diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index de9dbd8e9d..551ce8b897 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -1247,6 +1247,11 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/microsoft-defender-atp/custom-ti-api.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", +"redirect_document_id": false +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules", "redirect_document_id": true @@ -1357,6 +1362,11 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/microsoft-defender-atp/experiment-custom-ti.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", +"redirect_document_id": false +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1692,6 +1702,11 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/microsoft-defender-atp/powershell-example-code.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", +"redirect_document_id": false +}, +{ "source_path": "windows/keep-secure/preferences-setup-windows-defender-advanced-threat-protection.md", "redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1762,6 +1777,11 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/microsoft-defender-atp/python-example-code.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", +"redirect_document_id": false +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac", "redirect_document_id": true @@ -1894,7 +1914,7 @@ { "source_path": "windows/keep-secure/troubleshoot-windows-defender-antivirus.md", "redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus", - "redirect_document_id": true +"redirect_document_id": true }, { "source_path": "windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md", @@ -1927,6 +1947,11 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-custom-ti.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", +"redirect_document_id": false +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1977,6 +2002,11 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/microsoft-defender-atp/use-custom-ti.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", +"redirect_document_id": false +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles", "redirect_document_id": true diff --git a/browsers/edge/docfx.json b/browsers/edge/docfx.json index 45cd5c2570..640106062b 100644 --- a/browsers/edge/docfx.json +++ b/browsers/edge/docfx.json @@ -41,7 +41,8 @@ "depot_name": "Win.microsoft-edge", "folder_relative_path_in_docset": "./" } - } + }, + "titleSuffix": "Edge" }, "externalReference": [], "template": "op.html", diff --git a/browsers/internet-explorer/docfx.json b/browsers/internet-explorer/docfx.json index 1cec2c9694..50208546bb 100644 --- a/browsers/internet-explorer/docfx.json +++ b/browsers/internet-explorer/docfx.json @@ -37,7 +37,8 @@ "depot_name": "Win.internet-explorer", "folder_relative_path_in_docset": "./" } - } + }, + "titleSuffix": "Internet Explorer" }, "externalReference": [], "template": "op.html", diff --git a/devices/hololens/hololens-calibration.md b/devices/hololens/hololens-calibration.md index 1296d0f4bd..a2696bfe68 100644 --- a/devices/hololens/hololens-calibration.md +++ b/devices/hololens/hololens-calibration.md @@ -32,6 +32,8 @@ HoloLens 2 prompts a user to calibrate the device under the following circumstan - The user is using the device for the first time - The user previously opted out of the calibration process - The calibration process did not succeed the last time the user used the device +- The user has deleted their calibration profiles +- The visor is raised and the lowered and any of the above circumstances apply (this may be disabled in **Settings > System > Calibration**.) ![Calibration prompt](./images/07-et-adjust-for-your-eyes.png) diff --git a/devices/hololens/hololens-find-and-save-files.md b/devices/hololens/hololens-find-and-save-files.md index 098b387e5b..19f153d785 100644 --- a/devices/hololens/hololens-find-and-save-files.md +++ b/devices/hololens/hololens-find-and-save-files.md @@ -42,6 +42,22 @@ To see your HoloLens files in File Explorer on your PC: >[!TIP] >To see info about your HoloLens, right-click the device name in File Explorer on your PC, then select **Properties**. +## View HoloLens files on Windows Device Portal + +>[!NOTE] +>To use Device Portal you must enable [Developer Mode](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal#setting-up-hololens-to-use-windows-device-portal). + +1. Enable Developer Mode and Device Portal on your HoloLens. (See note above if not enabled.) + +1. Navigate to the Device Portal page on your PC. + 1. To connect to a HoloLens connected to your PC type in 127.0.0.1:10080/ in your browser. + 1. To connect to a HoloLens wirelessly instead navigate to your IP address. + +>[!TIP] +>You may need to install a certificate, OR you may see more details and navigate to the website anyways. (Path per web broswer will differ.) + +1. Once succesfully connected, on the left side of the windw you can navigate to the [File Explorer](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal#file-explorer) workspace. + ## Sync to the cloud To sync photos and other files from your HoloLens to the cloud, install and set up OneDrive on HoloLens. To get OneDrive, search for it in the Microsoft Store on your HoloLens. diff --git a/devices/hololens/hololens-multiple-users.md b/devices/hololens/hololens-multiple-users.md index d9d6704c78..4bd8b317ef 100644 --- a/devices/hololens/hololens-multiple-users.md +++ b/devices/hololens/hololens-multiple-users.md @@ -37,7 +37,7 @@ To use HoloLens, each user follows these steps: 1. If another user has been using the device, do one of the following: - Press the power button once to go to standby, and then press the power button again to return to the lock screen - - Select the user tile on the upper right of the Pins panel to sign out the current user. + - HoloLens 2 users may select the user tile on the top of the Pins panel to sign out the current user. 1. Use your Azure AD account credentials to sign in to the device. If this is the first time that you have used the device, you have to [calibrate](hololens-calibration.md) HoloLens to your own eyes. diff --git a/devices/hololens/hololens-recovery.md b/devices/hololens/hololens-recovery.md index 0585bf89f7..42c5c64363 100644 --- a/devices/hololens/hololens-recovery.md +++ b/devices/hololens/hololens-recovery.md @@ -116,7 +116,7 @@ To use the tool, you’ll need a computer running Windows 10 or later, with at l To recover your HoloLens -1. Download and install the [Windows Device Recovery Tool](https://dev.azure.com/ContentIdea/ContentIdea/_queries/query/8a004dbe-73f8-4a32-94bc-368fc2f2a895/) on your computer. +1. Download and install the [Windows Device Recovery Tool](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq) on your computer. 1. Connect the HoloLens (1st gen) to your computer using the Micro USB cable that came with your HoloLens. 1. Run the Windows Device Recovery Tool and follow the instructions. diff --git a/devices/hololens/hololens-release-notes.md b/devices/hololens/hololens-release-notes.md index f977fa45ff..4d8b9c1a52 100644 --- a/devices/hololens/hololens-release-notes.md +++ b/devices/hololens/hololens-release-notes.md @@ -22,6 +22,13 @@ appliesto: > [!Note] > HoloLens Emulator Release Notes can be found [here](https://docs.microsoft.com/windows/mixed-reality/hololens-emulator-archive). +### December Update - build 18362.1042 + +- Introduces LSR (Last Stage Reproduction) fixes. Improves visual rendering of holograms to appear more stable and crisp by more accurately accounting for their depth. This will be more noticeable if apps do not set the depth of holograms correctly, after this update. +- Fixes stability of exclusive apps and navigation between exclusive apps. +- Resolves an issue where Mixed Reality Capture couldn't record video after device is left in standby state for multiple days. +- Improves hologram stability. + ### November Update - build 18362.1039 - Fixes for **"Select"** voice commands during initial set-up for en-CA and en-AU. diff --git a/devices/surface-hub/docfx.json b/devices/surface-hub/docfx.json index d74914168f..8eba3c49b1 100644 --- a/devices/surface-hub/docfx.json +++ b/devices/surface-hub/docfx.json @@ -51,7 +51,8 @@ "jborsecnik", "tiburd", "garycentric" - ] + ], + "titleSuffix": "Surface Hub" }, "externalReference": [], "template": "op.html", diff --git a/devices/surface-hub/surface-hub-2s-adoption-kit.md b/devices/surface-hub/surface-hub-2s-adoption-kit.md index 78ec22ee3d..2cc29c519b 100644 --- a/devices/surface-hub/surface-hub-2s-adoption-kit.md +++ b/devices/surface-hub/surface-hub-2s-adoption-kit.md @@ -15,7 +15,7 @@ ms.localizationpriority: Medium # Surface Hub 2S adoption and training guides -Whether you are a small or large business, a Surface Hub adoption plan is critical in generating the right use cases and helping your users become comfortable with the device. Check out these downloadable guides designed to help you deliver training across your organization. +Whether you're a small or large business, a Surface Hub adoption plan is critical in generating the right use cases and helping your users become comfortable with the device. Check out these downloadable guides designed to help you deliver training across your organization. ## On-demand training diff --git a/devices/surface-hub/surface-hub-2s-manage-intune.md b/devices/surface-hub/surface-hub-2s-manage-intune.md index e71d37def0..1e0a03d797 100644 --- a/devices/surface-hub/surface-hub-2s-manage-intune.md +++ b/devices/surface-hub/surface-hub-2s-manage-intune.md @@ -69,6 +69,6 @@ You can set the Microsoft Teams app mode using Intune. Surface Hub 2S comes inst To set modes, add the following settings to a custom Device Configuration Profile. |**Name**|**Description**|**OMA-URI**|**Type**|**Value**| -|:------ |:------------- |:--------- |:------ |:------- | -|**Teams App ID**| App name | ./Vendor/MSFT/SurfaceHub/Properties/VtcAppPackageId | String | Microsoft.MicrosoftTeamsforSurfaceHub_8wekyb3d8bbwe!Teams­­ | -|**Teams App Mode**| Teams mode | ./Vendor/MSFT/SurfaceHub/Properties/SurfaceHubMeetingMode | Integer | 0 or 1 or 2 | +|:--- |:--- |:--- |:--- |:--- | +|**Teams App ID**|App name|./Vendor/MSFT/SurfaceHub/Properties/VtcAppPackageId|String| Microsoft.MicrosoftTeamsforSurfaceHub_8wekyb3d8bbwe!Teams| +|**Teams App Mode**|Teams mode|./Vendor/MSFT/SurfaceHub/Properties/SurfaceHubMeetingMode|Integer| 0 or 1 or 2| diff --git a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md index 7c89e20f18..058380b980 100644 --- a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md +++ b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md @@ -29,9 +29,9 @@ Although the deployment and management of Surface devices is fundamentally the s ## Updating Surface device drivers and firmware -For devices that receive updates through Windows Update, drivers for Surface components (and even firmware updates) are applied automatically as part of the Windows Update process. For devices with managed updates, such as those updated through Windows Server Update Services (WSUS), the option to install drivers and firmware through Windows Update is not available. For these managed devices, the recommended driver management process is the deployment of driver and firmware updates using the Windows Installer (.msi) files, which are provided through the Microsoft Download Center. You can find a list of these downloads at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices). -As .msi files, deployment of driver and firmware updates is performed in the same manner as deployment of an application. Instead of installing an application as would normally happen when an .msi file is run, the Surface driver and firmware .msi will apply the driver and firmware updates to the device. The single .msi file contains the driver and firmware updates required by each component of the Surface device. The updates for firmware are applied the next time the device reboots. You can read more about the .msi installation method for Surface drivers and firmware in [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates). For more information about how to deploy applications with Configuration Manager, see [Packages and programs in System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/packages-and-programs). +For devices that recieve updates through Windows Update, drivers for Surface components (and even firmware updates) are applied automatically as part of the Windows Update process. For devices with managed updates, such as those updated through Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM), see [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-driver-and-firmware-updates/). + > [!NOTE] > Surface device drivers and firmware are signed with SHA-256, which is not natively supported by Windows Server 2008 R2. A workaround is available for Configuration Manager environments running on Windows Server 2008 R2. For more information, see [Can't import drivers into System Center Configuration Manager (KB3025419)](https://support.microsoft.com/kb/3025419). @@ -81,4 +81,3 @@ To apply an asset tag using the [Surface Asset Tag CLI Utility](https://www.micr When you deploy Windows to a Surface device, the push-button reset functionality of Windows is configured by default to revert the system back to a state where the environment is not yet configured. When the reset function is used, the system discards any installed applications and settings. Although in some situations it can be beneficial to restore the system to a state without applications and settings, in a professional environment this effectively renders the system unusable to the end user. Push-button reset can be configured, however, to restore the system configuration to a state where it is ready for use by the end user. Follow the process outlined in [Deploy push-button reset features](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/deploy-push-button-reset-features) to customize the push-button reset experience for your devices. - diff --git a/devices/surface/docfx.json b/devices/surface/docfx.json index fafc824f21..42faacbcac 100644 --- a/devices/surface/docfx.json +++ b/devices/surface/docfx.json @@ -47,7 +47,8 @@ "jborsecnik", "tiburd", "garycentric" - ] + ], + "titleSuffix": "Surface" }, "externalReference": [], "template": "op.html", diff --git a/devices/surface/windows-autopilot-and-surface-devices.md b/devices/surface/windows-autopilot-and-surface-devices.md index 2be171841b..6e16d59968 100644 --- a/devices/surface/windows-autopilot-and-surface-devices.md +++ b/devices/surface/windows-autopilot-and-surface-devices.md @@ -31,9 +31,8 @@ Autopilot is the recommended deployment option for Surface devices including Sur Support for broad deployments of Surface devices using Windows Autopilot, including enrollment performed by Surface partners at the time of purchase, requires devices manufactured with or otherwise installed with Windows 10 Version 1709 (Fall Creators Update) or later. These versions support a 4000-byte (4k) hash value to uniquely identify devices for Windows Autopilot that is necessary for deployments at scale. All new Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3 ship with Windows 10 Version 1903 or above. ## Surface partners enabled for Windows Autopilot -Enrolling Surface devices in Windows Autopilot at the time of purchase is a capability provided by select Surface partners that are enabled with the capability to identify individual Surface devices during the purchase process and perform enrollment on an organization’s behalf. Devices enrolled by a Surface partner at time of purchase can be shipped directly to users and configured entirely through the zero-touch process of Windows Autopilot, Azure Active Directory, and Mobile Device Management. - -When you purchase Surface devices from a Surface partner enabled for Windows Autopilot, your new devices can be enrolled in your Windows Autopilot deployment for you by the partner. Surface partners enabled for Windows Autopilot include: +Enrolling Surface devices in Windows Autopilot at the time of purchase is performed by select Surface partners that enroll devices on an organization’s behalf. Devices can then be shipped directly to users and configured entirely through the zero-touch process of Windows Autopilot, Azure Active Directory, and Mobile Device Management. +Surface partners enabled for Windows Autopilot include: - [ALSO](https://www.also.com/ec/cms5/de_1010/1010_anbieter/microsoft/windows-autopilot/index.jsp) - [Atea](https://www.atea.com/) diff --git a/mdop/docfx.json b/mdop/docfx.json index c037b4fa3c..e6f79ff24a 100644 --- a/mdop/docfx.json +++ b/mdop/docfx.json @@ -51,7 +51,8 @@ "jborsecnik", "tiburd", "garycentric" - ] + ], + "titleSuffix": "Microsoft Desktop Optimization Pack" }, "externalReference": [], "template": "op.html", diff --git a/smb/docfx.json b/smb/docfx.json index 1c1ce5a53a..a5644a3f2b 100644 --- a/smb/docfx.json +++ b/smb/docfx.json @@ -47,7 +47,8 @@ "jborsecnik", "tiburd", "garycentric" - ] + ], + "titleSuffix": "Windows for Small to Midsize Business" }, "fileMetadata": {}, "template": [], diff --git a/windows/application-management/docfx.json b/windows/application-management/docfx.json index 6f3c2b6c50..09bd474c3e 100644 --- a/windows/application-management/docfx.json +++ b/windows/application-management/docfx.json @@ -42,7 +42,8 @@ "depot_name": "MSDN.win-app-management", "folder_relative_path_in_docset": "./" } - } + }, + "titleSuffix": "Windows Application Management" }, "fileMetadata": {}, "template": [], diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json index d687294412..ffd1c9d266 100644 --- a/windows/client-management/docfx.json +++ b/windows/client-management/docfx.json @@ -44,7 +44,8 @@ "depot_name": "MSDN.win-client-management", "folder_relative_path_in_docset": "./" } - } + }, + "titleSuffix": "Windows Client Management" }, "fileMetadata": {}, "template": [], diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index b2e9438fba..9d7b5546ff 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -31,6 +31,7 @@ When the server that stores the mandatory profile is unavailable, such as when t User profiles become mandatory profiles when the administrator renames the NTuser.dat file (the registry hive) of each user's profile in the file system of the profile server from `NTuser.dat` to `NTuser.man`. The `.man` extension causes the user profile to be a read-only profile. + ## Profile extension for each Windows version The name of the folder in which you store the mandatory profile must use the correct extension for the operating system it will be applied to. The following table lists the correct extension for each operating system version. diff --git a/windows/client-management/mdm/index.md b/windows/client-management/mdm/index.md index 01ee6820fc..7608a417e2 100644 --- a/windows/client-management/mdm/index.md +++ b/windows/client-management/mdm/index.md @@ -10,7 +10,6 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: dansimp -ms.date: 01/25/2019 --- # Mobile device management @@ -42,14 +41,16 @@ The MDM security baseline includes policies that cover the following areas: - And much more For more details about the MDM policies defined in the MDM security baseline and what Microsoft’s recommended baseline policy values are, see: + +- [MDM Security baseline for Windows 10, version 1909](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1909-MDM-SecurityBaseLine-Document.zip) - [MDM Security baseline for Windows 10, version 1903](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1903-MDM-SecurityBaseLine-Document.zip) - [MDM Security baseline for Windows 10, version 1809](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1809-MDM-SecurityBaseLine-Document-[Preview].zip) For information about the MDM policies defined in the Intune security baseline public preview, see [Windows security baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-windows) - + ## Learn about migrating to MDM When an organization wants to move to MDM to manage devices, they should prepare by analyzing their current Group Policy settings to see what they need to transition to MDM management. Microsoft created the [MDM Migration Analysis Tool](https://aka.ms/mmat/) (MMAT) to help. MMAT determines which Group Policies have been set for a target user or computer and then generates a report that lists the level of support for each policy settings in MDM equivalents. For more information, see [MMAT Instructions](https://github.com/WindowsDeviceManagement/MMAT/blob/master/MDM%20Migration%20Analysis%20Tool%20Instructions.pdf). diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md index da9546ba23..da5cc3e5c8 100644 --- a/windows/client-management/new-policies-for-windows-10.md +++ b/windows/client-management/new-policies-for-windows-10.md @@ -23,7 +23,7 @@ ms.topic: reference - Windows 10 - Windows 10 Mobile -Windows 10 includes the following new policies for management. [Download the complete set of Administrative Template (.admx) files for Windows 10](https://www.microsoft.com/download/details.aspx?id=56121). +Windows 10 includes the following new policies for management. [Download the complete set of Administrative Template (.admx) files for Windows 10](https://www.microsoft.com/download/100591). ## New Group Policy settings in Windows 10, version 1809 @@ -497,4 +497,3 @@ No new [Exchange ActiveSync policies](https://go.microsoft.com/fwlink/p/?LinkId= - diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json index 4986e61b5d..ea2a557e39 100644 --- a/windows/configuration/docfx.json +++ b/windows/configuration/docfx.json @@ -42,7 +42,8 @@ "depot_name": "MSDN.win-configuration", "folder_relative_path_in_docset": "./" } - } + }, + "titleSuffix": "Configure Windows" }, "fileMetadata": {}, "template": [], diff --git a/windows/deployment/docfx.json b/windows/deployment/docfx.json index b5e2f332bb..d90a888be9 100644 --- a/windows/deployment/docfx.json +++ b/windows/deployment/docfx.json @@ -47,7 +47,8 @@ "depot_name": "MSDN.win-development", "folder_relative_path_in_docset": "./" } - } + }, + "titleSuffix": "Windows Deployment" }, "fileMetadata": {}, "template": [], diff --git a/windows/deployment/images/sa-mfa1.png b/windows/deployment/images/sa-mfa1.png new file mode 100644 index 0000000000..045e5a7794 Binary files /dev/null and b/windows/deployment/images/sa-mfa1.png differ diff --git a/windows/deployment/images/sa-mfa2.png b/windows/deployment/images/sa-mfa2.png new file mode 100644 index 0000000000..1964a7b263 Binary files /dev/null and b/windows/deployment/images/sa-mfa2.png differ diff --git a/windows/deployment/images/sa-mfa3.png b/windows/deployment/images/sa-mfa3.png new file mode 100644 index 0000000000..8987eac97b Binary files /dev/null and b/windows/deployment/images/sa-mfa3.png differ diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md index 64f031f72e..81c8751a84 100644 --- a/windows/deployment/upgrade/resolution-procedures.md +++ b/windows/deployment/upgrade/resolution-procedures.md @@ -18,38 +18,38 @@ ms.topic: article # Resolution procedures **Applies to** -- Windows 10 - ->[!NOTE] ->This is a 200 level topic (moderate).
->See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article. +- Windows 10 +> [!NOTE] +> This is a 200 level topic (moderate). +> See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article. ## 0xC1900101 -A frequently observed result code is 0xC1900101. This result code can be thrown at any stage of the upgrade process, with the exception of the downlevel phase. 0xC1900101 is a generic rollback code, and usually indicates that an incompatible driver is present. The incompatible driver can cause blue screens, system hangs, and unexpected reboots. Analysis of supplemental log files is often helpful, such as:
+A frequently observed result code is 0xC1900101. This result code can be thrown at any stage of the upgrade process, with the exception of the downlevel phase. 0xC1900101 is a generic rollback code, and usually indicates that an incompatible driver is present. The incompatible driver can cause blue screens, system hangs, and unexpected reboots. Analysis of supplemental log files is often helpful, such as: - The minidump file: $Windows.~bt\Sources\Rollback\setupmem.dmp, - Event logs: $Windows.~bt\Sources\Rollback\*.evtx - The device install log: $Windows.~bt\Sources\Rollback\setupapi\setupapi.dev.log -The device install log is particularly helpful if rollback occurs during the sysprep operation (extend code 0x30018). To resolve a rollback due to driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process. +The device install log is particularly helpful if rollback occurs during the sysprep operation (extend code 0x30018). -
See the following general troubleshooting procedures associated with a result code of 0xC1900101: +To resolve a rollback that was caused by driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process. +See the following general troubleshooting procedures associated with a result code of 0xC1900101:

@@ -69,11 +69,11 @@ The device install log is particularly helpful if rollback occurs during the sys
-
Code -
0xC1900101 - 0x20004 +
Code +
0xC1900101 - 0x20004
-
+
Cause -
Windows Setup encountered an error during the SAFE_OS with the INSTALL_RECOVERY_ENVIRONMENT operation +
Windows Setup encountered an error during the SAFE_OS with the INSTALL_RECOVERY_ENVIRONMENT operation.
This is generally caused by out-of-date drivers.
-
Code -
0xC1900101 - 0x2000c +
Code +
0xC1900101 - 0x2000c
-
+
-
Cause
Windows Setup encountered an unspecified error during Wim apply in the WinPE phase.
This is generally caused by out-of-date drivers. @@ -91,16 +91,15 @@ The device install log is particularly helpful if rollback occurs during the sys
-
Code +
Code
0xC1900101 - 0x20017
-
+
@@ -124,11 +123,11 @@ Open the Setuperr.log and Setupact.log files in the %windir%\Panther directory, - - -
Cause
A driver has caused an illegal operation.
Windows was not able to migrate the driver, resulting in a rollback of the operating system. @@ -113,9 +112,9 @@ The device install log is particularly helpful if rollback occurs during the sys
Mitigation
-Ensure that all that drivers are updated.
-Open the Setuperr.log and Setupact.log files in the %windir%\Panther directory, and then locate the problem drivers. -
For more information, see Understanding Failures and Log Files. +Ensure that all that drivers are updated. +
Open the Setuperr.log and Setupact.log files in the %windir%\Panther directory, and then locate the problem drivers. +
For more information, see Windows Vista, Windows 7, Windows Server 2008 R2, Windows 8.1, and Windows 10 setup log file locations.
Update or uninstall the problem drivers.
-
Code -
0xC1900101 - 0x30018 +
Code +
0xC1900101 - 0x30018
-
+
Cause
A device driver has stopped responding to setup.exe during the upgrade process.
@@ -149,11 +148,11 @@ Disconnect all peripheral devices that are connected to the system, except for t
-
Code -
0xC1900101 - 0x3000D +
Code +
0xC1900101 - 0x3000D
-
+
@@ -194,40 +192,39 @@ Disconnect all peripheral devices that are connected to the system, except for t
Cause
Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.
This can occur due to a problem with a display driver. @@ -175,16 +174,15 @@ Disconnect all peripheral devices that are connected to the system, except for t
-
Code -
0xC1900101 - 0x4000D +
Code +
0xC1900101 - 0x4000D
-
+
Cause
A rollback occurred due to a driver configuration issue.
Installation failed during the second boot phase while attempting the MIGRATE_DATA operation. - -
This can occur due to incompatible drivers. +
This can occur because of incompatible drivers.
Mitigation
-
Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors. +Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.
Review the rollback log and determine the stop code.
The rollback log is located in the C:$Windows.~BT\Sources\Panther folder. An example analysis is shown below. This example is not representative of all cases: -
Info SP Crash 0x0000007E detected -
Info SP Module name : -
Info SP Bugcheck parameter 1 : 0xFFFFFFFFC0000005 -
Info SP Bugcheck parameter 2 : 0xFFFFF8015BC0036A -
Info SP Bugcheck parameter 3 : 0xFFFFD000E5D23728 -
Info SP Bugcheck parameter 4 : 0xFFFFD000E5D22F40 -
Info SP Cannot recover the system. -
Info SP Rollback: Showing splash window with restoring text: Restoring your previous version of Windows. +
+Info SP     Crash 0x0000007E detected
+Info SP       Module name           :
+Info SP       Bugcheck parameter 1  : 0xFFFFFFFFC0000005
+Info SP       Bugcheck parameter 2  : 0xFFFFF8015BC0036A
+Info SP       Bugcheck parameter 3  : 0xFFFFD000E5D23728
+Info SP       Bugcheck parameter 4  : 0xFFFFD000E5D22F40
+Info SP     Cannot recover the system.
+Info SP     Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.
- -
Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:
+Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:
1. Make sure you have enough disk space.
2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.
3. Try changing video adapters.
4. Check with your hardware vendor for any BIOS updates.
5. Disable BIOS memory options such as caching or shadowing. -

+
-
Code -
0xC1900101 - 0x40017 +
Code +
0xC1900101 - 0x40017
-
+
Cause
Windows 10 upgrade failed after the second reboot.
This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. @@ -237,23 +234,61 @@ Disconnect all peripheral devices that are connected to the system, except for t 		-
Mitigation -
Clean boot into Windows, and then attempt the upgrade to Windows 10.
+
+Mitigation +
-For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135). +Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135). + +Ensure that you select the option to "Download and install updates (recommended)." + +Computers that run Citrix VDA +You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8. + +This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back. + +**Resolution** + +To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016). + +You can work around this problem in two ways + +**Workaround 1** + +1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA. +1. Run the Windows upgrade again. +1. Reinstall Citrix VDA. + +**Workaround 2** + +If you cannot uninstall Citrix VDA, follow these steps to work around this problem: + +1. In Registry Editor, go to the following subkey: + ``` + HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc + ``` +1. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service. +1. Go to the following subkey: + ``` + HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318} + ``` +1. Delete the **CtxMcsWbc** entry. +1. Restart the computer, and then try the upgrade again. + +> **Third-party information disclaimer** +> The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. -

Ensure you select the option to "Download and install updates (recommended)."
-

0x800xxxxx

+## 0x800xxxxx -
Result codes starting with the digits 0x800 are also important to understand. These error codes indicate general operating system errors, and are not unique to the Windows upgrade process. Examples include timeouts, devices not functioning, and a process stopping unexpectedly. +Result codes that start with the digits 0x800 are also important to understand. These error codes indicate general operating system errors, and are not unique to the Windows upgrade process. Examples include timeouts, devices not functioning, and a process stopping unexpectedly. -
See the following general troubleshooting procedures associated with a result code of 0x800xxxxx:
+See the following general troubleshooting procedures associated with a result code of 0x800xxxxx:
@@ -262,15 +297,13 @@ For more information, see [How to perform a clean boot in Windows](https://suppo
Code
- 80040005 - 0x20007
-
+
Cause
- An unspecified error occurred with a driver during the SafeOS phase.
@@ -293,17 +326,15 @@ This error has more than one possible cause. Attempt [quick fixes](quick-fixes.m
Code
- 0x80073BC3 - 0x20009
0x80070002 - 0x20009
0x80073B92 - 0x20009
-
+
Cause
- The requested system device cannot be found, there is a sharing violation, or there are multiple devices matching the identification criteria.
@@ -324,17 +355,15 @@ These errors occur during partition analysis and validation, and can be caused b
-
Code +
Code
- 800704B8 - 0x3001A
-
+
Cause
- An extended error has occurred during the first boot phase.
@@ -355,17 +384,15 @@ Disable or uninstall non-Microsoft antivirus applications, disconnect all unnece
-
Code +
Code
- 8007042B - 0x4000D
-
+
Cause
- The installation failed during the second boot phase while attempting the MIGRATE_DATA operation.
This issue can occur due to file system, application, or driver issues. @@ -387,17 +414,15 @@ The installation failed during the second boot phase while attempting the MIGRAT
-
Code +
Code
- 8007001F - 0x3000D
-
+
Cause
- The installation failed in the FIRST_BOOT phase with an error during MIGRATE_DATA operation.
@@ -413,7 +438,8 @@ The installation failed in the FIRST_BOOT phase with an error during MIGRATE_DAT This error can be due to a problem with user profiles. It can occur due to corrupt registry entries under **HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList** or invalid files in the **\\Users** directory. -Note: If a previous upgrade did not complete, invalid profiles might exist in the **Windows.old\\Users** directory. +> [!NOTE] +> If a previous upgrade did not complete, invalid profiles might exist in the **Windows.old\\Users** directory. To repair this error, ensure that deleted accounts are not still present in the Windows registry and that files under the \\Users directory are valid. Delete the invalid files or user profiles that are causing this error. The specific files and profiles that are causing the error will be recorded in the Windows setup log files. @@ -424,17 +450,15 @@ To repair this error, ensure that deleted accounts are not still present in the
-
Code +
Code
- 8007001F - 0x4000D
-
+
Cause
- General failure, a device attached to the system is not functioning.
@@ -455,17 +479,15 @@ General failure, a device attached to the system is not functioning.
-
Code +
Code
- 8007042B - 0x4001E
-
+
Cause
- The installation failed during the second boot phase while attempting the PRE_OOBE operation.
@@ -488,12 +510,12 @@ This error has more than one possible cause. Attempt [quick fixes](quick-fixes.m ## Other result codes - +
- @@ -505,10 +527,9 @@ This error has more than one possible cause. Attempt [quick fixes](quick-fixes.m - + - @@ -534,13 +555,13 @@ This error has more than one possible cause. Attempt [quick fixes](quick-fixes.m - @@ -568,34 +589,29 @@ Download and run the media creation tool. See Disk cleanup in Windows 10. + - - - + - + +Review logs for [compatibility information](https://blogs.technet.microsoft.com/askcore/2016/01/21/using-the-windows-10-compatibility-reports-to-understand-upgrade-issues/).
Error code -Cause -Mitigation +Error code +Cause +Mitigation
0xC1900200 Setup.exe has detected that the machine does not meet the minimum system requirements.Ensure the system you are trying to upgrade meets the minimum system requirements.
See Windows 10 specifications for information.		Ensure the system you are trying to upgrade meets the minimum system requirements.
See Windows 10 specifications for information.
0x80090011 A device driver error occurred during user data migration.Attempt other methods of upgrading the operating system.
Download and run the media creation tool. See Download windows 10.
Attempt to upgrade using .ISO or USB.
-Note: Windows 10 Enterprise isn’t available in the media creation tool. For more information, go to the Volume Licensing Service Center. +Note
Windows 10 Enterprise isn’t available in the media creation tool. For more information, go to the Volume Licensing Service Center.
0x80244018 Your machine is connected through a proxy server.Make sure Automatically Detect Settings is selected in internet options. (Control Panel > Internet Options > Connections > LAN Settings). +Make sure Automatically Detect Settings is selected in internet options. (Control Panel > Internet Options > Connections > LAN Settings).
Restart the device and run setup again. If restarting the device does not resolve the issue, then use the Disk Cleanup utility and clean up the temporary files as well as the System files. For more information, see Disk cleanup in Windows 10.
0xC1900209 The user has chosen to cancel because the system does not pass the compatibility scan to install the update. Setup.exe will report this error when it can upgrade the machine with user data but cannot migrate installed applications. Incompatible software is blocking the upgrade process. Uninstall the application and try the upgrade again. See Windows 10 Pre-Upgrade Validation using SETUP.EXE for more information. - -
You can also download the [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526740) and install Application Compatibility Tools. +
You can also download the Windows Assessment and Deployment Kit (ADK) for Windows 10 and install Application Compatibility Tools.
0x8007002 This error is specific to upgrades using System Center Configuration Manager 2012 R2 SP1 CU3 (5.00.8238.1403) Analyze the SMSTS.log and verify that the upgrade is failing on "Apply Operating system" Phase: Error 80072efe DownloadFileWithRanges() failed. 80072efe. ApplyOperatingSystem (0x0760) -
The error 80072efe means that the connection with the server was terminated abnormally. -
To resolve this issue, try the OS Deployment test on a client in same VLAN as the Configuration Manager server. Check the network configuration for random client-server connection issues happening on the remote VLAN.
0x80240FFF Occurs when update synchronization fails. It can occur when you are using Windows Server Update Services on its own or when it is integrated with System Center Configuration Manager. If you enable update synchronization before you install hotfix 3095113, WSUS doesn't recognize the Upgrades classification and instead treats the upgrade like a regular update. You can prevent this by installing hotfix 3095113 before you enable update synchronization. However, if you have already run into this problem, do the following: - +Occurs when update synchronization fails. It can occur when you are using Windows Server Update Services on its own or when it is integrated with System Center Configuration Manager. If you enable update synchronization before you install hotfix 3095113, WSUS doesn't recognize the Upgrades classification and instead treats the upgrade like a regular update. You can prevent this by installing hotfix 3095113 before you enable update synchronization. However, if you have already run into this problem, do the following:
  1. Disable the Upgrades classification.
  2. Install hotfix 3095113.
    3. @@ -603,21 +619,20 @@ Download and run the media creation tool. See How to delete upgrades in WSUS.

    +For detailed information on how to run these steps check out How to delete upgrades in WSUS.
0x8007007EOccurs when update synchronization fails because you do not have hotfix 3095113 installed before you enable update synchronization. Specifically, the CopyToCache operation fails on clients that have already downloaded the upgrade because Windows Server Update Services has bad metadata related to the upgrade. It can occur when you are using standalone Windows Server Update Services or when WSUS is integrated with System Center Configuration Manager.Occurs when update synchronization fails because you do not have hotfix 3095113 installed before you enable update synchronization. Specifically, the CopyToCache operation fails on clients that have already downloaded the upgrade because Windows Server Update Services has bad metadata related to the upgrade. It can occur when you are using standalone Windows Server Update Services or when WSUS is integrated with System Center Configuration Manager. Use the following steps to repair Windows Server Update Services. You must run these steps on each WSUS server that synched metadata before you installed the hotfix. -
  1. Stop the Windows Update service. Sign in as a user with administrative privileges, and then do the following:
    1. Open Administrative Tools from the Control Panel.
    2. Double-click Services.
      3. -
    3. Find the Windows Update service, right-click it, and then click Stop. If prompted, enter your credentials.
      4. +
    4. Find the Windows Update service, right-click it, and then select Stop. If prompted, enter your credentials.
  2. Delete all files and folders under c:\Windows\SoftwareDistribution\DataStore.
    3. @@ -630,7 +645,7 @@ Download and run the media creation tool. See Error Codes
CauseMitigation
0x80070003- 0x20007 @@ -657,9 +672,9 @@ Alternatively, re-create installation media the [Media Creation Tool](https://ww The computer doesn’t meet the minimum requirements to download or upgrade to Windows 10. -See Windows 10 Specifications and verify the computer meets minimum requirements. +See Windows 10 Specifications and verify the computer meets minimum requirements. -
Review logs for [compatibility information](https://blogs.technet.microsoft.com/askcore/2016/01/21/using-the-windows-10-compatibility-reports-to-understand-upgrade-issues/).
0x80070004 - 0x3000D This is a problem with data migration during the first boot phase. There are multiple possible causes. @@ -680,7 +695,8 @@ Alternatively, re-create installation media the [Media Creation Tool](https://ww These errors indicate the computer does not have enough free space available to install the upgrade. To upgrade a computer to Windows 10, it requires 16 GB of free hard drive space for a 32-bit OS, and 20 GB for a 64-bit OS. If there is not enough space, attempt to free up drive space before proceeding with the upgrade. -
Note: If your device allows it, you can use an external USB drive for the upgrade process. Windows setup will back up the previous version of Windows to a USB external drive. The external drive must be at least 8GB (16GB is recommended). The external drive should be formatted using NTFS. Drives that are formatted in FAT32 may run into errors due to FAT32 file size limitations. USB drives are preferred over SD cards because drivers for SD cards are not migrated if the device does not support Connected Standby. +> [!NOTE] +> If your device allows it, you can use an external USB drive for the upgrade process. Windows setup will back up the previous version of Windows to a USB external drive. The external drive must be at least 8GB (16GB is recommended). The external drive should be formatted using NTFS. Drives that are formatted in FAT32 may run into errors due to FAT32 file size limitations. USB drives are preferred over SD cards because drivers for SD cards are not migrated if the device does not support Connected Standby.
@@ -714,8 +730,8 @@ Also see the following sequential list of modern setup (mosetup) error codes wit | 0XC190011f | MOSETUP_E_PROCESS_CRASHED | The installation process crashed. | | 0XC1900120 | MOSETUP_E_EULA_TIMEOUT | The user has not accepted Eula within the required time limit. | | 0XC1900121 | MOSETUP_E_ADVERTISE_TIMEOUT | The user has not accepted Advertisement within the required time limit. | -| 0XC1900122 | MOSETUP_E_DOWNLOADDISKSPACE_TIMEOUT | The download diskspace issues were not resolved within the required time limit. | -| 0XC1900123 | MOSETUP_E_INSTALLDISKSPACE_TIMEOUT | The install diskspace issues were not resolved within the required time limit. | +| 0XC1900122 | MOSETUP_E_DOWNLOADDISKSPACE_TIMEOUT | The download disk space issues were not resolved within the required time limit. | +| 0XC1900123 | MOSETUP_E_INSTALLDISKSPACE_TIMEOUT | The install disk space issues were not resolved within the required time limit. | | 0XC1900124 | MOSETUP_E_COMPAT_SYSREQ_TIMEOUT | The minimum requirements compatibility issues were not resolved within the required time limit. | | 0XC1900125 | MOSETUP_E_COMPAT_DOWNLOADREQ_TIMEOUT | The compatibility issues for download were not resolved within the required time limit. | | 0XC1900126 | MOSETUP_E_GATHER_OS_STATE_SIGNATURE | The GatherOsState executable has invalid signature. | @@ -744,9 +760,9 @@ Also see the following sequential list of modern setup (mosetup) error codes wit | 0XC1900209 | MOSETUP_E_COMPAT_INSTALLREQ_CANCEL | The user has chosen to cancel because the system does not pass the compat scan to install the update. | | 0XC190020a | MOSETUP_E_COMPAT_RECOVERYREQ_BLOCK | The system does not pass the minimum requirements to recover Windows. | | 0XC190020b | MOSETUP_E_COMPAT_RECOVERYREQ_CANCEL | The user has chosen to cancel because the system does not pass the minimum requirements to recover Windows. | -| 0XC190020c | MOSETUP_E_DOWNLOADDISKSPACE_BLOCK | The system does not pass the diskspace requirements to download the payload. | +| 0XC190020c | MOSETUP_E_DOWNLOADDISKSPACE_BLOCK | The system does not pass the disk space requirements to download the payload. | | 0XC190020d | MOSETUP_E_DOWNLOADDISKSPACE_CANCEL | The user has chosen to cancel as the device does not have enough disk space to download. | -| 0XC190020e | MOSETUP_E_INSTALLDISKSPACE_BLOCK | The system does not pass the diskspace requirements to install the payload. | +| 0XC190020e | MOSETUP_E_INSTALLDISKSPACE_BLOCK | The system does not pass the disk space requirements to install the payload. | | 0XC190020f | MOSETUP_E_INSTALLDISKSPACE_CANCEL | The user has chosen to cancel as the device does not have enough disk space to install. | | 0XC1900210 | MOSETUP_E_COMPAT_SCANONLY | The user has used the setup.exe command line to do scanonly, not to install the OS. | | 0XC1900211 | MOSETUP_E_DOWNLOAD_UNPACK_DISKSPACE_BLOCK | The system does not pass the disk space requirements to download and unpack media. | @@ -765,8 +781,8 @@ Also see the following sequential list of modern setup (mosetup) error codes wit ## Related topics -[Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx) -
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) -
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications) -
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) -
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) +- [Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx) +- [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) +- [Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications) +- [Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/home?category=Windows10ITPro) +- [Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/volume-activation/plan-for-volume-activation-client.md b/windows/deployment/volume-activation/plan-for-volume-activation-client.md index c5c02eb7d8..6ced1398db 100644 --- a/windows/deployment/volume-activation/plan-for-volume-activation-client.md +++ b/windows/deployment/volume-activation/plan-for-volume-activation-client.md @@ -1,232 +1,232 @@ ---- -title: Plan for volume activation (Windows 10) -description: Product activation is the process of validating software with the manufacturer after it has been installed on a specific computer. -ms.assetid: f84b005b-c362-4a70-a84e-4287c0d2e4ca -ms.reviewer: -manager: laurawi -ms.author: greglin -keywords: vamt, volume activation, activation, windows activation -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: greg-lindsay -ms.localizationpriority: medium -ms.date: 09/27/2017 -ms.topic: article ---- - -# Plan for volume activation - -**Applies to** -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 R2 -- Windows Server 2012 -- Windows Server 2008 R2 - -**Looking for retail activation?** - -- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) - -*Product activation* is the process of validating software with the manufacturer after it has been installed on a specific computer. Activation confirms that the product is genuine—not a fraudulent copy—and that the product key or serial number is valid and has not been compromised or revoked. Activation also establishes a link or relationship between the product key and the particular installation. - -During the activation process, information about the specific installation is examined. In the case of online activations, this information is sent to a server at Microsoft. This information may include the software version, the product key, the IP address of the computer, and information about the device. The activation methods that Microsoft uses are designed to help protect user privacy, and they cannot be used to track back to the computer or user. The gathered data confirms that the software is a legally licensed copy, and this data is used for statistical analysis. Microsoft does not use this information to identify or contact the user or the organization. - ->[!NOTE] ->The IP address is used only to verify the location of the request, because some editions of Windows (such as “Starter” editions) can only be activated within certain geographical target markets. - -## Distribution channels and activation - -In general, Microsoft software is obtained through three main channels: retail, original equipment manufacturer (OEM), and volume licensing agreements. Different activations methods are available through each channel. Because organizations are free to obtain software through multiple channels (for example, buying some at retail and others through a volume licensing program) most organizations choose to use a combination of activation methods. - -### Retail activations - -The retail activation method has not changed in several versions of Windows and Windows Server. Each purchased copy comes with one unique product key (often referred to as a retail key). The user enters this key during product installation. The computer uses this retail key to complete the activation after the installation is complete. Most activations are performed online, but telephone activation is also available. -Recently, retail keys have been expanded into new distribution scenarios. Product key cards are available to activate products that have been preinstalled or downloaded. Programs such as Windows Anytime Upgrade and Get Genuine allow users to acquire legal keys separately from the software. These electronically distributed keys may come with media that contains software, they can come as a software shipment, or they may be provided on a printed card or electronic copy. Products are activated the same way with any of these retail keys. - -### Original equipment manufacturer - -Most original equipment manufacturers (OEMs) sell systems that include a standard build of the Windows operating system. The hardware vendor activates Windows by associating the operating system with the firmware (BIOS) of the computer. This occurs before the computer is sent to the customer, and no additional actions are required. -OEM activation is valid as long as the customer uses the OEM-provided image on the system. OEM activation is available only for computers that are purchased through OEM channels and have the Windows operating system preinstalled. - -### Volume licensing - -Volume licensing offers customized programs that are tailored to the size and purchasing preference of the organization. To become a volume licensing customer, the organization must set up a volume licensing agreement with Microsoft.There is a common misunderstanding about acquiring licenses for a new computer through volume licensing. There are two legal ways to acquire a full Windows client license for a new computer: -- Have the license preinstalled through the OEM. -- Purchase a fully packaged retail product. - -The licenses that are provided through volume licensing programs such as Open License, Select License, and Enterprise Agreements cover upgrades to Windows client operating systems only. An existing retail or OEM operating system license is needed for each computer running Windows 10, Windows 8.1 Pro, Windows 8 Pro, Windows 7 Professional or Ultimate, or Windows XP Professional before the upgrade rights obtained through volume licensing can be exercised. -Volume licensing is also available through certain subscription or membership programs, such as the Microsoft Partner Network and MSDN. These volume licenses may contain specific restrictions or other changes to the general terms applicable to volume licensing. - -**Note**   -Some editions of the operating system, such as Windows 10 Enterprise, and some editions of application software are available only through volume licensing agreements or subscriptions. - -## Activation models - -For a user or IT department, there are no significant choices about how to activate products that are acquired through retail or OEM channels. The OEM performs the activation at the factory, and the user or the IT department need take no activation steps. - -With a retail product, the Volume Activation Management Tool (VAMT), which is discussed later in this guide, helps you track and manage keys. For each retail activation, you can choose: -- Online activation -- Telephone activation -- VAMT proxy activation - -Telephone activation is primarily used in situations where a computer is isolated from all networks. VAMT proxy activation (with retail keys) is sometimes used when an IT department wants to centralize retail activations or when a computer with a retail version of the operating system is isolated from the Internet but connected to the LAN. For volume-licensed products, however, you must determine the best method or combination of methods to use in your environment. For Windows 10 Pro and Enterprise, you can choose from three models: -- MAKs -- KMS -- Active Directory-based activation - -**Note**   -A specialized method, Token-based activation, is available for specific situations when approved customers rely on a public key infrastructure in a completely isolated, and usually high-security, environment. For more information, contact your Microsoft Account Team or your service representative. -Token-based Activation option is available for Windows 10 Enterprise LTSB editions (Version 1507 and 1607). - -### Multiple activation key - -A Multiple Activation Key (MAK) is commonly used in small- or mid-sized organizations that have a volume licensing agreement, but they do not meet the requirements to operate a KMS or they prefer a simpler approach. A MAK also -allows permanent activation of computers that are isolated from the KMS or are part of an isolated network that does not have enough computers to use the KMS. - -To use a MAK, the computers to be activated must have a MAK installed. The MAK is used for one-time activation with the Microsoft online hosted activation services, by telephone, or by using VAMT proxy activation. -In the simplest terms, a MAK acts like a retail key, except that a MAK is valid for activating multiple computers. Each MAK can be used a specific number of times. The VAMT can assist in tracking the number of activations that have been performed with each key and how many remain. - -Organizations can download MAK and KMS keys from the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkId=618213) website. Each MAK has a preset number of activations, which are based on a percentage of the count of licenses the organization purchases; however, you can increase the number of activations that are available with your MAK by calling Microsoft. - -### Key Management Service - -With the Key Management Service (KMS), IT pros can complete activations on their local network, eliminating the need for individual computers to connect to Microsoft for product activation. The KMS is a lightweight service that does not require a dedicated system and can easily be cohosted on a system that provides other services. - -Volume editions of Windows 10 and Windows Server 2012 R2 (in addition to volume editions of operating system editions since Windows Vista and Windows Server 2008) automatically connect to a system that hosts the KMS to request activation. No action is required from the user. - -The KMS requires a minimum number of computers (physical computers or virtual machines) in a network environment. The organization must have at least five computers to activate Windows Server 2012 R2 and at least 25 computers to activate client computers that are running Windows 10. These minimums are referred to as *activation thresholds*. - -Planning to use the KMS includes selecting the best location for the KMS host and how many KMS hosts to have. One KMS host can handle a large number of activations, but organizations will often deploy two KMS hosts to ensure availability. Only rarely would more than two KMS hosts be used. The KMS can be hosted on a client computer or on a server, and it can be run on older versions of the operating system if proper configuration steps are taken. Setting up your KMS is discussed later in this guide. - -### Active Directory-based activation - -Active Directory-based activation is the newest type of volume activation, and it was introduced in Windows 8. In many ways, Active Directory-based activation is similar to activation by using the KMS, but the activated computer does not need to maintain periodic connectivity with the KMS host. Instead, a domain-joined computer running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 queries AD DS for a volume activation object that is stored in the domain. The operating system checks the digital signatures that are contained in the activation object, and then activates the device. - -Active Directory-based activation allows enterprises to activate computers through a connection to their domain. Many companies have computers at remote or branch locations, where it is impractical to connect to a KMS, or would not reach the KMS activation threshold. Rather than use MAKs, Active Directory-based activation provides a way to activate computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 as long as the computers can contact the company’s domain. Active Directory-based activation offers the advantage of extending volume activation services everywhere you already have a domain presence. - -## Network and connectivity - -A modern business network has many nuances and interconnections. This section examines evaluating your network and the connections that are available to determine how volume activations will occur. - -### Core network - -Your core network is that part of your network that enjoys stable, high-speed, reliable connectivity to infrastructure servers. In many cases, the core network is also connected to the Internet, although that is not a requirement to use the KMS or Active Directory-based activation after the KMS server or AD DS is configured and active. Your core network likely consists of many network segments. In many organizations, the core network makes up the vast majority of the business network. - -In the core network, a centralized KMS solution is usually recommended. You can also use Active Directory-based activation, but in many organizations, KMS will still be required to activate older client computers and computers that are not joined to the domain. Some administrators prefer to run both solutions to have the most flexibility, while others prefer to choose only a KMS-based solution for simplicity. Active Directory-based activation as the only solution is workable if all of the clients in your organization are running Windows 10, Windows 8.1, or Windows 8. - -A typical core network that includes a KMS host is shown in Figure 1. - -![Typical core network](../images/volumeactivationforwindows81-01.jpg) - -**Figure 1**. Typical core network - -### Isolated networks - -In a large network, it is all but guaranteed that some segments will be isolated, either for security reasons or because of geography or connectivity issues. - -**Isolated for security** - -Sometimes called a *high-security zone*, a particular network segment may be isolated from the core network by a firewall or disconnected from other networks totally. The best solution for activating computers in an isolated network depends on the security policies in place in the organization. - -If the isolated network can access the core network by using outbound requests on TCP port 1688, and it is allowed to receive remote procedure calls (RPCs), you can perform activation by using the KMS in the core network, thereby avoiding the need to reach additional activation thresholds. - -If the isolated network participates fully in the corporate forest, and it can make typical connections to domain controllers, such as using Lightweight Directory Access Protocol (LDAP) for queries and Domain Name Service (DNS) for name resolution, this is a good opportunity to use Active Directory-based activation for Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012 R2. - -If the isolated network cannot communicate with the core network’s KMS server, and it cannot use Active Directory-based activation, you can set up a KMS host in the isolated network. This configuration is shown in Figure 2. However, if the isolated network contains only a few computers, it will not reach the KMS activation threshold. In that case, you can activate by using MAKs. - -If the network is fully isolated, MAK-independent activation would be the recommended choice, perhaps using the telephone option. But VAMT proxy activation may also be possible. You can also use MAKs to activate new computers during setup, before they are placed in the isolated network. - -![New KMS host in an isolated network](../images/volumeactivationforwindows81-02.jpg) - -**Figure 2**. New KMS host in an isolated network - -**Branch offices and distant networks** -From mining operations to ships at sea, organizations often have a few computers that are not easily connected to the core network or the Internet. Some organizations have network segments at branch offices that are large and well-connected internally, but have a slow or unreliable WAN link to the rest of the organization. In these situations, you have several options: -- **Active Directory-based activation**. In any site where the client computers are running Windows 10, Active Directory-based activation is supported, and it can be activated by joining the domain. -- **Local KMS**. If a site has 25 or more client computers, it can activate against a local KMS server. -- **Remote (core) KMS**. If the remote site has connectivity to an existing KMS (perhaps through a virtual private network (VPN) to the core network), that KMS can be used. Using the existing KMS means that you only need to meet the activation threshold on that server. -- **MAK activation**. If the site has only a few computers and no connectivity to an existing KMS host, MAK activation is the best option. - -### Disconnected computers - -Some users may be in remote locations or may travel to many locations. This scenario is common for roaming clients, such as the computers that are used by salespeople or other users who are offsite but not at branch locations. This scenario can also apply to remote branch office locations that have no connection to the core network. You can consider this an “isolated network,” where the number of computers is one. Disconnected computers can use Active Directory-based activation, the KMS, or MAK depending on the client version and how often the computers connect to the core network. -If the computer is joined to the domain and running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 8, you can use Active Directory-based activation—directly or through a VPN—at least once every 180 days. If the computer connects to a network with a KMS host at least every 180 days, but it does not support Active Directory-based activation, you can use KMS activation. Otherwise for computers that rarely or never connect to the network, use MAK independent activation (by using the telephone or the Internet). - -### Test and development labs - -Lab environments often have large numbers of virtual machines, and physical computers and virtual machines in labs are reconfigured frequently. Therefore, first determine whether the computers in test and development labs require activation. Editions of Windows 10 that include volume licensing will operate normally, even if they cannot activate immediately. -If you have ensured that your test or development copies of the operating system are within the license agreement, you may not need to activate the lab computers if they will be rebuilt frequently. If you require that the lab computers be activated, treat the lab as an isolated network and use the methods described earlier in this guide. -In labs that have a high turnover of computers and a small number of KMS clients, you must monitor the KMS activation count. You might need to adjust the time that the KMS caches the activation requests. The default is 30 days. - -## Mapping your network to activation methods - -Now it’s time to assemble the pieces into a working solution. By evaluating your network connectivity, the numbers of computers you have at each site, and the operating system versions in use in your environment, you have collected the information you need to determine which activation methods will work best for you. You can fill-in information in Table 1 to help you make this determination. - -**Table 1**. Criteria for activation methods - -|Criterion |Activation method | -|----------|------------------| -|Number of domain-joined computers that support Active Directory-based activation (computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2) and will connect to a domain controller at least every 180 days. Computers can be mobile, semi-isolated, or located in a branch office or the core network. |Active Directory-based activation | -|Number of computers in the core network that will connect (directly or through a VPN) at least every 180 days

Note
The core network must meet the KMS activation threshold. |KMS (central) | -|Number of computers that do not connect to the network at least once every 180 days (or if no network meets the activation threshold) |MAM | -|Number of computers in semi-isolated networks that have connectivity to the KMS in the core network |KMS (central) | -|Number of computers in isolated networks where the KMS activation threshold is met |KMS (local) | -|Number of computers in isolated networks where the KMS activation threshold is not met |MAK | -|Number of computers in test and development labs that will not be activated |None| -|Number of computers that do not have a retail volume license |Retail (online or phone) | -|Number of computers that do not have an OEM volume license |OEM (at factory) | -|Total number of computer activations

Note
This total should match the total number of licensed computers in your organization. | - -## Choosing and acquiring keys - -When you know which keys you need, you must obtain them. Generally speaking, volume licensing keys are collected in two ways: -- Go to the **Product Keys** section of the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkID=618213) for the following agreements: Open, Open Value, Select, Enterprise, and Services Provider License. -- Contact your [Microsoft Activation Center](https://go.microsoft.com/fwlink/p/?LinkId=618264). - -### KMS host keys - -A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is usually referred to as the *KMS host key*, but it is formally known as a *Microsoft Customer Specific Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools. - -A KMS host running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate both Windows Server and Windows client operating systems. A KMS host key is also needed to create the activation objects in AD DS, as described later in this guide. You will need a KMS host key for any KMS that you want to set up and if you are going to use Active Directory-based activation. - -### Generic volume licensing keys - -When you create installation media or images for client computers that will be activated by KMS or Active Directory-based activation, install a generic volume license key (GVLK) for the edition of Windows you are creating. GVLKs are also referred to as KMS client setup keys. - -Installation media from Microsoft for Enterprise editions of the Windows operating system may already contain the GVLK. One GVLK is available for each type of installation. Note that the GLVK will not activate the software against Microsoft activation servers, only against a KMS or Active Directory-based activation object. In other words, the GVLK does not work unless a valid KMS host key can be found. GVLKs are the only product keys that do not need to be kept confidential. - -Typically, you will not need to manually enter a GVLK unless a computer has been activated with a MAK or a retail key and it is being converted to a KMS activation or to Active Directory-based activation. If you need to locate the GVLK for a particular client edition, see [Appendix A: KMS Client Setup Keys](https://technet.microsoft.com/library/jj612867.aspx). - -### Multiple activation keys - -You will also need MAK keys with the appropriate number of activations available. You can see how many times a MAK has been used on the Volume Licensing Service Center website or in the VAMT. - -## Selecting a KMS host - -The KMS does not require a dedicated server. It can be cohosted with other services, such as AD DS domain controllers and read-only domain controllers. -KMS hosts can run on physical computers or virtual machines that are running any supported Windows operating system. A KMS host that is running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate any Windows client or server operating system that supports volume activation. A KMS host that is running Windows 10 can activate only computers running Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista. -A single KMS host can support unlimited numbers of KMS clients, but Microsoft recommends deploying a minimum of two KMS hosts for failover purposes. However, as more clients are activated through Active Directory-based activation, the KMS and the redundancy of the KMS will become less important. Most organizations can use as few as two KMS hosts for their entire infrastructure. - -The flow of KMS activation is shown in Figure 3, and it follows this sequence: - -1. An administrator uses the VAMT console to configure a KMS host and install a KMS host key. -2. Microsoft validates the KMS host key, and the KMS host starts to listen for requests. -3. The KMS host updates resource records in DNS to allow clients to locate the KMS host. (Manually adding DNS records is required if your environment does not support DNS dynamic update protocol.) -4. A client configured with a GVLK uses DNS to locate the KMS host. -5. The client sends one packet to the KMS host. -6. The KMS host records information about the requesting client (by using a client ID). Client IDs are used to maintain the count of clients and detect when the same computer is requesting activation again. The client ID is only used to determine whether the activation thresholds are met. The IDs are not stored permanently or transmitted to Microsoft. If the KMS is restarted, the client ID collection starts again. -7. If the KMS host has a KMS host key that matches the products in the GVLK, the KMS host sends a single packet back to the client. This packet contains a count of the number of computers that have requested activation from this KMS host. -8. If the count exceeds the activation threshold for the product that is being activated, the client is activated. If the activation threshold has not yet been met, the client will try again. - -![KMS activation flow](../images/volumeactivationforwindows81-03.jpg) - -**Figure 3**. KMS activation flow - -## See also -- [Volume Activation for Windows 10](volume-activation-windows-10.md) - - +--- +title: Plan for volume activation (Windows 10) +description: Product activation is the process of validating software with the manufacturer after it has been installed on a specific computer. +ms.assetid: f84b005b-c362-4a70-a84e-4287c0d2e4ca +ms.reviewer: +manager: laurawi +ms.author: greglin +keywords: vamt, volume activation, activation, windows activation +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: activation +audience: itpro +author: greg-lindsay +ms.localizationpriority: medium +ms.topic: article +--- + +# Plan for volume activation + +**Applies to** +- Windows 10 +- Windows 8.1 +- Windows 8 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2012 +- Windows Server 2008 R2 + +**Looking for retail activation?** + +- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) + +*Product activation* is the process of validating software with the manufacturer after it has been installed on a specific computer. Activation confirms that the product is genuine—not a fraudulent copy—and that the product key or serial number is valid and has not been compromised or revoked. Activation also establishes a link or relationship between the product key and the particular installation. + +During the activation process, information about the specific installation is examined. For online activations, this information is sent to a server at Microsoft. This information may include the software version, the product key, the IP address of the computer, and information about the device. The activation methods that Microsoft uses are designed to help protect user privacy, and they cannot be used to track back to the computer or user. The gathered data confirms that the software is a legally licensed copy, and this data is used for statistical analysis. Microsoft does not use this information to identify or contact the user or the organization. + +>[!NOTE] +>The IP address is used only to verify the location of the request, because some editions of Windows (such as “Starter” editions) can only be activated within certain geographical target markets. + +## Distribution channels and activation + +In general, Microsoft software is obtained through three main channels: retail, original equipment manufacturer (OEM), and volume licensing agreements. Different activations methods are available through each channel. Because organizations are free to obtain software through multiple channels (for example, buying some at retail and others through a volume licensing program) most organizations choose to use a combination of activation methods. + +### Retail activations + +The retail activation method has not changed in several versions of Windows and Windows Server. Each purchased copy comes with one unique product key (often referred to as a retail key). The user enters this key during product installation. The computer uses this retail key to complete the activation after the installation is complete. Most activations are performed online, but telephone activation is also available. +Recently, retail keys have been expanded into new distribution scenarios. Product key cards are available to activate products that have been preinstalled or downloaded. Programs such as Windows Anytime Upgrade and Get Genuine allow users to acquire legal keys separately from the software. These electronically distributed keys may come with media that contains software, they can come as a software shipment, or they may be provided on a printed card or electronic copy. Products are activated the same way with any of these retail keys. + +### Original equipment manufacturer + +Most original equipment manufacturers (OEMs) sell systems that include a standard build of the Windows operating system. The hardware vendor activates Windows by associating the operating system with the firmware (BIOS) of the computer. This occurs before the computer is sent to the customer, and no additional actions are required. +OEM activation is valid as long as the customer uses the OEM-provided image on the system. OEM activation is available only for computers that are purchased through OEM channels and have the Windows operating system preinstalled. + +### Volume licensing + +Volume licensing offers customized programs that are tailored to the size and purchasing preference of the organization. To become a volume licensing customer, the organization must set up a volume licensing agreement with Microsoft.There is a common misunderstanding about acquiring licenses for a new computer through volume licensing. There are two legal ways to acquire a full Windows client license for a new computer: +- Have the license preinstalled through the OEM. +- Purchase a fully packaged retail product. + +The licenses that are provided through volume licensing programs such as Open License, Select License, and Enterprise Agreements cover upgrades to Windows client operating systems only. An existing retail or OEM operating system license is needed for each computer running Windows 10, Windows 8.1 Pro, Windows 8 Pro, Windows 7 Professional or Ultimate, or Windows XP Professional before the upgrade rights obtained through volume licensing can be exercised. +Volume licensing is also available through certain subscription or membership programs, such as the Microsoft Partner Network and MSDN. These volume licenses may contain specific restrictions or other changes to the general terms applicable to volume licensing. + +**Note**   +Some editions of the operating system, such as Windows 10 Enterprise, and some editions of application software are available only through volume licensing agreements or subscriptions. + +## Activation models + +For a user or IT department, there are no significant choices about how to activate products that are acquired through retail or OEM channels. The OEM performs the activation at the factory, and the user or the IT department need take no activation steps. + +With a retail product, the Volume Activation Management Tool (VAMT), which is discussed later in this guide, helps you track and manage keys. For each retail activation, you can choose: +- Online activation +- Telephone activation +- VAMT proxy activation + +Telephone activation is primarily used in situations where a computer is isolated from all networks. VAMT proxy activation (with retail keys) is sometimes used when an IT department wants to centralize retail activations or when a computer with a retail version of the operating system is isolated from the Internet but connected to the LAN. For volume-licensed products, however, you must determine the best method or combination of methods to use in your environment. For Windows 10 Pro and Enterprise, you can choose from three models: +- MAKs +- KMS +- Active Directory-based activation + +**Note**   +Token-based activation is available for specific situations when approved customers rely on a public key infrastructure in an isolated and high-security environment. For more information, contact your Microsoft Account Team or your service representative. +Token-based Activation option is available for Windows 10 Enterprise LTSB editions (Version 1507 and 1607). + +### Multiple activation key + +A Multiple Activation Key (MAK) is commonly used in small- or mid-sized organizations that have a volume licensing agreement, but they do not meet the requirements to operate a KMS or they prefer a simpler approach. A MAK also +allows permanent activation of computers that are isolated from the KMS or are part of an isolated network that does not have enough computers to use the KMS. + +To use a MAK, the computers to be activated must have a MAK installed. The MAK is used for one-time activation with the Microsoft online hosted activation services, by telephone, or by using VAMT proxy activation. +In the simplest terms, a MAK acts like a retail key, except that a MAK is valid for activating multiple computers. Each MAK can be used a specific number of times. The VAMT can assist in tracking the number of activations that have been performed with each key and how many remain. + +Organizations can download MAK and KMS keys from the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkId=618213) website. Each MAK has a preset number of activations, which are based on a percentage of the count of licenses the organization purchases; however, you can increase the number of activations that are available with your MAK by calling Microsoft. + +### Key Management Service + +With the Key Management Service (KMS), IT pros can complete activations on their local network, eliminating the need for individual computers to connect to Microsoft for product activation. The KMS is a lightweight service that does not require a dedicated system and can easily be cohosted on a system that provides other services. + +Volume editions of Windows 10 and Windows Server 2012 R2 (in addition to volume editions of operating system editions since Windows Vista and Windows Server 2008) automatically connect to a system that hosts the KMS to request activation. No action is required from the user. + +The KMS requires a minimum number of computers (physical computers or virtual machines) in a network environment. The organization must have at least five computers to activate Windows Server 2012 R2 and at least 25 computers to activate client computers that are running Windows 10. These minimums are referred to as *activation thresholds*. + +Planning to use the KMS includes selecting the best location for the KMS host and how many KMS hosts to have. One KMS host can handle a large number of activations, but organizations will often deploy two KMS hosts to ensure availability. Only rarely will more than two KMS hosts be used. The KMS can be hosted on a client computer or on a server, and it can be run on older versions of the operating system if proper configuration steps are taken. Setting up your KMS is discussed later in this guide. + +### Active Directory-based activation + +Active Directory-based activation is the newest type of volume activation, and it was introduced in Windows 8. In many ways, Active Directory-based activation is similar to activation by using the KMS, but the activated computer does not need to maintain periodic connectivity with the KMS host. Instead, a domain-joined computer running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 queries AD DS for a volume activation object that is stored in the domain. The operating system checks the digital signatures that are contained in the activation object, and then activates the device. + +Active Directory-based activation allows enterprises to activate computers through a connection to their domain. Many companies have computers at remote or branch locations, where it is impractical to connect to a KMS, or would not reach the KMS activation threshold. Rather than use MAKs, Active Directory-based activation provides a way to activate computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 as long as the computers can contact the company’s domain. Active Directory-based activation offers the advantage of extending volume activation services everywhere you already have a domain presence. + +## Network and connectivity + +A modern business network has many nuances and interconnections. This section examines evaluating your network and the connections that are available to determine how volume activations will occur. + +### Core network + +Your core network is that part of your network that enjoys stable, high-speed, reliable connectivity to infrastructure servers. In many cases, the core network is also connected to the Internet, although that is not a requirement to use the KMS or Active Directory-based activation after the KMS server or AD DS is configured and active. Your core network likely consists of many network segments. In many organizations, the core network makes up the vast majority of the business network. + +In the core network, a centralized KMS solution is recommended. You can also use Active Directory-based activation, but in many organizations, KMS will still be required to activate older client computers and computers that are not joined to the domain. Some administrators prefer to run both solutions to have the most flexibility, while others prefer to choose only a KMS-based solution for simplicity. Active Directory-based activation as the only solution is workable if all of the clients in your organization are running Windows 10, Windows 8.1, or Windows 8. + +A typical core network that includes a KMS host is shown in Figure 1. + +![Typical core network](../images/volumeactivationforwindows81-01.jpg) + +**Figure 1**. Typical core network + +### Isolated networks + +In a large network, it is all but guaranteed that some segments will be isolated, either for security reasons or because of geography or connectivity issues. + +**Isolated for security** + +Sometimes called a *high-security zone*, a particular network segment may be isolated from the core network by a firewall or disconnected from other networks totally. The best solution for activating computers in an isolated network depends on the security policies in place in the organization. + +If the isolated network can access the core network by using outbound requests on TCP port 1688, and it is allowed to receive remote procedure calls (RPCs), you can perform activation by using the KMS in the core network, thereby avoiding the need to reach additional activation thresholds. + +If the isolated network participates fully in the corporate forest, and it can make typical connections to domain controllers, such as using Lightweight Directory Access Protocol (LDAP) for queries and Domain Name Service (DNS) for name resolution, this is a good opportunity to use Active Directory-based activation for Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012 R2. + +If the isolated network cannot communicate with the core network’s KMS server, and it cannot use Active Directory-based activation, you can set up a KMS host in the isolated network. This configuration is shown in Figure 2. However, if the isolated network contains only a few computers, it will not reach the KMS activation threshold. In that case, you can activate by using MAKs. + +If the network is fully isolated, MAK-independent activation would be the recommended choice, perhaps using the telephone option. But VAMT proxy activation may also be possible. You can also use MAKs to activate new computers during setup, before they are placed in the isolated network. + +![New KMS host in an isolated network](../images/volumeactivationforwindows81-02.jpg) + +**Figure 2**. New KMS host in an isolated network + +**Branch offices and distant networks** +From mining operations to ships at sea, organizations often have a few computers that are not easily connected to the core network or the Internet. Some organizations have network segments at branch offices that are large and well-connected internally, but have a slow or unreliable WAN link to the rest of the organization. In these situations, you have several options: +- **Active Directory-based activation**. In any site where the client computers are running Windows 10, Active Directory-based activation is supported, and it can be activated by joining the domain. +- **Local KMS**. If a site has 25 or more client computers, it can activate against a local KMS server. +- **Remote (core) KMS**. If the remote site has connectivity to an existing KMS (perhaps through a virtual private network (VPN) to the core network), that KMS can be used. Using the existing KMS means that you only need to meet the activation threshold on that server. +- **MAK activation**. If the site has only a few computers and no connectivity to an existing KMS host, MAK activation is the best option. + +### Disconnected computers + +Some users may be in remote locations or may travel to many locations. This scenario is common for roaming clients, such as the computers that are used by salespeople or other users who are offsite but not at branch locations. This scenario can also apply to remote branch office locations that have no connection to the core network. You can consider this an “isolated network,” where the number of computers is one. Disconnected computers can use Active Directory-based activation, the KMS, or MAK depending on the client version and how often the computers connect to the core network. +If the computer is joined to the domain and running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 8, you can use Active Directory-based activation—directly or through a VPN—at least once every 180 days. If the computer connects to a network with a KMS host at least every 180 days, but it does not support Active Directory-based activation, you can use KMS activation. Otherwise for computers that rarely or never connect to the network, use MAK independent activation (by using the telephone or the Internet). + +### Test and development labs + +Lab environments often have large numbers of virtual machines, and physical computers and virtual machines in labs are reconfigured frequently. Therefore, first determine whether the computers in test and development labs require activation. Editions of Windows 10 that include volume licensing will operate normally, even if they cannot activate immediately. +If you have ensured that your test or development copies of the operating system are within the license agreement, you may not need to activate the lab computers if they will be rebuilt frequently. If you require that the lab computers be activated, treat the lab as an isolated network and use the methods described earlier in this guide. +In labs that have a high turnover of computers and a small number of KMS clients, you must monitor the KMS activation count. You might need to adjust the time that the KMS caches the activation requests. The default is 30 days. + +## Mapping your network to activation methods + +Now it’s time to assemble the pieces into a working solution. By evaluating your network connectivity, the numbers of computers you have at each site, and the operating system versions in use in your environment, you have collected the information you need to determine which activation methods will work best for you. You can fill-in information in Table 1 to help you make this determination. + +**Table 1**. Criteria for activation methods + +|Criterion |Activation method | +|----------|------------------| +|Number of domain-joined computers that support Active Directory-based activation (computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2) and will connect to a domain controller at least every 180 days. Computers can be mobile, semi-isolated, or located in a branch office or the core network. |Active Directory-based activation | +|Number of computers in the core network that will connect (directly or through a VPN) at least every 180 days

Note
The core network must meet the KMS activation threshold. |KMS (central) | +|Number of computers that do not connect to the network at least once every 180 days (or if no network meets the activation threshold) | MAK | +|Number of computers in semi-isolated networks that have connectivity to the KMS in the core network |KMS (central) | +|Number of computers in isolated networks where the KMS activation threshold is met |KMS (local) | +|Number of computers in isolated networks where the KMS activation threshold is not met |MAK | +|Number of computers in test and development labs that will not be activated |None| +|Number of computers that do not have a retail volume license |Retail (online or phone) | +|Number of computers that do not have an OEM volume license |OEM (at factory) | +|Total number of computer activations

Note
This total should match the total number of licensed computers in your organization. | + +## Choosing and acquiring keys + +When you know which keys you need, you must obtain them. Generally speaking, volume licensing keys are collected in two ways: +- Go to the **Product Keys** section of the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkID=618213) for the following agreements: Open, Open Value, Select, Enterprise, and Services Provider License. +- Contact your [Microsoft Activation Center](https://go.microsoft.com/fwlink/p/?LinkId=618264). + +### KMS host keys + +A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is usually referred to as the *KMS host key*, but it is formally known as a *Microsoft Customer Specific Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools. + +A KMS host running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate both Windows Server and Windows client operating systems. A KMS host key is also needed to create the activation objects in AD DS, as described later in this guide. You will need a KMS host key for any KMS that you want to set up and if you are going to use Active Directory-based activation. + +### Generic volume licensing keys + +When you create installation media or images for client computers that will be activated by KMS or Active Directory-based activation, install a generic volume license key (GVLK) for the edition of Windows you are creating. GVLKs are also referred to as KMS client setup keys. + +Installation media from Microsoft for Enterprise editions of the Windows operating system may already contain the GVLK. One GVLK is available for each type of installation. The GLVK will not activate the software against Microsoft activation servers, but rather against a KMS or Active Directory-based activation object. In other words, the GVLK does not work unless a valid KMS host key can be found. GVLKs are the only product keys that do not need to be kept confidential. + +Typically, you will not need to manually enter a GVLK unless a computer has been activated with a MAK or a retail key and it is being converted to a KMS activation or to Active Directory-based activation. If you need to locate the GVLK for a particular client edition, see [Appendix A: KMS Client Setup Keys](https://technet.microsoft.com/library/jj612867.aspx). + +### Multiple activation keys + +You will also need MAK keys with the appropriate number of activations available. You can see how many times a MAK has been used on the Volume Licensing Service Center website or in the VAMT. + +## Selecting a KMS host + +The KMS does not require a dedicated server. It can be cohosted with other services, such as AD DS domain controllers and read-only domain controllers. +KMS hosts can run on physical computers or virtual machines that are running any supported Windows operating system. A KMS host that is running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate any Windows client or server operating system that supports volume activation. A KMS host that is running Windows 10 can activate only computers running Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista. +A single KMS host can support unlimited numbers of KMS clients, but Microsoft recommends deploying a minimum of two KMS hosts for failover purposes. However, as more clients are activated through Active Directory-based activation, the KMS and the redundancy of the KMS will become less important. Most organizations can use as few as two KMS hosts for their entire infrastructure. + +The flow of KMS activation is shown in Figure 3, and it follows this sequence: + +1. An administrator uses the VAMT console to configure a KMS host and install a KMS host key. +2. Microsoft validates the KMS host key, and the KMS host starts to listen for requests. +3. The KMS host updates resource records in DNS to allow clients to locate the KMS host. (Manually adding DNS records is required if your environment does not support DNS dynamic update protocol.) +4. A client configured with a GVLK uses DNS to locate the KMS host. +5. The client sends one packet to the KMS host. +6. The KMS host records information about the requesting client (by using a client ID). Client IDs are used to maintain the count of clients and detect when the same computer is requesting activation again. The client ID is only used to determine whether the activation thresholds are met. The IDs are not stored permanently or transmitted to Microsoft. If the KMS is restarted, the client ID collection starts again. +7. If the KMS host has a KMS host key that matches the products in the GVLK, the KMS host sends a single packet back to the client. This packet contains a count of the number of computers that have requested activation from this KMS host. +8. If the count exceeds the activation threshold for the product that is being activated, the client is activated. If the activation threshold has not yet been met, the client will try again. + +![KMS activation flow](../images/volumeactivationforwindows81-03.jpg) + +**Figure 3**. KMS activation flow + +## See also +- [Volume Activation for Windows 10](volume-activation-windows-10.md) + + diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index 8ceb4e28f5..2c105278f6 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -85,13 +85,26 @@ For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & - Azure Active Directory (Azure AD) available for identity management. - Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported. - >[!NOTE] - >An issue has been identified with Hybrid Azure AD joined devices that have enabled [multi-factor authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription. To resolve this issue, the user must either sign in with an Azure Active Directory account, or you must disable MFA for this user during the 30-day polling period and renewal. - For Microsoft customers that do not have EA or MPSA, you can obtain Windows 10 Enterprise E3/E5 or A3/A5 through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses, with the exception that Windows 10 Enterprise E3 is also available through CSP to devices running Windows 10, version 1607. For more information about obtaining Windows 10 Enterprise E3 through your CSP, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md). If devices are running Windows 7 or Windows 8.1, see [New Windows 10 upgrade benefits for Windows Cloud Subscriptions in CSP](https://blogs.windows.com/business/2017/01/19/new-windows-10-upgrade-benefits-windows-cloud-subscriptions-csp/) +#### Muti-factor authentication + +An issue has been identified with Hybrid Azure AD joined devices that have enabled [multi-factor authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription. + +To resolve this issue: + +If the device is running Windows 10, version 1703 or 1709, the user must either sign in with an Azure AD account, or you must disable MFA for this user during the 30-day polling period and renewal. + +If the device is running Windows 10, version 1803 or later: +1. Windows 10, version 1803 must be updated with [KB4497934](https://support.microsoft.com/help/4497934/windows-10-update-kb4497934). Later versions of Windows 10 automatically include this patch. +2. When the user signs in on a Hybrid Azure AD joined device with MFA enabled, a notification will indicate that there is a problem. Click the notification and then click **Fix now** to step through the subscription activation process. See the example below: + +![Subscription Activation with MFA1](images/sa-mfa1.png)
+![Subscription Activation with MFA2](images/sa-mfa2.png)
+![Subscription Activation with MFA2](images/sa-mfa3.png) + ### Windows 10 Education requirements 1. Windows 10 Pro Education, version 1903 or later installed on the devices to be upgraded. diff --git a/windows/deployment/windows-autopilot/autopilot-update.md b/windows/deployment/windows-autopilot/autopilot-update.md index 9a5f1765eb..db4094b8a8 100644 --- a/windows/deployment/windows-autopilot/autopilot-update.md +++ b/windows/deployment/windows-autopilot/autopilot-update.md @@ -40,7 +40,7 @@ The following diagram illustrates a typical Windows Autopilot deployment orchest - When an Autopilot update is available, it is typically released on the 4th Tuesday of the month. The update could be released on a different week if there is an exception. - A knowledge base (KB) article will also be published to document the changes that are included in the update. -See [Autopilot update history](windows-autopilot-whats-new.md#windows-autopilot-update-history). +For a list of released updates, see [Autopilot update history](windows-autopilot-whats-new.md#windows-autopilot-update-history). ## See also diff --git a/windows/deployment/windows-autopilot/white-glove.md b/windows/deployment/windows-autopilot/white-glove.md index 7aacf56861..9fd9e87869 100644 --- a/windows/deployment/windows-autopilot/white-glove.md +++ b/windows/deployment/windows-autopilot/white-glove.md @@ -96,6 +96,9 @@ If the pre-provisioning process completes successfully: ![white-glove-result](images/white-glove-result.png) - Click **Reseal** to shut the device down. At that point, the device can be shipped to the end user. +>[!NOTE] +>Technician Flow inherits behavior from [Self-Deploying Mode](self-deploying.md). Per the Self-Deploying Mode documentation, it leverages the Enrollment Status Page to hold the device in a provisioning state and prevent the user from proceeding to the desktop after enrollment but before software and configuration is done applying. As such, if Enrollment Status Page is disabled, the reseal button may appear before software and configuration is done applying letting you proceed to the user flow before technician flow provisioning is complete. The green screen validates that enrollment was successful, not that the technician flow is necessarily complete. + If the pre-provisioning process fails: - A red status screen will be displayed with information about the device, including the same details presented previously (e.g. Autopilot profile, organization name, assigned user, QR code), as well as the elapsed time for the pre-provisioning steps. - Diagnostic logs can be gathered from the device, and then it can be reset to start the process over again. diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md index 80be0dc299..e11c96bd77 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md @@ -82,6 +82,7 @@ If the Microsoft Store is not accessible, the AutoPilot process will still conti
Intel- https://ekop.intel.com/ekcertservice
Qualcomm- https://ekcert.spserv.microsoft.com/EKCertificate/GetEKCertificate/v1
AMD- https://ftpm.amd.com/pki/aia +
Infineon- https://pki.infineon.com

## Licensing requirements diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset.md b/windows/deployment/windows-autopilot/windows-autopilot-reset.md index d0424dce3f..4aab58218f 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-reset.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-reset.md @@ -9,7 +9,8 @@ ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library ms.pagetype: deploy -audience: itpro author: greg-lindsay +audience: itpro +author: greg-lindsay ms.author: greglin ms.collection: M365-modern-desktop ms.topic: article @@ -31,7 +32,9 @@ The Windows Autopilot Reset process automatically retains information from the e - Azure Active Directory device membership and MDM enrollment information. Windows Autopilot Reset will block the user from accessing the desktop until this information is restored, including re-applying any provisioning packages. For devices enrolled in an MDM service, Windows Autopilot Reset will also block until an MDM sync is completed. - +When Autopilot reset is used on a device, the device's primary user will be removed. The next user who signs in after the reset will be set as the primary user. + + >[!NOTE] >The Autopilot Reset does not support Hybrid Azure AD joined devices. diff --git a/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md b/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md index 7a40f71943..81dcb6e9c2 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-whats-new.md @@ -25,9 +25,9 @@ ms.topic: article ## Windows Autopilot update history -Check back here soon for a link to the latest update. +The following [Windows Autopilot updates](autopilot-update.md) are available. **Note**: Updates are automatically downloaded and applied during the Windows Autopilot deployment process. -See [Windows Autopilot update](autopilot-update.md) for more information. +No updates are available yet. Check back here later for more information. ## New in Windows 10, version 1903 diff --git a/windows/hub/docfx.json b/windows/hub/docfx.json index b850fee41f..07a8ea153b 100644 --- a/windows/hub/docfx.json +++ b/windows/hub/docfx.json @@ -46,7 +46,8 @@ "depot_name": "MSDN.windows-hub", "folder_relative_path_in_docset": "./" } - } + }, + "titleSuffix": "Windows 10 for IT Pros" }, "fileMetadata": {}, "template": [], diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md index 824be067b1..fd70d1e3bd 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md @@ -8,12 +8,12 @@ ms.sitesec: library ms.pagetype: security localizationpriority: high author: brianlic-msft -ms.author: dansimp +ms.author: brianlic manager: dansimp ms.collection: M365-security-compliance ms.topic: article audience: ITPro -ms.date: 12/04/2019 +ms.date: 12/10/2019 --- @@ -21,8 +21,8 @@ ms.date: 12/04/2019 **Applies to** -- Windows 10, version 1903 - Windows 10, version 1909 +- Windows 10, version 1903 The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. When the level is set to Basic, it also includes the Security level information. @@ -42,11 +42,13 @@ You can learn more about Windows functional and diagnostic data through these ar - [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) + + ## AppLocker events ### Microsoft.Windows.Security.AppLockerCSP.AddParams -Parameters passed to Add function of the AppLockerCSP Node. +This event indicates the parameters passed to the Add function of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. The following fields are available: @@ -56,13 +58,13 @@ The following fields are available: ### Microsoft.Windows.Security.AppLockerCSP.AddStart -Start of "Add" Operation for the AppLockerCSP Node. +This event indicates the start of an Add operation for the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. ### Microsoft.Windows.Security.AppLockerCSP.AddStop -End of "Add" Operation for AppLockerCSP Node. +This event indicates the end of an Add operation for the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. The following fields are available: @@ -71,7 +73,7 @@ The following fields are available: ### Microsoft.Windows.Security.AppLockerCSP.CAppLockerCSP::Commit -This event returns information about the “Commit” operation in AppLockerCSP. +This event returns information about the Commit operation in the AppLocker Configuration Service Provider (CSP) to help keep Windows secure.. The following fields are available: @@ -81,7 +83,7 @@ The following fields are available: ### Microsoft.Windows.Security.AppLockerCSP.CAppLockerCSP::Rollback -Result of the 'Rollback' operation in AppLockerCSP. +This event provides the result of the Rollback operation in the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. The following fields are available: @@ -91,7 +93,7 @@ The following fields are available: ### Microsoft.Windows.Security.AppLockerCSP.ClearParams -Parameters passed to the "Clear" operation for AppLockerCSP. +This event provides the parameters passed to the Clear operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. The following fields are available: @@ -100,40 +102,22 @@ The following fields are available: ### Microsoft.Windows.Security.AppLockerCSP.ClearStart -Start of the "Clear" operation for the AppLockerCSP Node. +This event indicates the start of the Clear operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. ### Microsoft.Windows.Security.AppLockerCSP.ClearStop -End of the "Clear" operation for the AppLockerCSP node. +This event indicates the end of the Clear operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. The following fields are available: - **hr** HRESULT reported at the end of the 'Clear' function. -### Microsoft.Windows.Security.AppLockerCSP.ConfigManagerNotificationStart - -Start of the "ConfigManagerNotification" operation for AppLockerCSP. - -The following fields are available: - -- **NotifyState** State sent by ConfigManager to AppLockerCSP. - - -### Microsoft.Windows.Security.AppLockerCSP.ConfigManagerNotificationStop - -End of the "ConfigManagerNotification" operation for AppLockerCSP. - -The following fields are available: - -- **hr** HRESULT returned by the ConfigManagerNotification function in AppLockerCSP. - - ### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceParams -Parameters passed to the CreateNodeInstance function of the AppLockerCSP node. +This event provides the parameters that were passed to the Create Node Instance operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. The following fields are available: @@ -144,13 +128,13 @@ The following fields are available: ### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceStart -Start of the "CreateNodeInstance" operation for the AppLockerCSP node. +This event indicates the start of the Create Node Instance operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. ### Microsoft.Windows.Security.AppLockerCSP.CreateNodeInstanceStop -End of the "CreateNodeInstance" operation for the AppLockerCSP node +This event indicates the end of the Create Node Instance operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. The following fields are available: @@ -159,7 +143,7 @@ The following fields are available: ### Microsoft.Windows.Security.AppLockerCSP.DeleteChildParams -Parameters passed to the DeleteChild function of the AppLockerCSP node. +This event provides the parameters passed to the Delete Child operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. The following fields are available: @@ -169,13 +153,13 @@ The following fields are available: ### Microsoft.Windows.Security.AppLockerCSP.DeleteChildStart -Start of the "DeleteChild" operation for the AppLockerCSP node. +This event indicates the start of the Delete Child operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. ### Microsoft.Windows.Security.AppLockerCSP.DeleteChildStop -End of the "DeleteChild" operation for the AppLockerCSP node. +This event indicates the end of the Delete Child operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. The following fields are available: @@ -184,7 +168,7 @@ The following fields are available: ### Microsoft.Windows.Security.AppLockerCSP.EnumPolicies -Logged URI relative to %SYSTEM32%\AppLocker, if the Plugin GUID is null, or the CSP doesn't believe the old policy is present. +This event provides the logged Uniform Resource Identifier (URI) relative to %SYSTEM32%\AppLocker if the plug-in GUID is null or the Configuration Service Provider (CSP) doesn't believe the old policy is present. The following fields are available: @@ -193,7 +177,7 @@ The following fields are available: ### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesParams -Parameters passed to the GetChildNodeNames function of the AppLockerCSP node. +This event provides the parameters passed to the Get Child Node Names operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. The following fields are available: @@ -202,13 +186,13 @@ The following fields are available: ### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesStart -Start of the "GetChildNodeNames" operation for the AppLockerCSP node. +This event indicates the start of the Get Child Node Names operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. ### Microsoft.Windows.Security.AppLockerCSP.GetChildNodeNamesStop -End of the "GetChildNodeNames" operation for the AppLockerCSP node. +This event indicates the end of the Get Child Node Names operation of the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. The following fields are available: @@ -219,7 +203,7 @@ The following fields are available: ### Microsoft.Windows.Security.AppLockerCSP.GetLatestId -The result of 'GetLatestId' in AppLockerCSP (the latest time stamped GUID). +This event provides the latest time-stamped unique identifier in the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. The following fields are available: @@ -229,7 +213,7 @@ The following fields are available: ### Microsoft.Windows.Security.AppLockerCSP.HResultException -HRESULT thrown by any arbitrary function in AppLockerCSP. +This event provides the result code (HRESULT) generated by any arbitrary function in the AppLocker Configuration Service Provider (CSP). The following fields are available: @@ -239,26 +223,9 @@ The following fields are available: - **line** Line in the file in the OS code base in which the exception occurs. -### Microsoft.Windows.Security.AppLockerCSP.IsDependencySatisfiedStart - -Indicates the start of a call to the IsDependencySatisfied function in the Configuration Service Provider (CSP). - - - -### Microsoft.Windows.Security.AppLockerCSP.IsDependencySatisfiedStop - -Indicates the end of an IsDependencySatisfied function call in the Configuration Service Provider (CSP). - -The following fields are available: - -- **edpActive** Indicates whether enterprise data protection is active. -- **hr** HRESULT that is reported. -- **internalHr** Internal HRESULT that is reported. - - ### Microsoft.Windows.Security.AppLockerCSP.SetValueParams -Parameters passed to the SetValue function of the AppLockerCSP node. +This event provides the parameters that were passed to the SetValue operation in the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. The following fields are available: @@ -268,7 +235,7 @@ The following fields are available: ### Microsoft.Windows.Security.AppLockerCSP.SetValueStart -Start of the "SetValue" operation for the AppLockerCSP node. +This event indicates the start of the SetValue operation in the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. @@ -283,7 +250,7 @@ The following fields are available: ### Microsoft.Windows.Security.AppLockerCSP.TryRemediateMissingPolicies -EntryPoint of fix step or policy remediation, includes URI relative to %SYSTEM32%\AppLocker that needs to be fixed. +This event provides information for fixing a policy in the AppLocker Configuration Service Provider (CSP) to help keep Windows secure. It includes Uniform Resource Identifier (URI) relative to %SYSTEM32%\AppLocker that needs to be fixed. The following fields are available: @@ -298,132 +265,207 @@ This event lists the types of objects and how many of each exist on the client d The following fields are available: -- **DatasourceApplicationFile_19A** The count of the number of this particular object type present on this device. -- **DatasourceApplicationFile_19ASetup** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_19H1** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_19H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_20H1** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_20H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. +- **DatasourceApplicationFile_RS2** An ID for the system, calculated by hashing hardware identifiers. +- **DatasourceApplicationFile_RS3** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_RS4** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_RS5** The count of the number of this particular object type present on this device. -- **DatasourceApplicationFile_RS5Setup** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_TH1** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_TH2** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_19A** The count of the number of this particular object type present on this device. -- **DatasourceDevicePnp_19ASetup** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_19H1** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_19H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_20H1** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_20H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device. +- **DatasourceDevicePnp_RS2** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_RS3** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_RS3Setup** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_RS4** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_RS4Setup** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_RS5** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_RS5Setup** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_TH1** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_TH2** The count of the number of this particular object type present on this device. -- **DatasourceDriverPackage_19A** The count of the number of this particular object type present on this device. -- **DatasourceDriverPackage_19ASetup** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_19H1** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_19H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_20H1** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_20H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_RS1** The total DataSourceDriverPackage objects targeting Windows 10 version 1607 on this device. +- **DatasourceDriverPackage_RS2** The total DataSourceDriverPackage objects targeting Windows 10, version 1703 on this device. +- **DatasourceDriverPackage_RS3** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_RS3Setup** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_RS4** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_RS4Setup** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_RS5** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_RS5Setup** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_TH1** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_TH2** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_19A** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_19ASetup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_19H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_19H1Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_20H1** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_20H1Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_RS1** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device. +- **DataSourceMatchingInfoBlock_RS2** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_RS3** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_RS4** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_RS5** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoBlock_RS5Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_TH1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_TH2** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_19A** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_19ASetup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_19H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_19H1Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_20H1** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_20H1Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_RS1** The total DataSourceMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. +- **DataSourceMatchingInfoPassive_RS2** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_RS3** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_RS4** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_RS5** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_RS5Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_TH1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_TH2** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_19A** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_19ASetup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPoltUpgrade_20H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_19H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_19H1Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_20H1** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_20H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. +- **DataSourceMatchingInfoPostUpgrade_RS2** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device. +- **DataSourceMatchingInfoPostUpgrade_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device. - **DataSourceMatchingInfoPostUpgrade_RS4** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_RS5** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPostUpgrade_RS5Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_TH1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_TH2** The count of the number of this particular object type present on this device. -- **DatasourceSystemBios_19A** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_19ASetup** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_19H1** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_19H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_20H1** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_20H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_RS1** The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device. +- **DatasourceSystemBios_RS2** The total DatasourceSystemBios objects targeting Windows 10 version 1703 present on this device. +- **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting Windows 10 version 1709 present on this device. +- **DatasourceSystemBios_RS3Setup** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_RS4** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_RS4Setup** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_RS5** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_RS5Setup** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_TH1** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_TH2** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_19A** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_19ASetup** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_19H1** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_19H1Setup** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_20H1** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_RS1** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_RS2** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_RS3** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS4** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS5** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_RS5Setup** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_TH1** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_TH2** The count of the number of this particular object type present on this device. -- **DecisionDevicePnp_19A** The count of the number of this particular object type present on this device. -- **DecisionDevicePnp_19ASetup** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_19H1** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_19H1Setup** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_20H1** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_RS1** The total DecisionDevicePnp objects targeting Windows 10 version 1607 on this device. +- **DecisionDevicePnp_RS2** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_RS3** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_RS3Setup** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_RS4** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_RS4Setup** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_RS5** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_RS5Setup** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_TH1** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_TH2** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_19A** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_19ASetup** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_19H1** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_19H1Setup** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_20H1** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_RS1** The total DecisionDriverPackage objects targeting Windows 10 version 1607 on this device. +- **DecisionDriverPackage_RS2** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_RS3** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_RS3Setup** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_RS4** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_RS4Setup** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_RS5** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_RS5Setup** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_TH1** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_TH2** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoBlock_19A** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoBlock_19ASetup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_19H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_19H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_20H1** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_RS1** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device. +- **DecisionMatchingInfoBlock_RS2** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1703 present on this device. +- **DecisionMatchingInfoBlock_RS3** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1709 present on this device. - **DecisionMatchingInfoBlock_RS4** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_RS5** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoBlock_RS5Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_TH1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_TH2** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPassive_19A** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPassive_19ASetup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_19H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_19H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_20H1** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. +- **DecisionMatchingInfoPassive_RS2** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1703 on this device. +- **DecisionMatchingInfoPassive_RS3** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1803 on this device. - **DecisionMatchingInfoPassive_RS4** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_RS5** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPassive_RS5Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_TH1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_TH2** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPostUpgrade_19A** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPostUpgrade_19ASetup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPoltUpgrade_20H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_19H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_19H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_20H1** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_20H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. +- **DecisionMatchingInfoPostUpgrade_RS2** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device. +- **DecisionMatchingInfoPostUpgrade_RS3** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device. - **DecisionMatchingInfoPostUpgrade_RS4** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_RS5** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPostUpgrade_RS5Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_TH1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_TH2** The count of the number of this particular object type present on this device. -- **DecisionMediaCenter_19A** The count of the number of this particular object type present on this device. -- **DecisionMediaCenter_19ASetup** The count of the number of this particular object type present on this device. - **DecisionMediaCenter_19H1** The count of the number of this particular object type present on this device. - **DecisionMediaCenter_19H1Setup** The total DecisionMediaCenter objects targeting the next release of Windows on this device. +- **DecisionMediaCenter_20H1** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_RS1** The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device. +- **DecisionMediaCenter_RS2** The total DecisionMediaCenter objects targeting Windows 10 version 1703 present on this device. +- **DecisionMediaCenter_RS3** The total DecisionMediaCenter objects targeting Windows 10 version 1709 present on this device. - **DecisionMediaCenter_RS4** The count of the number of this particular object type present on this device. - **DecisionMediaCenter_RS5** The count of the number of this particular object type present on this device. -- **DecisionMediaCenter_RS5Setup** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_TH1** The count of the number of this particular object type present on this device. - **DecisionMediaCenter_TH2** The count of the number of this particular object type present on this device. -- **DecisionSystemBios_19A** The count of the number of this particular object type present on this device. - **DecisionSystemBios_19ASetup** The count of the number of this particular object type present on this device. - **DecisionSystemBios_19H1** The count of the number of this particular object type present on this device. - **DecisionSystemBios_19H1Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device. +- **DecisionSystemBios_20H1** The count of the number of this particular object type present on this device. +- **DecisionSystemBios_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemBios_RS1** The total DecisionSystemBios objects targeting Windows 10 version 1607 on this device. +- **DecisionSystemBios_RS2** The total DecisionSystemBios objects targeting Windows 10 version 1703 on this device. +- **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting Windows 10 version 1709 on this device. +- **DecisionSystemBios_RS3Setup** The count of the number of this particular object type present on this device. - **DecisionSystemBios_RS4** The total DecisionSystemBios objects targeting Windows 10 version, 1803 present on this device. +- **DecisionSystemBios_RS4Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device. - **DecisionSystemBios_RS5** The total DecisionSystemBios objects targeting the next release of Windows on this device. - **DecisionSystemBios_RS5Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemBios_TH1** The count of the number of this particular object type present on this device. - **DecisionSystemBios_TH2** The count of the number of this particular object type present on this device. +- **DecisionSystemProcessor_RS2** The count of the number of this particular object type present on this device. +- **DecisionTest_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. - **InventoryApplicationFile** The count of the number of this particular object type present on this device. +- **InventoryDeviceContainer** A count of device container objects in cache. +- **InventoryDevicePnp** A count of device Plug and Play objects in cache. +- **InventoryDriverBinary** A count of driver binary objects in cache. +- **InventoryDriverPackage** A count of device objects in cache. - **InventoryLanguagePack** The count of the number of this particular object type present on this device. - **InventoryMediaCenter** The count of the number of this particular object type present on this device. - **InventorySystemBios** The count of the number of this particular object type present on this device. +- **InventorySystemMachine** The count of the number of this particular object type present on this device. +- **InventorySystemProcessor** The count of the number of this particular object type present on this device. +- **InventoryTest** The count of the number of this particular object type present on this device. - **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device. - **PCFP** The count of the number of this particular object type present on this device. - **SystemMemory** The count of the number of this particular object type present on this device. @@ -436,13 +478,16 @@ The following fields are available: - **SystemWim** The total number of objects of this type present on this device. - **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device. - **SystemWlan** The total number of objects of this type present on this device. -- **Wmdrm_19A** The count of the number of this particular object type present on this device. -- **Wmdrm_19ASetup** The count of the number of this particular object type present on this device. - **Wmdrm_19H1** The count of the number of this particular object type present on this device. - **Wmdrm_19H1Setup** The total Wmdrm objects targeting the next release of Windows on this device. +- **Wmdrm_20H1** The count of the number of this particular object type present on this device. +- **Wmdrm_20H1Setup** The total Wmdrm objects targeting the next release of Windows on this device. +- **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. +- **Wmdrm_RS2** An ID for the system, calculated by hashing hardware identifiers. +- **Wmdrm_RS3** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS4** The total Wmdrm objects targeting Windows 10, version 1803 present on this device. - **Wmdrm_RS5** The count of the number of this particular object type present on this device. -- **Wmdrm_RS5Setup** The count of the number of this particular object type present on this device. +- **Wmdrm_TH1** The count of the number of this particular object type present on this device. - **Wmdrm_TH2** The count of the number of this particular object type present on this device. @@ -460,7 +505,7 @@ The following fields are available: - **HasCitData** Indicates whether the file is present in CIT data. - **HasUpgradeExe** Indicates whether the anti-virus app has an upgrade.exe file. - **IsAv** Is the file an anti-virus reporting EXE? -- **ResolveAttempted** This will always be an empty string when sending telemetry. +- **ResolveAttempted** This will always be an empty string when sending diagnostic data. - **SdbEntries** An array of fields that indicates the SDB entries that apply to this file. @@ -564,7 +609,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockAdd -This event sends blocking data about any compatibility blocking entries hit on the system that are not directly related to specific applications or devices, to help keep Windows up-to-date. +This event sends blocking data about any compatibility blocking entries on the system that are not directly related to specific applications or devices, to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -586,7 +631,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveAdd -This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up-to-date. +This event sends compatibility database information about non-blocking compatibility entries on the system that are not keyed by either applications or devices, to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -608,7 +653,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPostUpgradeAdd -This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up-to-date. +This event sends compatibility database information about entries requiring reinstallation after an upgrade on the system that are not keyed by either applications or devices, to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -630,7 +675,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DatasourceSystemBiosAdd -This event sends compatibility database information about the BIOS to help keep Windows up-to-date. +This event sends compatibility database information about the BIOS to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -652,7 +697,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DecisionApplicationFileAdd -This event sends compatibility decision data about a file to help keep Windows up-to-date. +This event sends compatibility decision data about a file to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -704,7 +749,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DecisionDevicePnpAdd -This event sends compatibility decision data about a PNP device to help keep Windows up to date. +This event sends compatibility decision data about a Plug and Play (PNP) device to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -1108,7 +1153,29 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: -- **AppraiserVersion** The version of the Appraiser file that is generating the events. +- **AppraiserVersion** The version of the Appraiser binary (executable) generating the events. + + +### Microsoft.Windows.Appraiser.General.InventorySystemProcessorEndSync + +This event indicates that a full set of InventorySystemProcessorAdd events has been sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser binary (executable) generating the events. + + +### Microsoft.Windows.Appraiser.General.InventorySystemProcessorStartSync + +This event indicates that a new set of InventorySystemProcessorAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser binary (executable) generating the events. ### Microsoft.Windows.Appraiser.General.InventoryTestRemove @@ -1198,7 +1265,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.SystemMemoryAdd -This event sends data on the amount of memory on the system and whether it meets requirements, to help keep Windows up-to-date. +This event sends data on the amount of memory on the system and whether it meets requirements, to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -1251,7 +1318,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.SystemProcessorLahfSahfAdd -This event sends data indicating whether the system supports the LahfSahf CPU requirement, to help keep Windows up-to-date. +This event sends data indicating whether the system supports the LAHF & SAHF CPU requirement, to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -1275,7 +1342,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.SystemProcessorNxAdd -This event sends data indicating whether the system supports the NX CPU requirement, to help keep Windows up-to-date. +This event sends data indicating whether the system supports the NX CPU requirement, to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -1407,6 +1474,17 @@ The following fields are available: - **WindowsNotActivatedDecision** Is the current operating system activated? +### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusRemove + +This event indicates that the SystemWindowsActivationStatus object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + ### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusStartSync This event indicates that a new set of SystemWindowsActivationStatusAdd events will be sent. @@ -1420,7 +1498,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.SystemWlanAdd -This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up-to-date. +This event sends data indicating whether the system has WLAN, and if so, whether it uses an emulated driver that could block an upgrade, to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -1448,18 +1526,18 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.TelemetryRunHealth -This event indicates the parameters and result of a telemetry (diagnostic) run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up to date. +This event indicates the parameters and result of a diagnostic data run. This allows the rest of the data sent over the course of the run to be properly contextualized and understood, which is then used to keep Windows up to date. The following fields are available: - **AppraiserBranch** The source branch in which the version of Appraiser that is running was built. -- **AppraiserDataVersion** The version of the data files being used by the Appraiser telemetry run. +- **AppraiserDataVersion** The version of the data files being used by the Appraiser diagnostic data run. - **AppraiserProcess** The name of the process that launched Appraiser. - **AppraiserVersion** The file version (major, minor and build) of the Appraiser DLL, concatenated without dots. - **AuxFinal** Obsolete, always set to false. - **AuxInitial** Obsolete, indicates if Appraiser is writing data files to be read by the Get Windows 10 app. - **DeadlineDate** A timestamp representing the deadline date, which is the time until which appraiser will wait to do a full scan. -- **EnterpriseRun** Indicates if the telemetry run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter. +- **EnterpriseRun** Indicates whether the diagnostic data run is an enterprise run, which means appraiser was run from the command line with an extra enterprise parameter. - **FullSync** Indicates if Appraiser is performing a full sync, which means that full set of events representing the state of the machine are sent. Otherwise, only the changes from the previous run are sent. - **InboxDataVersion** The original version of the data files before retrieving any newer version. - **IndicatorsWritten** Indicates if all relevant UEX indicators were successfully written or updated. @@ -1468,15 +1546,15 @@ The following fields are available: - **PerfBackoff** Indicates if the run was invoked with logic to stop running when a user is present. Helps to understand why a run may have a longer elapsed time than normal. - **PerfBackoffInsurance** Indicates if appraiser is running without performance backoff because it has run with perf backoff and failed to complete several times in a row. - **RunAppraiser** Indicates if Appraiser was set to run at all. If this if false, it is understood that data events will not be received from this device. -- **RunDate** The date that the telemetry run was stated, expressed as a filetime. -- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional telemetry on an infrequent schedule and only from machines at telemetry levels higher than Basic. -- **RunOnline** Indicates if appraiser was able to connect to Windows Update and therefore is making decisions using up-to-date driver coverage information. -- **RunResult** The hresult of the Appraiser telemetry run. +- **RunDate** The date that the diagnostic data run was stated, expressed as a filetime. +- **RunGeneralTel** Indicates if the generaltel.dll component was run. Generaltel collects additional diagnostic data on an infrequent schedule and only from machines at diagnostic data levels higher than Basic. +- **RunOnline** Indicates if appraiser was able to connect to Windows Update and theefore is making decisions using up-to-date driver coverage information. +- **RunResult** The hresult of the Appraiser diagnostic data run. - **ScheduledUploadDay** The day scheduled for the upload. -- **SendingUtc** Indicates if the Appraiser client is sending events during the current telemetry run. +- **SendingUtc** Indicates whether the Appraiser client is sending events during the current diagnostic data run. - **StoreHandleIsNotNull** Obsolete, always set to false -- **TelementrySent** Indicates if telemetry was successfully sent. -- **ThrottlingUtc** Indicates if the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also telemetry reliability. +- **TelementrySent** Indicates whether diagnostic data was successfully sent. +- **ThrottlingUtc** Indicates whether the Appraiser client is throttling its output of CUET events to avoid being disabled. This increases runtime but also diagnostic data reliability. - **Time** The client time of the event. - **VerboseMode** Indicates if appraiser ran in Verbose mode, which is a test-only mode with extra logging. - **WhyFullSyncWithoutTablePrefix** Indicates the reason or reasons that a full sync was generated. @@ -1656,7 +1734,7 @@ The following fields are available: - **IsMDMEnrolled** Whether the device has been MDM Enrolled or not. - **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID - **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise SCCM environment. -- **ServerFeatures** Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. +- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. - **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier @@ -1679,7 +1757,7 @@ This event sends Windows Insider data from customers participating in improvemen The following fields are available: - **DeviceSampleRate** The telemetry sample rate assigned to the device. -- **DriverTargetRing** Indicates if the device is participating in receiving pre-release drivers and firmware content. +- **DriverTargetRing** Indicates if the device is participating in receiving pre-release drivers and firmware contrent. - **EnablePreviewBuilds** Used to enable Windows Insider builds on a device. - **FlightIds** A list of the different Windows Insider builds on this device. - **FlightingBranchName** The name of the Windows Insider branch currently used by the device. @@ -1698,6 +1776,7 @@ The following fields are available: - **ChassisType** Represents the type of device chassis, such as desktop or low profile desktop. The possible values can range between 1 - 36. - **ComputerHardwareID** Identifies a device class that is represented by a hash of different SMBIOS fields. - **D3DMaxFeatureLevel** Supported Direct3D version. +- **DeviceColor** Indicates a color of the device. - **DeviceForm** Indicates the form as per the device classification. - **DeviceName** The device name that is set by the user. - **DigitizerSupport** Is a digitizer supported? @@ -1817,18 +1896,14 @@ The following fields are available: - **AdvertisingId** Current state of the advertising ID setting. - **AppDiagnostics** Current state of the app diagnostics setting. - **Appointments** Current state of the calendar setting. -- **AppointmentsSystem** Current state of the calendar setting. - **Bluetooth** Current state of the Bluetooth capability setting. - **BluetoothSync** Current state of the Bluetooth sync capability setting. - **BroadFileSystemAccess** Current state of the broad file system access setting. - **CellularData** Current state of the cellular data capability setting. - **Chat** Current state of the chat setting. -- **ChatSystem** Current state of the chat setting. - **Contacts** Current state of the contacts setting. -- **ContactsSystem** Current state of the Contacts setting. - **DocumentsLibrary** Current state of the documents library setting. - **Email** Current state of the email setting. -- **EmailSystem** Current state of the email setting. - **FindMyDevice** Current state of the "find my device" setting. - **GazeInput** Current state of the gaze input setting. - **HumanInterfaceDevice** Current state of the human interface device setting. @@ -1840,7 +1915,6 @@ The following fields are available: - **Microphone** Current state of the microphone setting. - **PhoneCall** Current state of the phone call setting. - **PhoneCallHistory** Current state of the call history setting. -- **PhoneCallHistorySystem** Current state of the call history setting. - **PicturesLibrary** Current state of the pictures library setting. - **Radios** Current state of the radios setting. - **SensorsCustom** Current state of the custom sensor setting. @@ -1850,7 +1924,6 @@ The following fields are available: - **USB** Current state of the USB setting. - **UserAccountInformation** Current state of the account information setting. - **UserDataTasks** Current state of the tasks setting. -- **UserDataTasksSystem** Current state of the tasks setting. - **UserNotificationListener** Current state of the notifications setting. - **VideosLibrary** Current state of the videos library setting. - **Webcam** Current state of the camera setting. @@ -1936,8 +2009,9 @@ This event sends data about the current user's default preferences for browser a The following fields are available: - **CalendarType** The calendar identifiers that are used to specify different calendars. -- **DefaultApp** The current user's default program selected for the following extension or protocol: .html, .htm, .jpg, .jpeg, .png, .mp3, .mp4, .mov, .pdf. +- **DefaultApp** The current uer's default program selected for the following extension or protocol: .html, .htm, .jpg, .jpeg, .png, .mp3, .mp4, .mov, .pdf. - **DefaultBrowserProgId** The ProgramId of the current user's default browser. +- **LocaleName** Name of the current user locale given by LOCALE_SNAME via the GetLocaleInfoEx() function. - **LongDateFormat** The long date format the user has selected. - **ShortDateFormat** The short date format the user has selected. @@ -1988,18 +2062,14 @@ The following fields are available: - **AdvertisingId** Current state of the advertising ID setting. - **AppDiagnostics** Current state of the app diagnostics setting. - **Appointments** Current state of the calendar setting. -- **AppointmentsSystem** Current state of the calendar setting. - **Bluetooth** Current state of the Bluetooth capability setting. - **BluetoothSync** Current state of the Bluetooth sync capability setting. - **BroadFileSystemAccess** Current state of the broad file system access setting. - **CellularData** Current state of the cellular data capability setting. - **Chat** Current state of the chat setting. -- **ChatSystem** Current state of the chat setting. - **Contacts** Current state of the contacts setting. -- **ContactsSystem** Current state of the Contacts setting. - **DocumentsLibrary** Current state of the documents library setting. - **Email** Current state of the email setting. -- **EmailSystem** Current state of the email setting. - **GazeInput** Current state of the gaze input setting. - **HumanInterfaceDevice** Current state of the human interface device setting. - **InkTypeImprovement** Current state of the improve inking and typing setting. @@ -2011,7 +2081,6 @@ The following fields are available: - **Microphone** Current state of the microphone setting. - **PhoneCall** Current state of the phone call setting. - **PhoneCallHistory** Current state of the call history setting. -- **PhoneCallHistorySystem** Current state of the call history setting. - **PicturesLibrary** Current state of the pictures library setting. - **Radios** Current state of the radios setting. - **SensorsCustom** Current state of the custom sensor setting. @@ -2021,7 +2090,6 @@ The following fields are available: - **USB** Current state of the USB setting. - **UserAccountInformation** Current state of the account information setting. - **UserDataTasks** Current state of the tasks setting. -- **UserDataTasksSystem** Current state of the tasks setting. - **UserNotificationListener** Current state of the notifications setting. - **VideosLibrary** Current state of the videos library setting. - **Webcam** Current state of the camera setting. @@ -2041,6 +2109,7 @@ The following fields are available: - **IsVirtualDevice** Retrieves that when the Hypervisor is Microsoft's Hyper-V Hypervisor or other Hv#1 Hypervisor, this field will be set to FALSE for the Hyper-V host OS and TRUE for any guest OS's. This field should not be relied upon for non-Hv#1 Hypervisors. - **SLATSupported** Represents whether Second Level Address Translation (SLAT) is supported by the hardware. - **VirtualizationFirmwareEnabled** Represents whether virtualization is enabled in the firmware. +- **VMId** A string that uniquely identifies a virtual machine. ### Census.WU @@ -2308,6 +2377,38 @@ The following fields are available: - **pendingDecision** Indicates the cause of reboot, if applicable. +### CbsServicingProvider.CbsLateAcquisition + +This event sends data to indicate if some Operating System packages could not be updated as part of an upgrade, to help keep Windows up to date. + +The following fields are available: + +- **Features** The list of feature packages that could not be updated. +- **RetryID** The ID identifying the retry attempt to update the listed packages. + + +### CbsServicingProvider.CbsPackageRemoval + +This event provides information about the results of uninstalling a Windows Cumulative Security Update to help keep Windows up to date. + +The following fields are available: + +- **buildVersion** The build number of the security update being uninstalled. +- **clientId** The name of the application requesting the uninstall. +- **currentStateEnd** The final state of the update after the operation. +- **failureDetails** Information about the cause of a failure, if applicable. +- **failureSourceEnd** The stage during the uninstall where the failure occurred. +- **hrStatusEnd** The overall exit code of the operation. +- **initiatedOffline** Indicates if the uninstall was initiated for a mounted Windows image. +- **majorVersion** The major version number of the security update being uninstalled. +- **minorVersion** The minor version number of the security update being uninstalled. +- **originalState** The starting state of the update before the operation. +- **pendingDecision** Indicates the cause of reboot, if applicable. +- **primitiveExecutionContext** The state during system startup when the uninstall was completed. +- **revisionVersion** The revision number of the security update being uninstalled. +- **transactionCanceled** Indicates whether the uninstall was cancelled. + + ### CbsServicingProvider.CbsQualityUpdateInstall This event reports on the performance and reliability results of installing Servicing content from Windows Update to keep Windows up to date. @@ -2379,6 +2480,12 @@ The following fields are available: - **updateTargetState** A value indicating the desired state of the optional content. +### CbsServicingProvider.CbsUpdateDeferred + +This event reports the results of deferring Windows Content to keep Windows up to date. + + + ## Diagnostic data events ### TelClientSynthetic.AbnormalShutdown_0 @@ -2427,7 +2534,6 @@ The following fields are available: - **PowerButtonPressIsShutdownInProgress** Indicates whether a system shutdown was in progress at the last time the power button was pressed. - **PowerButtonPressLastPowerWatchdogStage** Progress while the monitor is being turned on. - **PowerButtonPressPowerWatchdogArmed** Indicates whether or not the watchdog for the monitor was active at the time of the last power button press. -- **RegKeyLastShutdownBootId** The last recorded boot ID. - **ShutdownDeviceType** Identifies who triggered a shutdown. Is it because of battery, thermal zones, or through a Kernel API. - **SleepCheckpoint** Provides the last checkpoint when there is a failure during a sleep transition. - **SleepCheckpointSource** Indicates whether the source is the EFI variable or bootstat file. @@ -2484,7 +2590,6 @@ The following fields are available: - **CanCollectOsTelemetry** True if we can collect diagnostic data telemetry, false otherwise. - **CanCollectWindowsAnalyticsEvents** True if we can collect Windows Analytics data, false otherwise. - **CanPerformDiagnosticEscalations** True if we can perform diagnostic escalation collection, false otherwise. -- **CanPerformTraceEscalations** True if we can perform trace escalation collection, false otherwise. - **CanReportScenarios** True if we can report scenario completions, false otherwise. - **PreviousPermissions** Bitmask of previous telemetry state. - **TransitionFromEverythingOff** True if we are transitioning from all telemetry being disabled, false otherwise. @@ -2492,7 +2597,7 @@ The following fields are available: ### TelClientSynthetic.ConnectivityHeartBeat_0 -This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it fires an event. A Connectivity Heartbeat event also fires when a device recovers from costed network to free network. +This event sends data about the connectivity status of the Connected User Experience and Telemetry component that uploads telemetry events. If an unrestricted free network (such as Wi-Fi) is available, this event updates the last successful upload time. Otherwise, it checks whether a Connectivity Heartbeat event was fired in the past 24 hours, and if not, it sends an event. A Connectivity Heartbeat event is also sent when a device recovers from costed network to free network. The following fields are available: @@ -2505,22 +2610,6 @@ The following fields are available: - **RestrictedNetworkTime** Retrieves the time spent on a metered (cost restricted) network in seconds. -### TelClientSynthetic.EventMonitor_0 - -This event provides statistics for specific diagnostic events. - -The following fields are available: - -- **ConsumerCount** The number of instances seen in the Event Tracing for Windows consumer. -- **EventName** The name of the event being monitored. -- **EventSnFirst** The expected first event serial number. -- **EventSnLast** The expected last event serial number. -- **EventStoreCount** The number of events reaching the event store. -- **MonitorSn** The serial number of the monitor. -- **TriggerCount** The number of events reaching the trigger buffer. -- **UploadedCount** The number of events uploaded. - - ### TelClientSynthetic.GetFileInfoAction_FilePathNotApproved_0 This event occurs when the DiagTrack escalation fails due to the scenario requesting a path that is not approved for GetFileInfo actions. @@ -2528,8 +2617,6 @@ This event occurs when the DiagTrack escalation fails due to the scenario reques The following fields are available: - **FilePath** The unexpanded path in the scenario XML. -- **FilePathExpanded** The file path, with environment variables expanded. -- **FilePathExpandedScenario** The file path, with property identifiers and environment variables expanded. - **ScenarioId** The globally unique identifier (GUID) of the scenario. - **ScenarioInstanceId** The error code denoting which path failed (internal or external). @@ -2613,7 +2700,7 @@ The following fields are available: ### TelClientSynthetic.HeartBeat_DevHealthMon_5 -This event sends data (for Surface Hub devices) to monitor and ensure the correct functioning of those Surface Hub devices. This data helps ensure the device is up-to-date with the latest security and safety features. +This event sends data (for Surface Hub devices) to monitor and ensure the correct functioning of those Surface Hub devices. This data helps ensure the device is up to date with the latest security and safety features. The following fields are available: @@ -2722,6 +2809,89 @@ This event is a low latency health alert that is part of the 4Nines device healt +## DISM events + +### Microsoft.Windows.StartRepairCore.DISMLatestInstalledLCU + +The DISM Latest Installed LCU sends information to report result of search for latest installed LCU after last successful boot. + +The following fields are available: + +- **dismInstalledLCUPackageName** The name of the latest installed package. + + +### Microsoft.Windows.StartRepairCore.DISMPendingInstall + +The DISM Pending Install event sends information to report pending package installation found. + +The following fields are available: + +- **dismPendingInstallPackageName** The name of the pending package. + + +### Microsoft.Windows.StartRepairCore.DISMRevertPendingActions + +The DISM Pending Install event sends information to report pending package installation found. + +The following fields are available: + +- **errorCode** The result code returned by the event. + + +### Microsoft.Windows.StartRepairCore.DISMUninstallLCU + +The DISM Uninstall LCU sends information to report result of uninstall attempt for found LCU. + +The following fields are available: + +- **errorCode** The result code returned by the event. + + +### Microsoft.Windows.StartRepairCore.SRTRepairActionEnd + +The DISM Uninstall LCU sends information to report result of uninstall attempt for found LCU. + +The following fields are available: + +- **errorCode** The result code returned by the event. +- **failedUninstallCount** The number of driver updates that failed to uninstall. +- **failedUninstallFlightIds** The Flight IDs (identifiers of beta releases) of driver updates that failed to uninstall. +- **foundDriverUpdateCount** The number of found driver updates. +- **srtRepairAction** The scenario name for a repair. +- **successfulUninstallCount** The number of successfully uninstalled driver updates. +- **successfulUninstallFlightIds** The Flight IDs (identifiers of beta releases) of successfully uninstalled driver updates. + + +### Microsoft.Windows.StartRepairCore.SRTRepairActionStart + +The SRT Repair Action Start event sends information to report repair operation started for given plug-in. + +The following fields are available: + +- **srtRepairAction** The scenario name for a repair. + + +### Microsoft.Windows.StartRepairCore.SRTRootCauseDiagEnd + +The SRT Root Cause Diagnosis End event sends information to report diagnosis operation completed for given plug-in. + +The following fields are available: + +- **errorCode** The result code returned by the event. +- **flightIds** The Flight IDs (identifier of the beta release) of found driver updates. +- **foundDriverUpdateCount** The number of found driver updates. +- **srtRootCauseDiag** The scenario name for a diagnosis event. + + +### Microsoft.Windows.StartRepairCore.SRTRootCauseDiagStart + +The SRT Root Cause Diagnosis Start event sends information to report diagnosis operation started for given plug-in. + +The following fields are available: + +- **srtRootCauseDiag** The scenario name for a diagnosis event. + + ## Driver installation events ### Microsoft.Windows.DriverInstall.DeviceInstall @@ -2736,6 +2906,7 @@ The following fields are available: - **CoInstallers** The list of coinstallers. - **ConfigFlags** The device configuration flags. - **DeviceConfigured** Indicates whether this device was configured through the kernel configuration. +- **DeviceInstalled** Indicates whether the legacy install code path was used. - **DeviceInstanceId** The unique identifier of the device in the system. - **DeviceStack** The device stack of the driver being installed. - **DriverDate** The date of the driver. @@ -2760,6 +2931,7 @@ The following fields are available: - **Inbox** Indicates whether the driver package is included with Windows. - **InstallDate** The date the driver was installed. - **LastCompatibleId** The ID in the hardware ID list that provides the least specific device description. +- **LastInstallFunction** The last install function invoked in a co-installer if the install timeout was reached while a co-installer was executing. - **LegacyInstallReasonError** The error code for the legacy installation. - **LowerFilters** The list of lower filter drivers. - **MatchingDeviceId** The hardware ID or compatible ID that Windows used to install the device instance. @@ -2769,8 +2941,10 @@ The following fields are available: - **PendedUntilReboot** Indicates whether the installation is pending until the device is rebooted. - **Problem** Error code returned by the device after installation. - **ProblemStatus** The status of the device after the driver installation. +- **RebootRequiredReason** DWORD (Double Word—32-bit unsigned integer) containing the reason why the device required a reboot during install. - **SecondaryDevice** Indicates whether the device is a secondary device. - **ServiceName** The service name of the driver. +- **SessionGuid** GUID (Globally Unique IDentifier) for the update session. - **SetupMode** Indicates whether the driver installation took place before the Out Of Box Experience (OOBE) was completed. - **StartTime** The time when the installation started. - **SubmissionId** The driver submission identifier assigned by the Windows Hardware Development Center. @@ -2789,6 +2963,7 @@ The following fields are available: - **FlightId** The ID of the Windows Insider build the device received. - **InstallDate** The date the driver was installed. - **InstallFlags** The driver installation flags. +- **OptionalData** Metadata specific to WU (Windows Update) associated with the driver (flight IDs, recovery IDs, etc.) - **RebootRequired** Indicates whether a reboot is required after the installation. - **RollbackPossible** Indicates whether this driver can be rolled back. - **WuTargetedHardwareId** Indicates that the driver was installed because the device hardware ID was targeted by the Windows Update. @@ -2832,10 +3007,12 @@ The following fields are available: - **ComputePreemptionLevel** The maximum preemption level supported by GPU for compute payload. - **DedicatedSystemMemoryB** The amount of system memory dedicated for GPU use (in bytes). - **DedicatedVideoMemoryB** The amount of dedicated VRAM of the GPU (in bytes). +- **Display1UMDFilePath** File path to the location of the Display User Mode Driver in the Driver Store. - **DisplayAdapterLuid** The display adapter LUID. - **DriverDate** The date of the display driver. - **DriverRank** The rank of the display driver. - **DriverVersion** The display driver version. +- **DriverWorkarounds** Numeric value indicating the driver workarounds enabled for this device. - **DX10UMDFilePath** The file path to the location of the DirectX 10 Display User Mode Driver in the Driver Store. - **DX11UMDFilePath** The file path to the location of the DirectX 11 Display User Mode Driver in the Driver Store. - **DX12UMDFilePath** The file path to the location of the DirectX 12 Display User Mode Driver in the Driver Store. @@ -2846,6 +3023,7 @@ The following fields are available: - **GPUVendorID** The GPU vendor ID. - **InterfaceId** The GPU interface ID. - **IsDisplayDevice** Does the GPU have displaying capabilities? +- **IsHwSchEnabled** Boolean value indicating whether hardware scheduling is enabled. - **IsHwSchSupported** Indicates whether the adapter supports hardware scheduling. - **IsHybridDiscrete** Does the GPU have discrete GPU capabilities in a hybrid device? - **IsHybridIntegrated** Does the GPU have integrated GPU capabilities in a hybrid device? @@ -2977,6 +3155,24 @@ The following fields are available: - **TargetAsId** The sequence number for the hanging process. +## Feature update events + +### Microsoft.Windows.Upgrade.Uninstall.UninstallFailed + +This event sends diagnostic data about failures when uninstalling a feature update, to help resolve any issues preventing customers from reverting to a known state. + +The following fields are available: + +- **failureReason** Provides data about the uninstall initialization operation failure. +- **hr** Provides the Win32 error code for the operation failure. + + +### Microsoft.Windows.Upgrade.Uninstall.UninstallFinalizedAndRebootTriggered + +This event indicates that the uninstall was properly configured and that a system reboot was initiated. + + + ## Hang Reporting events ### Microsoft.Windows.HangReporting.AppHangEvent @@ -3005,6 +3201,94 @@ The following fields are available: - **WaitingOnPackageRelativeAppId** If this is a cross process hang waiting for a package, this has the relative application id of the package. +## Holographic events + +### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicDeviceAdded + +This event indicates Windows Mixed Reality device state. This event is also used to count WMR device. + +The following fields are available: + +- **ClassGuid** Windows Mixed Reality device class GUID. +- **DeviceInterfaceId** Windows Mixed Reality device interface ID. +- **DeviceName** Windows Mixed Reality device name. +- **DriverVersion** Windows Mixed Reality device driver version. +- **FirmwareVersion** Windows Mixed Reality firmware version. +- **Manufacturer** Windows Mixed Reality device manufacturer. +- **ModelName** Windows Mixed Reality device model name. +- **SerialNumber** Windows Mixed Reality device serial number. + +### Microsoft.Windows.Holographic.Coordinator.HoloShellStateUpdated + +This event indicates Windows Mixed Reality HoloShell State. This event is also used to count WMR device. + +The following fields are available: + +- **HmdState** Windows Mixed Reality Headset HMD state. +- **NewHoloShellState** Windows Mixed Reality HoloShell state. +- **PriorHoloShellState** Windows Mixed Reality state prior to entering to HoloShell. +- **SimulationEnabled** Windows Mixed Reality Simulation state. + + +### Microsoft.Windows.Shell.HolographicFirstRun.AppActivated + +This event indicates Windows Mixed Reality Portal app activation state. This event also used to count WMR device. + +The following fields are available: + +- **IsDemoMode** Windows Mixed Reality Portal app state of demo mode. +- **IsDeviceSetupComplete** Windows Mixed Reality Portal app state of device setup completion. +- **PackageVersion** Windows Mixed Reality Portal app package version. +- **PreviousExecutionState** Windows Mixed Reality Portal app prior execution state. +- **wilActivity** Windows Mixed Reality Portal app wilActivity ID. See [wilActivity](#wilactivity). + + +### Microsoft.Windows.Shell.HolographicFirstRun.AppLifecycleService_Resuming + +This event indicates Windows Mixed Reality Portal app resuming. This event is also used to count WMR device. + + + +### TraceLoggingOasisUsbHostApiProvider.DeviceInformation + +This event provides Windows Mixed Reality device information. This event is also used to count WMR device and device type. + +The following fields are available: + +- **BootloaderMajorVer** Windows Mixed Reality device boot loader major version. +- **BootloaderMinorVer** Windows Mixed Reality device boot loader minor version. +- **BootloaderRevisionNumber** Windows Mixed Reality device boot loader revision number. +- **BTHFWMajorVer** Windows Mixed Reality device BTHFW major version. This event also used to count WMR device. +- **BTHFWMinorVer** Windows Mixed Reality device BTHFW minor version. This event also used to count WMR device. +- **BTHFWRevisionNumber** Windows Mixed Reality device BTHFW revision number. +- **CalibrationBlobSize** Windows Mixed Reality device calibration blob size. +- **CalibrationFwMajorVer** Windows Mixed Reality device calibration firmware major version. +- **CalibrationFwMinorVer** Windows Mixed Reality device calibration firmware minor version. +- **CalibrationFwRevNum** Windows Mixed Reality device calibration firmware revision number. +- **DeviceInfoFlags** Windows Mixed Reality device info flags. +- **DeviceName** Windows Mixed Reality device Name. This event is also used to count WMR device. +- **DeviceReleaseNumber** Windows Mixed Reality device release number. +- **FirmwareMajorVer** Windows Mixed Reality device firmware major version. +- **FirmwareMinorVer** Windows Mixed Reality device firmware minor version. +- **FirmwareRevisionNumber** Windows Mixed Reality device calibration firmware revision number. +- **FpgaFwMajorVer** Windows Mixed Reality device FPGA firmware major version. +- **FpgaFwMinorVer** Windows Mixed Reality device FPGA firmware minor version. +- **FpgaFwRevisionNumber** Windows Mixed Reality device FPGA firmware revision number. +- **FriendlyName** Windows Mixed Reality device friendly name. +- **HashedSerialNumber** Windows Mixed Reality device hashed serial number. +- **HeaderSize** Windows Mixed Reality device header size. +- **HeaderVersion** Windows Mixed Reality device header version. +- **LicenseKey** Windows Mixed Reality device header license key. +- **Make** Windows Mixed Reality device make. +- **ManufacturingDate** Windows Mixed Reality device manufacturing date. +- **Model** Windows Mixed Reality device model. +- **PresenceSensorHidVendorPage** Windows Mixed Reality device presence sensor HID vendor page. +- **PresenceSensorHidVendorUsage** Windows Mixed Reality device presence sensor HID vendor usage. +- **PresenceSensorUsbVid** Windows Mixed Reality device presence sensor USB VId. +- **ProductBoardRevision** Windows Mixed Reality device product board revision number. +- **SerialNumber** Windows Mixed Reality device serial number. + + ## Inventory events ### Microsoft.Windows.Inventory.Core.AmiTelCacheChecksum @@ -3043,6 +3327,7 @@ The following fields are available: - **InventoryMiscellaneousOfficeVBA** A count of office vba objects in cache - **InventoryMiscellaneousOfficeVBARuleViolations** A count of office vba rule violations objects in cache - **InventoryMiscellaneousUUPInfo** A count of uup info objects in cache +- **InventoryVersion** The version of the inventory file generating the events. - **Metadata** A count of metadata objects in cache. - **Orphan** A count of orphan file objects in cache. - **Programs** A count of program objects in cache. @@ -3326,7 +3611,7 @@ The following fields are available: ### Microsoft.Windows.Inventory.Core.InventoryDevicePnpAdd -This event represents the basic metadata about a plug and play (PNP) device and its associated driver. +This event sends basic metadata about a PNP device and its associated driver to help keep Windows up to date. This information is used to assess if the PNP device and driver will remain compatible when upgrading Windows. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -3510,12 +3795,18 @@ The following fields are available: This event collects traces of all other Core events, not used in typical customer scenarios. This event signals the beginning of the event download, and that tracing should begin. +The following fields are available: + +- **key** The globally unique identifier (GUID) used to identify the specific Json Trace logging session. ### Microsoft.Windows.Inventory.Core.StopUtcJsonTrace This event collects traces of all other Core events, not used in typical customer scenarios. This event signals the end of the event download, and that tracing should end. +The following fields are available: + +- **key** The globally unique identifier (GUID) used to identify the specific Json Trace logging session. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInAdd @@ -3538,6 +3829,7 @@ The following fields are available: - **FullPath** The full path to the Microsoft Office add-in. - **InventoryVersion** The version of the inventory binary generating the events. - **LoadBehavior** Integer that describes the load behavior. +- **LoadTime** Load time for the Office add-in. - **OfficeApplication** The Microsoft Office application associated with the add-in. - **OfficeArchitecture** The architecture of the add-in. - **OfficeVersion** The Microsoft Office version for this add-in. @@ -3547,6 +3839,7 @@ The following fields are available: - **ProductVersion** The version associated with the Office add-in. - **ProgramId** The unique program identifier of the Microsoft Office add-in. - **Provider** Name of the provider for this add-in. +- **Usage** Data about usage for the add-in. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove @@ -3708,10 +4001,10 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: -- **BrowserFlags** Browser flags for Office-related products -- **ExchangeProviderFlags** Provider policies for Office Exchange +- **BrowserFlags** Browser flags for Office-related products. +- **ExchangeProviderFlags** Provider policies for Office Exchange. - **InventoryVersion** The version of the inventory binary generating the events. -- **SharedComputerLicensing** Office shared computer licensing policies +- **SharedComputerLicensing** Office shared computer licensing policies. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeSettingsStartSync @@ -3932,11 +4225,11 @@ The following fields are available: - **LastShutdownSucceeded** Flag indicating whether the last shutdown was successful. - **MaxAbove4GbFreeRange** This field describes the largest memory range available above 4Gb. - **MaxBelow4GbFreeRange** This field describes the largest memory range available below 4Gb. +- **MeasuredLaunchCapable** Indicates the system is capable of booting with Dynamic Root of Trust for Measurement (DRTM) support. - **MeasuredLaunchPrepared** This field tells us if the OS launch was initiated using Measured/Secure Boot over DRTM (Dynamic Root of Trust for Measurement). - **MeasuredLaunchResume** This field tells us if Dynamic Root of Trust for Measurement (DRTM) was used when resuming from hibernation. - **MenuPolicy** Type of advanced options menu that should be shown to the user (Legacy, Standard, etc.). - **RecoveryEnabled** Indicates whether recovery is enabled. -- **SecureLaunchPrepared** This field indicates if DRTM was prepared during boot. - **TcbLaunch** Indicates whether the Trusted Computing Base was used during the boot flow. - **UserInputTime** The amount of time the loader application spent waiting for user input. @@ -3994,6 +4287,204 @@ The following fields are available: - **ServiceName** The driver or service name that is attached to the device. +### Microsoft.Windows.Kernel.Power.PreviousShutdownWasThermalShutdown + +This event sends Product and Service Performance data on which area of the device exceeded safe temperature limits and caused the device to shutdown. This information is used to ensure devices are behaving as they are expected to. + +The following fields are available: + +- **temperature** Contains the actual temperature measurement, in tenths of degrees Kelvin, for the area that exceeded the limit. +- **thermalZone** Contains an identifier that specifies which area it was that exceeded temperature limits. + + +## Microsoft Edge events + +### Aria.160f0649efde47b7832f05ed000fc453.Microsoft.WebBrowser.SystemInfo.Config + +This event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **app_version** The internal Microsoft Edge build version string. +- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth +- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode. +- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level +- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. + + +### Aria.29e24d069f27450385c7acaa2f07e277.Microsoft.WebBrowser.SystemInfo.Config + +This event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **app_version** The internal Microsoft Edge build version string. +- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth +- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode. +- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level +- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. + + +### Aria.7005b72804a64fa4b2138faab88f877b.Microsoft.WebBrowser.SystemInfo.Config + +This event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **app_version** The internal Microsoft Edge build version string. +- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth +- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode. +- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level +- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. + + +### Aria.754de735ccd546b28d0bfca8ac52c3de.Microsoft.WebBrowser.SystemInfo.Config + +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **app_version** The internal Microsoft Edge build version string. +- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth +- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode. +- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level +- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. + + +### Aria.af397ef28e484961ba48646a5d38cf54.Microsoft.WebBrowser.Installer.EdgeUpdate.Ping + +This event sends hardware and software inventory information about the Microsoft Edge Update service, Microsoft Edge applications, and the current system environment, including app configuration, update configuration, and hardware capabilities. It's used to measure the reliability and performance of the EdgeUpdate service and if Microsoft Edge applications are up to date. + +The following fields are available: + +- **appAp** Microsoft Edge Update parameters, including channel, architecture, platform, and additional parameters identifying the release of Microsoft Edge to update and how to install it. Example: 'beta-arch_x64-full'. Default: ''. +- **appAppId** The GUID that identifies the product channels such as Edge Canary, Dev, Beta, Stable, and Edge Update. +- **appBrandCode** The 4-digit brand code under which the the product was installed, if any. Possible values: 'GGLS' (default), 'GCEU' (enterprise install), and '' (unknown). +- **appChannel** An integer indicating the channel of the installation (e.g. Canary or Dev). +- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. +- **appCohort** A machine-readable string identifying the release channel that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited. +- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. Default: '-2' (Unknown). +- **appExperiments** A semicolon-delimited key/value list of experiment identifiers and treatment groups. This field is unused and always empty in Edge Update. Default: ''. +- **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'. +- **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''. +- **appNextVersion** The version of the app that the update attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'. +- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'. +- **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. +- **appPingEventDownloadMetricsDownloader** A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''. +- **appPingEventDownloadMetricsDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. +- **appPingEventDownloadMetricsError** The error code (if any) of the operation, encoded as a signed base-10 integer. Default: '0'. +- **appPingEventDownloadMetricsServerIpHint** For events representing a download, the CDN Host IP address that corresponds to the update file server. The CDN host is controlled by Microsoft servers and always maps to IP addresses hosting *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. +- **appPingEventDownloadMetricsTotalBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. +- **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. +- **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. +- **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'. +- **appPingEventEventResult** An enumeration indicating the result of the event. Common values are '0' (Error) and '1' (Success). Default: '0' (Error). +- **appPingEventEventType** An enumeration indicating the type of the event and the event stage. Default: '0' (Unknown). +- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'. +- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'. +- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'. +- **appPingEventSequenceId** An ID that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event. +- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a tag. +- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'. +- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not. +- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' MUST match '1.2.3.4' but MUST NOT match '1.2.34'). Default: ''. +- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request is sent over SSL or another secure protocol. This field is unused by Edge Update and always empty. Default: ''. +- **appVersion** The version of the product install. Default: '0.0.0.0'. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. +- **eventType** A string representation of appPingEventEventType indicating the type of the event. +- **hwHasAvx** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse3** '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware does not support the SSE3 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse41** '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware does not support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse42** '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware does not support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSsse3** '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware does not support the SSSE3 instruction set. '-1' if unknown. Default: '-1'. +- **hwPhysmemory** The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'. +- **isMsftDomainJoined** '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'. +- **osArch** The architecture of the operating system (e.g. 'x86', 'x64', 'arm'). '' if unknown. Default: ''. +- **osPlatform** The operating system family that the within which the Omaha client is running (e.g. 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system name should be transmitted in lowercase with minimal formatting. Default: ''. +- **osServicePack** The secondary version of the operating system. '' if unknown. Default: ''. +- **osVersion** The primary version of the operating system. '' if unknown. Default: ''. +- **requestCheckPeriodSec** The update interval in seconds. The value is read from the registry. Default: '-1'. +- **requestDlpref** A comma-separated list of values specifying the preferred download URL behavior. The first value is the highest priority, further values reflect secondary, tertiary, et cetera priorities. Legal values are '' (in which case the entire list must be empty, indicating unknown or no-preference) or 'cacheable' (the server should prioritize sending URLs that are easily cacheable). Default: ''. +- **requestDomainJoined** '1' if the device is part of a managed enterprise domain. Otherwise '0'. +- **requestInstallSource** A string specifying the cause of the update flow. For example: 'ondemand', or 'scheduledtask'. Default: ''. +- **requestIsMachine** '1' if the client is known to be installed with system-level or administrator privileges. '0' otherwise. Default: '0'. +- **requestOmahaShellVersion** The version of the Omaha installation folder. Default: ''. +- **requestOmahaVersion** The version of the Omaha updater itself (the entity sending this request). Default: '0.0.0.0'. +- **requestProtocolVersion** The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients MUST always transmit this attribute. Default: undefined. +- **requestRequestId** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Default: ''. +- **requestSessionCorrelationVectorBase** A client generated random MS Correlation Vector base code used to correlate the update session with update and CDN servers. Default: ''. +- **requestSessionId** A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) should have (with high probability) a single unique sessionid. Default: ''. +- **requestTestSource** Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''. +- **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt should have (with high probability) a unique request id. Default: ''. + + +### Aria.f4a7d46e472049dfba756e11bdbbc08f.Microsoft.WebBrowser.SystemInfo.Config + +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **app_version** The internal Microsoft Edge build version string. +- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth +- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode. +- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level +- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. + ## Migration events ### Microsoft.Windows.MigrationCore.MigObjectCountDLUsr @@ -4105,6 +4596,23 @@ The following fields are available: - **WFD2Supported** Indicates if the Miracast receiver supports WFD2 protocol. +## OneDrive events + +### Microsoft.OneDrive.Sync.Setup.OSUpgradeInstallationOperation + +This event is related to the OS version when the OS is upgraded with OneDrive installed. + +The following fields are available: + +- **CurrentOneDriveVersion** The current version of OneDrive. +- **CurrentOSBuildBranch** The current branch of the operating system. +- **CurrentOSBuildNumber** The current build number of the operating system. +- **CurrentOSVersion** The current version of the operating system. +- **HResult** The HResult of the operation. +- **SourceOSBuildBranch** The source branch of the operating system. +- **SourceOSBuildNumber** The source build number of the operating system. +- **SourceOSVersion** The source version of the operating system. + ## Privacy consent logging events ### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted @@ -4325,15 +4833,6 @@ The following fields are available: - **timestamp** Timestamp of this push-button reset event. -### Microsoft.Windows.PBR.PBRClearRollBackEntry - -This event is sent when the push-button reset operation clears the rollback entry. Push-button reset cannot rollback after this point. - -The following fields are available: - -- **SessionID** The ID of this push-button reset session. - - ### Microsoft.Windows.PBR.PBRClearTPMFailed This event is sent when there was a failure while clearing the Trusted Platform Module (TPM). @@ -4357,27 +4856,6 @@ The following fields are available: - **SPPhase** The last phase of the Setup Platform operation. -### Microsoft.Windows.PBR.PBRCreateNewSystemReconstructionSucceed - -This event is sent when the push-button reset operation succeeds in constructing a new copy of the operating system. - -The following fields are available: - -- **CBSPackageCount** The Component Based Servicing package count. -- **CustomizationPackageCount** The Customization package count. -- **PBRType** The type of push-button reset. -- **SessionID** The ID of this push-button reset session. - - -### Microsoft.Windows.PBR.PBRDriverInjectionFailed - -This event is sent when the driver injection fails. - -The following fields are available: - -- **SessionID** The ID of this push-button reset session. - - ### Microsoft.Windows.PBR.PBRFailed This event is sent when the push-button reset operation fails and rolls back to the previous state. @@ -4389,28 +4867,6 @@ The following fields are available: - **SessionID** The ID of this push-button reset session. -### Microsoft.Windows.PBR.PBRFinalizeNewSystemFailed - -This event is sent when the push-button reset operation fails to finalize the new system. - -The following fields are available: - -- **HRESULT** The result error code. -- **SessionID** The ID of this push-button reset session. -- **SPErrorCode** The error code for the Setup Platform operation. -- **SPOperation** The Setup Platform operation. -- **SPPhase** The phase of the Setup Platform operation. - - -### Microsoft.Windows.PBR.PBRFinalizeNewSystemSucceed - -This event is sent when the push-button reset operation succeeds in finalizing the new system. - -The following fields are available: - -- **SessionID** The ID of this push-button reset session. - - ### Microsoft.Windows.PBR.PBRFinalUserSelection This event is sent when the user makes the final selection in the user interface. @@ -4425,62 +4881,6 @@ The following fields are available: - **SessionID** The ID of this push-button reset session. -### Microsoft.Windows.PBR.PBRFormatOSVolumeFailed - -This event is sent when the operation to format the operating system volume fails during push-button reset (PBR). - -The following fields are available: - -- **JustDeleteFiles** Indicates whether disk formatting was skipped. -- **SessionID** The ID of this push-button reset session. - - -### Microsoft.Windows.PBR.PBRFormatOSVolumeSucceed - -This event is sent when the operation to format the operating system volume succeeds during push-button reset (PBR). - -The following fields are available: - -- **JustDeleteFiles** Indicates whether disk formatting was skipped. -- **SessionID** The ID of this push-button reset session. - - -### Microsoft.Windows.PBR.PBRInstallWinREFailed - -This event sends basic data about the recovery operation failure on the device to allow investigation. - -The following fields are available: - -- **SessionID** The ID of this push-button reset session. - - -### Microsoft.Windows.PBR.PBRIOCTLErasureSucceed - -This event is sent when the erasure operation succeeds during push-button reset (PBR). - -The following fields are available: - -- **SessionID** The ID of this push-button reset session. - - -### Microsoft.Windows.PBR.PBRLayoutImageFailed - -This event is sent when push-button reset fails to create a new image of Windows. - -The following fields are available: - -- **SessionID** The ID of this push-button reset session. - - -### Microsoft.Windows.PBR.PBRLayoutImageSucceed - -This event is sent when push-button reset succeeds in creating a new image of Windows. - -The following fields are available: - -- **SessionID** The ID of this push-button reset session. - - ### Microsoft.Windows.PBR.PBROEM1Failed This event is sent when the first OEM extensibility operation is successfully completed. @@ -4494,73 +4894,6 @@ The following fields are available: - **SessionID** The ID of this push-button reset session. -### Microsoft.Windows.PBR.PBROEM2Failed - -This event is sent when the second OEM extensibility operation is successfully completed. - -The following fields are available: - -- **HRESULT** The result error code from the OEM extensibility script. -- **Parameters** The parameters that were passed to the OEM extensibility script. -- **PBRType** The type of push-button reset. -- **ScriptName** The path to the OEM extensibility script. -- **SessionID** The ID of the push-button reset session. - - -### Microsoft.Windows.PBR.PBRPostApplyFailed - -This event returns data indicating the failure of the reset/recovery process after the operating system files are restored. - -The following fields are available: - -- **SessionID** The ID of this push-button reset session. - - -### Microsoft.Windows.PBR.PBRPostApplyFinished - -This event returns data indicating the completion of the reset/recovery process after the operating system files are restored. - -The following fields are available: - -- **SessionID** The ID of this push-button reset session. - - -### Microsoft.Windows.PBR.PBRPostApplyStarted - -This event returns data indicating the start of the reset/recovery process after the operating system files are restored. - -The following fields are available: - -- **SessionID** The ID of this push-button reset session. - - -### Microsoft.Windows.PBR.PBRPreApplyFailed - -This event returns data indicating the failure of the reset/recovery process before the operating system files are restored. - -The following fields are available: - -- **SessionID** The ID of this push-button reset session. - - -### Microsoft.Windows.PBR.PBRPreApplyFinished - -This event returns data indicating the completion of the reset/recovery process before the operating system files are restored. - -The following fields are available: - -- **SessionID** The ID of this push-button reset session. - - -### Microsoft.Windows.PBR.PBRPreApplyStarted - -This event returns data indicating the start of the reset/recovery process before the operating system files are restored. - -The following fields are available: - -- **SessionID** The ID of this push-button reset session. - - ### Microsoft.Windows.PBR.PBRReachedOOBE This event returns data when the PBR (Push Button Reset) process reaches the OOBE (Out of Box Experience). @@ -4621,15 +4954,6 @@ The following fields are available: - **SessionID** The ID of this push-button reset session. -### Microsoft.Windows.PBR.PBRRestoreLicenseFailed - -This event sends basic data about recovery operation failure on the device. This data allows investigation to help keep Windows and PBR (Push Button Reset) up to date. - -The following fields are available: - -- **SessionID** The ID of this push-button reset session. - - ### Microsoft.Windows.PBR.PBRSucceed This event returns data when PBR (Push Button Reset) succeeds. @@ -4641,37 +4965,6 @@ The following fields are available: - **SessionID** The ID of this push-button reset session. -### Microsoft.Windows.PBR.PBRUserCancelled - -This event returns data when the user cancels the PBR (Push Button Reset) from the UI (user interface). - -The following fields are available: - -- **CancelPage** The ID of the page where the user clicked Cancel. -- **PBRVariation** The type of push-button reset. -- **SessionID** The ID of this push-button reset session. - - -### Microsoft.Windows.PBR.PBRVersionsMistmatch - -This event returns data when there is a version mismatch for WinRE (Windows Recovery) and the OS. - -The following fields are available: - -- **OSVersion** The OS version installed on the device. -- **REVersion** The version of Windows Recovery Environment (WinRE). -- **SessionID** The ID of this push-button reset session. - - -### Microsoft.Windows.PBR.PBRWinREInstallationFailed - -This event returns data when the WinRE (Windows Recovery) installation fails. - -The following fields are available: - -- **SessionID** The ID of this push-button reset session. - - ### Microsoft.Windows.PBR.PhaseFinished This event returns data when a phase of PBR (Push Button Reset) has completed. @@ -4721,6 +5014,7 @@ The following fields are available: - **scenario** The selected scenario for the push-button on reset operation. - **sessionID** The ID of this push-button on reset session. - **timestamp** The timestamp of this push-button on reset event. +- **usePayload** Indicates whether Cloud PBR or Reconstruction was used. - **wipeData** Indicates whether the option was selected to wipe additional drives during push-button reset. @@ -5136,8 +5430,8 @@ The following fields are available: - **DeploymentProviderMode** The mode of operation of the update deployment provider. - **DeviceModel** Device model as defined in the system bios - **EventInstanceID** A globally unique identifier for event instance -- **EventScenario** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc. -- **EventType** Possible values are "Child", "Bundle", "Release" or "Driver". +- **EventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc. +- **EventType** Possible values are "Child", "Bundle", "Relase" or "Driver". - **FlightId** The specific id of the flight the device is getting - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.) - **RevisionNumber** Identifies the revision number of this specific piece of content @@ -5157,7 +5451,7 @@ The following fields are available: - **ActiveDownloadTime** Number of seconds the update was actively being downloaded. - **AppXBlockHashFailures** Indicates the number of blocks that failed hash validation during download. - **AppXBlockHashValidationFailureCount** A count of the number of blocks that have failed validation after being downloaded. -- **AppXDownloadScope** Indicates the scope of the download for application content. For streaming install scenarios, AllContent - non-streaming download, RequiredOnly - streaming download requested content required for launch, AutomaticOnly - streaming download requested automatic streams for the app, and Unknown - for events sent before download scope is determined by the Windows Update client. +- **AppXDownloadScope** Indicates the scope of the download for application content. - **AppXScope** Indicates the scope of the app download. - **BiosFamily** The family of the BIOS (Basic Input Output System). - **BiosName** The name of the device BIOS. @@ -5171,8 +5465,9 @@ The following fields are available: - **BundleRepeatFailFlag** Indicates whether this particular update bundle previously failed to download. - **BundleRevisionNumber** Identifies the revision number of the content bundle. - **BytesDownloaded** Number of bytes that were downloaded for an individual piece of content (not the entire bundle). +- **CachedEngineVersion** The version of the “Self-Initiated Healing” (SIH) engine that is cached on the device, if applicable. - **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. -- **CbsDownloadMethod** Indicates whether the download was a full-file download or a partial/delta download. +- **CbsDownloadMethod** Indicates whether the download was a full- or a partial-file download. - **CbsMethod** The method used for downloading the update content related to the Component Based Servicing (CBS) technology. - **CDNCountryCode** Two letter country abbreviation for the Content Distribution Network (CDN) location. - **CDNId** ID which defines which CDN the software distribution client downloaded the content from. @@ -5180,9 +5475,11 @@ The following fields are available: - **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. - **ConnectTime** Indicates the cumulative amount of time (in seconds) it took to establish the connection for all updates in an update bundle. - **CurrentMobileOperator** The mobile operator the device is currently connected to. -- **DeviceModel** What is the device model. +- **DeviceModel** The model of the device. - **DownloadPriority** Indicates whether a download happened at background, normal, or foreground priority. - **DownloadProps** Information about the download operation properties in the form of a bitmask. +- **DownloadScenarioId** A unique ID for a given download, used to tie together Windows Update and Delivery Optimizer events. +- **DownloadType** Differentiates the download type of “Self-Initiated Healing” (SIH) downloads between Metadata and Payload downloads. - **EventInstanceID** A globally unique identifier for event instance. - **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started downloading content, or whether it was cancelled, succeeded, or failed. - **EventType** Possible values are Child, Bundle, or Driver. @@ -5209,25 +5506,26 @@ The following fields are available: - **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. - **Reason** A 32-bit integer representing the reason the update is blocked from being downloaded in the background. -- **RegulationReason** The reason that the update is regulated - **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content. - **RelatedCV** The previous Correlation Vector that was used before swapping with a new one. - **RepeatFailCount** Indicates whether this specific content has previously failed. -- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download. +- **RepeatFailFlag** Indicates whether this specific content previously failed to download. - **RevisionNumber** The revision number of the specified piece of content. - **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc). -- **Setup360Phase** If the download is for an operating system upgrade, this datapoint indicates which phase of the upgrade is underway. -- **ShippingMobileOperator** The mobile operator that a device shipped on. +- **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade. +- **ShippingMobileOperator** The mobile operator linked to the device when the device shipped. - **SizeCalcTime** Time taken (in seconds) to calculate the total download size of the payload. - **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult). - **SystemBIOSMajorRelease** Major version of the BIOS. - **SystemBIOSMinorRelease** Minor version of the BIOS. - **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. - **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. +- **TargetMetadataVersion** The version of the currently downloading (or most recently downloaded) package. - **ThrottlingServiceHResult** Result code (success/failure) while contacting a web service to determine whether this device should download content yet. -- **TimeToEstablishConnection** Time (in ms) it took to establish the connection prior to beginning downloaded. +- **TimeToEstablishConnection** Time (in milliseconds) it took to establish the connection prior to beginning downloaded. - **TotalExpectedBytes** The total count of bytes that the download is expected to be. - **UpdateId** An identifier associated with the specific piece of content. +- **UpdateID** An identifier associated with the specific piece of content. - **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional. - **UsedDO** Whether the download used the delivery optimization service. - **UsedSystemVolume** Indicates whether the content was downloaded to the device's main system storage drive, or an alternate storage drive. @@ -5242,7 +5540,7 @@ The following fields are available: - **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client - **ClientVersion** The version number of the software distribution client -- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was canceled, succeeded, or failed +- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed - **EventType** Possible values are "Child", "Bundle", "Relase" or "Driver" - **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough - **FileId** A hash that uniquely identifies a file @@ -5275,7 +5573,7 @@ The following fields are available: - **IsNetworkMetered** Indicates whether Windows considered the current network to be ?metered" - **MOAppDownloadLimit** Mobile operator cap on size of application downloads, if any - **MOUpdateDownloadLimit** Mobile operator cap on size of operating system update downloads, if any -- **PowerState** Indicates the power state of the device at the time of heartbeat (DC, AC, Battery Saver, or Connected Standby) +- **PowerState** Indicates the power state of the device at the time of heartbeart (DC, AC, Battery Saver, or Connected Standby) - **RelatedCV** The previous correlation vector that was used by the client, before swapping with a new one - **ResumeCount** Number of times this active download has resumed from a suspended state - **RevisionNumber** Identifies the revision number of this specific piece of content @@ -5312,7 +5610,7 @@ The following fields are available: - **DriverPingBack** Contains information about the previous driver and system state. - **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers if a recovery is required. - **EventInstanceID** A globally unique identifier for event instance. -- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was canceled, succeeded, or failed. +- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. - **EventType** Possible values are Child, Bundle, or Driver. - **ExtendedErrorCode** The extended error code. - **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode is not specific enough. @@ -5415,7 +5713,6 @@ The following fields are available: - **CmdLineArgs** Command line arguments passed in by the caller. - **EventInstanceID** A globally unique identifier for the event instance. - **EventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.). -- **Mode** Indicates the mode that has started. - **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.). - **StatusCode** Result code of the event (success, cancellation, failure code HResult). - **WUDeviceID** Unique device ID controlled by the software distribution client. @@ -5437,7 +5734,7 @@ The following fields are available: - **DriverPingBack** Contains information about the previous driver and system state. - **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers when a recovery is required. - **EventInstanceID** A globally unique identifier for event instance. -- **EventScenario** Indicates the purpose of the event (a scan started, succeeded, failed, etc.). +- **EventScenario** Indicates the purpose of the event (a scan started, succeded, failed, etc.). - **EventType** Indicates the event type. Possible values are "Child", "Bundle", "Release" or "Driver". - **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode is not specific enough. - **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. @@ -5488,12 +5785,12 @@ Ensures Windows Updates are secure and complete. Event helps to identify whether The following fields are available: - **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request. -- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. -- **EventScenario** Indicates the purpose of the event - whether because scan started, succeeded, failed, etc. +- **EndpointUrl** The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments. +- **EventScenario** The purpose of this event, such as scan started, scan succeeded, or scan failed. - **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. - **LeafCertId** The integral ID from the FragmentSigning data for the certificate that failed. - **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. -- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce +- **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce - **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID). - **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable. - **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable. @@ -5504,7 +5801,7 @@ The following fields are available: - **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate. - **SHA256OfTimestampToken** An encoded string of the timestamp token. - **SignatureAlgorithm** The hash algorithm for the metadata signature. -- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". +- **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast - **StatusCode** Result code of the event (success, cancellation, failure code HResult) - **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token. - **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed. @@ -5516,7 +5813,7 @@ The following fields are available: ### Microsoft.Windows.SysReset.FlightUninstallCancel -This event indicates the customer has canceled uninstallation of Windows. +This event indicates the customer has cancelled uninstallation of Windows. @@ -5674,7 +5971,6 @@ The following fields are available: - **LastAttemptVersion** The version of the most recent attempted firmware installation. - **LowestSupportedFirmwareVersion** The oldest (lowest) version of firmware supported. - **MaxRetryCount** The maximum number of retries, defined by the firmware class key. -- **PartA_PrivTags** The privacy tags associated with the firmware. - **RetryCount** The number of attempted installations (retries), reported by the driver software key. - **Status** The status returned to the PnP (Plug-and-Play) manager. - **UpdateAttempted** Indicates if installation of the current update has been attempted before. @@ -5693,6 +5989,7 @@ The following fields are available: - **ObjectId** The unique value for each Update Agent mode. - **RebootRequired** Indicates reboot is required. - **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan. +- **Result** The HResult of the event. - **RevertResult** The result code returned for the Revert operation. - **ScenarioId** The ID of the update scenario. - **SessionId** The ID of the update attempt. @@ -5721,7 +6018,9 @@ This event sends data for the download request phase of updating Windows via the The following fields are available: +- **ContainsSafeOSDUPackage** Boolean indicating whether Safe DU packages are part of the payload. - **DeletedCorruptFiles** Boolean indicating whether corrupt payload was deleted. +- **DownloadComplete** Indicates if the download is complete. - **DownloadRequests** Number of times a download was retried. - **ErrorCode** The error code returned for the current download request phase. - **ExtensionName** Indicates whether the payload is related to Operating System content or a plugin. @@ -5771,22 +6070,6 @@ The following fields are available: - **UpdateId** Unique ID for each update. -### Update360Telemetry.UpdateAgentFellBackToCanonical - -This event collects information when express could not be used and we fall back to canonical during the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. - -The following fields are available: - -- **FlightId** Unique ID for each flight. -- **ObjectId** Unique value for each Update Agent mode. -- **PackageCount** Number of packages that feel back to canonical. -- **PackageList** PackageIds which fell back to canonical. -- **RelatedCV** Correlation vector value generated from the latest USO scan. -- **ScenarioId** Indicates the update scenario. -- **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each update. - - ### Update360Telemetry.UpdateAgentInitialize This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario, which is applicable to both PCs and Mobile. @@ -5944,12 +6227,15 @@ The following fields are available: - **ErrorCode** The error code returned for the current reboot. - **FlightId** Unique ID for the flight (test instance version). +- **IsSuspendable** Indicates whether the update has the ability to be suspended and resumed at the time of reboot. When the machine is rebooted and the update is in middle of Predownload or Install and Setup.exe is running, this field is TRUE, if not its FALSE. - **ObjectId** The unique value for each Update Agent mode. +- **Reason** Indicates the HResult why the machine could not be suspended. If it is successfully suspended, the result is 0. - **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan. - **Result** The HResult of the event. - **ScenarioId** The ID of the update scenario. - **SessionId** The ID of the update attempt. - **UpdateId** The ID of the update. +- **UpdateState** Indicates the state of the machine when Suspend is called. For example, Install, Download, Commit. ### Update360Telemetry.UpdateAgentSetupBoxLaunch @@ -5973,11 +6259,29 @@ The following fields are available: - **UserSession** Indicates whether install was invoked by user actions. +## Update notification events + +### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignManagerHeartbeat + +This event is sent at the start of the CampaignManager event and is intended to be used as a heartbeat. + +The following fields are available: + +- **CampaignConfigVersion** Configuration version for the current campaign. +- **CampaignID** Currently campaign that is running on Update Notification Pipeline (UNP). +- **ConfigCatalogVersion** Current catalog version of UNP. +- **ContentVersion** Content version for the current campaign on UNP. +- **CV** Correlation vector. +- **DetectorVersion** Most recently run detector version for the current campaign on UNP. +- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user. +- **PackageVersion** Current UNP package version. + + ## Upgrade events ### FacilitatorTelemetry.DCATDownload -This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up-to-date and secure. +This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up to date and secure. The following fields are available: @@ -5990,12 +6294,23 @@ The following fields are available: - **UpdateId** The ID of the update that was downloaded. +### FacilitatorTelemetry.DUDownload + +This event returns data about the download of supplemental packages critical to upgrading a device to the next version of Windows. + +The following fields are available: + +- **PackageCategoriesFailed** Lists the categories of packages that failed to download. +- **PackageCategoriesSkipped** Lists the categories of package downloads that were skipped. + + ### FacilitatorTelemetry.InitializeDU This event determines whether devices received additional or critical supplemental content during an OS upgrade. The following fields are available: +- **DCATUrl** The Delivery Catalog (DCAT) URL we send the request to. - **DownloadRequestAttributes** The attributes we send to DCAT. - **ResultCode** The result returned from the initiation of Facilitator with the URL/attributes. - **Scenario** Dynamic Update scenario (Image DU, or Setup DU). @@ -6005,7 +6320,7 @@ The following fields are available: ### Setup360Telemetry.Downlevel -This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up-to-date and secure. +This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up to date and secure. The following fields are available: @@ -6020,7 +6335,7 @@ The following fields are available: - **Setup360Result** The result of Setup360 (HRESULT used to diagnose errors). - **Setup360Scenario** The Setup360 flow type (for example, Boot, Media, Update, MCT). - **SetupVersionBuildNumber** The build number of Setup360 (build number of the target OS). -- **State** Exit state of given Setup360 run. Example: succeeded, failed, blocked, canceled. +- **State** Exit state of given Setup360 run. Example: succeeded, failed, blocked, cancelled. - **TestId** An ID that uniquely identifies a group of events. - **WuId** This is the Windows Update Client ID. In the Windows Update scenario, this is the same as the clientId. @@ -6042,7 +6357,7 @@ The following fields are available: - **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. - **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled. +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. - **TestId** ID that uniquely identifies a group of events. - **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. @@ -6064,7 +6379,7 @@ The following fields are available: - **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. - **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled. +- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. - **TestId** ID that uniquely identifies a group of events. - **WuId** Windows Update client ID. @@ -6086,7 +6401,7 @@ The following fields are available: - **Setup360Result** The result of Setup360. This is an HRESULT error code that's used to diagnose errors. - **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled - **TestId** A string to uniquely identify a group of events. - **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as ClientId. @@ -6130,7 +6445,7 @@ The following fields are available: - **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors. - **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. - **SetupVersionBuildNumber** The build number of Setup360 (build number of the target OS). -- **State** The exit state of the Setup360 run. Example: succeeded, failed, blocked, canceled. +- **State** The exit state of the Setup360 run. Example: succeeded, failed, blocked, cancelled. - **TestId** ID that uniquely identifies a group of events. - **WuId** Windows Update client ID. @@ -6152,7 +6467,7 @@ The following fields are available: - **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors. - **Setup360Scenario** Setup360 flow type (Boot, Media, Update, MCT). - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled. +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. - **TestId** A string to uniquely identify a group of events. - **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. @@ -6174,7 +6489,7 @@ The following fields are available: - **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. - **Setup360Scenario** The Setup360 flow type, Example: Boot, Media, Update, MCT. - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled. +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. - **TestId** A string to uniquely identify a group of events. - **WuId** Windows Update client ID. @@ -6202,7 +6517,7 @@ The following fields are available: - **FlightData** Specifies a unique identifier for each group of Windows Insider builds. - **InstanceId** Retrieves a unique identifier for each instance of a setup session. -- **Operation** Facilitator's last known operation (scan, download, etc.). +- **Operation** Facilitator’s last known operation (scan, download, etc.). - **ReportId** ID for tying together events stream side. - **ResultCode** Result returned for the entire setup operation. - **Scenario** Dynamic Update scenario (Image DU, or Setup DU). @@ -6286,10 +6601,10 @@ The following fields are available: - **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. - **Setup360Extended** Detailed information about the phase/action when the potential failure occurred. - **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. -- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors. +- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors. - **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). -- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, canceled. +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. - **TestId** A string to uniquely identify a group of events. - **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. @@ -6331,7 +6646,7 @@ The following fields are available: ### Microsoft.Windows.WERVertical.OSCrash -This event sends binary data from the collected dump file whenever a bug check occurs, to help keep Windows up to date. The is the OneCore version of this event. +This event sends binary data from the collected dump file wheneveer a bug check occurs, to help keep Windows up to date. The is the OneCore version of this event. The following fields are available: @@ -6381,27 +6696,16 @@ This event collects data about common platform hardware error recorded by the Wi The following fields are available: - **creatorId** The unique identifier for the entity that created the error record. -- **CreatorId** The unique identifier for the entity that created the error record. - **errorFlags** Any flags set on the error record. -- **ErrorFlags** Any flags set on the error record. - **notifyType** The unique identifier for the notification mechanism which reported the error to the operating system. -- **NotifyType** The unique identifier for the notification mechanism which reported the error to the operating system. - **partitionId** The unique identifier for the partition on which the hardware error occurred. -- **PartitionId** The unique identifier for the partition on which the hardware error occurred. - **platformId** The unique identifier for the platform on which the hardware error occurred. -- **PlatformId** The unique identifier for the platform on which the hardware error occurred. - **record** A collection of binary data containing the full error record. -- **Record** A collection of binary data containing the full error record. - **recordId** The identifier of the error record. -- **RecordId** The identifier of the error record. - **sectionFlags** The flags for each section recorded in the error record. -- **SectionFlags** The flags for each section recorded in the error record. -- **SectionSeverity** The severity of each individual section. - **sectionTypes** The unique identifier that represents the type of sections contained in the error record. -- **SectionTypes** The unique identifier that represents the type of sections contained in the error record. - **severityCount** The severity of each individual section. - **timeStamp** The error time stamp as recorded in the error record. -- **TimeStamp** The error time stamp as recorded in the error record. ## Windows Security Center events @@ -6516,6 +6820,7 @@ The following fields are available: - **AggregatedPackageFullNames** Includes a set of package full names for each app that is part of an atomic set. - **AttemptNumber** The total number of attempts to acquire this product. +- **BundleId** The identity of the test build (flight) associated with this product. - **CategoryId** The identity of the package or packages being installed. - **ClientAppId** The identity of the app that initiated this operation. - **HResult** HResult code to show the result of the operation (success/failure). @@ -6525,6 +6830,7 @@ The following fields are available: - **IsRemediation** Is this repairing a previous installation? - **IsRestore** Is this happening after a device restore? - **IsUpdate** Is this an update? +- **ParentBundleId** The product identifier of the parent if this product is part of a bundle. - **PFN** Product Family Name of the product being installed. - **ProductId** The Store Product ID for the product being installed. - **SystemAttemptNumber** The number of attempts by the system to acquire this product. @@ -6794,12 +7100,12 @@ The following fields are available: - **CatalogId** The Store Catalog ID for the product being installed. - **ProductId** The Store Product ID for the product being installed. -- **SkuId** Specific edition of the app being updated. +- **SkuId** Specfic edition of the app being updated. ### Microsoft.Windows.StoreAgent.Telemetry.StateTransition -Products in the process of being fulfilled (installed or updated) are maintained in a list. This event is sent any time there is a change in a product's fulfillment status (pending, working, paused, canceled, or complete), to help keep Windows up to date and secure. +Products in the process of being fulfilled (installed or updated) are maintained in a list. This event is sent any time there is a change in a product's fulfillment status (pending, working, paused, cancelled, or complete), to help keep Windows up to date and secure. The following fields are available: @@ -6823,6 +7129,45 @@ The following fields are available: - **PFamN** The name of the app that is requested for update. +## Windows Update CSP events + +### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureFailed + +This event sends basic telemetry on the failure of the Feature Rollback. + +The following fields are available: + +- **current** Result of currency check. +- **dismOperationSucceeded** Dism uninstall operation status. +- **hResult** Failure error code. +- **oSVersion** Build number of the device. +- **paused** Indicates whether the device is paused. +- **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status. +- **sacDevice** This is the device info. +- **wUfBConnected** Result of WUfB connection check. + + +### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureNotApplicable + +This event sends basic telemetry on whether Feature Rollback (rolling back features updates) is applicable to a device. + +The following fields are available: + +- **current** Result of currency check. +- **dismOperationSucceeded** Dism uninstall operation status. +- **oSVersion** Build number of the device. +- **paused** Indicates whether the device is paused. +- **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status. +- **sacDevice** Represents the device info. +- **wUfBConnected** Result of WUfB connection check. + + +### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureStarted + +This event sends basic information indicating that Feature Rollback has started. + + + ## Windows Update Delivery Optimization events ### Microsoft.OSG.DU.DeliveryOptClient.DownloadCanceled @@ -6880,6 +7225,7 @@ The following fields are available: - **cdnErrorCounts** The number of times each error in cdnErrorCodes was encountered. - **cdnIp** The IP address of the source CDN. - **cdnUrl** Url of the source Content Distribution Network (CDN). +- **congestionPrevention** Indicates a download may have been suspended to prevent network congestion. - **dataSourcesTotal** Bytes received per source type, accumulated for the whole session. - **doErrorCode** The Delivery Optimization error code that was returned. - **downlinkBps** The maximum measured available download bandwidth (in bytes per second). @@ -6896,6 +7242,7 @@ The following fields are available: - **groupConnectionCount** The total number of connections made to peers in the same group. - **internetConnectionCount** The total number of connections made to peers not in the same LAN or the same group. - **isEncrypted** TRUE if the file is encrypted and will be decrypted after download. +- **isThrottled** Indicates the Event Rate was throttled (event represent aggregated data). - **isVpn** Is the device connected to a Virtual Private Network? - **jobID** Identifier for the Windows Update job. - **lanConnectionCount** The total number of connections made to peers in the same LAN. @@ -6958,6 +7305,7 @@ The following fields are available: - **fileSizeCaller** Value for total file size provided by our caller. - **groupID** ID for the group. - **isEncrypted** Indicates whether the download is encrypted. +- **isThrottled** Indicates the Event Rate was throttled (event represent aggregated data). - **isVpn** Indicates whether the device is connected to a Virtual Private Network. - **jobID** The ID of the Windows Update job. - **peerID** The ID for this delivery optimization client. @@ -7007,6 +7355,122 @@ The following fields are available: ## Windows Update events +### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentAnalysisSummary + +This event collects information regarding the state of devices and drivers on the system following a reboot after the install phase of the new device manifest UUP (Unified Update Platform) update scenario which is used to install a device manifest describing a set of driver packages. + +The following fields are available: + +- **activated** Whether the entire device manifest update is considered activated and in use. +- **analysisErrorCount** The number of driver packages that could not be analyzed because errors occurred during analysis. +- **flightId** Unique ID for each flight. +- **missingDriverCount** The number of driver packages delivered by the device manifest that are missing from the system. +- **missingUpdateCount** The number of updates in the device manifest that are missing from the system. +- **objectId** Unique value for each diagnostics session. +- **publishedCount** The number of drivers packages delivered by the device manifest that are published and available to be used on devices. +- **relatedCV** Correlation vector value generated from the latest USO scan. +- **scenarioId** Indicates the update scenario. +- **sessionId** Unique value for each update session. +- **summary** A summary string that contains basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match. +- **summaryAppendError** A Boolean indicating if there was an error appending more information to the summary string. +- **truncatedDeviceCount** The number of devices missing from the summary string because there is not enough room in the string. +- **truncatedDriverCount** The number of driver packages missing from the summary string because there is not enough room in the string. +- **unpublishedCount** How many drivers packages that were delivered by the device manifest that are still unpublished and unavailable to be used on devices. +- **updateId** The unique ID for each update. + + +### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentCommit + +This event collects information regarding the final commit phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. + +The following fields are available: + +- **errorCode** The error code returned for the current session initialization. +- **flightId** The unique identifier for each flight. +- **objectId** The unique GUID for each diagnostics session. +- **relatedCV** A correlation vector value generated from the latest USO scan. +- **result** Outcome of the initialization of the session. +- **scenarioId** Identifies the Update scenario. +- **sessionId** The unique value for each update session. +- **updateId** The unique identifier for each Update. + + +### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentDownloadRequest + +This event collects information regarding the download request phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. + +The following fields are available: + +- **deletedCorruptFiles** Indicates if UpdateAgent found any corrupt payload files and whether the payload was deleted. +- **errorCode** The error code returned for the current session initialization. +- **flightId** The unique identifier for each flight. +- **objectId** Unique value for each Update Agent mode. +- **packageCountOptional** Number of optional packages requested. +- **packageCountRequired** Number of required packages requested. +- **packageCountTotal** Total number of packages needed. +- **packageCountTotalCanonical** Total number of canonical packages. +- **packageCountTotalDiff** Total number of diff packages. +- **packageCountTotalExpress** Total number of express packages. +- **packageSizeCanonical** Size of canonical packages in bytes. +- **packageSizeDiff** Size of diff packages in bytes. +- **packageSizeExpress** Size of express packages in bytes. +- **rangeRequestState** Represents the state of the download range request. +- **relatedCV** Correlation vector value generated from the latest USO scan. +- **result** Result of the download request phase of update. +- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. +- **sessionId** Unique value for each Update Agent mode attempt. +- **updateId** Unique ID for each update. + + +### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInitialize + +This event sends data for initializing a new update session for the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. + +The following fields are available: + +- **errorCode** The error code returned for the current session initialization. +- **flightId** The unique identifier for each flight. +- **flightMetadata** Contains the FlightId and the build being flighted. +- **objectId** Unique value for each Update Agent mode. +- **relatedCV** Correlation vector value generated from the latest USO scan. +- **result** Result of the initialize phase of the update. 0 = Succeeded, 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled. +- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. +- **sessionData** Contains instructions to update agent for processing FODs and DUICs (Null for other scenarios). +- **sessionId** Unique value for each Update Agent mode attempt. +- **updateId** Unique ID for each update. + + +### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentInstall + +This event collects information regarding the install phase of the new device manifest UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. + +The following fields are available: + +- **errorCode** The error code returned for the current install phase. +- **flightId** The unique identifier for each flight. +- **objectId** The unique identifier for each diagnostics session. +- **relatedCV** Correlation vector value generated from the latest USO scan. +- **result** Outcome of the install phase of the update. +- **scenarioId** The unique identifier for the update scenario. +- **sessionId** Unique value for each update session. +- **updateId** The unique identifier for each update. + + +### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentModeStart + +This event sends data for the start of each mode during the process of updating device manifest assets via the UUP (Unified Update Platform) update scenario, which is used to install a device manifest describing a set of driver packages. + +The following fields are available: + +- **flightId** The unique identifier for each flight. +- **mode** The mode that is starting. +- **objectId** The unique value for each diagnostics session. +- **relatedCV** Correlation vector value generated from the latest USO scan. +- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. +- **sessionId** Unique value for each Update Agent mode attempt. +- **updateId** Unique identifier for each update. + + ### Microsoft.Windows.Update.NotificationUx.DialogNotificationToBeDisplayed This event indicates that a notification dialog box is about to be displayed to user. @@ -7101,22 +7565,6 @@ The following fields are available: - **UtcTime** The time at which the reboot reminder dialog was shown (in UTC). -### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootReminderToast - -This event indicates that the Enhanced Engaged restart reminder pop-up banner was displayed. - -The following fields are available: - -- **DeviceLocalTime** The local time on the device sending the event. -- **ETag** OneSettings versioning value. -- **ExitCode** Indicates how users exited the pop-up banner. -- **RebootVersion** The version of the reboot logic. -- **UpdateId** The ID of the update that is pending restart to finish installation. -- **UpdateRevision** The revision of the update that is pending restart to finish installation. -- **UserResponseString** The option that the user chose in pop-up banner. -- **UtcTime** The time that the pop-up banner was displayed, in Coordinated Universal Time. - - ### Microsoft.Windows.Update.NotificationUx.RebootScheduled Indicates when a reboot is scheduled by the system or a user for a security, quality, or feature update. @@ -7148,6 +7596,30 @@ The following fields are available: - **wuDeviceid** Unique device ID used by Windows Update. +### Microsoft.Windows.Update.Orchestrator.BlockedByActiveHours + +This event indicates that update activity was blocked because it is within the active hours window. + +The following fields are available: + +- **activeHoursEnd** The end of the active hours window. +- **activeHoursStart** The start of the active hours window. +- **updatePhase** The current state of the update process. +- **wuDeviceid** Unique device ID used by Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.BlockedByBatteryLevel + +This event indicates that Windows Update activity was blocked due to low battery level. + +The following fields are available: + +- **batteryLevel** The current battery charge capacity. +- **batteryLevelThreshold** The battery capacity threshold to stop update activity. +- **updatePhase** The current state of the update process. +- **wuDeviceid** Device ID. + + ### Microsoft.Windows.Update.Orchestrator.DeferRestart This event indicates that a restart required for installing updates was postponed. @@ -7178,7 +7650,7 @@ The following fields are available: - **detectionBlockreason** The reason detection did not complete. - **detectionRetryMode** Indicates whether we will try to scan again. - **errorCode** The error code returned for the current process. -- **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was canceled, succeeded, or failed. +- **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. - **flightID** The specific ID of the Windows Insider build the device is getting. - **interactive** Indicates whether the session was user initiated. - **networkStatus** Error info @@ -7216,7 +7688,7 @@ This event indicates the reboot was postponed due to needing a display. The following fields are available: - **displayNeededReason** Reason the display is needed. -- **eventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was canceled, succeeded, or failed. +- **eventScenario** Indicates the purpose of sending this event - whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. - **rebootOutsideOfActiveHours** Indicates whether the reboot was to occur outside of active hours. - **revisionNumber** Revision number of the update. - **updateId** Update ID. @@ -7311,7 +7783,7 @@ The following fields are available: - **batteryLevel** Current battery capacity in mWh or percentage left. - **deferReason** Reason for install not completing. -- **errorCode** The error code represented by a hexadecimal value. +- **errorCode** The error code reppresented by a hexadecimal value. - **eventScenario** End-to-end update session ID. - **flightID** The ID of the Windows Insider build the device is getting. - **flightUpdate** Indicates whether the update is a Windows Insider build. @@ -7424,6 +7896,32 @@ The following fields are available: - **wuDeviceid** Unique device ID used by Windows Update. +### Microsoft.Windows.Update.Orchestrator.SeekerUpdateAvailable + +This event defines when an optional update is available for the device to help keep Windows up to date. + +The following fields are available: + +- **flightID** The unique identifier of the Windows Insider build on this device. +- **isFeatureUpdate** Indicates whether the update is a Feature Update. +- **revisionNumber** The revision number of the update. +- **updateId** The GUID (Globally Unique Identifier) of the update. +- **wuDeviceid** The Windows Update device identifier. + + +### Microsoft.Windows.Update.Orchestrator.SeekUpdate + +This event occurs when user initiates "seeker" scan. This helps keep Windows up to date. + +The following fields are available: + +- **flightID** The ID of the Windows Insider builds on the device. +- **isFeatureUpdate** Indicates that the target of the Seek is a feature update. +- **revisionNumber** The revision number of the update. +- **updateId** The identifier of the update. +- **wuDeviceid** The Windows Update device identifier. + + ### Microsoft.Windows.Update.Orchestrator.StickUpdate This event is sent when the update service orchestrator (USO) indicates the update cannot be superseded by a newer update. @@ -7450,6 +7948,18 @@ The following fields are available: - **wuDeviceid** Unique device ID used by Windows Update. +### Microsoft.Windows.Update.Orchestrator.TerminatedByActiveHours + +This event indicates that update activity was stopped due to active hours starting. + +The following fields are available: + +- **activeHoursEnd** The end of the active hours window. +- **activeHoursStart** The start of the active hours window. +- **updatePhase** The current state of the update process. +- **wuDeviceid** The device identifier. + + ### Microsoft.Windows.Update.Orchestrator.UniversalOrchestratorInvalidSignature This event is sent when an updater has attempted to register a binary that is not signed by Microsoft. @@ -7461,6 +7971,17 @@ The following fields are available: - **wuDeviceid** Unique device ID used by Windows Update. +### Microsoft.Windows.Update.Orchestrator.UniversalOrchestratorScheduleWorkInvalidCmd + +Event to indicate a critical error with the callback binary requested by the updater + +The following fields are available: + +- **updaterCmdLine** The callback executable for the updater. +- **updaterId** The ID of the updater. +- **wuDeviceid** The Windows Update device identifier. + + ### Microsoft.Windows.Update.Orchestrator.UnstickUpdate This event is sent when the update service orchestrator (USO) indicates that the update can be superseded by a newer update. @@ -7471,6 +7992,16 @@ The following fields are available: - **wuDeviceid** Unique device ID controlled by the software distribution client. +### Microsoft.Windows.Update.Orchestrator.UpdateNotApplicableForReserves + +This event reports a critical error when using update reserves for OS updates to help keep Windows up to date. + +The following fields are available: + +- **updateId** The GUID (Globally Unique Identifier) of the update. +- **wuDeviceid** The Windows Update device identifier. + + ### Microsoft.Windows.Update.Orchestrator.UpdatePolicyCacheRefresh This event sends data on whether Update Management Policies were enabled on a device, to help keep Windows up to date. @@ -7646,32 +8177,6 @@ The following fields are available: ## Windows Update mitigation events -### Microsoft.Windows.Mitigation.AccountTraceLoggingProvider.General - -This event provides information about application properties to indicate the successful execution. - -The following fields are available: - -- **AppMode** Indicates the mode the app is being currently run around privileges. -- **ExitCode** Indicates the exit code of the app. -- **Help** Indicates if the app needs to be launched in the help mode. -- **ParseError** Indicates if there was a parse error during the execution. -- **RightsAcquired** Indicates if the right privileges were acquired for successful execution. -- **RightsWereEnabled** Indicates if the right privileges were enabled for successful execution. -- **TestMode** Indicates whether the app is being run in test mode. - - -### Microsoft.Windows.Mitigation.AccountTraceLoggingProvider.GetCount - -This event provides information about the properties of user accounts in the Administrator group. - -The following fields are available: - -- **Internal** Indicates the internal property associated with the count group. -- **LastError** The error code (if applicable) for the cause of the failure to get the count of the user account. -- **Result** The HResult error. - - ### Mitigation360Telemetry.MitigationCustom.CleanupSafeOsImages This event sends data specific to the CleanupSafeOsImages mitigation used for OS Updates. @@ -7696,6 +8201,28 @@ The following fields are available: - **WuId** Unique ID for the Windows Update client. +### Mitigation360Telemetry.MitigationCustom.FixAppXReparsePoints + +This event sends data specific to the FixAppXReparsePoints mitigation used for OS updates. + +The following fields are available: + +- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightId** Unique identifier for each flight. +- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. +- **MitigationScenario** The update scenario in which the mitigation was executed. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **ReparsePointsFailed** Number of reparse points that are corrupted but we failed to fix them. +- **ReparsePointsFixed** Number of reparse points that were corrupted and were fixed by this mitigation. +- **ReparsePointsSkipped** Number of reparse points that are not corrupted and no action is required. +- **Result** HResult of this operation. +- **ScenarioId** ID indicating the mitigation scenario. +- **ScenarioSupported** Indicates whether the scenario was supported. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each Update. +- **WuId** Unique ID for the Windows Update client. + + ### Mitigation360Telemetry.MitigationCustom.FixupEditionId This event sends data specific to the FixupEditionId mitigation used for OS updates. @@ -7748,12 +8275,6 @@ The following fields are available: - **ReserveId** The ID of the reserve that needs to be cleared. -### Microsoft.Windows.UpdateReserveManager.ClearSoftReserve - -This event is sent when the Update Reserve Manager clears the contents of the soft reserve. - - - ### Microsoft.Windows.UpdateReserveManager.CommitPendingHardReserveAdjustment This event is sent when the Update Reserve Manager commits a hard reserve adjustment that was pending. @@ -7802,6 +8323,7 @@ The following fields are available: - **FallbackInitUsed** Indicates whether fallback initialization is used. - **FinalUserFreeSpace** The amount of user free space after initialization. - **Flags** The flags used in the initialization of Update Reserve Manager. +- **FreeSpaceToLeaveInUpdateScratch** The amount of space that should be left free after using the reserves. - **HardReserveFinalSize** The final size of the hard reserve. - **HardReserveFinalUsedSpace** The used space in the hard reserve. - **HardReserveInitialSize** The size of the hard reserve after initialization. @@ -7842,6 +8364,7 @@ This event is sent when the Update Reserve Manager prepares the Trusted Installe The following fields are available: +- **FallbackLogicUsed** Indicates whether fallback logic was used for initialization. - **Flags** The flags that are passed to the function to prepare the Trusted Installer for reserve initialization. diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index 260868ca64..52f53de9e4 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -20,9 +20,9 @@ ms.date: 04/29/2019 **Applies to** -- Windows 10 Enterprise -- Windows 10 Mobile -- Windows Server +- Windows 10 Enterprise +- Windows 10 Mobile +- Windows Server This article applies to Windows and Windows Server diagnostic data only. It describes the types of diagnostic data we may gather, the ways you might manage it in your organization, and some examples of how diagnostic data can provide you with valuable insights into your enterprise deployments. Microsoft uses the data to quickly identify and address issues affecting its customers. @@ -54,6 +54,7 @@ Windows as a Service is a fundamental change in how Microsoft plans, builds, and The release cadence of Windows may be fast, so feedback is critical to its success. We rely on diagnostic data at each stage of the process to inform our decisions and prioritize our efforts. ### What is Windows diagnostic data? + Windows diagnostic data is vital technical data from Windows devices about the device and how Windows and related software are performing. It's used in the following ways: - Keep Windows up to date @@ -71,9 +72,10 @@ Here are some specific examples of Windows diagnostic data: Diagnostic data can sometimes be confused with functional data. Some Windows components and apps connect to Microsoft services directly, but the data they exchange is not diagnostic data. For example, exchanging a user’s location for local weather or news is not an example of diagnostic data—it is functional data that the app or service requires to satisfy the user’s request. -There are subtle differences between diagnostic data and functional data. Windows collects and sends diagnostic data in the background automatically. You can control how much information is gathered by setting the diagnostic data level. Microsoft tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of the crash). On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data. +There are subtle differences between diagnostic data and functional data. Windows collects and sends diagnostic data in the background automatically. You can control how much information is gathered by setting the diagnostic data level. Microsoft tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of the crash). +On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data. -If you’re an IT pro that wants to manage Windows functional data sent from your organization to Microsoft, see [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services). +If you’re an IT pro that wants to manage Windows functional data sent from your organization to Microsoft, see [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services/). The following are specific examples of functional data: @@ -90,6 +92,7 @@ Windows and Windows Server diagnostic data gives every user a voice in the opera Our ability to collect diagnostic data that drives improvements to Windows and Windows Server helps raise the bar for app and device driver quality. Diagnostic data helps us to quickly identify and fix critical reliability and security issues with apps and device drivers on given configurations. For example, we can identify an app that hangs on devices using a specific version of a video driver, allowing us to work with the app and device driver vendor to quickly fix the issue. The result is less downtime and reduced costs and increased productivity associated with troubleshooting these issues. #### Real-world example of how Windows diagnostic data helps + There was a version of a video driver that was crashing on some devices running Windows 10, causing the device to reboot. We detected the problem in our diagnostic data, and immediately contacted the third-party developer who builds the video driver. Working with the developer, we provided an updated driver to Windows Insiders within 24 hours. Based on diagnostic data from the Windows Insiders’ devices, we were able to validate the new version of the video driver, and rolled it out to the broad public as an update the next day. Diagnostic data helped us find, fix, and resolve this problem in just 48 hours, providing a better user experience and reducing costly support calls. ### Improve end-user productivity @@ -104,20 +107,19 @@ Windows diagnostic data also helps Microsoft better understand how customers use ### Insights into your own organization -Sharing information with Microsoft helps make Windows and other products better, but it can also help make your internal processes and user experiences better. Microsoft provides a set of solutions that leverage information shared by customers to provide insights customized for your internal use. The first of these was [Upgrade Readiness](/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness), followed by [Desktop Analytics](https://aka.ms/DADocs) (coming soon). Both help organizations with [Windows as a Service](/windows/deployment/update/wass-overview) adoption and potential compatibility challenges. For E5 customers, [Microsoft Defender Advanced Threat Protection](/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. - +Sharing information with Microsoft helps make Windows and other products better, but it can also help make your internal processes and user experiences better. Microsoft provides a set of solutions that leverage information shared by customers to provide insights customized for your internal use. The first of these was [Upgrade Readiness](/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness), followed by [Desktop Analytics](https://aka.ms/DADocs). Both help organizations with [Windows as a Service](/windows/deployment/update/wass-overview) adoption and potential compatibility challenges. For E5 customers, [Microsoft Defender Advanced Threat Protection](/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. ## How Microsoft handles diagnostic data The diagnostic data is categorized into four levels: -- [**Security**](#security-level). Information that’s required to help keep Windows and Windows Server secure, including data about the Connected User Experiences and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender. +- [**Security**](#security-level). Information that’s required to help keep Windows and Windows Server secure, including data about the Connected User Experiences and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender. -- [**Basic**](#basic-level). Basic device info, including: quality-related data, app compatibility, and data from the **Security** level. +- [**Basic**](#basic-level). Basic device info, including: quality-related data, app compatibility, and data from the **Security** level. -- [**Enhanced**](#enhanced-level). Additional insights, including: how Windows, Windows Server, and apps are used, how they perform, advanced reliability data, and data from both the **Basic** and the **Security** levels. +- [**Enhanced**](#enhanced-level). Additional insights, including: how Windows, Windows Server, and apps are used, how they perform, advanced reliability data, and data from both the **Basic** and the **Security** levels. -- [**Full**](#full-level). Includes information about the websites you browse, how you use apps and features, plus additional information about device health, device activity (sometimes referred to as usage), and enhanced error reporting. At Full, Microsoft also collects the memory state of your device when a system or app crash occurs. It includes data from the **Security**, **Basic**, and **Enhanced** levels. +- [**Full**](#full-level). Includes information about the websites you browse, how you use apps and features, plus additional information about device health, device activity (sometimes referred to as usage), and enhanced error reporting. At Full, Microsoft also collects the memory state of your device when a system or app crash occurs. It includes data from the **Security**, **Basic**, and **Enhanced** levels. Diagnostic data levels are cumulative, meaning each subsequent level includes data collected through lower levels. For more information see the [Diagnostic data levels](#diagnostic-data-levels) section. @@ -126,9 +128,9 @@ Diagnostic data levels are cumulative, meaning each subsequent level includes da Windows 10 and Windows Server includes the Connected User Experiences and Telemetry component, which uses Event Tracing for Windows (ETW) tracelogging technology that gathers and stores diagnostic data events and data. The operating system and some Microsoft management solutions, such as System Center, use the same logging technology. 1. Operating system features and some management applications are instrumented to publish events and data. Examples of management applications include Virtual Machine Manager (VMM), Server Manager, and Storage Spaces. -2. Events are gathered using public operating system event logging and tracing APIs. -3. You can configure the diagnostic data level by using MDM policy, Group Policy, or registry settings. -4. The Connected User Experiences and Telemetry component transmits the diagnostic data. +1. Events are gathered using public operating system event logging and tracing APIs. +1. You can configure the diagnostic data level by using MDM policy, Group Policy, or registry settings. +1. The Connected User Experiences and Telemetry component transmits the diagnostic data. Info collected at the Enhanced and Full levels of diagnostic data is typically gathered at a fractional sampling rate, which can be as low as 1% of devices reporting data at those levels. @@ -136,7 +138,7 @@ Info collected at the Enhanced and Full levels of diagnostic data is typically g All diagnostic data is encrypted using SSL and uses certificate pinning during transfer from the device to the Microsoft Data Management Service. With Windows 10, data is uploaded on a schedule that is sensitive to event priority, battery use, and network cost. Real-time events, such as Windows Defender Advanced Threat Protection, are always sent immediately. Normal events are not uploaded on metered networks, unless you are on a metered server connection. On a free network, normal events can be uploaded every 4 hours if on battery, or every 15 minutes if on A/C power. Diagnostic and crash data are only uploaded on A/C power and free networks. -The data transmitted at the Basic and Enhanced data diagnostic levels is quite small; typically less than 1 MB per device per day, but occasionally up to 2 MB per device per day). +The data transmitted at the Basic and Enhanced data diagnostic levels is quite small; typically less than 1 MB per device per day, but occasionally up to 2 MB per device per day. ### Endpoints @@ -149,24 +151,23 @@ For a complete list of diagnostics endpoints leveraged by Microsoft Defender Adv The following table defines the endpoints for Connected User Experiences and Telemetry component: -| Windows release | Endpoint | -| ----------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- | -| Windows 10, versions 1703 or later, with the 2018-09 cumulative update installed | **Diagnostics data:** v10c.vortex-win.data.microsoft.com

**Functional:** v20.vortex-win.data.microsoft.com

**Microsoft Defender Advanced Threat Protection** is country specific and the prefix changes by country,
for example: **de**.vortex-win.data.microsoft.com

**Settings:** settings-win.data.microsoft.com | -| Windows 10, versions 1803 or later, without the 2018-09 cumulative update installed | **Diagnostics data:** v10.events.data.microsoft.com

**Functional:** v20.vortex-win.data.microsoft.com

**Microsoft Defender Advanced Threat Protection** is country specific and the prefix changes by country,
for example: **de**.vortex-win.data.microsoft.com

**Settings:** settings-win.data.microsoft.com | -| Windows 10, version 1709 or earlier | **Diagnostics data:** v10.vortex-win.data.microsoft.com

**Functional:** v20.vortex-win.data.microsoft.com

**Microsoft Defender Advanced Threat Protection** is country specific and the prefix changes by country,
for example: **de**.vortex-win.data.microsoft.com

**Settings:** settings-win.data.microsoft.com | +| Windows release | Endpoint | +| - | - | +| Windows 10, versions 1703 or later, with the 2018-09 cumulative update installed | **Diagnostics data:** v10c.vortex-win.data.microsoft.com

**Functional:** v20.vortex-win.data.microsoft.com

**Microsoft Defender Advanced Threat Protection** is country specific and the prefix changes by country,
for example: **de**.vortex-win.data.microsoft.com

**Settings:** settings-win.data.microsoft.com | +| Windows 10, versions 1803 or later, without the 2018-09 cumulative update installed | **Diagnostics data:** v10.events.data.microsoft.com

**Functional:** v20.vortex-win.data.microsoft.com

**Microsoft Defender Advanced Threat Protection** is country specific and the prefix changes by country,
for example: **de**.vortex-win.data.microsoft.com

**Settings:** settings-win.data.microsoft.com | +| Windows 10, version 1709 or earlier | **Diagnostics data:** v10.vortex-win.data.microsoft.com

**Functional:** v20.vortex-win.data.microsoft.com

**Microsoft Defender Advanced Threat Protection** is country specific and the prefix changes by country,
for example: **de**.vortex-win.data.microsoft.com

**Settings:** settings-win.data.microsoft.com | The following table defines **additional diagnostics endpoints** not covered by services in the links above: -| Service | Endpoint | -| ----------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- | -| Onedrive app for Windows 10 | https://vortex.data.microsoft.com/collect/v1 | - +| Service | Endpoint | +| - | - | +| OneDrive app for Windows 10 | | The following table defines the endpoints for other diagnostic data services: | Service | Endpoint | | - | - | -| [Windows Error Reporting](https://msdn.microsoft.com/library/windows/desktop/bb513641.aspx) | watson.telemetry.microsoft.com | +| [Windows Error Reporting](https://msdn.microsoft.com/library/windows/desktop/bb513641.aspx) | watson.telemetry.microsoft.com | | | ceuswatcab01.blob.core.windows.net | | | ceuswatcab02.blob.core.windows.net | | | eaus2watcab01.blob.core.windows.net | @@ -175,7 +176,7 @@ The following table defines the endpoints for other diagnostic data services: | | weus2watcab02.blob.core.windows.net | | [Online Crash Analysis](https://msdn.microsoft.com/library/windows/desktop/ee416349.aspx) | oca.telemetry.microsoft.com | | OneDrive app for Windows 10 | vortex.data.microsoft.com/collect/v1 | -| Microsoft Defender Advanced Threat Protection | https://wdcp.microsoft.com
https://wdcpalt.microsoft.com | +| Microsoft Defender Advanced Threat Protection |
| ### Data use and access @@ -191,11 +192,10 @@ Microsoft believes in and practices information minimization. We strive to gathe Sharing diagnostic data with Microsoft is enabled by default on Windows 10, 1903 and later. Sharing this data provides many benefits to enterprises, so we do not recommend turning it off. For most enterprise customers, simply adjusting the diagnostic data level and managing specific components is the best option. -Customers can set the diagnostic data level in both the user interface and with existing management tools. Users can change the diagnostic data level in the **Diagnostic data** setting. In the **Settings** app, in **Privacy** > **Diagnostics & feedback**. They can choose between Basic and Full. The Enhanced level will only be displayed as an option when Group Policy or Mobile Device Management (MDM) are invoked with this level. The Security level is not available. +Customers can set the diagnostic data level in both the user interface and with existing management tools. Users can change the diagnostic data level in the **Diagnostic data** setting. In the **Settings** app, in **Privacy** > **Diagnostics & feedback**. They can choose between Basic and Full. The Enhanced level will only be displayed as an option when Group Policy or Mobile Device Management (MDM) are invoked with this level. The Security level is not available. IT pros can use various methods, including Group Policy and Mobile Device Management (MDM), to choose a diagnostic data level. If you’re using Windows 10 Enterprise, Windows 10 Education, or Windows Server, the Security diagnostic data level is available when managing the policy. Setting the diagnostic data level through policy sets the upper boundary for the users’ choices. To disable user choice after setting the level with the policy, you will need to use the "Configure telemetry opt-in setting user interface" group policy. The remainder of this article describes how to use group policy to configure levels and settings interface. - #### Manage your diagnostic data settings Use the steps in this article to set and/or adjust the diagnostic data settings for Windows and Windows Server in your organization. @@ -225,41 +225,41 @@ Use the appropriate value in the table below when you configure the management p Use a Group Policy object to set your organization’s diagnostic data level. -1. From the Group Policy Management Console, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds**. +1. From the Group Policy Management Console, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds**. -2. Double-click **Allow Telemetry**. +1. Double-click **Allow Telemetry**. -3. In the **Options** box, select the level that you want to configure, and then click **OK**. +1. In the **Options** box, select the level that you want to configure, and then click **OK**. ### Use MDM to set the diagnostic data level -Use the [Policy Configuration Service Provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) to apply the System/AllowTelemetry MDM policy. +Use the [Policy Configuration Service Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) to apply the System/AllowTelemetry MDM policy. ### Use Registry Editor to set the diagnostic data level Use Registry Editor to manually set the registry level on each device in your organization or you can write a script to edit the registry. If a management policy already exists, such as Group Policy or MDM, it will override this registry setting. -1. Open Registry Editor, and go to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection**. +1. Open Registry Editor, and go to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection**. -2. Right-click **DataCollection**, click New, and then click **DWORD (32-bit) Value**. +1. Right-click **DataCollection**, click New, and then click **DWORD (32-bit) Value**. -3. Type **AllowTelemetry**, and then press ENTER. +1. Type **AllowTelemetry**, and then press ENTER. -4. Double-click **AllowTelemetry**, set the desired value from the table above, and then click **OK.** +1. Double-click **AllowTelemetry**, set the desired value from the table above, and then click **OK.** -5. Click **File** > **Export**, and then save the file as a .reg file, such as **C:\\AllowTelemetry.reg**. You can run this file from a script on each device in your organization. +1. Click **File** > **Export**, and then save the file as a .reg file, such as **C:\\AllowTelemetry.reg**. You can run this file from a script on each device in your organization. ### Additional diagnostic data controls There are a few more settings that you can turn off that may send diagnostic data information: -- To turn off Windows Update diagnostic data, you have two choices. Either turn off Windows Update, or set your devices to be managed by an on premises update server, such as [Windows Server Update Services (WSUS)](https://technet.microsoft.com/library/hh852345.aspx) or [System Center Configuration Manager](https://www.microsoft.com/server-cloud/products/system-center-2012-r2-configuration-manager/). +- To turn off Windows Update diagnostic data, you have two choices. Either turn off Windows Update, or set your devices to be managed by an on premises update server, such as [Windows Server Update Services (WSUS)](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/index/). -- Turn off **Windows Defender Cloud-based Protection** and **Automatic sample submission** in **Settings** > **Update & security** > **Windows Defender**. +- Turn off **Windows Defender Cloud-based Protection** and **Automatic sample submission** in **Settings** > **Update & security** > **Windows Defender**. -- Manage the Malicious Software Removal Tool in your organization. For more info, see Microsoft KB article [891716](https://support.microsoft.com/kb/891716). +- Manage the Malicious Software Removal Tool in your organization. For more info, see Microsoft KB article [891716](https://support.microsoft.com/kb/891716). -- Turn off **Improve inking and typing** in **Settings** > **Privacy**. At diagnostic data levels **Enhanced** and **Full**, Microsoft uses Linguistic Data Collection info to improve language model features such as autocomplete, spellcheck, suggestions, input pattern recognition, and dictionary. +- Turn off **Improve inking and typing** in **Settings** > **Privacy**. At diagnostic data levels **Enhanced** and **Full**, Microsoft uses Linguistic Data Collection info to improve language model features such as autocomplete, spellcheck, suggestions, input pattern recognition, and dictionary. > [!NOTE] > Microsoft does not intend to gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information for Linguistic Data Collection. We guard against such events by using technologies to identify and remove sensitive information before linguistic data is sent from the user's device. If we determine that sensitive information has been inadvertently received, we delete the information. @@ -275,23 +275,23 @@ The Security level gathers only the diagnostic data info that is required to kee > [!NOTE] > If your organization relies on Windows Update for updates, you shouldn’t use the **Security** level. Because no Windows Update information is gathered at this level, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of our updates. -Windows Server Update Services (WSUS) and System Center Configuration Manager functionality is not affected at this level, nor is diagnostic data about Windows Server features or System Center gathered. +Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager functionality is not affected at this level, nor is diagnostic data about Windows Server features or System Center gathered. The data gathered at this level includes: -- **Connected User Experiences and Telemetry component settings**. If general diagnostic data has been gathered and is queued, it is sent to Microsoft. Along with this diagnostic data, the Connected User Experiences and Telemetry component may download a configuration settings file from Microsoft’s servers. This file is used to configure the Connected User Experiences and Telemetry component itself. The data gathered by the client for this request includes OS information, device id (used to identify what specific device is requesting settings) and device class (for example, whether the device is server or desktop). +- **Connected User Experiences and Telemetry component settings**. If general diagnostic data has been gathered and is queued, it is sent to Microsoft. Along with this diagnostic data, the Connected User Experiences and Telemetry component may download a configuration settings file from Microsoft’s servers. This file is used to configure the Connected User Experiences and Telemetry component itself. The data gathered by the client for this request includes OS information, device id (used to identify what specific device is requesting settings) and device class (for example, whether the device is server or desktop). -- **Malicious Software Removal Tool (MSRT)** The MSRT infection report contains information, including device info and IP address. +- **Malicious Software Removal Tool (MSRT)** The MSRT infection report contains information, including device info and IP address. > [!NOTE] > You can turn off the MSRT infection report. No MSRT information is included if MSRT is not used. If Windows Update is turned off, MSRT will not be offered to users. For more info, see Microsoft KB article [891716](https://support.microsoft.com/kb/891716). -- **Windows Defender/Endpoint Protection**. Windows Defender and System Center Endpoint Protection requires some information to function, including: anti-malware signatures, diagnostic information, User Account Control settings, Unified Extensible Firmware Interface (UEFI) settings, and IP address. +- **Windows Defender/Endpoint Protection**. Windows Defender and System Center Endpoint Protection requires some information to function, including: anti-malware signatures, diagnostic information, User Account Control settings, Unified Extensible Firmware Interface (UEFI) settings, and IP address. > [!NOTE] > This reporting can be turned off and no information is included if a customer is using third-party antimalware software, or if Windows Defender is turned off. For more info, see [Windows Defender](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender). - Microsoft recommends that Windows Update, Windows Defender, and MSRT remain enabled unless the enterprise uses alternative solutions such as Windows Server Update Services, System Center Configuration Manager, or a third-party antimalware solution. Windows Update, Windows Defender, and MSRT provide core Windows functionality such as driver and OS updates, including security updates. + Microsoft recommends that Windows Update, Windows Defender, and MSRT remain enabled unless the enterprise uses alternative solutions such as Windows Server Update Services, Microsoft Endpoint Configuration Manager, or a third-party antimalware solution. Windows Update, Windows Defender, and MSRT provide core Windows functionality such as driver and OS updates, including security updates. For servers with default diagnostic data settings and no Internet connectivity, you should set the diagnostic data level to **Security**. This stops data gathering for events that would not be uploaded due to the lack of Internet connectivity. @@ -307,42 +307,34 @@ The normal upload range for the Basic diagnostic data level is between 109 KB - The data gathered at this level includes: -- **Basic device data**. Helps provide an understanding about the types of Windows devices and the configurations and types of native and virtualized Windows Servers in the ecosystem. Examples include: +- **Basic device data**. Helps provide an understanding about the types of Windows devices and the configurations and types of native and virtualized Windows Servers in the ecosystem. Examples include: - - Device attributes, such as camera resolution and display type + - Device attributes, such as camera resolution and display type + - Internet Explorer version + - Battery attributes, such as capacity and type + - Networking attributes, such as number of network adapters, speed of network adapters, mobile operator network, and IMEI number + - Processor and memory attributes, such as number of cores, architecture, speed, memory size, and firmware + - Virtualization attribute, such as Second Level Address Translation (SLAT) support and guest operating system + - Operating system attributes, such as Windows edition and virtualization state + - Storage attributes, such as number of drives, type, and size - - Internet Explorer version +- **Connected User Experiences and Telemetry component quality metrics**. Helps provide an understanding about how the Connected User Experiences and Telemetry component is functioning, including % of uploaded events, dropped events, and the last upload time. - - Battery attributes, such as capacity and type +- **Quality-related information**. Helps Microsoft develop a basic understanding of how a device and its operating system are performing. Some examples are the device characteristics of a Connected Standby device, the number of crashes or hangs, and application state change details, such as how much processor time and memory were used, and the total uptime for an app. - - Networking attributes, such as number of network adapters, speed of network adapters, mobile operator network, and IMEI number +- **Compatibility data**. Helps provide an understanding about which apps are installed on a device or virtual machine and identifies potential compatibility problems. - - Processor and memory attributes, such as number of cores, architecture, speed, memory size, and firmware + - **General app data and app data for Internet Explorer add-ons**. Includes a list of apps that are installed on a native or virtualized instance of the OS and whether these apps function correctly after an upgrade. This app data includes the app name, publisher, version, and basic details about which files have been blocked from usage. - - Virtualization attribute, such as Second Level Address Translation (SLAT) support and guest operating system + - **Internet Explorer add-ons**. Includes a list of Internet Explorer add-ons that are installed on a device and whether these apps will work after an upgrade. - - Operating system attributes, such as Windows edition and virtualization state + - **System data**. Helps provide an understanding about whether a device meets the minimum requirements to upgrade to the next version of the operating system. System information includes the amount of memory, as well as information about the processor and BIOS. - - Storage attributes, such as number of drives, type, and size + - **Accessory device data**. Includes a list of accessory devices, such as printers or external storage devices, that are connected to Windows PCs and whether these devices will function after upgrading to a new version of the operating system. -- **Connected User Experiences and Telemetry component quality metrics**. Helps provide an understanding about how the Connected User Experiences and Telemetry component is functioning, including % of uploaded events, dropped events, and the last upload time. - -- **Quality-related information**. Helps Microsoft develop a basic understanding of how a device and its operating system are performing. Some examples are the device characteristics of a Connected Standby device, the number of crashes or hangs, and application state change details, such as how much processor time and memory were used, and the total uptime for an app. - -- **Compatibility data**. Helps provide an understanding about which apps are installed on a device or virtual machine and identifies potential compatibility problems. - - - **General app data and app data for Internet Explorer add-ons**. Includes a list of apps that are installed on a native or virtualized instance of the OS and whether these apps function correctly after an upgrade. This app data includes the app name, publisher, version, and basic details about which files have been blocked from usage. - - - **Internet Explorer add-ons**. Includes a list of Internet Explorer add-ons that are installed on a device and whether these apps will work after an upgrade. - - - **System data**. Helps provide an understanding about whether a device meets the minimum requirements to upgrade to the next version of the operating system. System information includes the amount of memory, as well as information about the processor and BIOS. - - - **Accessory device data**. Includes a list of accessory devices, such as printers or external storage devices, that are connected to Windows PCs and whether these devices will function after upgrading to a new version of the operating system. - - - **Driver data**. Includes specific driver usage that’s meant to help figure out whether apps and devices will function after upgrading to a new version of the operating system. This can help to determine blocking issues and then help Microsoft and our partners apply fixes and improvements. - -- **Microsoft Store**. Provides information about how the Microsoft Store performs, including app downloads, installations, and updates. It also includes Microsoft Store launches, page views, suspend and resumes, and obtaining licenses. + - **Driver data**. Includes specific driver usage that’s meant to help figure out whether apps and devices will function after upgrading to a new version of the operating system. This can help to determine blocking issues and then help Microsoft and our partners apply fixes and improvements. +- **Microsoft Store**. Provides information about how the Microsoft Store performs, including app downloads, installations, and updates. It also includes Microsoft Store launches, page views, suspend and resumes, and obtaining licenses. ### Enhanced level @@ -354,13 +346,13 @@ The normal upload range for the Enhanced diagnostic data level is between 239 KB The data gathered at this level includes: -- **Operating system events**. Helps to gain insights into different areas of the operating system, including networking, Hyper-V, Cortana, storage, file system, and other components. +- **Operating system events**. Helps to gain insights into different areas of the operating system, including networking, Hyper-V, Cortana, storage, file system, and other components. -- **Operating system app events**. A set of events resulting from Microsoft applications and management tools that were downloaded from the Store or pre-installed with Windows or Windows Server, including Server Manager, Photos, Mail, and Microsoft Edge. +- **Operating system app events**. A set of events resulting from Microsoft applications and management tools that were downloaded from the Store or pre-installed with Windows or Windows Server, including Server Manager, Photos, Mail, and Microsoft Edge. -- **Device-specific events**. Contains data about events that are specific to certain devices, such as Surface Hub and Microsoft HoloLens. For example, Microsoft HoloLens sends Holographic Processing Unit (HPU)-related events. +- **Device-specific events**. Contains data about events that are specific to certain devices, such as Surface Hub and Microsoft HoloLens. For example, Microsoft HoloLens sends Holographic Processing Unit (HPU)-related events. -- **Some crash dump types**. All crash dump types, except for heap dumps and full dumps. +- **Some crash dump types**. All crash dump types, except for heap dumps and full dumps. If the Connected User Experiences and Telemetry component detects a problem on Windows 10 that requires gathering more detailed instrumentation, the Connected User Experiences and Telemetry component at the **Enhanced** diagnostic data level will only gather data about the events associated with the specific issue. @@ -374,11 +366,11 @@ If a device experiences problems that are difficult to identify or repeat using However, before more data is gathered, Microsoft’s privacy governance team, including privacy and other subject matter experts, must approve the diagnostics request made by a Microsoft engineer. If the request is approved, Microsoft engineers can use the following capabilities to get the information: -- Ability to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe. +- Ability to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe. -- Ability to get registry keys. +- Ability to get registry keys. -- All crash dump types, including heap dumps and full dumps. +- All crash dump types, including heap dumps and full dumps. > [!NOTE] > Crash dumps collected at this diagnostic data level may unintentionally contain personal data, such as portions of memory from a documents, a web page, etc. @@ -387,7 +379,7 @@ However, before more data is gathered, Microsoft’s privacy governance team, in > [!IMPORTANT] > The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](/windows/deployment/update/update-compliance-get-started) will continue to be supported. -> For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/en-us/help/4521815/windows-analytics-retirement). +> For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/help/4521815/windows-analytics-retirement). Desktop Analytics reports are powered by diagnostic data not included in the **Basic** level, such as crash reports and certain operating system events. @@ -414,7 +406,7 @@ With the retirement of Windows Analytics, this policy will continue to be suppor -AND- -2. Enable the **LimitEnhancedDiagnosticDataWindowsAnalytics** setting, using either Group Policy or MDM. +1. Enable the **LimitEnhancedDiagnosticDataWindowsAnalytics** setting, using either Group Policy or MDM. a. Using Group Policy, set the **Computer Configuration/Administrative Templates/Windows Components/Data collection and Preview builds/Limit Enhanced diagnostic data to the minimum required by Windows Analytics** setting to **Enabled**. diff --git a/windows/privacy/docfx.json b/windows/privacy/docfx.json index 55e655b1dc..f7ff32cbfe 100644 --- a/windows/privacy/docfx.json +++ b/windows/privacy/docfx.json @@ -40,11 +40,12 @@ "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app", "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "MSDN.privacy", - "folder_relative_path_in_docset": "./" - } - } + "./": { + "depot_name": "MSDN.privacy", + "folder_relative_path_in_docset": "./" + } + }, + "titleSuffix": "Windows Privacy" }, "fileMetadata": {}, "template": [], diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index ef6d2bf3ee..e1626b44e7 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1413,7 +1413,11 @@ To turn off Inking & Typing data collection (note: there is no Group Policy for -or- -- Set **RestrictImplicitTextCollection** registry REG_DWORD setting in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\InputPersonalization** to a **value of 1 (one)** +- Set **RestrictImplicitTextCollection** registry REG_DWORD setting in **HKEY_CURRENT_USER\Software\Microsoft\InputPersonalization** to a **value of 1 (one)** + + -and- + +- Set **RestrictImplicitInkCollection** registry REG_DWORD setting in **HKEY_CURRENT_USER\Software\Microsoft\InputPersonalization** to a **value of 1 (one)** ### 18.22 Activity History diff --git a/windows/release-information/resolved-issues-windows-10-1903.yml b/windows/release-information/resolved-issues-windows-10-1903.yml index 5a608fbd84..dffdd5ba5f 100644 --- a/windows/release-information/resolved-issues-windows-10-1903.yml +++ b/windows/release-information/resolved-issues-windows-10-1903.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -60,8 +61,6 @@ sections: - -
SummaryOriginating updateStatusDate resolved
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 18362.356

September 10, 2019
KB4515384		Resolved
KB4530684		December 10, 2019
10:00 AM PT
Intermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved External
November 22, 2019
04:10 PM PT
Unable to discover or connect to Bluetooth devices using some Realtek adapters
Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved External
November 15, 2019
05:59 PM PT
Updates may fail to install and you may receive Error 0x80073701
Installation of updates may fail and you may receive error code 0x80073701.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Resolved
November 12, 2019
08:11 AM PT
Error attempting to update with external USB device or memory card attached
PCs with an external USB device or SD memory card attached may get error: \"This PC can't be upgraded to Windows 10.\"

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
July 11, 2019
01:53 PM PT
Audio not working with Dolby Atmos headphones and home theater
Users may experience audio loss with Dolby Atmos headphones or Dolby Atmos home theater.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
July 11, 2019
01:53 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.

See details >		OS Build 18362.175

June 11, 2019
KB4503293		Resolved
KB4501375		June 27, 2019
10:00 AM PT
Older versions of BattlEye anti-cheat software incompatible
Users may experience a compatibility issue with some games that use older versions of BattlEye anti-cheat software.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
June 07, 2019
04:26 PM PT
AMD RAID driver incompatibility
Devices running certain AMD RAID drivers may have difficulty installing the Windows 10, version 1903 update.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
June 06, 2019
11:06 AM PT
" @@ -77,6 +76,7 @@ sections: - type: markdown text: " +
DetailsOriginating updateStatusHistory
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

Note This issue does not affect using a Microsoft Account during OOBE.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue was resolved in KB4530684.

Back to top		OS Build 18362.356

September 10, 2019
KB4515384		Resolved
KB4530684		Resolved:
December 10, 2019
10:00 AM PT

Opened:
October 29, 2019
05:15 PM PT
Unable to discover or connect to Bluetooth devices using some Qualcomm adapters
Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Qualcomm. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Qualcomm Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Resolution: This issue was resolved in KB4517389 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
KB4517389		Resolved:
October 08, 2019
10:00 AM PT

Opened:
October 25, 2019
04:21 PM PT
" @@ -146,7 +146,5 @@ sections:
Loss of functionality in Dynabook Smartphone Link app
Some users may experience a loss of functionality after updating to Windows 10, version 1903 when using the Dynabook Smartphone Link application on Windows devices. Loss of functionality may affect the display of phone numbers in the Call menu and the ability to answer phone calls on the Windows PC.

To safeguard your update experience, we have applied a compatibility hold on devices with Dynabook Smartphone Link from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:54 PM PT

Opened:
May 24, 2019
03:10 PM PT
Error attempting to update with external USB device or memory card attached
If you have an external USB device or SD memory card attached when installing Windows 10, version 1903, you may get an error message stating \"This PC can't be upgraded to Windows 10.\" This is caused by inappropriate drive reassignment during installation.

Sample scenario: An update to Windows 10, version 1903 is attempted on a computer that has a thumb drive inserted into its USB port. Before the update, the thumb drive is mounted in the system as drive G based on the existing drive configuration. After the feature update is installed; however, the device is reassigned a different drive letter (e.g., drive H).

Note The drive reassignment is not limited to removable drives. Internal hard drives may also be affected.

To safeguard your update experience, we have applied a hold on devices with an external USB device or SD memory card attached from being offered Windows 10, version 1903 until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:53 PM PT

Opened:
May 21, 2019
07:38 AM PT
Audio not working with Dolby Atmos headphones and home theater
After updating to Windows 10, version 1903, you may experience loss of audio with Dolby Atmos for home theater (free extension) or Dolby Atmos for headphones (paid extension) acquired through the Microsoft Store due to a licensing configuration error.
 
This occurs due to an issue with a Microsoft Store licensing component, where license holders are not able to connect to the Dolby Access app and enable Dolby Atmos extensions.
 
To safeguard your update experience, we have applied protective hold on devices from being offered Windows 10, version 1903 until this issue is resolved. This configuration error will not result in loss of access for the acquired license once the problem is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:53 PM PT

Opened:
May 21, 2019
07:16 AM PT
Older versions of BattlEye anti-cheat software incompatible
Microsoft and BattlEye have identified a compatibility issue with some games that use older versions of BattlEye anti-cheat software. When launching a game that uses an older, impacted version of BattlEye anti-cheat software on a device running Windows 10, version 1903, the device may experience a system crash.

To safeguard your gaming experience, we have applied a compatibility hold on devices with the impacted versions of BattlEye software used by games installed on your PC. This will prevent Windows 10, version 1903 from being offered until the incompatible version of BattlEye software is no longer installed on the device. 

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: Before updating your machine, we recommend you do one or more of the following:

  • Verify that your game is up to date with the latest available version of BattlEye software. Some game platforms allow you to validate your game files, which can confirm that your installation is fully up to date.
  • Restart your system and open the game again.
  • Uninstall BattlEye using https://www.battleye.com/downloads/UninstallBE.exe, and then reopen your game.
  • Uninstall and reinstall your game.
Resolution: This issue was resolved externally by BattlEye for all known impacted games. For a list of recent games that use BattlEye, go to https://www.battleye.com/. We recommend following the workaround before updating to Windows 10, version 1903, as games with incompatible versions of BattleEye may fail to open after updating Windows. If you have confirmed your game is up to date and you have any issues with opening games related to a BattlEye error, please see https://www.battleye.com/support/faq/.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
June 07, 2019
04:26 PM PT

Opened:
May 21, 2019
07:34 AM PT
AMD RAID driver incompatibility
Microsoft and AMD have identified an incompatibility with AMD RAID driver versions earlier than 9.2.0.105. When you attempt to install the Windows 10, version 1903 update on a Windows 10-based computer with an affected driver version, the installation process stops and you get a message like the following:

AMD Ryzen™ or AMD Ryzen™ Threadripper™ configured in SATA or NVMe RAID mode.

“A driver is installed that causes stability problems on Windows. This driver will be disabled. Check with your software/driver provider for an updated version that runs on this version of Windows.”

 
To safeguard your update experience, we have applied a compatibility hold on devices with these AMD drivers from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue has been resolved externally by AMD. To resolve this issue, you will need to download the latest AMD RAID drivers directly from AMD at https://www.amd.com/en/support/chipsets/amd-socket-tr4/x399. The drivers must be version 9.2.0.105 or later. Install the drivers on the affected computer, and then restart the installation process for the Windows 10, version 1903 feature update.
 
Note The safeguard hold will remain in place on machines with the older AMD RAID drivers. We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 feature update has been automatically offered to you.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
June 06, 2019
11:06 AM PT

Opened:
May 21, 2019
07:12 AM PT
" diff --git a/windows/release-information/resolved-issues-windows-10-1909.yml b/windows/release-information/resolved-issues-windows-10-1909.yml index 002f9b5358..a1e9bd5092 100644 --- a/windows/release-information/resolved-issues-windows-10-1909.yml +++ b/windows/release-information/resolved-issues-windows-10-1909.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " +
SummaryOriginating updateStatusDate resolved
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 18363.476

November 12, 2019
KB4524570		Resolved
KB4530684		December 10, 2019
10:00 AM PT
Intermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.

See details >		OS Build 18363.476

November 12, 2019
KB4524570		Resolved External
November 22, 2019
04:10 PM PT
Unable to discover or connect to Bluetooth devices using some Realtek adapters
Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.

See details >		OS Build 18363.476

November 12, 2019
KB4524570		Resolved External
November 15, 2019
05:59 PM PT
@@ -44,6 +45,15 @@ sections:
" +- title: October 2019 +- items: + - type: markdown + text: " + + +
DetailsOriginating updateStatusHistory
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

Note This issue does not affect using a Microsoft Account during OOBE.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue was resolved in KB4530684.

Back to top		OS Build 18363.476

November 12, 2019
KB4524570		Resolved
KB4530684		Resolved:
December 10, 2019
10:00 AM PT

Opened:
October 29, 2019
05:15 PM PT
+ " + - title: May 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1507.yml b/windows/release-information/status-windows-10-1507.yml index 85acf35ce0..780532c8fb 100644 --- a/windows/release-information/status-windows-10-1507.yml +++ b/windows/release-information/status-windows-10-1507.yml @@ -61,7 +61,6 @@ sections: text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

-
SummaryOriginating updateStatusLast updated
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		OS Build 10240.18368

October 08, 2019
KB4520011		Mitigated External
November 05, 2019
03:36 PM PT
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >		OS Build 10240.18215

May 14, 2019
KB4499154		Investigating
KB4505051		May 16, 2019
06:41 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		OS Build 10240.18094

January 08, 2019
KB4480962		Mitigated
April 25, 2019
02:00 PM PT
" @@ -82,15 +81,6 @@ sections:
" -- title: May 2019 -- items: - - type: markdown - text: " - - -
DetailsOriginating updateStatusHistory
Unable to access some gov.uk websites
After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible.
 
 

Back to top		OS Build 10240.18215

May 14, 2019
KB4499154		Investigating
KB4505051		Last updated:
May 16, 2019
06:41 PM PT

Opened:
May 16, 2019
01:57 PM PT
- " - - title: January 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index 45080603e4..b7c13357d2 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -61,7 +61,6 @@ sections: text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- @@ -84,15 +83,6 @@ sections:
SummaryOriginating updateStatusLast updated
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		OS Build 14393.3274

October 08, 2019
KB4519998		Mitigated External
November 05, 2019
03:36 PM PT
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >		OS Build 14393.2969

May 14, 2019
KB4494440		Investigating
KB4505052		May 16, 2019
06:41 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		OS Build 14393.2724

January 08, 2019
KB4480961		Mitigated
April 25, 2019
02:00 PM PT
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

See details >		OS Build 14393.2608

November 13, 2018
KB4467691		Mitigated
February 19, 2019
10:00 AM PT
Cluster service may fail if the minimum password length is set to greater than 14
The cluster service may fail to start if “Minimum Password Length” is configured with greater than 14 characters.

See details >		OS Build 14393.2639

November 27, 2018
KB4467684		Mitigated
April 25, 2019
02:00 PM PT
" -- title: May 2019 -- items: - - type: markdown - text: " - - -
DetailsOriginating updateStatusHistory
Unable to access some gov.uk websites
After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible.
 
 

Back to top		OS Build 14393.2969

May 14, 2019
KB4494440		Investigating
KB4505052		Last updated:
May 16, 2019
06:41 PM PT

Opened:
May 16, 2019
01:57 PM PT
- " - - title: January 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1709.yml b/windows/release-information/status-windows-10-1709.yml index 098a7ef42d..20cdc6691b 100644 --- a/windows/release-information/status-windows-10-1709.yml +++ b/windows/release-information/status-windows-10-1709.yml @@ -62,7 +62,6 @@ sections: -
SummaryOriginating updateStatusLast updated
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 16299.1387

September 10, 2019
KB4516066		Mitigated
November 12, 2019
08:05 AM PT
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		OS Build 16299.1451

October 08, 2019
KB4520004		Mitigated External
November 05, 2019
03:36 PM PT
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >		OS Build 16299.1143

May 14, 2019
KB4498946		Investigating
KB4505062		May 16, 2019
06:41 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		OS Build 16299.904

January 08, 2019
KB4480978		Mitigated
April 25, 2019
02:00 PM PT
" @@ -92,15 +91,6 @@ sections:
" -- title: May 2019 -- items: - - type: markdown - text: " - - -
DetailsOriginating updateStatusHistory
Unable to access some gov.uk websites
After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible.
 
 

Back to top		OS Build 16299.1143

May 14, 2019
KB4498946		Investigating
KB4505062		Last updated:
May 16, 2019
06:41 PM PT

Opened:
May 16, 2019
01:57 PM PT
- " - - title: January 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index 0f9feb0c89..259b1f258f 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -66,7 +66,6 @@ sections: -
SummaryOriginating updateStatusLast updated
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 17134.1006

September 10, 2019
KB4516058		Mitigated
November 12, 2019
08:05 AM PT
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		OS Build 17134.1069

October 08, 2019
KB4520008		Mitigated External
November 05, 2019
03:36 PM PT
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >		OS Build 17134.765

May 14, 2019
KB4499167		Investigating
KB4505064		May 16, 2019
06:41 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		OS Build 17134.523

January 08, 2019
KB4480966		Mitigated
April 25, 2019
02:00 PM PT
" @@ -96,15 +95,6 @@ sections: " -- title: May 2019 -- items: - - type: markdown - text: " - - -
DetailsOriginating updateStatusHistory
Unable to access some gov.uk websites
After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible.
 
 

Back to top		OS Build 17134.765

May 14, 2019
KB4499167		Investigating
KB4505064		Last updated:
May 16, 2019
06:41 PM PT

Opened:
May 16, 2019
01:57 PM PT
- " - - title: January 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index 6129fbe2f0..88e42ce4a7 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -67,10 +67,8 @@ sections:
Microsoft Defender Advanced Threat Protection might stop running
The Microsoft Defender ATP service might stop running and might fail to send reporting data.

See details >OS Build 17763.832

October 15, 2019
KB4520062Resolved
KB4523205November 12, 2019
10:00 AM PT
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >OS Build 17763.737

September 10, 2019
KB4512578Mitigated
November 12, 2019
08:05 AM PT
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >OS Build 17763.805

October 08, 2019
KB4519338Mitigated External
November 05, 2019
03:36 PM PT -
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >OS Build 17763.503

May 14, 2019
KB4494441Investigating
KB4505056May 16, 2019
06:41 PM PT
Devices with some Asian language packs installed may receive an error
Devices with Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

See details >OS Build 17763.437

April 09, 2019
KB4493509Mitigated
May 03, 2019
10:59 AM PT
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >OS Build 17763.253

January 08, 2019
KB4480116Mitigated
April 09, 2019
10:00 AM PT -
Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
Upgrade block: Certain new Intel display drivers may accidentally turn on unsupported features in Windows.

See details >OS Build 17763.134

November 13, 2018
KB4467708Mitigated
March 15, 2019
12:00 PM PT " @@ -105,7 +103,6 @@ sections: - type: markdown text: " -
DetailsOriginating updateStatusHistory
Unable to access some gov.uk websites
After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible.
 
 

Back to top		OS Build 17763.503

May 14, 2019
KB4494441		Investigating
KB4505056		Last updated:
May 16, 2019
06:41 PM PT

Opened:
May 16, 2019
01:57 PM PT
Devices with some Asian language packs installed may receive an error
After installing the April 2019 Cumulative Update (KB4493509), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Workaround:
  1. Uninstall and reinstall any recently added language packs. For instructions, see \"Manage the input and display language settings in Windows 10\".
  2. Click Check for Updates and install the April 2019 Cumulative Update. For instructions, see \"Update Windows 10\".
Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:
    1. Go to Settings app -> Recovery.
    2. Click on Get Started under \"Reset this PC\" recovery option.
    3. Select \"Keep my Files\".
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.437

April 09, 2019
KB4493509		Mitigated
Last updated:
May 03, 2019
10:59 AM PT

Opened:
May 02, 2019
04:36 PM PT
" @@ -118,12 +115,3 @@ sections:
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. 

Affected platforms: 
Workaround: Do one of the following:  
Next steps: Microsoft is working on a resolution and will provide an update in an upcoming release.

Back to topOS Build 17763.253

January 08, 2019
KB4480116Mitigated
Last updated:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT " - -- title: November 2018 -- items: - - type: markdown - text: " - - -
DetailsOriginating updateStatusHistory
Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
Upgrade block: Microsoft has identified issues with certain new Intel display drivers. Intel inadvertently released versions of its display driver (versions 24.20.100.6344, 24.20.100.6345) to OEMs that accidentally turned on unsupported features in Windows. 
 
As a result, after updating to Windows 10, version 1809, audio playback from a monitor or television connected to a PC via HDMI, USB-C, or a DisplayPort may not function correctly on devices with these drivers.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019 
Next steps: Intel has released updated drivers to OEM device manufacturers. OEMs need to make the updated driver available via Windows Update.

For more information, see the Intel Customer Support article.

Note: This Intel display driver issue is different from the Intel Smart Sound Technology driver (version 09.21.00.3755) audio issue previously documented.

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Mitigated
Last updated:
March 15, 2019
12:00 PM PT

Opened:
November 13, 2018
10:00 AM PT
- " diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index e0aeac5564..e89546389a 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -64,16 +64,14 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ - - -
SummaryOriginating updateStatusLast updated
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 18362.356

September 10, 2019
KB4515384		Resolved
KB4530684		December 10, 2019
10:00 AM PT
Issues with some older versions of Avast and AVG anti-virus products
Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.

See details >		N/A

Mitigated External
November 25, 2019
05:25 PM PT
Intermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved External
November 22, 2019
04:10 PM PT
Unable to discover or connect to Bluetooth devices using some Realtek adapters
Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved External
November 15, 2019
05:59 PM PT
Updates may fail to install and you may receive Error 0x80073701
Installation of updates may fail and you may receive error code 0x80073701.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Resolved
November 12, 2019
08:11 AM PT
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 18362.356

September 10, 2019
KB4515384		Mitigated
November 12, 2019
08:05 AM PT
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		OS Build 18362.418

October 08, 2019
KB4517389		Mitigated External
November 05, 2019
03:36 PM PT
Intel Audio displays an intcdaud.sys notification
Devices with a range of Intel Display Audio device drivers may experience battery drain.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved External
November 12, 2019
08:04 AM PT
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
KB4505903		July 26, 2019
02:00 PM PT
D3D applications and games may fail to enter full-screen mode on rotated displays
Some Direct3D (D3D) applications and games may fail to enter full-screen mode on rotated displays.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
KB4497935		May 21, 2019
04:45 PM PT
Duplicate folders and documents showing in user profile directory
An empty folder with the same name may be created if known folders (e.g. Desktop, Documents) are redirected.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Investigating
KB4497935		May 21, 2019
07:16 AM PT
" @@ -99,7 +97,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

Note This issue does not affect using a Microsoft Account during OOBE.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Workaround: To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.356

September 10, 2019
KB4515384		Mitigated
Last updated:
November 12, 2019
08:05 AM PT

Opened:
October 29, 2019
05:15 PM PT
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

Note This issue does not affect using a Microsoft Account during OOBE.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue was resolved in KB4530684.

Back to top		OS Build 18362.356

September 10, 2019
KB4515384		Resolved
KB4530684		Resolved:
December 10, 2019
10:00 AM PT

Opened:
October 29, 2019
05:15 PM PT
" @@ -121,7 +119,5 @@ sections:
Unable to discover or connect to Bluetooth devices using some Realtek adapters
Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.

Affected platforms:
Resolution: This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved External
Last updated:
November 15, 2019
05:59 PM PT

Opened:
May 21, 2019
07:29 AM PT
Intel Audio displays an intcdaud.sys notification
Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain. If you see an intcdaud.sys notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).
  
To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until updated device drivers have been installed.

Affected platforms:
Resolution: This issue was resolved with updated drivers from your device manufacturer (OEM) or Intel. The safeguard hold has been removed.

Note If you are still experiencing the issue described, please contact your device manufacturer (OEM).

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved External
Last updated:
November 12, 2019
08:04 AM PT

Opened:
May 21, 2019
07:22 AM PT
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

Microsoft has identified some scenarios in which these features may have issues or stop working, for example:
Affected platforms:
Resolution: This issue was resolved in KB4505903 and the safeguard hold has been removed.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved
KB4505903Resolved:
July 26, 2019
02:00 PM PT

Opened:
May 21, 2019
07:28 AM PT -
D3D applications and games may fail to enter full-screen mode on rotated displays
Some Direct3D (D3D) applications and games (e.g., 3DMark) may fail to enter full-screen mode on displays where the display orientation has been changed from the default (e.g., a landscape display in portrait mode).

Affected platforms:
Workaround: To work around this issue, do one of the following:
Next steps: Microsoft is working on a resolution and estimates a solution will be available in late May.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Mitigated
KB4497935Last updated:
May 21, 2019
04:45 PM PT

Opened:
May 21, 2019
07:05 AM PT -
Duplicate folders and documents showing in user profile directory
If you have redirected known folders (e.g. Desktop, Documents, or Pictures folders) you may see an empty folder with the same name in your %userprofile% directories after updating to Windows 10, version 1903. This may occur if known folders were redirected when you chose to back up your content to OneDrive using the OneDrive wizard, or if you chose to back up your content during the Windows Out-of-Box-Experience (OOBE). This may also occur if you redirected your known folders manually through the Properties dialog box in File Explorer. ​This issue does not cause any user files to be deleted and a solution is in progress.

To safeguard your update experience, we have applied a quality hold on devices with redirected known folders from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
Next steps: Microsoft is working on a resolution and estimates a solution will be available in late May.
Note We recommend that you do not attempt to manually update to Windows 10, version 1903 using the Update now button or the Media Creation Tool until this issue has been resolved.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Investigating
KB4497935Last updated:
May 21, 2019
07:16 AM PT

Opened:
May 21, 2019
07:16 AM PT " diff --git a/windows/release-information/status-windows-10-1909.yml b/windows/release-information/status-windows-10-1909.yml index 23177c4408..a8b1f36597 100644 --- a/windows/release-information/status-windows-10-1909.yml +++ b/windows/release-information/status-windows-10-1909.yml @@ -64,10 +64,10 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ -
SummaryOriginating updateStatusLast updated
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 18363.476

November 12, 2019
KB4524570		Resolved
KB4530684		December 10, 2019
10:00 AM PT
Issues with some older versions of Avast and AVG anti-virus products
Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.

See details >		N/A

Mitigated External
November 25, 2019
05:25 PM PT
Intermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver.

See details >		OS Build 18363.476

November 12, 2019
KB4524570		Resolved External
November 22, 2019
04:10 PM PT
Unable to discover or connect to Bluetooth devices using some Realtek adapters
Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.

See details >		OS Build 18363.476

November 12, 2019
KB4524570		Resolved External
November 15, 2019
05:59 PM PT
Unable to create local users in Chinese, Japanese and Korean during device setup
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.

See details >		OS Build 18363.476

November 12, 2019
KB4524570		Mitigated
November 12, 2019
08:05 AM PT
" @@ -92,7 +92,7 @@ sections: - type: markdown text: " - +
DetailsOriginating updateStatusHistory
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

Note This issue does not affect using a Microsoft Account during OOBE.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Workaround: To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18363.476

November 12, 2019
KB4524570		Mitigated
Last updated:
November 12, 2019
08:05 AM PT

Opened:
October 29, 2019
05:15 PM PT
Unable to create local users in Chinese, Japanese and Korean during device setup
When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

Note This issue does not affect using a Microsoft Account during OOBE.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709
  • Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue was resolved in KB4530684.

Back to top		OS Build 18363.476

November 12, 2019
KB4524570		Resolved
KB4530684		Resolved:
December 10, 2019
10:00 AM PT

Opened:
October 29, 2019
05:15 PM PT
" diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index e8343dc359..dadedc3369 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -63,7 +63,6 @@ sections:
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.

See details >
Mitigated
November 15, 2019
05:59 PM PT
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >October 08, 2019
KB4519976Mitigated External
November 05, 2019
03:36 PM PT
IA64 and x64 devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.

See details >August 13, 2019
KB4512506Mitigated
August 17, 2019
12:59 PM PT -
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >May 14, 2019
KB4499164Investigating
KB4505050May 16, 2019
06:41 PM PT " @@ -92,12 +91,3 @@ sections:
IA64 and x64 devices may fail to start after installing updates
IA64 devices (in any configuration) and x64 devices using EFI boot that were provisioned after the July 9th updates and/or skipped the recommended update (KB3133977), may fail to start with the following error:
\"File: \\Windows\\system32\\winload.efi
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file.\"

Affected platforms:
Take Action: To resolve this issue please follow the steps outlined in the SHA-2 support FAQ article for error code 0xc0000428.

Back to topAugust 13, 2019
KB4512506Mitigated
Last updated:
August 17, 2019
12:59 PM PT

Opened:
August 13, 2019
08:34 AM PT " - -- title: May 2019 -- items: - - type: markdown - text: " - - -
DetailsOriginating updateStatusHistory
Unable to access some gov.uk websites
After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible.
 
 

Back to top		May 14, 2019
KB4499164		Investigating
KB4505050		Last updated:
May 16, 2019
06:41 PM PT

Opened:
May 16, 2019
01:57 PM PT
- " diff --git a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml index 8bbbb769a8..d20fb293cd 100644 --- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml @@ -62,7 +62,6 @@ sections: -
SummaryOriginating updateStatusLast updated
Printing from 32-bit apps might fail on a 64-bit OS
When attempting to print, you may receive an error or the application may stop responding or close.

See details >		August 13, 2019
KB4512489		Resolved
KB4525250		November 12, 2019
10:00 AM PT
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		October 08, 2019
KB4520005		Mitigated External
November 05, 2019
03:36 PM PT
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >		May 14, 2019
KB4499151		Investigating
KB4505050		May 16, 2019
06:41 PM PT
Japanese IME doesn't show the new Japanese Era name as a text input option
With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.

See details >		April 25, 2019
KB4493443		Mitigated
May 15, 2019
05:53 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		January 08, 2019
KB4480963		Mitigated
April 25, 2019
02:00 PM PT
@@ -90,7 +89,6 @@ sections: - type: markdown text: " -
DetailsOriginating updateStatusHistory
Unable to access some gov.uk websites
After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible.
 
 

Back to top		May 14, 2019
KB4499151		Investigating
KB4505050		Last updated:
May 16, 2019
06:41 PM PT

Opened:
May 16, 2019
01:57 PM PT
Japanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

Affected platforms:
  • Client: Windows 8.1
  • Server: Windows Server 2012 R2; Windows Server 2012
Workaround:
If you see any of the previous dictionary updates listed below, uninstall it from Programs and features > Uninstall or change a program. New words that were in previous dictionary updates are also in this update.
  • Update for Japanese Microsoft IME Standard Dictionary (15.0.2013)
  • Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.2013)
  • Update for Japanese Microsoft IME Standard Dictionary (15.0.1215)
  • Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1215)
  • Update for Japanese Microsoft IME Standard Dictionary (15.0.1080)
  • Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1080)

Back to top		April 25, 2019
KB4493443		Mitigated
Last updated:
May 15, 2019
05:53 PM PT

Opened:
May 15, 2019
05:53 PM PT
" diff --git a/windows/release-information/status-windows-server-2012.yml b/windows/release-information/status-windows-server-2012.yml index e91eb26a4c..734e55f864 100644 --- a/windows/release-information/status-windows-server-2012.yml +++ b/windows/release-information/status-windows-server-2012.yml @@ -62,7 +62,6 @@ sections: -
SummaryOriginating updateStatusLast updated
Printing from 32-bit apps might fail on a 64-bit OS
When attempting to print, you may receive an error or the application may stop responding or close.

See details >		August 13, 2019
KB4512482		Resolved
KB4525253		November 12, 2019
10:00 AM PT
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		October 08, 2019
KB4520007		Mitigated External
November 05, 2019
03:36 PM PT
Unable to access some gov.uk websites
gov.uk websites that don’t support “HSTS” may not be accessible

See details >		May 14, 2019
KB4499171		Investigating
KB4505050		May 16, 2019
06:41 PM PT
Japanese IME doesn't show the new Japanese Era name as a text input option
With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.

See details >		April 25, 2019
KB4493462		Mitigated
May 15, 2019
05:53 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).

See details >		January 08, 2019
KB4480975		Mitigated
April 25, 2019
02:00 PM PT
@@ -90,7 +89,6 @@ sections: - type: markdown text: " -
DetailsOriginating updateStatusHistory
Unable to access some gov.uk websites
After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1
Next Steps: Microsoft is working on a resolution and will provide an update as quickly as possible.
 
 

Back to top		May 14, 2019
KB4499171		Investigating
KB4505050		Last updated:
May 16, 2019
06:41 PM PT

Opened:
May 16, 2019
01:57 PM PT
Japanese IME doesn't show the new Japanese Era name as a text input option
If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.

Affected platforms:
  • Client: Windows 8.1
  • Server: Windows Server 2012 R2; Windows Server 2012
Workaround:
If you see any of the previous dictionary updates listed below, uninstall it from Programs and features > Uninstall or change a program. New words that were in previous dictionary updates are also in this update.
  • Update for Japanese Microsoft IME Standard Dictionary (15.0.2013)
  • Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.2013)
  • Update for Japanese Microsoft IME Standard Dictionary (15.0.1215)
  • Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1215)
  • Update for Japanese Microsoft IME Standard Dictionary (15.0.1080)
  • Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1080)

Back to top		April 25, 2019
KB4493462		Mitigated
Last updated:
May 15, 2019
05:53 PM PT

Opened:
May 15, 2019
05:53 PM PT
" diff --git a/windows/release-information/windows-message-center.yml b/windows/release-information/windows-message-center.yml index cd3d50c72c..b3441dc375 100644 --- a/windows/release-information/windows-message-center.yml +++ b/windows/release-information/windows-message-center.yml @@ -50,6 +50,8 @@ sections: text: " + + diff --git a/windows/security/docfx.json b/windows/security/docfx.json index 328ee569c2..d1b2905bad 100644 --- a/windows/security/docfx.json +++ b/windows/security/docfx.json @@ -45,9 +45,14 @@ "depot_name": "MSDN.security", "folder_relative_path_in_docset": "./" } + }, + "titleSuffix": "Microsoft 365 Security" + }, + "fileMetadata": { + "titleSuffix":{ + "threat-protection/**/*.md": "Windows security" } }, - "fileMetadata": {}, "template": [], "dest": "security", "markdownEngineName": "markdig" diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md index b05057da97..7b37ebf924 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md @@ -23,7 +23,9 @@ ms.reviewer: * Windows 10, version 1703 -Dynamic lock enables you to configure Windows 10 devices to automatically lock when Bluetooth paired device signal falls below the maximum Received Signal Strength Indicator (RSSI) value. You configure the dynamic lock policy using Group Policy. You can locate the policy setting at **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business**. The name of the policy is **Configure dynamic lock factors**. +Dynamic lock enables you to configure Windows 10 devices to automatically lock when Bluetooth paired device signal falls below the maximum Received Signal Strength Indicator (RSSI) value. This makes it more difficult for someone to gain access to your device if you step away from your PC and forget to lock it. + +You configure the dynamic lock policy using Group Policy. You can locate the policy setting at **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business**. The name of the policy is **Configure dynamic lock factors**. The Group Policy Editor, when the policy is enabled, creates a default signal rule policy with the following value: diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md index 9a5ce9f830..7c4e019e6d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md @@ -151,7 +151,7 @@ Sign-in a certificate authority or management workstations with _Domain Admin eq Sign-in to an **AD FS Windows Server 2016** computer with _Enterprise Admin_ equivalent credentials. 1. Open an elevated command prompt. -2. Run `certutil -dsTemplate WHFBAuthentication,msPKI-Private-Key-Flag,+CTPRIVATEKEY_FLAG_HELLO_LOGON_KEY` +2. Run `certutil -dsTemplate WHFBAuthentication msPKI-Private-Key-Flag +CTPRIVATEKEY_FLAG_HELLO_LOGON_KEY` > [!NOTE] > If you gave your Windows Hello for Business Authentication certificate template a different name, then replace **WHFBAuthentication** in the above command with the name of your certificate template. It's important that you use the template name rather than the template display name. You can view the template name on the **General** tab of the certificate template using the Certificate Template management console (certtmpl.msc). Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on our Windows Server 2012 or later certificate authority. diff --git a/windows/security/threat-protection/microsoft-defender-atp/improve-request-performance.md b/windows/security/includes/improve-request-performance.md similarity index 88% rename from windows/security/threat-protection/microsoft-defender-atp/improve-request-performance.md rename to windows/security/includes/improve-request-performance.md index 880f5e4d11..ddff438e13 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/improve-request-performance.md +++ b/windows/security/includes/improve-request-performance.md @@ -16,11 +16,8 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Improve request performance - - >[!NOTE] >For better performance, you can use server closer to your geo location: > - api-us.securitycenter.windows.com > - api-eu.securitycenter.windows.com -> - api-uk.securitycenter.windows.com \ No newline at end of file +> - api-uk.securitycenter.windows.com diff --git a/windows/security/threat-protection/microsoft-defender-atp/machineactionsnote.md b/windows/security/includes/machineactionsnote.md similarity index 64% rename from windows/security/threat-protection/microsoft-defender-atp/machineactionsnote.md rename to windows/security/includes/machineactionsnote.md index 23f85143c5..246c89eb92 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machineactionsnote.md +++ b/windows/security/includes/machineactionsnote.md @@ -9,7 +9,5 @@ author: mjcaparas ms.prod: w10 --- -# Perform a Machine Action via the Microsoft Defender ATP API - >[!Note] -> This page focuses on performing a machine action via API. See [take response actions on a machine](respond-machine-alerts.md) for more information about response actions functionality via Microsoft Defender ATP. +> This page focuses on performing a machine action via API. See [take response actions on a machine](../threat-protection/microsoft-defender-atp/respond-machine-alerts.md) for more information about response actions functionality via Microsoft Defender ATP. diff --git a/windows/security/threat-protection/microsoft-defender-atp/prerelease.md b/windows/security/includes/prerelease.md similarity index 90% rename from windows/security/threat-protection/microsoft-defender-atp/prerelease.md rename to windows/security/includes/prerelease.md index 7d769b0dd4..a83544340f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/prerelease.md +++ b/windows/security/includes/prerelease.md @@ -9,7 +9,5 @@ author: mjcaparas ms.prod: w10 --- -# Microsoft Defender ATP Pre-release Disclaimer - > [!IMPORTANT] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index e91f6d7db8..7cdd7f45b1 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -314,7 +314,7 @@ Troubleshooting Network Unlock issues begins by verifying the environment. Many - Verify the **Network (Certificate Based)** protector is listed on the client. This can be done using either manage-bde or Windows PowerShell cmdlets. For example the following command will list the key protectors currently configured on the C: drive of the lcoal computer: ```powershell - manage-bde –protectors –get C: + manage-bde -protectors -get C: ``` >**Note:** Use the output of manage-bde along with the WDS debug log to determine if the proper certificate thumbprint is being used for Network Unlock diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 403e6ddf69..1df34b54fd 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -448,13 +448,6 @@ #### [Common Vulnerabilities and Exposures (CVE) to KB map]() ##### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md) -#### [API for custom alerts (Deprecated)]() -##### [Use the threat intelligence API to create custom alerts (Deprecated)](microsoft-defender-atp/use-custom-ti.md) -##### [Create custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/custom-ti-api.md) -##### [PowerShell code examples (Deprecated)](microsoft-defender-atp/powershell-example-code.md) -##### [Python code examples (Deprecated)](microsoft-defender-atp/python-example-code.md) -##### [Experiment with custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/experiment-custom-ti.md) -##### [Troubleshoot custom threat intelligence issues (Deprecated)](microsoft-defender-atp/troubleshoot-custom-ti.md) #### [Pull detections to your SIEM tools]() ##### [Learn about different ways to pull detections](microsoft-defender-atp/configure-siem.md) @@ -466,7 +459,7 @@ ##### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md) #### [Reporting]() -##### [Create and build Power BI reports using Microsoft Defender ATP data](microsoft-defender-atp/powerbi-reports.md) +##### [Create and build Power BI reports using Microsoft Defender ATP data (deprecated)](microsoft-defender-atp/powerbi-reports.md) ##### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md) ##### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md) diff --git a/windows/security/threat-protection/auditing/event-4716.md b/windows/security/threat-protection/auditing/event-4716.md index 505106fe5e..4ab122d7f1 100644 --- a/windows/security/threat-protection/auditing/event-4716.md +++ b/windows/security/threat-protection/auditing/event-4716.md @@ -154,3 +154,69 @@ For 4716(S): Trusted domain information was modified. - Any changes in Active Directory domain trust settings must be monitored and alerts should be triggered. If this change was not planned, investigate the reason for the change. +## Anonymous Logon account + +If the account reported in the event is **Anonymous Logon**, it means the password is changed by system automatic password reset. For example: + +``` +Log Name: Security +Source: Microsoft-Windows-Security-Auditing +Date:
MessageDate
Take action: December 2019 security update available for all supported versions of Windows
The December 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate.
December 10, 2019
08:00 AM PT
Timing of Windows 10 optional update releases (December 2019)
For the balance of this calendar year, there will be no optional non-security “C” and “D” releases for Windows 10. The \"C\" releases normally target the third week of the month, with \"D\" releases targeting the fourth week. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer.
December 10, 2019
08:00 AM PT
Windows 10, version 1909 now available
Learn how to get Windows 10, version 1909 (the November 2019 Update), and explore how we’ve worked to make this a great experience for all devices, including a new, streamlined (and fast) update experience for devices updating directly from the May 2019 Update.
November 12, 2019
10:00 AM PT
Windows 10, version 1909 delivery options
Learn how devices running Windows 10, version 1903 can update to Windows 10, version 1909 using the same servicing technology used to deliver monthly quality updates, resulting in a single restart and reducing update-related downtime.
November 12, 2019
10:00 AM PT
What’s new for IT pros in Windows 10, version 1909
Explore the latest features for IT, get information about media availability and related tools, and find answers to frequently asked questions.
November 12, 2019
10:00 AM PT