time a process runs using the non-current access toke - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4697.md b/windows/security/threat-protection/auditing/event-4697.md index 16ace0c0a6..32489e2c4d 100644 --- a/windows/security/threat-protection/auditing/event-4697.md +++ b/windows/security/threat-protection/auditing/event-4697.md @@ -87,7 +87,7 @@ This event generates when new service was installed in the system. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4698.md b/windows/security/threat-protection/auditing/event-4698.md index fae37ea9f2..32adfda2d6 100644 --- a/windows/security/threat-protection/auditing/event-4698.md +++ b/windows/security/threat-protection/auditing/event-4698.md @@ -95,7 +95,7 @@ This event generates every time a new scheduled task is created. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4699.md b/windows/security/threat-protection/auditing/event-4699.md index dcea15f17d..4e94788e1f 100644 --- a/windows/security/threat-protection/auditing/event-4699.md +++ b/windows/security/threat-protection/auditing/event-4699.md @@ -95,7 +95,7 @@ This event generates every time a scheduled task was deleted. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4700.md b/windows/security/threat-protection/auditing/event-4700.md index 2a46c16d19..9fb16aefd8 100644 --- a/windows/security/threat-protection/auditing/event-4700.md +++ b/windows/security/threat-protection/auditing/event-4700.md @@ -95,7 +95,7 @@ This event generates every time a scheduled task is enabled. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4701.md b/windows/security/threat-protection/auditing/event-4701.md index e7bc488cc8..f6c37f2fde 100644 --- a/windows/security/threat-protection/auditing/event-4701.md +++ b/windows/security/threat-protection/auditing/event-4701.md @@ -95,7 +95,7 @@ This event generates every time a scheduled task is disabled. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4702.md b/windows/security/threat-protection/auditing/event-4702.md index 78fee18be6..e42e4e116b 100644 --- a/windows/security/threat-protection/auditing/event-4702.md +++ b/windows/security/threat-protection/auditing/event-4702.md @@ -95,7 +95,7 @@ This event generates every time scheduled task was updated/changed. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4703.md b/windows/security/threat-protection/auditing/event-4703.md index 938491bf3a..692ef083f0 100644 --- a/windows/security/threat-protection/auditing/event-4703.md +++ b/windows/security/threat-protection/auditing/event-4703.md @@ -94,7 +94,7 @@ Token privileges provide the ability to take certain system-level actions that y - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. @@ -116,7 +116,7 @@ Token privileges provide the ability to take certain system-level actions that y - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4704.md b/windows/security/threat-protection/auditing/event-4704.md index b76c240efe..824a755e4b 100644 --- a/windows/security/threat-protection/auditing/event-4704.md +++ b/windows/security/threat-protection/auditing/event-4704.md @@ -86,7 +86,7 @@ You will see unique event for every user. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4705.md b/windows/security/threat-protection/auditing/event-4705.md index b4ecb04b99..6738fed5c9 100644 --- a/windows/security/threat-protection/auditing/event-4705.md +++ b/windows/security/threat-protection/auditing/event-4705.md @@ -86,7 +86,7 @@ You will see unique event for every user. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4706.md b/windows/security/threat-protection/auditing/event-4706.md index 5d2f62ef77..cf21247125 100644 --- a/windows/security/threat-protection/auditing/event-4706.md +++ b/windows/security/threat-protection/auditing/event-4706.md @@ -90,7 +90,7 @@ This event is generated only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4707.md b/windows/security/threat-protection/auditing/event-4707.md index be0c79ea65..46cc4912f4 100644 --- a/windows/security/threat-protection/auditing/event-4707.md +++ b/windows/security/threat-protection/auditing/event-4707.md @@ -86,7 +86,7 @@ This event is generated only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4713.md b/windows/security/threat-protection/auditing/event-4713.md index d54358f133..040a4757be 100644 --- a/windows/security/threat-protection/auditing/event-4713.md +++ b/windows/security/threat-protection/auditing/event-4713.md @@ -85,7 +85,7 @@ This event is generated only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4715.md b/windows/security/threat-protection/auditing/event-4715.md index 6b6faa90fa..484f51c5ca 100644 --- a/windows/security/threat-protection/auditing/event-4715.md +++ b/windows/security/threat-protection/auditing/event-4715.md @@ -85,7 +85,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4716.md b/windows/security/threat-protection/auditing/event-4716.md index 7f058962db..212334d05a 100644 --- a/windows/security/threat-protection/auditing/event-4716.md +++ b/windows/security/threat-protection/auditing/event-4716.md @@ -90,7 +90,7 @@ This event is generated only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4717.md b/windows/security/threat-protection/auditing/event-4717.md index 33d3817929..22a4ae6f99 100644 --- a/windows/security/threat-protection/auditing/event-4717.md +++ b/windows/security/threat-protection/auditing/event-4717.md @@ -86,7 +86,7 @@ You will see unique event for every user if logon user rights were granted to mu - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4718.md b/windows/security/threat-protection/auditing/event-4718.md index a7e1307af2..a6b2d122b0 100644 --- a/windows/security/threat-protection/auditing/event-4718.md +++ b/windows/security/threat-protection/auditing/event-4718.md @@ -86,7 +86,7 @@ You will see unique event for every user if logon user rights were removed for m - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4719.md b/windows/security/threat-protection/auditing/event-4719.md index 1a2dabdc7e..b059b70570 100644 --- a/windows/security/threat-protection/auditing/event-4719.md +++ b/windows/security/threat-protection/auditing/event-4719.md @@ -88,7 +88,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4720.md b/windows/security/threat-protection/auditing/event-4720.md index 7e6fc9cb68..f825fb7830 100644 --- a/windows/security/threat-protection/auditing/event-4720.md +++ b/windows/security/threat-protection/auditing/event-4720.md @@ -105,7 +105,7 @@ This event generates on domain controllers, member servers, and workstations. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. @@ -157,7 +157,7 @@ Typically, **Primary Group** field for new user accounts has the following value - 513 (Domain Users. For local accounts this RID means Users) – for domain and local users. - See this article for more information. This parameter contains the value of **primaryGroupID** attribute of new user object. + See this article for more information. This parameter contains the value of **primaryGroupID** attribute of new user object. diff --git a/windows/security/threat-protection/auditing/event-4722.md b/windows/security/threat-protection/auditing/event-4722.md index c29e7669bc..6f79a8db9d 100644 --- a/windows/security/threat-protection/auditing/event-4722.md +++ b/windows/security/threat-protection/auditing/event-4722.md @@ -89,7 +89,7 @@ For computer accounts, this event generates only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4723.md b/windows/security/threat-protection/auditing/event-4723.md index 1246930e5a..9c7be0c550 100644 --- a/windows/security/threat-protection/auditing/event-4723.md +++ b/windows/security/threat-protection/auditing/event-4723.md @@ -96,7 +96,7 @@ Typically you will see 4723 events with the same **Subject\\Security ID** and ** - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”.