deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into Kellylorenebaker-patch-2

Browse Source
This commit is contained in:
Kelly Baker 2019-12-13 15:28:51 -08:00 committed by GitHub
commit 987cd76fc7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
147 changed files with 1898 additions and 2307 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
.openpublishing.redirection.json
View File

@ -1247,6 +1247,11 @@
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/custom-ti-api.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules",
"redirect_document_id": true
@ -1357,6 +1362,11 @@
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/experiment-custom-ti.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators",
"redirect_document_id": false
},
{
"source_path": "windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection",
"redirect_document_id": true
@ -1692,6 +1702,11 @@
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/powershell-example-code.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators",
"redirect_document_id": false
},
{
"source_path": "windows/keep-secure/preferences-setup-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection",
"redirect_document_id": true
@ -1762,6 +1777,11 @@
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/python-example-code.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac",
"redirect_document_id": true
@ -1894,7 +1914,7 @@
{
"source_path": "windows/keep-secure/troubleshoot-windows-defender-antivirus.md",
"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus",
"redirect_document_id": true
"redirect_document_id": true
},
{
"source_path": "windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md",
@ -1927,6 +1947,11 @@
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-custom-ti.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators",
"redirect_document_id": false
},
{
"source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection",
"redirect_document_id": true
@ -1977,6 +2002,11 @@
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/use-custom-ti.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles",
"redirect_document_id": true

3
browsers/edge/docfx.json
View File

@ -41,7 +41,8 @@
"depot_name": "Win.microsoft-edge",
"folder_relative_path_in_docset": "./"
}
}
},
"titleSuffix": "Edge"
},
"externalReference": [],
"template": "op.html",

3
browsers/internet-explorer/docfx.json
View File

@ -37,7 +37,8 @@
"depot_name": "Win.internet-explorer",
"folder_relative_path_in_docset": "./"
}
}
},
"titleSuffix": "Internet Explorer"
},
"externalReference": [],
"template": "op.html",

2
devices/hololens/hololens-calibration.md
View File

@ -32,6 +32,8 @@ HoloLens 2 prompts a user to calibrate the device under the following circumstan
- The user is using the device for the first time
- The user previously opted out of the calibration process
- The calibration process did not succeed the last time the user used the device
- The user has deleted their calibration profiles
- The visor is raised and the lowered and any of the above circumstances apply (this may be disabled in **Settings > System > Calibration**.)
![Calibration prompt](./images/07-et-adjust-for-your-eyes.png)

16
devices/hololens/hololens-find-and-save-files.md
View File

@ -42,6 +42,22 @@ To see your HoloLens files in File Explorer on your PC:
>[!TIP]
>To see info about your HoloLens, right-click the device name in File Explorer on your PC, then select **Properties**.
## View HoloLens files on Windows Device Portal
>[!NOTE]
>To use Device Portal you must enable [Developer Mode](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal#setting-up-hololens-to-use-windows-device-portal).
1. Enable Developer Mode and Device Portal on your HoloLens. (See note above if not enabled.)
1. Navigate to the Device Portal page on your PC.
1. To connect to a HoloLens connected to your PC type in 127.0.0.1:10080/ in your browser.
1. To connect to a HoloLens wirelessly instead navigate to your IP address.
>[!TIP]
>You may need to install a certificate, OR you may see more details and navigate to the website anyways. (Path per web broswer will differ.)
1. Once succesfully connected, on the left side of the windw you can navigate to the [File Explorer](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal#file-explorer) workspace.
## Sync to the cloud
To sync photos and other files from your HoloLens to the cloud, install and set up OneDrive on HoloLens. To get OneDrive, search for it in the Microsoft Store on your HoloLens.

2
devices/hololens/hololens-multiple-users.md
View File

@ -37,7 +37,7 @@ To use HoloLens, each user follows these steps:
1. If another user has been using the device, do one of the following:
- Press the power button once to go to standby, and then press the power button again to return to the lock screen
- Select the user tile on the upper right of the Pins panel to sign out the current user.
- HoloLens 2 users may select the user tile on the top of the Pins panel to sign out the current user.
1. Use your Azure AD account credentials to sign in to the device.
If this is the first time that you have used the device, you have to [calibrate](hololens-calibration.md) HoloLens to your own eyes.

2
devices/hololens/hololens-recovery.md
View File

@ -116,7 +116,7 @@ To use the tool, youll need a computer running Windows 10 or later, with at l
To recover your HoloLens
1. Download and install the [Windows Device Recovery Tool](https://dev.azure.com/ContentIdea/ContentIdea/_queries/query/8a004dbe-73f8-4a32-94bc-368fc2f2a895/) on your computer.
1. Download and install the [Windows Device Recovery Tool](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq) on your computer.
1. Connect the HoloLens (1st gen) to your computer using the Micro USB cable that came with your HoloLens.
1. Run the Windows Device Recovery Tool and follow the instructions.

7
devices/hololens/hololens-release-notes.md
View File

@ -22,6 +22,13 @@ appliesto:
> [!Note]
> HoloLens Emulator Release Notes can be found [here](https://docs.microsoft.com/windows/mixed-reality/hololens-emulator-archive).
### December Update - build 18362.1042
- Introduces LSR (Last Stage Reproduction) fixes. Improves visual rendering of holograms to appear more stable and crisp by more accurately accounting for their depth. This will be more noticeable if apps do not set the depth of holograms correctly, after this update.
- Fixes stability of exclusive apps and navigation between exclusive apps.
- Resolves an issue where Mixed Reality Capture couldn't record video after device is left in standby state for multiple days.
- Improves hologram stability.
### November Update - build 18362.1039
- Fixes for **"Select"** voice commands during initial set-up for en-CA and en-AU.

3
devices/surface-hub/docfx.json
View File

@ -51,7 +51,8 @@
"jborsecnik",
"tiburd",
"garycentric"
]
],
"titleSuffix": "Surface Hub"
},
"externalReference": [],
"template": "op.html",

2
devices/surface-hub/surface-hub-2s-adoption-kit.md
View File

@ -15,7 +15,7 @@ ms.localizationpriority: Medium
# Surface Hub 2S adoption and training guides
Whether you are a small or large business, a Surface Hub adoption plan is critical in generating the right use cases and helping your users become comfortable with the device. Check out these downloadable guides designed to help you deliver training across your organization.
Whether you're a small or large business, a Surface Hub adoption plan is critical in generating the right use cases and helping your users become comfortable with the device. Check out these downloadable guides designed to help you deliver training across your organization.
## On-demand training

6
devices/surface-hub/surface-hub-2s-manage-intune.md
View File

@ -69,6 +69,6 @@ You can set the Microsoft Teams app mode using Intune. Surface Hub 2S comes inst
To set modes, add the following settings to a custom Device Configuration Profile.
|**Name**|**Description**|**OMA-URI**|**Type**|**Value**|
|:------ |:------------- |:--------- |:------ |:------- |
|**Teams App ID**| App name | ./Vendor/MSFT/SurfaceHub/Properties/VtcAppPackageId | String | Microsoft.MicrosoftTeamsforSurfaceHub_8wekyb3d8bbwe!Teams­­ |
|**Teams App Mode**| Teams mode | ./Vendor/MSFT/SurfaceHub/Properties/SurfaceHubMeetingMode | Integer | 0 or 1 or 2 |
|:--- |:--- |:--- |:--- |:--- |
|**Teams App ID**|App name|./Vendor/MSFT/SurfaceHub/Properties/VtcAppPackageId|String| Microsoft.MicrosoftTeamsforSurfaceHub_8wekyb3d8bbwe!Teams|
|**Teams App Mode**|Teams mode|./Vendor/MSFT/SurfaceHub/Properties/SurfaceHubMeetingMode|Integer| 0 or 1 or 2|

5
devices/surface/considerations-for-surface-and-system-center-configuration-manager.md
View File

@ -29,9 +29,9 @@ Although the deployment and management of Surface devices is fundamentally the s
## Updating Surface device drivers and firmware
For devices that receive updates through Windows Update, drivers for Surface components (and even firmware updates) are applied automatically as part of the Windows Update process. For devices with managed updates, such as those updated through Windows Server Update Services (WSUS), the option to install drivers and firmware through Windows Update is not available. For these managed devices, the recommended driver management process is the deployment of driver and firmware updates using the Windows Installer (.msi) files, which are provided through the Microsoft Download Center. You can find a list of these downloads at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices).
As .msi files, deployment of driver and firmware updates is performed in the same manner as deployment of an application. Instead of installing an application as would normally happen when an .msi file is run, the Surface driver and firmware .msi will apply the driver and firmware updates to the device. The single .msi file contains the driver and firmware updates required by each component of the Surface device. The updates for firmware are applied the next time the device reboots. You can read more about the .msi installation method for Surface drivers and firmware in [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates). For more information about how to deploy applications with Configuration Manager, see [Packages and programs in System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/packages-and-programs).
For devices that recieve updates through Windows Update, drivers for Surface components (and even firmware updates) are applied automatically as part of the Windows Update process. For devices with managed updates, such as those updated through Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM), see [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-driver-and-firmware-updates/).
> [!NOTE]
> Surface device drivers and firmware are signed with SHA-256, which is not natively supported by Windows Server 2008 R2. A workaround is available for Configuration Manager environments running on Windows Server 2008 R2. For more information, see [Can't import drivers into System Center Configuration Manager (KB3025419)](https://support.microsoft.com/kb/3025419).
@ -81,4 +81,3 @@ To apply an asset tag using the [Surface Asset Tag CLI Utility](https://www.micr
When you deploy Windows to a Surface device, the push-button reset functionality of Windows is configured by default to revert the system back to a state where the environment is not yet configured. When the reset function is used, the system discards any installed applications and settings. Although in some situations it can be beneficial to restore the system to a state without applications and settings, in a professional environment this effectively renders the system unusable to the end user.
Push-button reset can be configured, however, to restore the system configuration to a state where it is ready for use by the end user. Follow the process outlined in [Deploy push-button reset features](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/deploy-push-button-reset-features) to customize the push-button reset experience for your devices.

3
devices/surface/docfx.json
View File

@ -47,7 +47,8 @@
"jborsecnik",
"tiburd",
"garycentric"
]
],
"titleSuffix": "Surface"
},
"externalReference": [],
"template": "op.html",

5
devices/surface/windows-autopilot-and-surface-devices.md
View File

@ -31,9 +31,8 @@ Autopilot is the recommended deployment option for Surface devices including Sur
Support for broad deployments of Surface devices using Windows Autopilot, including enrollment performed by Surface partners at the time of purchase, requires devices manufactured with or otherwise installed with Windows 10 Version 1709 (Fall Creators Update) or later. These versions support a 4000-byte (4k) hash value to uniquely identify devices for Windows Autopilot that is necessary for deployments at scale. All new Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3 ship with Windows 10 Version 1903 or above.
## Surface partners enabled for Windows Autopilot
Enrolling Surface devices in Windows Autopilot at the time of purchase is a capability provided by select Surface partners that are enabled with the capability to identify individual Surface devices during the purchase process and perform enrollment on an organizations behalf. Devices enrolled by a Surface partner at time of purchase can be shipped directly to users and configured entirely through the zero-touch process of Windows Autopilot, Azure Active Directory, and Mobile Device Management.
When you purchase Surface devices from a Surface partner enabled for Windows Autopilot, your new devices can be enrolled in your Windows Autopilot deployment for you by the partner. Surface partners enabled for Windows Autopilot include:
Enrolling Surface devices in Windows Autopilot at the time of purchase is performed by select Surface partners that enroll devices on an organizations behalf. Devices can then be shipped directly to users and configured entirely through the zero-touch process of Windows Autopilot, Azure Active Directory, and Mobile Device Management.
Surface partners enabled for Windows Autopilot include:
- [ALSO](https://www.also.com/ec/cms5/de_1010/1010_anbieter/microsoft/windows-autopilot/index.jsp)
- [Atea](https://www.atea.com/)

3
mdop/docfx.json
View File

@ -51,7 +51,8 @@
"jborsecnik",
"tiburd",
"garycentric"
]
],
"titleSuffix": "Microsoft Desktop Optimization Pack"
},
"externalReference": [],
"template": "op.html",

3
smb/docfx.json
View File

@ -47,7 +47,8 @@
"jborsecnik",
"tiburd",
"garycentric"
]
],
"titleSuffix": "Windows for Small to Midsize Business"
},
"fileMetadata": {},
"template": [],

3
windows/application-management/docfx.json
View File

@ -42,7 +42,8 @@
"depot_name": "MSDN.win-app-management",
"folder_relative_path_in_docset": "./"
}
}
},
"titleSuffix": "Windows Application Management"
},
"fileMetadata": {},
"template": [],

3
windows/client-management/docfx.json
View File

@ -44,7 +44,8 @@
"depot_name": "MSDN.win-client-management",
"folder_relative_path_in_docset": "./"
}
}
},
"titleSuffix": "Windows Client Management"
},
"fileMetadata": {},
"template": [],

1
windows/client-management/mandatory-user-profile.md
View File

@ -31,6 +31,7 @@ When the server that stores the mandatory profile is unavailable, such as when t
User profiles become mandatory profiles when the administrator renames the NTuser.dat file (the registry hive) of each user's profile in the file system of the profile server from `NTuser.dat` to `NTuser.man`. The `.man` extension causes the user profile to be a read-only profile.
<span id="extension"/>
## Profile extension for each Windows version
The name of the folder in which you store the mandatory profile must use the correct extension for the operating system it will be applied to. The following table lists the correct extension for each operating system version.

5
windows/client-management/mdm/index.md
View File

@ -10,7 +10,6 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: dansimp
ms.date: 01/25/2019
---
# Mobile device management
@ -42,14 +41,16 @@ The MDM security baseline includes policies that cover the following areas:
- And much more
For more details about the MDM policies defined in the MDM security baseline and what Microsofts recommended baseline policy values are, see:
- [MDM Security baseline for Windows 10, version 1909](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1909-MDM-SecurityBaseLine-Document.zip)
- [MDM Security baseline for Windows 10, version 1903](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1903-MDM-SecurityBaseLine-Document.zip)
- [MDM Security baseline for Windows 10, version 1809](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1809-MDM-SecurityBaseLine-Document-[Preview].zip)
For information about the MDM policies defined in the Intune security baseline public preview, see [Windows security baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-windows)
<span id="mmat" />
## Learn about migrating to MDM
When an organization wants to move to MDM to manage devices, they should prepare by analyzing their current Group Policy settings to see what they need to transition to MDM management. Microsoft created the [MDM Migration Analysis Tool](https://aka.ms/mmat/) (MMAT) to help. MMAT determines which Group Policies have been set for a target user or computer and then generates a report that lists the level of support for each policy settings in MDM equivalents. For more information, see [MMAT Instructions](https://github.com/WindowsDeviceManagement/MMAT/blob/master/MDM%20Migration%20Analysis%20Tool%20Instructions.pdf).

3
windows/client-management/new-policies-for-windows-10.md
View File

@ -23,7 +23,7 @@ ms.topic: reference
- Windows 10
- Windows 10 Mobile
Windows 10 includes the following new policies for management. [Download the complete set of Administrative Template (.admx) files for Windows 10](https://www.microsoft.com/download/details.aspx?id=56121).
Windows 10 includes the following new policies for management. [Download the complete set of Administrative Template (.admx) files for Windows 10](https://www.microsoft.com/download/100591).
## New Group Policy settings in Windows 10, version 1809
@ -497,4 +497,3 @@ No new [Exchange ActiveSync policies](https://go.microsoft.com/fwlink/p/?LinkId=

3
windows/configuration/docfx.json
View File

@ -42,7 +42,8 @@
"depot_name": "MSDN.win-configuration",
"folder_relative_path_in_docset": "./"
}
}
},
"titleSuffix": "Configure Windows"
},
"fileMetadata": {},
"template": [],

3
windows/deployment/docfx.json
View File

@ -47,7 +47,8 @@
"depot_name": "MSDN.win-development",
"folder_relative_path_in_docset": "./"
}
}
},
"titleSuffix": "Windows Deployment"
},
"fileMetadata": {},
"template": [],

BIN
windows/deployment/images/sa-mfa1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 136 KiB

BIN
windows/deployment/images/sa-mfa2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 122 KiB

BIN
windows/deployment/images/sa-mfa3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 115 KiB

248
windows/deployment/upgrade/resolution-procedures.md
View File

@ -18,38 +18,38 @@ ms.topic: article
# Resolution procedures
**Applies to**
- Windows 10
>[!NOTE]
>This is a 200 level topic (moderate).<br>
>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
- Windows 10
> [!NOTE]
> This is a 200 level topic (moderate).
> See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
## 0xC1900101
A frequently observed result code is 0xC1900101. This result code can be thrown at any stage of the upgrade process, with the exception of the downlevel phase. 0xC1900101 is a generic rollback code, and usually indicates that an incompatible driver is present. The incompatible driver can cause blue screens, system hangs, and unexpected reboots. Analysis of supplemental log files is often helpful, such as:<br>
A frequently observed result code is 0xC1900101. This result code can be thrown at any stage of the upgrade process, with the exception of the downlevel phase. 0xC1900101 is a generic rollback code, and usually indicates that an incompatible driver is present. The incompatible driver can cause blue screens, system hangs, and unexpected reboots. Analysis of supplemental log files is often helpful, such as:
- The minidump file: $Windows.~bt\Sources\Rollback\setupmem.dmp,
- Event logs: $Windows.~bt\Sources\Rollback\*.evtx
- The device install log: $Windows.~bt\Sources\Rollback\setupapi\setupapi.dev.log
The device install log is particularly helpful if rollback occurs during the sysprep operation (extend code 0x30018). To resolve a rollback due to driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process.
The device install log is particularly helpful if rollback occurs during the sysprep operation (extend code 0x30018).
<br>See the following general troubleshooting procedures associated with a result code of 0xC1900101:
To resolve a rollback that was caused by driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process.
See the following general troubleshooting procedures associated with a result code of 0xC1900101:<br /><br />
<table border="1" cellspacing="0" cellpadding="0">
<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x20004</B>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Code</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x20004
</table>
<br><table cellspacing="0" cellpadding="0">
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>Windows Setup encountered an error during the SAFE_OS with the INSTALL_RECOVERY_ENVIRONMENT operation
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>Windows Setup encountered an error during the SAFE_OS with the INSTALL_RECOVERY_ENVIRONMENT operation.
<br>This is generally caused by out-of-date drivers.
</table>
</td>
@ -69,11 +69,11 @@ The device install log is particularly helpful if rollback occurs during the sys
<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x2000c</B>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Code</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x2000c
</table>
<br><table cellspacing="0" cellpadding="0">
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>Windows Setup encountered an unspecified error during Wim apply in the WinPE phase.
<br>This is generally caused by out-of-date drivers.
@ -91,16 +91,15 @@ The device install log is particularly helpful if rollback occurs during the sys
</td>
</tr>
<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Code</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x20017
</table>
<br><table cellspacing="0" cellpadding="0">
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>A driver has caused an illegal operation.
<br>Windows was not able to migrate the driver, resulting in a rollback of the operating system.
@ -113,9 +112,9 @@ The device install log is particularly helpful if rollback occurs during the sys
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
Ensure that all that drivers are updated.<br>
Open the Setuperr.log and Setupact.log files in the %windir%\Panther directory, and then locate the problem drivers.
<br>For more information, see <a href="https://technet.microsoft.com/library/ee851579.aspx" data-raw-source="[Understanding Failures and Log Files](https://technet.microsoft.com/library/ee851579.aspx)">Understanding Failures and Log Files</a>.
Ensure that all that drivers are updated.
<br />Open the Setuperr.log and Setupact.log files in the %windir%\Panther directory, and then locate the problem drivers.
<br />For more information, see <a href="https://support.microsoft.com/help/927521/windows-vista-windows-7-windows-server-2008-r2-windows-8-1-and-windows">Windows Vista, Windows 7, Windows Server 2008 R2, Windows 8.1, and Windows 10 setup log file locations</a>.
<br>Update or uninstall the problem drivers.
</table>
</td>
@ -124,11 +123,11 @@ Open the Setuperr.log and Setupact.log files in the %windir%\Panther directory,
<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x30018</B>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Code</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x30018
</table>
<br><table cellspacing="0" cellpadding="0">
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>A device driver has stopped responding to setup.exe during the upgrade process.
</table>
@ -149,11 +148,11 @@ Disconnect all peripheral devices that are connected to the system, except for t
<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x3000D</B>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Code</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x3000D
</table>
<br><table cellspacing="0" cellpadding="0">
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.
<br>This can occur due to a problem with a display driver.
@ -175,16 +174,15 @@ Disconnect all peripheral devices that are connected to the system, except for t
<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x4000D</B>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Code</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x4000D
</table>
<br><table cellspacing="0" cellpadding="0">
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>A rollback occurred due to a driver configuration issue.
<br>Installation failed during the second boot phase while attempting the MIGRATE_DATA operation.
<br>This can occur due to incompatible drivers.
<br>This can occur because of incompatible drivers.
</table>
</td>
@ -194,40 +192,39 @@ Disconnect all peripheral devices that are connected to the system, except for t
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
<br>Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.
Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.
<br>Review the rollback log and determine the stop code.
<br>The rollback log is located in the <strong>C:$Windows.~BT\Sources\Panther</strong> folder. An example analysis is shown below. This example is not representative of all cases:
<br>Info SP Crash 0x0000007E detected
<br>Info SP Module name :
<br>Info SP Bugcheck parameter 1 : 0xFFFFFFFFC0000005
<br>Info SP Bugcheck parameter 2 : 0xFFFFF8015BC0036A
<br>Info SP Bugcheck parameter 3 : 0xFFFFD000E5D23728
<br>Info SP Bugcheck parameter 4 : 0xFFFFD000E5D22F40
<br>Info SP Cannot recover the system.
<br>Info SP Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.
<pre>
Info SP Crash 0x0000007E detected
Info SP Module name :
Info SP Bugcheck parameter 1 : 0xFFFFFFFFC0000005
Info SP Bugcheck parameter 2 : 0xFFFFF8015BC0036A
Info SP Bugcheck parameter 3 : 0xFFFFD000E5D23728
Info SP Bugcheck parameter 4 : 0xFFFFD000E5D22F40
Info SP Cannot recover the system.
Info SP Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.</pre>
<br>Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:<br>
Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:<br>
1. Make sure you have enough disk space.<br>
2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.<br>
3. Try changing video adapters.<br>
4. Check with your hardware vendor for any BIOS updates.<br>
5. Disable BIOS memory options such as caching or shadowing.
</p>
</table>
</td>
</tr>
<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x40017</B>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Code</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>0xC1900101 - 0x40017
</table>
<br><table cellspacing="0" cellpadding="0">
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>Windows 10 upgrade failed after the second reboot.
<br>This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers.
@ -237,23 +234,61 @@ Disconnect all peripheral devices that are connected to the system, except for t
<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>Clean boot into Windows, and then attempt the upgrade to Windows 10.<br>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
<b>Mitigation</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).
Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).
Ensure that you select the option to "Download and install updates (recommended)."
<b>Computers that run Citrix VDA</b>
You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.
This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.
**Resolution**
To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).
You can work around this problem in two ways
**Workaround 1**
1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.
1. Run the Windows upgrade again.
1. Reinstall Citrix VDA.
**Workaround 2**
If you cannot uninstall Citrix VDA, follow these steps to work around this problem:
1. In Registry Editor, go to the following subkey:
```
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc
```
1. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.
1. Go to the following subkey:
```
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}
```
1. Delete the **CtxMcsWbc** entry.
1. Restart the computer, and then try the upgrade again.
> **Third-party information disclaimer**
> The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
<br><br>Ensure you select the option to "Download and install updates (recommended)."
</table>
</td>
</tr>
</table>
<h2 id="0x800xxxxx">0x800xxxxx</h2>
## 0x800xxxxx
<br>Result codes starting with the digits 0x800 are also important to understand. These error codes indicate general operating system errors, and are not unique to the Windows upgrade process. Examples include timeouts, devices not functioning, and a process stopping unexpectedly.
Result codes that start with the digits 0x800 are also important to understand. These error codes indicate general operating system errors, and are not unique to the Windows upgrade process. Examples include timeouts, devices not functioning, and a process stopping unexpectedly.
<br>See the following general troubleshooting procedures associated with a result code of 0x800xxxxx:<br>
See the following general troubleshooting procedures associated with a result code of 0x800xxxxx:
<br><table border="1" cellspacing="0" cellpadding="0">
@ -262,15 +297,13 @@ For more information, see [How to perform a clean boot in Windows](https://suppo
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Code</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
80040005 - 0x20007
</table>
<br><table cellspacing="0" cellpadding="0">
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
An unspecified error occurred with a driver during the SafeOS phase.
</table>
@ -293,17 +326,15 @@ This error has more than one possible cause. Attempt [quick fixes](quick-fixes.m
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Code</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
0x80073BC3 - 0x20009<br>
0x80070002 - 0x20009<br>
0x80073B92 - 0x20009
</table>
<br><table cellspacing="0" cellpadding="0">
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
The requested system device cannot be found, there is a sharing violation, or there are multiple devices matching the identification criteria.
</table>
@ -324,17 +355,15 @@ These errors occur during partition analysis and validation, and can be caused b
<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Code</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
800704B8 - 0x3001A
</table>
<br><table cellspacing="0" cellpadding="0">
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
An extended error has occurred during the first boot phase.
</table>
@ -355,17 +384,15 @@ Disable or uninstall non-Microsoft antivirus applications, disconnect all unnece
<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Code</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
8007042B - 0x4000D
</table>
<br><table cellspacing="0" cellpadding="0">
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
The installation failed during the second boot phase while attempting the MIGRATE_DATA operation.
<br>This issue can occur due to file system, application, or driver issues.
@ -387,17 +414,15 @@ The installation failed during the second boot phase while attempting the MIGRAT
<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Code</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
8007001F - 0x3000D
</table>
<br><table cellspacing="0" cellpadding="0">
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
The installation failed in the FIRST_BOOT phase with an error during MIGRATE_DATA operation.
</table>
@ -413,7 +438,8 @@ The installation failed in the FIRST_BOOT phase with an error during MIGRATE_DAT
This error can be due to a problem with user profiles. It can occur due to corrupt registry entries under **HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList** or invalid files in the **\\Users** directory.
Note: If a previous upgrade did not complete, invalid profiles might exist in the **Windows.old\\Users** directory.
> [!NOTE]
> If a previous upgrade did not complete, invalid profiles might exist in the **Windows.old\\Users** directory.
To repair this error, ensure that deleted accounts are not still present in the Windows registry and that files under the \\Users directory are valid. Delete the invalid files or user profiles that are causing this error. The specific files and profiles that are causing the error will be recorded in the Windows setup log files.
@ -424,17 +450,15 @@ To repair this error, ensure that deleted accounts are not still present in the
<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Code</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
8007001F - 0x4000D
</table>
<br><table cellspacing="0" cellpadding="0">
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
General failure, a device attached to the system is not functioning.
</table>
@ -455,17 +479,15 @@ General failure, a device attached to the system is not functioning.
<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Code</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
8007042B - 0x4001E
</table>
<br><table cellspacing="0" cellpadding="0">
<table cellspacing="0" cellpadding="0">
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
The installation failed during the second boot phase while attempting the PRE_OOBE operation.
</table>
@ -488,12 +510,12 @@ This error has more than one possible cause. Attempt [quick fixes](quick-fixes.m
## Other result codes
<table>
<br /><table>
<tr>
<td BGCOLOR="#a0e4fa"><B>Error code</th>
<td BGCOLOR="#a0e4fa"><B>Cause</th>
<td BGCOLOR="#a0e4fa"><B>Mitigation</th>
<td BGCOLOR="#a0e4fa"><b>Error code</b></th>
<td BGCOLOR="#a0e4fa"><b>Cause</b></th>
<td BGCOLOR="#a0e4fa"><b>Mitigation</b></th>
</tr>
<tr>
@ -505,10 +527,9 @@ This error has more than one possible cause. Attempt [quick fixes](quick-fixes.m
<tr>
<td>0xC1900200</td>
<td>Setup.exe has detected that the machine does not meet the minimum system requirements.</td>
<td>Ensure the system you are trying to upgrade meets the minimum system requirements. <br>See <a href="https://www.microsoft.com/windows/windows-10-specifications" data-raw-source="[Windows 10 specifications](https://www.microsoft.com/windows/windows-10-specifications)">Windows 10 specifications</a> for information.</td>
<td>Ensure the system you are trying to upgrade meets the minimum system requirements. <br>See <a href="https://www.microsoft.com/windows/windows-10-specifications" data-raw-source="[Windows 10 specifications](https://www.microsoft.com/windows/windows-10-specifications)">Windows 10 specifications</a> for information.</td>
</tr>
<tr>
<td>0x80090011</td>
<td>A device driver error occurred during user data migration.</td>
@ -534,13 +555,13 @@ This error has more than one possible cause. Attempt [quick fixes](quick-fixes.m
<td>Attempt other methods of upgrading the operating system.<br>
Download and run the media creation tool. See <a href="https://www.microsoft.com/software-download/windows10" data-raw-source="[Download windows 10](https://www.microsoft.com/software-download/windows10)">Download windows 10</a>.
<br>Attempt to upgrade using .ISO or USB.<br>
<strong>Note</strong>: Windows 10 Enterprise isnt available in the media creation tool. For more information, go to the <a href="https://www.microsoft.com/licensing/servicecenter/default.aspx" data-raw-source="[Volume Licensing Service Center](https://www.microsoft.com/licensing/servicecenter/default.aspx)">Volume Licensing Service Center</a>.
<strong>Note</strong><br>Windows 10 Enterprise isnt available in the media creation tool. For more information, go to the <a href="https://www.microsoft.com/licensing/servicecenter/default.aspx" data-raw-source="[Volume Licensing Service Center](https://www.microsoft.com/licensing/servicecenter/default.aspx)">Volume Licensing Service Center</a>.
</td>
</tr>
<tr>
<td>0x80244018</td>
<td>Your machine is connected through a proxy server.</td>
<td>Make sure Automatically Detect Settings is selected in internet options. (Control Panel > Internet Options > Connections > LAN Settings).
<td>Make sure Automatically Detect Settings is selected in internet options. (<b>Control Panel</b> > <b>Internet Options</b> > <b>Connections</b> > <b>LAN Settings</b>).
</td>
</tr>
<tr>
@ -568,34 +589,29 @@ Download and run the media creation tool. See <a href="https://www.microsoft.com
<td>0xC1900107</td>
<td>A cleanup operation from a previous installation attempt is still pending and a system reboot is required in order to continue the upgrade.
</td>
<td>Reboot the device and run setup again. If restarting device does not resolve the issue, then use the Disk Cleanup utility and cleanup the temporary as well as the System files. For more information, see <a href="https://support.microsoft.com/instantanswers/8fef4121-711b-4be1-996f-99e02c7301c2/disk-cleanup-in-windows-10" data-raw-source="[Disk cleanup in Windows 10](https://support.microsoft.com/instantanswers/8fef4121-711b-4be1-996f-99e02c7301c2/disk-cleanup-in-windows-10)">Disk cleanup in Windows 10</a>.</td>
<td>Restart the device and run setup again. If restarting the device does not resolve the issue, then use the Disk Cleanup utility and clean up the temporary files as well as the System files. For more information, see <a href="https://support.microsoft.com/instantanswers/8fef4121-711b-4be1-996f-99e02c7301c2/disk-cleanup-in-windows-10" data-raw-source="[Disk cleanup in Windows 10](https://support.microsoft.com/instantanswers/8fef4121-711b-4be1-996f-99e02c7301c2/disk-cleanup-in-windows-10)">Disk cleanup in Windows 10</a>.</td>
</tr>
<tr>
<td>0xC1900209</td>
<td>The user has chosen to cancel because the system does not pass the compatibility scan to install the update. Setup.exe will report this error when it can upgrade the machine with user data but cannot migrate installed applications.</td>
<td>Incompatible software is blocking the upgrade process. Uninstall the application and try the upgrade again. See <a href="https://blogs.technet.microsoft.com/mniehaus/2015/08/23/windows-10-pre-upgrade-validation-using-setup-exe/" data-raw-source="[Windows 10 Pre-Upgrade Validation using SETUP.EXE](https://blogs.technet.microsoft.com/mniehaus/2015/08/23/windows-10-pre-upgrade-validation-using-setup-exe/)">Windows 10 Pre-Upgrade Validation using SETUP.EXE</a> for more information.
<br>You can also download the [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526740) and install Application Compatibility Tools.
<br>You can also download the <a href="https://go.microsoft.com/fwlink/p/?LinkId=526740">Windows Assessment and Deployment Kit (ADK) for Windows 10</a> and install Application Compatibility Tools.
</td>
</tr>
<tr>
<td>0x8007002 </td>
<td>This error is specific to upgrades using System Center Configuration Manager 2012 R2 SP1 CU3 (5.00.8238.1403)</td>
<td>Analyze the SMSTS.log and verify that the upgrade is failing on &quot;Apply Operating system&quot; Phase: Error 80072efe DownloadFileWithRanges() failed. 80072efe. ApplyOperatingSystem (0x0760)
<br>The error 80072efe means that the connection with the server was terminated abnormally.
<br>To resolve this issue, try the OS Deployment test on a client in same VLAN as the Configuration Manager server. Check the network configuration for random client-server connection issues happening on the remote VLAN.
</td>
</tr>
<tr>
<td>0x80240FFF </td>
<td>Occurs when update synchronization fails. It can occur when you are using Windows Server Update Services on its own or when it is integrated with System Center Configuration Manager. If you enable update synchronization before you install <a href="https://support.microsoft.com/help/3095113/en-us">hotfix 3095113</a>, WSUS doesn&#39;t recognize the Upgrades classification and instead treats the upgrade like a regular update.</td>
<td> You can prevent this by installing <a href="https://blogs.technet.com/b/wsus/archive/2015/12/04/important-update-for-wsus-4-0-kb-3095113.aspx">hotfix 3095113</a> before you enable update synchronization. However, if you have already run into this problem, do the following:
<td>Occurs when update synchronization fails. It can occur when you are using Windows Server Update Services on its own or when it is integrated with System Center Configuration Manager. If you enable update synchronization before you install <a href="https://support.microsoft.com/help/3095113/">hotfix 3095113</a>, WSUS doesn&#39;t recognize the Upgrades classification and instead treats the upgrade like a regular update.</td>
<td> You can prevent this by installing <a href="https://blogs.technet.microsoft.com/wsus/2015/12/03/important-update-for-wsus-4-0-kb-3095113/">hotfix 3095113</a> before you enable update synchronization. However, if you have already run into this problem, do the following:
<ol>
<li>Disable the Upgrades classification.</li>
<li>Install hotfix 3095113.</li>
@ -603,21 +619,20 @@ Download and run the media creation tool. See <a href="https://www.microsoft.com
<li>Enable the Upgrades classification.</li>
<li>Perform a full synch.</li>
</ol>
<br>For detailed information on how to run these steps check out <a href="https://blogs.technet.com/b/wsus/archive/2016/01/30/quot-help-i-synched-upgrades-too-soon-quot.aspx">How to delete upgrades in WSUS</a>.</p>
For detailed information on how to run these steps check out <a href="https://blogs.technet.microsoft.com/wsus/2016/01/29/how-to-delete-upgrades-in-wsus/">How to delete upgrades in WSUS</a>.</p>
</td>
</tr>
<tr>
<td>0x8007007E</td>
<td>Occurs when update synchronization fails because you do not have <a href="https://support.microsoft.com/help/3095113/en-us">hotfix 3095113</a> installed before you enable update synchronization. Specifically, the CopyToCache operation fails on clients that have already downloaded the upgrade because Windows Server Update Services has bad metadata related to the upgrade. It can occur when you are using standalone Windows Server Update Services or when WSUS is integrated with System Center Configuration Manager.</td>
<td>Occurs when update synchronization fails because you do not have <a href="https://support.microsoft.com/help/3095113/">hotfix 3095113</a> installed before you enable update synchronization. Specifically, the CopyToCache operation fails on clients that have already downloaded the upgrade because Windows Server Update Services has bad metadata related to the upgrade. It can occur when you are using standalone Windows Server Update Services or when WSUS is integrated with System Center Configuration Manager.</td>
<td> Use the following steps to repair Windows Server Update Services. You must run these steps on each WSUS server that synched metadata before you installed the hotfix.
<ol>
<li>Stop the Windows Update service. Sign in as a user with administrative privileges, and then do the following:
<ol>
<li>Open <b>Administrative Tools</b> from the Control Panel.</li>
<li>Double-click <b>Services</b>.</li>
<li>Find the <b>Windows Update</b> service, right-click it, and then click <b>Stop</b>. If prompted, enter your credentials.</li>
<li>Find the <b>Windows Update</b> service, right-click it, and then select <b>Stop</b>. If prompted, enter your credentials.</li>
</ol>
</li>
<li>Delete all files and folders under c:\Windows\SoftwareDistribution\DataStore.</li>
@ -630,7 +645,7 @@ Download and run the media creation tool. See <a href="https://www.microsoft.com
## Other error codes
<table>
<br><table>
<tr><td BGCOLOR="#a0e4fa">Error Codes<td BGCOLOR="#a0e4fa">Cause<td BGCOLOR="#a0e4fa">Mitigation</td></tr>
<tr><td>0x80070003- 0x20007
@ -657,9 +672,9 @@ Alternatively, re-create installation media the [Media Creation Tool](https://ww
<td>The computer doesnt meet the minimum requirements to download or upgrade to Windows 10.
<td>See <a href="https://www.microsoft.com/windows/windows-10-specifications" data-raw-source="[Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications)">Windows 10 Specifications</a> and verify the computer meets minimum requirements.
See <a href="https://www.microsoft.com/windows/windows-10-specifications" data-raw-source="[Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications)">Windows 10 Specifications</a> and verify the computer meets minimum requirements.
<br>Review logs for [compatibility information](https://blogs.technet.microsoft.com/askcore/2016/01/21/using-the-windows-10-compatibility-reports-to-understand-upgrade-issues/).</td></tr>
Review logs for [compatibility information](https://blogs.technet.microsoft.com/askcore/2016/01/21/using-the-windows-10-compatibility-reports-to-understand-upgrade-issues/).</td></tr>
<tr><td>0x80070004 - 0x3000D
<td>This is a problem with data migration during the first boot phase. There are multiple possible causes.
@ -680,7 +695,8 @@ Alternatively, re-create installation media the [Media Creation Tool](https://ww
<td>These errors indicate the computer does not have enough free space available to install the upgrade.
<td>To upgrade a computer to Windows 10, it requires 16 GB of free hard drive space for a 32-bit OS, and 20 GB for a 64-bit OS. If there is not enough space, attempt to <a href="https://support.microsoft.com/help/17421/windows-free-up-drive-space" data-raw-source="[free up drive space](https://support.microsoft.com/help/17421/windows-free-up-drive-space)">free up drive space</a> before proceeding with the upgrade.
<br>Note: If your device allows it, you can use an external USB drive for the upgrade process. Windows setup will back up the previous version of Windows to a USB external drive. The external drive must be at least 8GB (16GB is recommended). The external drive should be formatted using NTFS. Drives that are formatted in FAT32 may run into errors due to FAT32 file size limitations. USB drives are preferred over SD cards because drivers for SD cards are not migrated if the device does not support Connected Standby.
> [!NOTE]
> If your device allows it, you can use an external USB drive for the upgrade process. Windows setup will back up the previous version of Windows to a USB external drive. The external drive must be at least 8GB (16GB is recommended). The external drive should be formatted using NTFS. Drives that are formatted in FAT32 may run into errors due to FAT32 file size limitations. USB drives are preferred over SD cards because drivers for SD cards are not migrated if the device does not support Connected Standby.
</td></tr>
</table>
@ -714,8 +730,8 @@ Also see the following sequential list of modern setup (mosetup) error codes wit
| 0XC190011f | MOSETUP_E_PROCESS_CRASHED | The installation process crashed. |
| 0XC1900120 | MOSETUP_E_EULA_TIMEOUT | The user has not accepted Eula within the required time limit. |
| 0XC1900121 | MOSETUP_E_ADVERTISE_TIMEOUT | The user has not accepted Advertisement within the required time limit. |
| 0XC1900122 | MOSETUP_E_DOWNLOADDISKSPACE_TIMEOUT | The download diskspace issues were not resolved within the required time limit. |
| 0XC1900123 | MOSETUP_E_INSTALLDISKSPACE_TIMEOUT | The install diskspace issues were not resolved within the required time limit. |
| 0XC1900122 | MOSETUP_E_DOWNLOADDISKSPACE_TIMEOUT | The download disk space issues were not resolved within the required time limit. |
| 0XC1900123 | MOSETUP_E_INSTALLDISKSPACE_TIMEOUT | The install disk space issues were not resolved within the required time limit. |
| 0XC1900124 | MOSETUP_E_COMPAT_SYSREQ_TIMEOUT | The minimum requirements compatibility issues were not resolved within the required time limit. |
| 0XC1900125 | MOSETUP_E_COMPAT_DOWNLOADREQ_TIMEOUT | The compatibility issues for download were not resolved within the required time limit. |
| 0XC1900126 | MOSETUP_E_GATHER_OS_STATE_SIGNATURE | The GatherOsState executable has invalid signature. |
@ -744,9 +760,9 @@ Also see the following sequential list of modern setup (mosetup) error codes wit
| 0XC1900209 | MOSETUP_E_COMPAT_INSTALLREQ_CANCEL | The user has chosen to cancel because the system does not pass the compat scan to install the update. |
| 0XC190020a | MOSETUP_E_COMPAT_RECOVERYREQ_BLOCK | The system does not pass the minimum requirements to recover Windows. |
| 0XC190020b | MOSETUP_E_COMPAT_RECOVERYREQ_CANCEL | The user has chosen to cancel because the system does not pass the minimum requirements to recover Windows. |
| 0XC190020c | MOSETUP_E_DOWNLOADDISKSPACE_BLOCK | The system does not pass the diskspace requirements to download the payload. |
| 0XC190020c | MOSETUP_E_DOWNLOADDISKSPACE_BLOCK | The system does not pass the disk space requirements to download the payload. |
| 0XC190020d | MOSETUP_E_DOWNLOADDISKSPACE_CANCEL | The user has chosen to cancel as the device does not have enough disk space to download. |
| 0XC190020e | MOSETUP_E_INSTALLDISKSPACE_BLOCK | The system does not pass the diskspace requirements to install the payload. |
| 0XC190020e | MOSETUP_E_INSTALLDISKSPACE_BLOCK | The system does not pass the disk space requirements to install the payload. |
| 0XC190020f | MOSETUP_E_INSTALLDISKSPACE_CANCEL | The user has chosen to cancel as the device does not have enough disk space to install. |
| 0XC1900210 | MOSETUP_E_COMPAT_SCANONLY | The user has used the setup.exe command line to do scanonly, not to install the OS. |
| 0XC1900211 | MOSETUP_E_DOWNLOAD_UNPACK_DISKSPACE_BLOCK | The system does not pass the disk space requirements to download and unpack media. |
@ -765,8 +781,8 @@ Also see the following sequential list of modern setup (mosetup) error codes wit
## Related topics
[Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx)
<br>[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
<br>[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
<br>[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
<br>[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821)
- [Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx)
- [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
- [Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
- [Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/home?category=Windows10ITPro)
- [Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821)

464
windows/deployment/volume-activation/plan-for-volume-activation-client.md
View File

@ -1,232 +1,232 @@
---
title: Plan for volume activation (Windows 10)
description: Product activation is the process of validating software with the manufacturer after it has been installed on a specific computer.
ms.assetid: f84b005b-c362-4a70-a84e-4287c0d2e4ca
ms.reviewer:
manager: laurawi
ms.author: greglin
keywords: vamt, volume activation, activation, windows activation
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
audience: itpro author: greg-lindsay
ms.localizationpriority: medium
ms.date: 09/27/2017
ms.topic: article
---
# Plan for volume activation
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012 R2
- Windows Server 2012
- Windows Server 2008 R2
**Looking for retail activation?**
- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
*Product activation* is the process of validating software with the manufacturer after it has been installed on a specific computer. Activation confirms that the product is genuine—not a fraudulent copy—and that the product key or serial number is valid and has not been compromised or revoked. Activation also establishes a link or relationship between the product key and the particular installation.
During the activation process, information about the specific installation is examined. In the case of online activations, this information is sent to a server at Microsoft. This information may include the software version, the product key, the IP address of the computer, and information about the device. The activation methods that Microsoft uses are designed to help protect user privacy, and they cannot be used to track back to the computer or user. The gathered data confirms that the software is a legally licensed copy, and this data is used for statistical analysis. Microsoft does not use this information to identify or contact the user or the organization.
>[!NOTE]
>The IP address is used only to verify the location of the request, because some editions of Windows (such as “Starter” editions) can only be activated within certain geographical target markets.
## Distribution channels and activation
In general, Microsoft software is obtained through three main channels: retail, original equipment manufacturer (OEM), and volume licensing agreements. Different activations methods are available through each channel. Because organizations are free to obtain software through multiple channels (for example, buying some at retail and others through a volume licensing program) most organizations choose to use a combination of activation methods.
### Retail activations
The retail activation method has not changed in several versions of Windows and Windows Server. Each purchased copy comes with one unique product key (often referred to as a retail key). The user enters this key during product installation. The computer uses this retail key to complete the activation after the installation is complete. Most activations are performed online, but telephone activation is also available.
Recently, retail keys have been expanded into new distribution scenarios. Product key cards are available to activate products that have been preinstalled or downloaded. Programs such as Windows Anytime Upgrade and Get Genuine allow users to acquire legal keys separately from the software. These electronically distributed keys may come with media that contains software, they can come as a software shipment, or they may be provided on a printed card or electronic copy. Products are activated the same way with any of these retail keys.
### Original equipment manufacturer
Most original equipment manufacturers (OEMs) sell systems that include a standard build of the Windows operating system. The hardware vendor activates Windows by associating the operating system with the firmware (BIOS) of the computer. This occurs before the computer is sent to the customer, and no additional actions are required.
OEM activation is valid as long as the customer uses the OEM-provided image on the system. OEM activation is available only for computers that are purchased through OEM channels and have the Windows operating system preinstalled.
### Volume licensing
Volume licensing offers customized programs that are tailored to the size and purchasing preference of the organization. To become a volume licensing customer, the organization must set up a volume licensing agreement with Microsoft.There is a common misunderstanding about acquiring licenses for a new computer through volume licensing. There are two legal ways to acquire a full Windows client license for a new computer:
- Have the license preinstalled through the OEM.
- Purchase a fully packaged retail product.
The licenses that are provided through volume licensing programs such as Open License, Select License, and Enterprise Agreements cover upgrades to Windows client operating systems only. An existing retail or OEM operating system license is needed for each computer running Windows 10, Windows 8.1 Pro, Windows 8 Pro, Windows 7 Professional or Ultimate, or Windows XP Professional before the upgrade rights obtained through volume licensing can be exercised.
Volume licensing is also available through certain subscription or membership programs, such as the Microsoft Partner Network and MSDN. These volume licenses may contain specific restrictions or other changes to the general terms applicable to volume licensing.
**Note**  
Some editions of the operating system, such as Windows 10 Enterprise, and some editions of application software are available only through volume licensing agreements or subscriptions.
## Activation models
For a user or IT department, there are no significant choices about how to activate products that are acquired through retail or OEM channels. The OEM performs the activation at the factory, and the user or the IT department need take no activation steps.
With a retail product, the Volume Activation Management Tool (VAMT), which is discussed later in this guide, helps you track and manage keys. For each retail activation, you can choose:
- Online activation
- Telephone activation
- VAMT proxy activation
Telephone activation is primarily used in situations where a computer is isolated from all networks. VAMT proxy activation (with retail keys) is sometimes used when an IT department wants to centralize retail activations or when a computer with a retail version of the operating system is isolated from the Internet but connected to the LAN. For volume-licensed products, however, you must determine the best method or combination of methods to use in your environment. For Windows 10 Pro and Enterprise, you can choose from three models:
- MAKs
- KMS
- Active Directory-based activation
**Note**  
A specialized method, Token-based activation, is available for specific situations when approved customers rely on a public key infrastructure in a completely isolated, and usually high-security, environment. For more information, contact your Microsoft Account Team or your service representative.
Token-based Activation option is available for Windows 10 Enterprise LTSB editions (Version 1507 and 1607).
### Multiple activation key
A Multiple Activation Key (MAK) is commonly used in small- or mid-sized organizations that have a volume licensing agreement, but they do not meet the requirements to operate a KMS or they prefer a simpler approach. A MAK also
allows permanent activation of computers that are isolated from the KMS or are part of an isolated network that does not have enough computers to use the KMS.
To use a MAK, the computers to be activated must have a MAK installed. The MAK is used for one-time activation with the Microsoft online hosted activation services, by telephone, or by using VAMT proxy activation.
In the simplest terms, a MAK acts like a retail key, except that a MAK is valid for activating multiple computers. Each MAK can be used a specific number of times. The VAMT can assist in tracking the number of activations that have been performed with each key and how many remain.
Organizations can download MAK and KMS keys from the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkId=618213) website. Each MAK has a preset number of activations, which are based on a percentage of the count of licenses the organization purchases; however, you can increase the number of activations that are available with your MAK by calling Microsoft.
### Key Management Service
With the Key Management Service (KMS), IT pros can complete activations on their local network, eliminating the need for individual computers to connect to Microsoft for product activation. The KMS is a lightweight service that does not require a dedicated system and can easily be cohosted on a system that provides other services.
Volume editions of Windows 10 and Windows Server 2012 R2 (in addition to volume editions of operating system editions since Windows Vista and Windows Server 2008) automatically connect to a system that hosts the KMS to request activation. No action is required from the user.
The KMS requires a minimum number of computers (physical computers or virtual machines) in a network environment. The organization must have at least five computers to activate Windows Server 2012 R2 and at least 25 computers to activate client computers that are running Windows 10. These minimums are referred to as *activation thresholds*.
Planning to use the KMS includes selecting the best location for the KMS host and how many KMS hosts to have. One KMS host can handle a large number of activations, but organizations will often deploy two KMS hosts to ensure availability. Only rarely would more than two KMS hosts be used. The KMS can be hosted on a client computer or on a server, and it can be run on older versions of the operating system if proper configuration steps are taken. Setting up your KMS is discussed later in this guide.
### Active Directory-based activation
Active Directory-based activation is the newest type of volume activation, and it was introduced in Windows 8. In many ways, Active Directory-based activation is similar to activation by using the KMS, but the activated computer does not need to maintain periodic connectivity with the KMS host. Instead, a domain-joined computer running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 queries AD DS for a volume activation object that is stored in the domain. The operating system checks the digital signatures that are contained in the activation object, and then activates the device.
Active Directory-based activation allows enterprises to activate computers through a connection to their domain. Many companies have computers at remote or branch locations, where it is impractical to connect to a KMS, or would not reach the KMS activation threshold. Rather than use MAKs, Active Directory-based activation provides a way to activate computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 as long as the computers can contact the companys domain. Active Directory-based activation offers the advantage of extending volume activation services everywhere you already have a domain presence.
## Network and connectivity
A modern business network has many nuances and interconnections. This section examines evaluating your network and the connections that are available to determine how volume activations will occur.
### Core network
Your core network is that part of your network that enjoys stable, high-speed, reliable connectivity to infrastructure servers. In many cases, the core network is also connected to the Internet, although that is not a requirement to use the KMS or Active Directory-based activation after the KMS server or AD DS is configured and active. Your core network likely consists of many network segments. In many organizations, the core network makes up the vast majority of the business network.
In the core network, a centralized KMS solution is usually recommended. You can also use Active Directory-based activation, but in many organizations, KMS will still be required to activate older client computers and computers that are not joined to the domain. Some administrators prefer to run both solutions to have the most flexibility, while others prefer to choose only a KMS-based solution for simplicity. Active Directory-based activation as the only solution is workable if all of the clients in your organization are running Windows 10, Windows 8.1, or Windows 8.
A typical core network that includes a KMS host is shown in Figure 1.
![Typical core network](../images/volumeactivationforwindows81-01.jpg)
**Figure 1**. Typical core network
### Isolated networks
In a large network, it is all but guaranteed that some segments will be isolated, either for security reasons or because of geography or connectivity issues.
**Isolated for security**
Sometimes called a *high-security zone*, a particular network segment may be isolated from the core network by a firewall or disconnected from other networks totally. The best solution for activating computers in an isolated network depends on the security policies in place in the organization.
If the isolated network can access the core network by using outbound requests on TCP port 1688, and it is allowed to receive remote procedure calls (RPCs), you can perform activation by using the KMS in the core network, thereby avoiding the need to reach additional activation thresholds.
If the isolated network participates fully in the corporate forest, and it can make typical connections to domain controllers, such as using Lightweight Directory Access Protocol (LDAP) for queries and Domain Name Service (DNS) for name resolution, this is a good opportunity to use Active Directory-based activation for Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012 R2.
If the isolated network cannot communicate with the core networks KMS server, and it cannot use Active Directory-based activation, you can set up a KMS host in the isolated network. This configuration is shown in Figure 2. However, if the isolated network contains only a few computers, it will not reach the KMS activation threshold. In that case, you can activate by using MAKs.
If the network is fully isolated, MAK-independent activation would be the recommended choice, perhaps using the telephone option. But VAMT proxy activation may also be possible. You can also use MAKs to activate new computers during setup, before they are placed in the isolated network.
![New KMS host in an isolated network](../images/volumeactivationforwindows81-02.jpg)
**Figure 2**. New KMS host in an isolated network
**Branch offices and distant networks**
From mining operations to ships at sea, organizations often have a few computers that are not easily connected to the core network or the Internet. Some organizations have network segments at branch offices that are large and well-connected internally, but have a slow or unreliable WAN link to the rest of the organization. In these situations, you have several options:
- **Active Directory-based activation**. In any site where the client computers are running Windows 10, Active Directory-based activation is supported, and it can be activated by joining the domain.
- **Local KMS**. If a site has 25 or more client computers, it can activate against a local KMS server.
- **Remote (core) KMS**. If the remote site has connectivity to an existing KMS (perhaps through a virtual private network (VPN) to the core network), that KMS can be used. Using the existing KMS means that you only need to meet the activation threshold on that server.
- **MAK activation**. If the site has only a few computers and no connectivity to an existing KMS host, MAK activation is the best option.
### Disconnected computers
Some users may be in remote locations or may travel to many locations. This scenario is common for roaming clients, such as the computers that are used by salespeople or other users who are offsite but not at branch locations. This scenario can also apply to remote branch office locations that have no connection to the core network. You can consider this an “isolated network,” where the number of computers is one. Disconnected computers can use Active Directory-based activation, the KMS, or MAK depending on the client version and how often the computers connect to the core network.
If the computer is joined to the domain and running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 8, you can use Active Directory-based activation—directly or through a VPN—at least once every 180 days. If the computer connects to a network with a KMS host at least every 180 days, but it does not support Active Directory-based activation, you can use KMS activation. Otherwise for computers that rarely or never connect to the network, use MAK independent activation (by using the telephone or the Internet).
### Test and development labs
Lab environments often have large numbers of virtual machines, and physical computers and virtual machines in labs are reconfigured frequently. Therefore, first determine whether the computers in test and development labs require activation. Editions of Windows 10 that include volume licensing will operate normally, even if they cannot activate immediately.
If you have ensured that your test or development copies of the operating system are within the license agreement, you may not need to activate the lab computers if they will be rebuilt frequently. If you require that the lab computers be activated, treat the lab as an isolated network and use the methods described earlier in this guide.
In labs that have a high turnover of computers and a small number of KMS clients, you must monitor the KMS activation count. You might need to adjust the time that the KMS caches the activation requests. The default is 30 days.
## Mapping your network to activation methods
Now its time to assemble the pieces into a working solution. By evaluating your network connectivity, the numbers of computers you have at each site, and the operating system versions in use in your environment, you have collected the information you need to determine which activation methods will work best for you. You can fill-in information in Table 1 to help you make this determination.
**Table 1**. Criteria for activation methods
|Criterion |Activation method |
|----------|------------------|
|Number of domain-joined computers that support Active Directory-based activation (computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2) and will connect to a domain controller at least every 180 days. Computers can be mobile, semi-isolated, or located in a branch office or the core network. |Active Directory-based activation |
|Number of computers in the core network that will connect (directly or through a VPN) at least every 180 days<p><strong>Note</strong><br>The core network must meet the KMS activation threshold. |KMS (central) |
|Number of computers that do not connect to the network at least once every 180 days (or if no network meets the activation threshold) |MAM |
|Number of computers in semi-isolated networks that have connectivity to the KMS in the core network |KMS (central) |
|Number of computers in isolated networks where the KMS activation threshold is met |KMS (local) |
|Number of computers in isolated networks where the KMS activation threshold is not met |MAK |
|Number of computers in test and development labs that will not be activated |None|
|Number of computers that do not have a retail volume license |Retail (online or phone) |
|Number of computers that do not have an OEM volume license |OEM (at factory) |
|Total number of computer activations<p><strong>Note</strong><br>This total should match the total number of licensed computers in your organization. |
## Choosing and acquiring keys
When you know which keys you need, you must obtain them. Generally speaking, volume licensing keys are collected in two ways:
- Go to the **Product Keys** section of the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkID=618213) for the following agreements: Open, Open Value, Select, Enterprise, and Services Provider License.
- Contact your [Microsoft Activation Center](https://go.microsoft.com/fwlink/p/?LinkId=618264).
### KMS host keys
A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is usually referred to as the *KMS host key*, but it is formally known as a *Microsoft Customer Specific Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools.
A KMS host running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate both Windows Server and Windows client operating systems. A KMS host key is also needed to create the activation objects in AD DS, as described later in this guide. You will need a KMS host key for any KMS that you want to set up and if you are going to use Active Directory-based activation.
### Generic volume licensing keys
When you create installation media or images for client computers that will be activated by KMS or Active Directory-based activation, install a generic volume license key (GVLK) for the edition of Windows you are creating. GVLKs are also referred to as KMS client setup keys.
Installation media from Microsoft for Enterprise editions of the Windows operating system may already contain the GVLK. One GVLK is available for each type of installation. Note that the GLVK will not activate the software against Microsoft activation servers, only against a KMS or Active Directory-based activation object. In other words, the GVLK does not work unless a valid KMS host key can be found. GVLKs are the only product keys that do not need to be kept confidential.
Typically, you will not need to manually enter a GVLK unless a computer has been activated with a MAK or a retail key and it is being converted to a KMS activation or to Active Directory-based activation. If you need to locate the GVLK for a particular client edition, see [Appendix A: KMS Client Setup Keys](https://technet.microsoft.com/library/jj612867.aspx).
### Multiple activation keys
You will also need MAK keys with the appropriate number of activations available. You can see how many times a MAK has been used on the Volume Licensing Service Center website or in the VAMT.
## Selecting a KMS host
The KMS does not require a dedicated server. It can be cohosted with other services, such as AD DS domain controllers and read-only domain controllers.
KMS hosts can run on physical computers or virtual machines that are running any supported Windows operating system. A KMS host that is running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate any Windows client or server operating system that supports volume activation. A KMS host that is running Windows 10 can activate only computers running Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista.
A single KMS host can support unlimited numbers of KMS clients, but Microsoft recommends deploying a minimum of two KMS hosts for failover purposes. However, as more clients are activated through Active Directory-based activation, the KMS and the redundancy of the KMS will become less important. Most organizations can use as few as two KMS hosts for their entire infrastructure.
The flow of KMS activation is shown in Figure 3, and it follows this sequence:
1. An administrator uses the VAMT console to configure a KMS host and install a KMS host key.
2. Microsoft validates the KMS host key, and the KMS host starts to listen for requests.
3. The KMS host updates resource records in DNS to allow clients to locate the KMS host. (Manually adding DNS records is required if your environment does not support DNS dynamic update protocol.)
4. A client configured with a GVLK uses DNS to locate the KMS host.
5. The client sends one packet to the KMS host.
6. The KMS host records information about the requesting client (by using a client ID). Client IDs are used to maintain the count of clients and detect when the same computer is requesting activation again. The client ID is only used to determine whether the activation thresholds are met. The IDs are not stored permanently or transmitted to Microsoft. If the KMS is restarted, the client ID collection starts again.
7. If the KMS host has a KMS host key that matches the products in the GVLK, the KMS host sends a single packet back to the client. This packet contains a count of the number of computers that have requested activation from this KMS host.
8. If the count exceeds the activation threshold for the product that is being activated, the client is activated. If the activation threshold has not yet been met, the client will try again.
![KMS activation flow](../images/volumeactivationforwindows81-03.jpg)
**Figure 3**. KMS activation flow
## See also
- [Volume Activation for Windows 10](volume-activation-windows-10.md)
---
title: Plan for volume activation (Windows 10)
description: Product activation is the process of validating software with the manufacturer after it has been installed on a specific computer.
ms.assetid: f84b005b-c362-4a70-a84e-4287c0d2e4ca
ms.reviewer:
manager: laurawi
ms.author: greglin
keywords: vamt, volume activation, activation, windows activation
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
audience: itpro
author: greg-lindsay
ms.localizationpriority: medium
ms.topic: article
---
# Plan for volume activation
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012 R2
- Windows Server 2012
- Windows Server 2008 R2
**Looking for retail activation?**
- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
*Product activation* is the process of validating software with the manufacturer after it has been installed on a specific computer. Activation confirms that the product is genuine—not a fraudulent copy—and that the product key or serial number is valid and has not been compromised or revoked. Activation also establishes a link or relationship between the product key and the particular installation.
During the activation process, information about the specific installation is examined. For online activations, this information is sent to a server at Microsoft. This information may include the software version, the product key, the IP address of the computer, and information about the device. The activation methods that Microsoft uses are designed to help protect user privacy, and they cannot be used to track back to the computer or user. The gathered data confirms that the software is a legally licensed copy, and this data is used for statistical analysis. Microsoft does not use this information to identify or contact the user or the organization.
>[!NOTE]
>The IP address is used only to verify the location of the request, because some editions of Windows (such as “Starter” editions) can only be activated within certain geographical target markets.
## Distribution channels and activation
In general, Microsoft software is obtained through three main channels: retail, original equipment manufacturer (OEM), and volume licensing agreements. Different activations methods are available through each channel. Because organizations are free to obtain software through multiple channels (for example, buying some at retail and others through a volume licensing program) most organizations choose to use a combination of activation methods.
### Retail activations
The retail activation method has not changed in several versions of Windows and Windows Server. Each purchased copy comes with one unique product key (often referred to as a retail key). The user enters this key during product installation. The computer uses this retail key to complete the activation after the installation is complete. Most activations are performed online, but telephone activation is also available.
Recently, retail keys have been expanded into new distribution scenarios. Product key cards are available to activate products that have been preinstalled or downloaded. Programs such as Windows Anytime Upgrade and Get Genuine allow users to acquire legal keys separately from the software. These electronically distributed keys may come with media that contains software, they can come as a software shipment, or they may be provided on a printed card or electronic copy. Products are activated the same way with any of these retail keys.
### Original equipment manufacturer
Most original equipment manufacturers (OEMs) sell systems that include a standard build of the Windows operating system. The hardware vendor activates Windows by associating the operating system with the firmware (BIOS) of the computer. This occurs before the computer is sent to the customer, and no additional actions are required.
OEM activation is valid as long as the customer uses the OEM-provided image on the system. OEM activation is available only for computers that are purchased through OEM channels and have the Windows operating system preinstalled.
### Volume licensing
Volume licensing offers customized programs that are tailored to the size and purchasing preference of the organization. To become a volume licensing customer, the organization must set up a volume licensing agreement with Microsoft.There is a common misunderstanding about acquiring licenses for a new computer through volume licensing. There are two legal ways to acquire a full Windows client license for a new computer:
- Have the license preinstalled through the OEM.
- Purchase a fully packaged retail product.
The licenses that are provided through volume licensing programs such as Open License, Select License, and Enterprise Agreements cover upgrades to Windows client operating systems only. An existing retail or OEM operating system license is needed for each computer running Windows 10, Windows 8.1 Pro, Windows 8 Pro, Windows 7 Professional or Ultimate, or Windows XP Professional before the upgrade rights obtained through volume licensing can be exercised.
Volume licensing is also available through certain subscription or membership programs, such as the Microsoft Partner Network and MSDN. These volume licenses may contain specific restrictions or other changes to the general terms applicable to volume licensing.
**Note**  
Some editions of the operating system, such as Windows 10 Enterprise, and some editions of application software are available only through volume licensing agreements or subscriptions.
## Activation models
For a user or IT department, there are no significant choices about how to activate products that are acquired through retail or OEM channels. The OEM performs the activation at the factory, and the user or the IT department need take no activation steps.
With a retail product, the Volume Activation Management Tool (VAMT), which is discussed later in this guide, helps you track and manage keys. For each retail activation, you can choose:
- Online activation
- Telephone activation
- VAMT proxy activation
Telephone activation is primarily used in situations where a computer is isolated from all networks. VAMT proxy activation (with retail keys) is sometimes used when an IT department wants to centralize retail activations or when a computer with a retail version of the operating system is isolated from the Internet but connected to the LAN. For volume-licensed products, however, you must determine the best method or combination of methods to use in your environment. For Windows 10 Pro and Enterprise, you can choose from three models:
- MAKs
- KMS
- Active Directory-based activation
**Note**  
Token-based activation is available for specific situations when approved customers rely on a public key infrastructure in an isolated and high-security environment. For more information, contact your Microsoft Account Team or your service representative.
Token-based Activation option is available for Windows 10 Enterprise LTSB editions (Version 1507 and 1607).
### Multiple activation key
A Multiple Activation Key (MAK) is commonly used in small- or mid-sized organizations that have a volume licensing agreement, but they do not meet the requirements to operate a KMS or they prefer a simpler approach. A MAK also
allows permanent activation of computers that are isolated from the KMS or are part of an isolated network that does not have enough computers to use the KMS.
To use a MAK, the computers to be activated must have a MAK installed. The MAK is used for one-time activation with the Microsoft online hosted activation services, by telephone, or by using VAMT proxy activation.
In the simplest terms, a MAK acts like a retail key, except that a MAK is valid for activating multiple computers. Each MAK can be used a specific number of times. The VAMT can assist in tracking the number of activations that have been performed with each key and how many remain.
Organizations can download MAK and KMS keys from the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkId=618213) website. Each MAK has a preset number of activations, which are based on a percentage of the count of licenses the organization purchases; however, you can increase the number of activations that are available with your MAK by calling Microsoft.
### Key Management Service
With the Key Management Service (KMS), IT pros can complete activations on their local network, eliminating the need for individual computers to connect to Microsoft for product activation. The KMS is a lightweight service that does not require a dedicated system and can easily be cohosted on a system that provides other services.
Volume editions of Windows 10 and Windows Server 2012 R2 (in addition to volume editions of operating system editions since Windows Vista and Windows Server 2008) automatically connect to a system that hosts the KMS to request activation. No action is required from the user.
The KMS requires a minimum number of computers (physical computers or virtual machines) in a network environment. The organization must have at least five computers to activate Windows Server 2012 R2 and at least 25 computers to activate client computers that are running Windows 10. These minimums are referred to as *activation thresholds*.
Planning to use the KMS includes selecting the best location for the KMS host and how many KMS hosts to have. One KMS host can handle a large number of activations, but organizations will often deploy two KMS hosts to ensure availability. Only rarely will more than two KMS hosts be used. The KMS can be hosted on a client computer or on a server, and it can be run on older versions of the operating system if proper configuration steps are taken. Setting up your KMS is discussed later in this guide.
### Active Directory-based activation
Active Directory-based activation is the newest type of volume activation, and it was introduced in Windows 8. In many ways, Active Directory-based activation is similar to activation by using the KMS, but the activated computer does not need to maintain periodic connectivity with the KMS host. Instead, a domain-joined computer running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 queries AD DS for a volume activation object that is stored in the domain. The operating system checks the digital signatures that are contained in the activation object, and then activates the device.
Active Directory-based activation allows enterprises to activate computers through a connection to their domain. Many companies have computers at remote or branch locations, where it is impractical to connect to a KMS, or would not reach the KMS activation threshold. Rather than use MAKs, Active Directory-based activation provides a way to activate computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 as long as the computers can contact the companys domain. Active Directory-based activation offers the advantage of extending volume activation services everywhere you already have a domain presence.
## Network and connectivity
A modern business network has many nuances and interconnections. This section examines evaluating your network and the connections that are available to determine how volume activations will occur.
### Core network
Your core network is that part of your network that enjoys stable, high-speed, reliable connectivity to infrastructure servers. In many cases, the core network is also connected to the Internet, although that is not a requirement to use the KMS or Active Directory-based activation after the KMS server or AD DS is configured and active. Your core network likely consists of many network segments. In many organizations, the core network makes up the vast majority of the business network.
In the core network, a centralized KMS solution is recommended. You can also use Active Directory-based activation, but in many organizations, KMS will still be required to activate older client computers and computers that are not joined to the domain. Some administrators prefer to run both solutions to have the most flexibility, while others prefer to choose only a KMS-based solution for simplicity. Active Directory-based activation as the only solution is workable if all of the clients in your organization are running Windows 10, Windows 8.1, or Windows 8.
A typical core network that includes a KMS host is shown in Figure 1.
![Typical core network](../images/volumeactivationforwindows81-01.jpg)
**Figure 1**. Typical core network
### Isolated networks
In a large network, it is all but guaranteed that some segments will be isolated, either for security reasons or because of geography or connectivity issues.
**Isolated for security**
Sometimes called a *high-security zone*, a particular network segment may be isolated from the core network by a firewall or disconnected from other networks totally. The best solution for activating computers in an isolated network depends on the security policies in place in the organization.
If the isolated network can access the core network by using outbound requests on TCP port 1688, and it is allowed to receive remote procedure calls (RPCs), you can perform activation by using the KMS in the core network, thereby avoiding the need to reach additional activation thresholds.
If the isolated network participates fully in the corporate forest, and it can make typical connections to domain controllers, such as using Lightweight Directory Access Protocol (LDAP) for queries and Domain Name Service (DNS) for name resolution, this is a good opportunity to use Active Directory-based activation for Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012 R2.
If the isolated network cannot communicate with the core networks KMS server, and it cannot use Active Directory-based activation, you can set up a KMS host in the isolated network. This configuration is shown in Figure 2. However, if the isolated network contains only a few computers, it will not reach the KMS activation threshold. In that case, you can activate by using MAKs.
If the network is fully isolated, MAK-independent activation would be the recommended choice, perhaps using the telephone option. But VAMT proxy activation may also be possible. You can also use MAKs to activate new computers during setup, before they are placed in the isolated network.
![New KMS host in an isolated network](../images/volumeactivationforwindows81-02.jpg)
**Figure 2**. New KMS host in an isolated network
**Branch offices and distant networks**
From mining operations to ships at sea, organizations often have a few computers that are not easily connected to the core network or the Internet. Some organizations have network segments at branch offices that are large and well-connected internally, but have a slow or unreliable WAN link to the rest of the organization. In these situations, you have several options:
- **Active Directory-based activation**. In any site where the client computers are running Windows 10, Active Directory-based activation is supported, and it can be activated by joining the domain.
- **Local KMS**. If a site has 25 or more client computers, it can activate against a local KMS server.
- **Remote (core) KMS**. If the remote site has connectivity to an existing KMS (perhaps through a virtual private network (VPN) to the core network), that KMS can be used. Using the existing KMS means that you only need to meet the activation threshold on that server.
- **MAK activation**. If the site has only a few computers and no connectivity to an existing KMS host, MAK activation is the best option.
### Disconnected computers
Some users may be in remote locations or may travel to many locations. This scenario is common for roaming clients, such as the computers that are used by salespeople or other users who are offsite but not at branch locations. This scenario can also apply to remote branch office locations that have no connection to the core network. You can consider this an “isolated network,” where the number of computers is one. Disconnected computers can use Active Directory-based activation, the KMS, or MAK depending on the client version and how often the computers connect to the core network.
If the computer is joined to the domain and running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 8, you can use Active Directory-based activation—directly or through a VPN—at least once every 180 days. If the computer connects to a network with a KMS host at least every 180 days, but it does not support Active Directory-based activation, you can use KMS activation. Otherwise for computers that rarely or never connect to the network, use MAK independent activation (by using the telephone or the Internet).
### Test and development labs
Lab environments often have large numbers of virtual machines, and physical computers and virtual machines in labs are reconfigured frequently. Therefore, first determine whether the computers in test and development labs require activation. Editions of Windows 10 that include volume licensing will operate normally, even if they cannot activate immediately.
If you have ensured that your test or development copies of the operating system are within the license agreement, you may not need to activate the lab computers if they will be rebuilt frequently. If you require that the lab computers be activated, treat the lab as an isolated network and use the methods described earlier in this guide.
In labs that have a high turnover of computers and a small number of KMS clients, you must monitor the KMS activation count. You might need to adjust the time that the KMS caches the activation requests. The default is 30 days.
## Mapping your network to activation methods
Now its time to assemble the pieces into a working solution. By evaluating your network connectivity, the numbers of computers you have at each site, and the operating system versions in use in your environment, you have collected the information you need to determine which activation methods will work best for you. You can fill-in information in Table 1 to help you make this determination.
**Table 1**. Criteria for activation methods
|Criterion |Activation method |
|----------|------------------|
|Number of domain-joined computers that support Active Directory-based activation (computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2) and will connect to a domain controller at least every 180 days. Computers can be mobile, semi-isolated, or located in a branch office or the core network. |Active Directory-based activation |
|Number of computers in the core network that will connect (directly or through a VPN) at least every 180 days<p><strong>Note</strong><br>The core network must meet the KMS activation threshold. |KMS (central) |
|Number of computers that do not connect to the network at least once every 180 days (or if no network meets the activation threshold) | MAK |
|Number of computers in semi-isolated networks that have connectivity to the KMS in the core network |KMS (central) |
|Number of computers in isolated networks where the KMS activation threshold is met |KMS (local) |
|Number of computers in isolated networks where the KMS activation threshold is not met |MAK |
|Number of computers in test and development labs that will not be activated |None|
|Number of computers that do not have a retail volume license |Retail (online or phone) |
|Number of computers that do not have an OEM volume license |OEM (at factory) |
|Total number of computer activations<p><strong>Note</strong><br>This total should match the total number of licensed computers in your organization. |
## Choosing and acquiring keys
When you know which keys you need, you must obtain them. Generally speaking, volume licensing keys are collected in two ways:
- Go to the **Product Keys** section of the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkID=618213) for the following agreements: Open, Open Value, Select, Enterprise, and Services Provider License.
- Contact your [Microsoft Activation Center](https://go.microsoft.com/fwlink/p/?LinkId=618264).
### KMS host keys
A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is usually referred to as the *KMS host key*, but it is formally known as a *Microsoft Customer Specific Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools.
A KMS host running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate both Windows Server and Windows client operating systems. A KMS host key is also needed to create the activation objects in AD DS, as described later in this guide. You will need a KMS host key for any KMS that you want to set up and if you are going to use Active Directory-based activation.
### Generic volume licensing keys
When you create installation media or images for client computers that will be activated by KMS or Active Directory-based activation, install a generic volume license key (GVLK) for the edition of Windows you are creating. GVLKs are also referred to as KMS client setup keys.
Installation media from Microsoft for Enterprise editions of the Windows operating system may already contain the GVLK. One GVLK is available for each type of installation. The GLVK will not activate the software against Microsoft activation servers, but rather against a KMS or Active Directory-based activation object. In other words, the GVLK does not work unless a valid KMS host key can be found. GVLKs are the only product keys that do not need to be kept confidential.
Typically, you will not need to manually enter a GVLK unless a computer has been activated with a MAK or a retail key and it is being converted to a KMS activation or to Active Directory-based activation. If you need to locate the GVLK for a particular client edition, see [Appendix A: KMS Client Setup Keys](https://technet.microsoft.com/library/jj612867.aspx).
### Multiple activation keys
You will also need MAK keys with the appropriate number of activations available. You can see how many times a MAK has been used on the Volume Licensing Service Center website or in the VAMT.
## Selecting a KMS host
The KMS does not require a dedicated server. It can be cohosted with other services, such as AD DS domain controllers and read-only domain controllers.
KMS hosts can run on physical computers or virtual machines that are running any supported Windows operating system. A KMS host that is running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate any Windows client or server operating system that supports volume activation. A KMS host that is running Windows 10 can activate only computers running Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista.
A single KMS host can support unlimited numbers of KMS clients, but Microsoft recommends deploying a minimum of two KMS hosts for failover purposes. However, as more clients are activated through Active Directory-based activation, the KMS and the redundancy of the KMS will become less important. Most organizations can use as few as two KMS hosts for their entire infrastructure.
The flow of KMS activation is shown in Figure 3, and it follows this sequence:
1. An administrator uses the VAMT console to configure a KMS host and install a KMS host key.
2. Microsoft validates the KMS host key, and the KMS host starts to listen for requests.
3. The KMS host updates resource records in DNS to allow clients to locate the KMS host. (Manually adding DNS records is required if your environment does not support DNS dynamic update protocol.)
4. A client configured with a GVLK uses DNS to locate the KMS host.
5. The client sends one packet to the KMS host.
6. The KMS host records information about the requesting client (by using a client ID). Client IDs are used to maintain the count of clients and detect when the same computer is requesting activation again. The client ID is only used to determine whether the activation thresholds are met. The IDs are not stored permanently or transmitted to Microsoft. If the KMS is restarted, the client ID collection starts again.
7. If the KMS host has a KMS host key that matches the products in the GVLK, the KMS host sends a single packet back to the client. This packet contains a count of the number of computers that have requested activation from this KMS host.
8. If the count exceeds the activation threshold for the product that is being activated, the client is activated. If the activation threshold has not yet been met, the client will try again.
![KMS activation flow](../images/volumeactivationforwindows81-03.jpg)
**Figure 3**. KMS activation flow
## See also
- [Volume Activation for Windows 10](volume-activation-windows-10.md)

19
windows/deployment/windows-10-subscription-activation.md
View File

@ -85,13 +85,26 @@ For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products &
- Azure Active Directory (Azure AD) available for identity management.
- Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported.
>[!NOTE]
>An issue has been identified with Hybrid Azure AD joined devices that have enabled [multi-factor authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription. To resolve this issue, the user must either sign in with an Azure Active Directory account, or you must disable MFA for this user during the 30-day polling period and renewal.
For Microsoft customers that do not have EA or MPSA, you can obtain Windows 10 Enterprise E3/E5 or A3/A5 through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses, with the exception that Windows 10 Enterprise E3 is also available through CSP to devices running Windows 10, version 1607. For more information about obtaining Windows 10 Enterprise E3 through your CSP, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md).
If devices are running Windows 7 or Windows 8.1, see [New Windows 10 upgrade benefits for Windows Cloud Subscriptions in CSP](https://blogs.windows.com/business/2017/01/19/new-windows-10-upgrade-benefits-windows-cloud-subscriptions-csp/)
#### Muti-factor authentication
An issue has been identified with Hybrid Azure AD joined devices that have enabled [multi-factor authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription.
To resolve this issue:
If the device is running Windows 10, version 1703 or 1709, the user must either sign in with an Azure AD account, or you must disable MFA for this user during the 30-day polling period and renewal.
If the device is running Windows 10, version 1803 or later:
1. Windows 10, version 1803 must be updated with [KB4497934](https://support.microsoft.com/help/4497934/windows-10-update-kb4497934). Later versions of Windows 10 automatically include this patch.
2. When the user signs in on a Hybrid Azure AD joined device with MFA enabled, a notification will indicate that there is a problem. Click the notification and then click **Fix now** to step through the subscription activation process. See the example below:
![Subscription Activation with MFA1](images/sa-mfa1.png)<br>
![Subscription Activation with MFA2](images/sa-mfa2.png)<br>
![Subscription Activation with MFA2](images/sa-mfa3.png)
### Windows 10 Education requirements
1. Windows 10 Pro Education, version 1903 or later installed on the devices to be upgraded.

2
windows/deployment/windows-autopilot/autopilot-update.md
View File

@ -40,7 +40,7 @@ The following diagram illustrates a typical Windows Autopilot deployment orchest
- When an Autopilot update is available, it is typically released on the 4th Tuesday of the month. The update could be released on a different week if there is an exception.
- A knowledge base (KB) article will also be published to document the changes that are included in the update.
See [Autopilot update history](windows-autopilot-whats-new.md#windows-autopilot-update-history).
For a list of released updates, see [Autopilot update history](windows-autopilot-whats-new.md#windows-autopilot-update-history).
## See also

3
windows/deployment/windows-autopilot/white-glove.md
View File

@ -96,6 +96,9 @@ If the pre-provisioning process completes successfully:
![white-glove-result](images/white-glove-result.png)
- Click **Reseal** to shut the device down. At that point, the device can be shipped to the end user.
>[!NOTE]
>Technician Flow inherits behavior from [Self-Deploying Mode](self-deploying.md). Per the Self-Deploying Mode documentation, it leverages the Enrollment Status Page to hold the device in a provisioning state and prevent the user from proceeding to the desktop after enrollment but before software and configuration is done applying. As such, if Enrollment Status Page is disabled, the reseal button may appear before software and configuration is done applying letting you proceed to the user flow before technician flow provisioning is complete. The green screen validates that enrollment was successful, not that the technician flow is necessarily complete.
If the pre-provisioning process fails:
- A red status screen will be displayed with information about the device, including the same details presented previously (e.g. Autopilot profile, organization name, assigned user, QR code), as well as the elapsed time for the pre-provisioning steps.
- Diagnostic logs can be gathered from the device, and then it can be reset to start the process over again.

1
windows/deployment/windows-autopilot/windows-autopilot-requirements.md
View File

@ -82,6 +82,7 @@ If the Microsoft Store is not accessible, the AutoPilot process will still conti
<br>Intel- https://ekop.intel.com/ekcertservice
<br>Qualcomm- https://ekcert.spserv.microsoft.com/EKCertificate/GetEKCertificate/v1
<br>AMD- https://ftpm.amd.com/pki/aia
<br>Infineon- https://pki.infineon.com
</table>
## Licensing requirements

7
windows/deployment/windows-autopilot/windows-autopilot-reset.md
View File

@ -9,7 +9,8 @@ ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
audience: itpro author: greg-lindsay
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
@ -31,7 +32,9 @@ The Windows Autopilot Reset process automatically retains information from the e
- Azure Active Directory device membership and MDM enrollment information.
Windows Autopilot Reset will block the user from accessing the desktop until this information is restored, including re-applying any provisioning packages. For devices enrolled in an MDM service, Windows Autopilot Reset will also block until an MDM sync is completed.
When Autopilot reset is used on a device, the device's primary user will be removed. The next user who signs in after the reset will be set as the primary user.
>[!NOTE]
>The Autopilot Reset does not support Hybrid Azure AD joined devices.

4
windows/deployment/windows-autopilot/windows-autopilot-whats-new.md
View File

@ -25,9 +25,9 @@ ms.topic: article
## Windows Autopilot update history
Check back here soon for a link to the latest update.
The following [Windows Autopilot updates](autopilot-update.md) are available. **Note**: Updates are automatically downloaded and applied during the Windows Autopilot deployment process.
See [Windows Autopilot update](autopilot-update.md) for more information.
No updates are available yet. Check back here later for more information.
## New in Windows 10, version 1903

3
windows/hub/docfx.json
View File

@ -46,7 +46,8 @@
"depot_name": "MSDN.windows-hub",
"folder_relative_path_in_docset": "./"
}
}
},
"titleSuffix": "Windows 10 for IT Pros"
},
"fileMetadata": {},
"template": [],

1511
windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md
View File

File diff suppressed because it is too large Load Diff

154
windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
View File

@ -20,9 +20,9 @@ ms.date: 04/29/2019
**Applies to**
- Windows 10 Enterprise
- Windows 10 Mobile
- Windows Server
- Windows 10 Enterprise
- Windows 10 Mobile
- Windows Server
This article applies to Windows and Windows Server diagnostic data only. It describes the types of diagnostic data we may gather, the ways you might manage it in your organization, and some examples of how diagnostic data can provide you with valuable insights into your enterprise deployments. Microsoft uses the data to quickly identify and address issues affecting its customers.
@ -54,6 +54,7 @@ Windows as a Service is a fundamental change in how Microsoft plans, builds, and
The release cadence of Windows may be fast, so feedback is critical to its success. We rely on diagnostic data at each stage of the process to inform our decisions and prioritize our efforts.
### What is Windows diagnostic data?
Windows diagnostic data is vital technical data from Windows devices about the device and how Windows and related software are performing. It's used in the following ways:
- Keep Windows up to date
@ -71,9 +72,10 @@ Here are some specific examples of Windows diagnostic data:
Diagnostic data can sometimes be confused with functional data. Some Windows components and apps connect to Microsoft services directly, but the data they exchange is not diagnostic data. For example, exchanging a users location for local weather or news is not an example of diagnostic data—it is functional data that the app or service requires to satisfy the users request.
There are subtle differences between diagnostic data and functional data. Windows collects and sends diagnostic data in the background automatically. You can control how much information is gathered by setting the diagnostic data level. Microsoft tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of the crash). On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data.
There are subtle differences between diagnostic data and functional data. Windows collects and sends diagnostic data in the background automatically. You can control how much information is gathered by setting the diagnostic data level. Microsoft tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of the crash).
On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data.
If youre an IT pro that wants to manage Windows functional data sent from your organization to Microsoft, see [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services).
If youre an IT pro that wants to manage Windows functional data sent from your organization to Microsoft, see [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services/).
The following are specific examples of functional data:
@ -90,6 +92,7 @@ Windows and Windows Server diagnostic data gives every user a voice in the opera
Our ability to collect diagnostic data that drives improvements to Windows and Windows Server helps raise the bar for app and device driver quality. Diagnostic data helps us to quickly identify and fix critical reliability and security issues with apps and device drivers on given configurations. For example, we can identify an app that hangs on devices using a specific version of a video driver, allowing us to work with the app and device driver vendor to quickly fix the issue. The result is less downtime and reduced costs and increased productivity associated with troubleshooting these issues.
#### Real-world example of how Windows diagnostic data helps
There was a version of a video driver that was crashing on some devices running Windows 10, causing the device to reboot. We detected the problem in our diagnostic data, and immediately contacted the third-party developer who builds the video driver. Working with the developer, we provided an updated driver to Windows Insiders within 24 hours. Based on diagnostic data from the Windows Insiders devices, we were able to validate the new version of the video driver, and rolled it out to the broad public as an update the next day. Diagnostic data helped us find, fix, and resolve this problem in just 48 hours, providing a better user experience and reducing costly support calls.
### Improve end-user productivity
@ -104,20 +107,19 @@ Windows diagnostic data also helps Microsoft better understand how customers use
### Insights into your own organization
Sharing information with Microsoft helps make Windows and other products better, but it can also help make your internal processes and user experiences better. Microsoft provides a set of solutions that leverage information shared by customers to provide insights customized for your internal use. The first of these was [Upgrade Readiness](/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness), followed by [Desktop Analytics](https://aka.ms/DADocs) (coming soon). Both help organizations with [Windows as a Service](/windows/deployment/update/wass-overview) adoption and potential compatibility challenges. For E5 customers, [Microsoft Defender Advanced Threat Protection](/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Sharing information with Microsoft helps make Windows and other products better, but it can also help make your internal processes and user experiences better. Microsoft provides a set of solutions that leverage information shared by customers to provide insights customized for your internal use. The first of these was [Upgrade Readiness](/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness), followed by [Desktop Analytics](https://aka.ms/DADocs). Both help organizations with [Windows as a Service](/windows/deployment/update/wass-overview) adoption and potential compatibility challenges. For E5 customers, [Microsoft Defender Advanced Threat Protection](/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection), a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
## How Microsoft handles diagnostic data
The diagnostic data is categorized into four levels:
- [**Security**](#security-level). Information thats required to help keep Windows and Windows Server secure, including data about the Connected User Experiences and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
- [**Security**](#security-level). Information thats required to help keep Windows and Windows Server secure, including data about the Connected User Experiences and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
- [**Basic**](#basic-level). Basic device info, including: quality-related data, app compatibility, and data from the **Security** level.
- [**Basic**](#basic-level). Basic device info, including: quality-related data, app compatibility, and data from the **Security** level.
- [**Enhanced**](#enhanced-level). Additional insights, including: how Windows, Windows Server, and apps are used, how they perform, advanced reliability data, and data from both the **Basic** and the **Security** levels.
- [**Enhanced**](#enhanced-level). Additional insights, including: how Windows, Windows Server, and apps are used, how they perform, advanced reliability data, and data from both the **Basic** and the **Security** levels.
- [**Full**](#full-level). Includes information about the websites you browse, how you use apps and features, plus additional information about device health, device activity (sometimes referred to as usage), and enhanced error reporting. At Full, Microsoft also collects the memory state of your device when a system or app crash occurs. It includes data from the **Security**, **Basic**, and **Enhanced** levels.
- [**Full**](#full-level). Includes information about the websites you browse, how you use apps and features, plus additional information about device health, device activity (sometimes referred to as usage), and enhanced error reporting. At Full, Microsoft also collects the memory state of your device when a system or app crash occurs. It includes data from the **Security**, **Basic**, and **Enhanced** levels.
Diagnostic data levels are cumulative, meaning each subsequent level includes data collected through lower levels. For more information see the [Diagnostic data levels](#diagnostic-data-levels) section.
@ -126,9 +128,9 @@ Diagnostic data levels are cumulative, meaning each subsequent level includes da
Windows 10 and Windows Server includes the Connected User Experiences and Telemetry component, which uses Event Tracing for Windows (ETW) tracelogging technology that gathers and stores diagnostic data events and data. The operating system and some Microsoft management solutions, such as System Center, use the same logging technology.
1. Operating system features and some management applications are instrumented to publish events and data. Examples of management applications include Virtual Machine Manager (VMM), Server Manager, and Storage Spaces.
2. Events are gathered using public operating system event logging and tracing APIs.
3. You can configure the diagnostic data level by using MDM policy, Group Policy, or registry settings.
4. The Connected User Experiences and Telemetry component transmits the diagnostic data.
1. Events are gathered using public operating system event logging and tracing APIs.
1. You can configure the diagnostic data level by using MDM policy, Group Policy, or registry settings.
1. The Connected User Experiences and Telemetry component transmits the diagnostic data.
Info collected at the Enhanced and Full levels of diagnostic data is typically gathered at a fractional sampling rate, which can be as low as 1% of devices reporting data at those levels.
@ -136,7 +138,7 @@ Info collected at the Enhanced and Full levels of diagnostic data is typically g
All diagnostic data is encrypted using SSL and uses certificate pinning during transfer from the device to the Microsoft Data Management Service. With Windows 10, data is uploaded on a schedule that is sensitive to event priority, battery use, and network cost. Real-time events, such as Windows Defender Advanced Threat Protection, are always sent immediately. Normal events are not uploaded on metered networks, unless you are on a metered server connection. On a free network, normal events can be uploaded every 4 hours if on battery, or every 15 minutes if on A/C power. Diagnostic and crash data are only uploaded on A/C power and free networks.
The data transmitted at the Basic and Enhanced data diagnostic levels is quite small; typically less than 1 MB per device per day, but occasionally up to 2 MB per device per day).
The data transmitted at the Basic and Enhanced data diagnostic levels is quite small; typically less than 1 MB per device per day, but occasionally up to 2 MB per device per day.
### Endpoints
@ -149,24 +151,23 @@ For a complete list of diagnostics endpoints leveraged by Microsoft Defender Adv
The following table defines the endpoints for Connected User Experiences and Telemetry component:
| Windows release | Endpoint |
| ----------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- |
| Windows 10, versions 1703 or later, with the 2018-09 cumulative update installed | **Diagnostics data:** v10c.vortex-win.data.microsoft.com</br></br>**Functional:** v20.vortex-win.data.microsoft.com</br></br>**Microsoft Defender Advanced Threat Protection** is country specific and the prefix changes by country,</br>for example: **de**.vortex-win.data.microsoft.com</br></br>**Settings:** settings-win.data.microsoft.com |
| Windows 10, versions 1803 or later, without the 2018-09 cumulative update installed | **Diagnostics data:** v10.events.data.microsoft.com</br></br>**Functional:** v20.vortex-win.data.microsoft.com</br></br>**Microsoft Defender Advanced Threat Protection** is country specific and the prefix changes by country,</br>for example: **de**.vortex-win.data.microsoft.com</br></br>**Settings:** settings-win.data.microsoft.com |
| Windows 10, version 1709 or earlier | **Diagnostics data:** v10.vortex-win.data.microsoft.com</br></br>**Functional:** v20.vortex-win.data.microsoft.com</br></br>**Microsoft Defender Advanced Threat Protection** is country specific and the prefix changes by country,</br>for example: **de**.vortex-win.data.microsoft.com</br></br>**Settings:** settings-win.data.microsoft.com |
| Windows release | Endpoint |
| - | - |
| Windows 10, versions 1703 or later, with the 2018-09 cumulative update installed | **Diagnostics data:** v10c.vortex-win.data.microsoft.com</br></br>**Functional:** v20.vortex-win.data.microsoft.com</br></br>**Microsoft Defender Advanced Threat Protection** is country specific and the prefix changes by country,</br>for example: **de**.vortex-win.data.microsoft.com</br></br>**Settings:** settings-win.data.microsoft.com |
| Windows 10, versions 1803 or later, without the 2018-09 cumulative update installed | **Diagnostics data:** v10.events.data.microsoft.com</br></br>**Functional:** v20.vortex-win.data.microsoft.com</br></br>**Microsoft Defender Advanced Threat Protection** is country specific and the prefix changes by country,</br>for example: **de**.vortex-win.data.microsoft.com</br></br>**Settings:** settings-win.data.microsoft.com |
| Windows 10, version 1709 or earlier | **Diagnostics data:** v10.vortex-win.data.microsoft.com</br></br>**Functional:** v20.vortex-win.data.microsoft.com</br></br>**Microsoft Defender Advanced Threat Protection** is country specific and the prefix changes by country,</br>for example: **de**.vortex-win.data.microsoft.com</br></br>**Settings:** settings-win.data.microsoft.com |
The following table defines **additional diagnostics endpoints** not covered by services in the links above:
| Service | Endpoint |
| ----------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- |
| Onedrive app for Windows 10 | https://vortex.data.microsoft.com/collect/v1 |
| Service | Endpoint |
| - | - |
| OneDrive app for Windows 10 | <https://vortex.data.microsoft.com/collect/v1> |
The following table defines the endpoints for other diagnostic data services:
| Service | Endpoint |
| - | - |
| [Windows Error Reporting](https://msdn.microsoft.com/library/windows/desktop/bb513641.aspx) | watson.telemetry.microsoft.com |
| [Windows Error Reporting](https://msdn.microsoft.com/library/windows/desktop/bb513641.aspx) | watson.telemetry.microsoft.com |
| | ceuswatcab01.blob.core.windows.net |
| | ceuswatcab02.blob.core.windows.net |
| | eaus2watcab01.blob.core.windows.net |
@ -175,7 +176,7 @@ The following table defines the endpoints for other diagnostic data services:
| | weus2watcab02.blob.core.windows.net |
| [Online Crash Analysis](https://msdn.microsoft.com/library/windows/desktop/ee416349.aspx) | oca.telemetry.microsoft.com |
| OneDrive app for Windows 10 | vortex.data.microsoft.com/collect/v1 |
| Microsoft Defender Advanced Threat Protection | https://wdcp.microsoft.com</br>https://wdcpalt.microsoft.com |
| Microsoft Defender Advanced Threat Protection | <https://wdcp.microsoft.com></br><https://wdcpalt.microsoft.com> |
### Data use and access
@ -191,11 +192,10 @@ Microsoft believes in and practices information minimization. We strive to gathe
Sharing diagnostic data with Microsoft is enabled by default on Windows 10, 1903 and later. Sharing this data provides many benefits to enterprises, so we do not recommend turning it off. For most enterprise customers, simply adjusting the diagnostic data level and managing specific components is the best option.
Customers can set the diagnostic data level in both the user interface and with existing management tools. Users can change the diagnostic data level in the **Diagnostic data** setting. In the **Settings** app, in **Privacy** > **Diagnostics & feedback**. They can choose between Basic and Full. The Enhanced level will only be displayed as an option when Group Policy or Mobile Device Management (MDM) are invoked with this level. The Security level is not available.
Customers can set the diagnostic data level in both the user interface and with existing management tools. Users can change the diagnostic data level in the **Diagnostic data** setting. In the **Settings** app, in **Privacy** &gt; **Diagnostics & feedback**. They can choose between Basic and Full. The Enhanced level will only be displayed as an option when Group Policy or Mobile Device Management (MDM) are invoked with this level. The Security level is not available.
IT pros can use various methods, including Group Policy and Mobile Device Management (MDM), to choose a diagnostic data level. If youre using Windows 10 Enterprise, Windows 10 Education, or Windows Server, the Security diagnostic data level is available when managing the policy. Setting the diagnostic data level through policy sets the upper boundary for the users choices. To disable user choice after setting the level with the policy, you will need to use the "Configure telemetry opt-in setting user interface" group policy. The remainder of this article describes how to use group policy to configure levels and settings interface.
#### Manage your diagnostic data settings
Use the steps in this article to set and/or adjust the diagnostic data settings for Windows and Windows Server in your organization.
@ -225,41 +225,41 @@ Use the appropriate value in the table below when you configure the management p
Use a Group Policy object to set your organizations diagnostic data level.
1. From the Group Policy Management Console, go to **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Data Collection and Preview Builds**.
1. From the Group Policy Management Console, go to **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Data Collection and Preview Builds**.
2. Double-click **Allow Telemetry**.
1. Double-click **Allow Telemetry**.
3. In the **Options** box, select the level that you want to configure, and then click **OK**.
1. In the **Options** box, select the level that you want to configure, and then click **OK**.
### Use MDM to set the diagnostic data level
Use the [Policy Configuration Service Provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) to apply the System/AllowTelemetry MDM policy.
Use the [Policy Configuration Service Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) to apply the System/AllowTelemetry MDM policy.
### Use Registry Editor to set the diagnostic data level
Use Registry Editor to manually set the registry level on each device in your organization or you can write a script to edit the registry. If a management policy already exists, such as Group Policy or MDM, it will override this registry setting.
1. Open Registry Editor, and go to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection**.
1. Open Registry Editor, and go to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection**.
2. Right-click **DataCollection**, click New, and then click **DWORD (32-bit) Value**.
1. Right-click **DataCollection**, click New, and then click **DWORD (32-bit) Value**.
3. Type **AllowTelemetry**, and then press ENTER.
1. Type **AllowTelemetry**, and then press ENTER.
4. Double-click **AllowTelemetry**, set the desired value from the table above, and then click **OK.**
1. Double-click **AllowTelemetry**, set the desired value from the table above, and then click **OK.**
5. Click **File** &gt; **Export**, and then save the file as a .reg file, such as **C:\\AllowTelemetry.reg**. You can run this file from a script on each device in your organization.
1. Click **File** &gt; **Export**, and then save the file as a .reg file, such as **C:\\AllowTelemetry.reg**. You can run this file from a script on each device in your organization.
### Additional diagnostic data controls
There are a few more settings that you can turn off that may send diagnostic data information:
- To turn off Windows Update diagnostic data, you have two choices. Either turn off Windows Update, or set your devices to be managed by an on premises update server, such as [Windows Server Update Services (WSUS)](https://technet.microsoft.com/library/hh852345.aspx) or [System Center Configuration Manager](https://www.microsoft.com/server-cloud/products/system-center-2012-r2-configuration-manager/).
- To turn off Windows Update diagnostic data, you have two choices. Either turn off Windows Update, or set your devices to be managed by an on premises update server, such as [Windows Server Update Services (WSUS)](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/index/).
- Turn off **Windows Defender Cloud-based Protection** and **Automatic sample submission** in **Settings** &gt; **Update & security** &gt; **Windows Defender**.
- Turn off **Windows Defender Cloud-based Protection** and **Automatic sample submission** in **Settings** &gt; **Update & security** &gt; **Windows Defender**.
- Manage the Malicious Software Removal Tool in your organization. For more info, see Microsoft KB article [891716](https://support.microsoft.com/kb/891716).
- Manage the Malicious Software Removal Tool in your organization. For more info, see Microsoft KB article [891716](https://support.microsoft.com/kb/891716).
- Turn off **Improve inking and typing** in **Settings** &gt; **Privacy**. At diagnostic data levels **Enhanced** and **Full**, Microsoft uses Linguistic Data Collection info to improve language model features such as autocomplete, spellcheck, suggestions, input pattern recognition, and dictionary.
- Turn off **Improve inking and typing** in **Settings** &gt; **Privacy**. At diagnostic data levels **Enhanced** and **Full**, Microsoft uses Linguistic Data Collection info to improve language model features such as autocomplete, spellcheck, suggestions, input pattern recognition, and dictionary.
> [!NOTE]
> Microsoft does not intend to gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information for Linguistic Data Collection. We guard against such events by using technologies to identify and remove sensitive information before linguistic data is sent from the user's device. If we determine that sensitive information has been inadvertently received, we delete the information.
@ -275,23 +275,23 @@ The Security level gathers only the diagnostic data info that is required to kee
> [!NOTE]
> If your organization relies on Windows Update for updates, you shouldnt use the **Security** level. Because no Windows Update information is gathered at this level, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of our updates.
Windows Server Update Services (WSUS) and System Center Configuration Manager functionality is not affected at this level, nor is diagnostic data about Windows Server features or System Center gathered.
Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager functionality is not affected at this level, nor is diagnostic data about Windows Server features or System Center gathered.
The data gathered at this level includes:
- **Connected User Experiences and Telemetry component settings**. If general diagnostic data has been gathered and is queued, it is sent to Microsoft. Along with this diagnostic data, the Connected User Experiences and Telemetry component may download a configuration settings file from Microsofts servers. This file is used to configure the Connected User Experiences and Telemetry component itself. The data gathered by the client for this request includes OS information, device id (used to identify what specific device is requesting settings) and device class (for example, whether the device is server or desktop).
- **Connected User Experiences and Telemetry component settings**. If general diagnostic data has been gathered and is queued, it is sent to Microsoft. Along with this diagnostic data, the Connected User Experiences and Telemetry component may download a configuration settings file from Microsofts servers. This file is used to configure the Connected User Experiences and Telemetry component itself. The data gathered by the client for this request includes OS information, device id (used to identify what specific device is requesting settings) and device class (for example, whether the device is server or desktop).
- **Malicious Software Removal Tool (MSRT)** The MSRT infection report contains information, including device info and IP address.
- **Malicious Software Removal Tool (MSRT)** The MSRT infection report contains information, including device info and IP address.
> [!NOTE]
> You can turn off the MSRT infection report. No MSRT information is included if MSRT is not used. If Windows Update is turned off, MSRT will not be offered to users. For more info, see Microsoft KB article [891716](https://support.microsoft.com/kb/891716).
- **Windows Defender/Endpoint Protection**. Windows Defender and System Center Endpoint Protection requires some information to function, including: anti-malware signatures, diagnostic information, User Account Control settings, Unified Extensible Firmware Interface (UEFI) settings, and IP address.
- **Windows Defender/Endpoint Protection**. Windows Defender and System Center Endpoint Protection requires some information to function, including: anti-malware signatures, diagnostic information, User Account Control settings, Unified Extensible Firmware Interface (UEFI) settings, and IP address.
> [!NOTE]
> This reporting can be turned off and no information is included if a customer is using third-party antimalware software, or if Windows Defender is turned off. For more info, see [Windows Defender](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender).
Microsoft recommends that Windows Update, Windows Defender, and MSRT remain enabled unless the enterprise uses alternative solutions such as Windows Server Update Services, System Center Configuration Manager, or a third-party antimalware solution. Windows Update, Windows Defender, and MSRT provide core Windows functionality such as driver and OS updates, including security updates.
Microsoft recommends that Windows Update, Windows Defender, and MSRT remain enabled unless the enterprise uses alternative solutions such as Windows Server Update Services, Microsoft Endpoint Configuration Manager, or a third-party antimalware solution. Windows Update, Windows Defender, and MSRT provide core Windows functionality such as driver and OS updates, including security updates.
For servers with default diagnostic data settings and no Internet connectivity, you should set the diagnostic data level to **Security**. This stops data gathering for events that would not be uploaded due to the lack of Internet connectivity.
@ -307,42 +307,34 @@ The normal upload range for the Basic diagnostic data level is between 109 KB -
The data gathered at this level includes:
- **Basic device data**. Helps provide an understanding about the types of Windows devices and the configurations and types of native and virtualized Windows Servers in the ecosystem. Examples include:
- **Basic device data**. Helps provide an understanding about the types of Windows devices and the configurations and types of native and virtualized Windows Servers in the ecosystem. Examples include:
- Device attributes, such as camera resolution and display type
- Device attributes, such as camera resolution and display type
- Internet Explorer version
- Battery attributes, such as capacity and type
- Networking attributes, such as number of network adapters, speed of network adapters, mobile operator network, and IMEI number
- Processor and memory attributes, such as number of cores, architecture, speed, memory size, and firmware
- Virtualization attribute, such as Second Level Address Translation (SLAT) support and guest operating system
- Operating system attributes, such as Windows edition and virtualization state
- Storage attributes, such as number of drives, type, and size
- Internet Explorer version
- **Connected User Experiences and Telemetry component quality metrics**. Helps provide an understanding about how the Connected User Experiences and Telemetry component is functioning, including % of uploaded events, dropped events, and the last upload time.
- Battery attributes, such as capacity and type
- **Quality-related information**. Helps Microsoft develop a basic understanding of how a device and its operating system are performing. Some examples are the device characteristics of a Connected Standby device, the number of crashes or hangs, and application state change details, such as how much processor time and memory were used, and the total uptime for an app.
- Networking attributes, such as number of network adapters, speed of network adapters, mobile operator network, and IMEI number
- **Compatibility data**. Helps provide an understanding about which apps are installed on a device or virtual machine and identifies potential compatibility problems.
- Processor and memory attributes, such as number of cores, architecture, speed, memory size, and firmware
- **General app data and app data for Internet Explorer add-ons**. Includes a list of apps that are installed on a native or virtualized instance of the OS and whether these apps function correctly after an upgrade. This app data includes the app name, publisher, version, and basic details about which files have been blocked from usage.
- Virtualization attribute, such as Second Level Address Translation (SLAT) support and guest operating system
- **Internet Explorer add-ons**. Includes a list of Internet Explorer add-ons that are installed on a device and whether these apps will work after an upgrade.
- Operating system attributes, such as Windows edition and virtualization state
- **System data**. Helps provide an understanding about whether a device meets the minimum requirements to upgrade to the next version of the operating system. System information includes the amount of memory, as well as information about the processor and BIOS.
- Storage attributes, such as number of drives, type, and size
- **Accessory device data**. Includes a list of accessory devices, such as printers or external storage devices, that are connected to Windows PCs and whether these devices will function after upgrading to a new version of the operating system.
- **Connected User Experiences and Telemetry component quality metrics**. Helps provide an understanding about how the Connected User Experiences and Telemetry component is functioning, including % of uploaded events, dropped events, and the last upload time.
- **Quality-related information**. Helps Microsoft develop a basic understanding of how a device and its operating system are performing. Some examples are the device characteristics of a Connected Standby device, the number of crashes or hangs, and application state change details, such as how much processor time and memory were used, and the total uptime for an app.
- **Compatibility data**. Helps provide an understanding about which apps are installed on a device or virtual machine and identifies potential compatibility problems.
- **General app data and app data for Internet Explorer add-ons**. Includes a list of apps that are installed on a native or virtualized instance of the OS and whether these apps function correctly after an upgrade. This app data includes the app name, publisher, version, and basic details about which files have been blocked from usage.
- **Internet Explorer add-ons**. Includes a list of Internet Explorer add-ons that are installed on a device and whether these apps will work after an upgrade.
- **System data**. Helps provide an understanding about whether a device meets the minimum requirements to upgrade to the next version of the operating system. System information includes the amount of memory, as well as information about the processor and BIOS.
- **Accessory device data**. Includes a list of accessory devices, such as printers or external storage devices, that are connected to Windows PCs and whether these devices will function after upgrading to a new version of the operating system.
- **Driver data**. Includes specific driver usage thats meant to help figure out whether apps and devices will function after upgrading to a new version of the operating system. This can help to determine blocking issues and then help Microsoft and our partners apply fixes and improvements.
- **Microsoft Store**. Provides information about how the Microsoft Store performs, including app downloads, installations, and updates. It also includes Microsoft Store launches, page views, suspend and resumes, and obtaining licenses.
- **Driver data**. Includes specific driver usage thats meant to help figure out whether apps and devices will function after upgrading to a new version of the operating system. This can help to determine blocking issues and then help Microsoft and our partners apply fixes and improvements.
- **Microsoft Store**. Provides information about how the Microsoft Store performs, including app downloads, installations, and updates. It also includes Microsoft Store launches, page views, suspend and resumes, and obtaining licenses.
### Enhanced level
@ -354,13 +346,13 @@ The normal upload range for the Enhanced diagnostic data level is between 239 KB
The data gathered at this level includes:
- **Operating system events**. Helps to gain insights into different areas of the operating system, including networking, Hyper-V, Cortana, storage, file system, and other components.
- **Operating system events**. Helps to gain insights into different areas of the operating system, including networking, Hyper-V, Cortana, storage, file system, and other components.
- **Operating system app events**. A set of events resulting from Microsoft applications and management tools that were downloaded from the Store or pre-installed with Windows or Windows Server, including Server Manager, Photos, Mail, and Microsoft Edge.
- **Operating system app events**. A set of events resulting from Microsoft applications and management tools that were downloaded from the Store or pre-installed with Windows or Windows Server, including Server Manager, Photos, Mail, and Microsoft Edge.
- **Device-specific events**. Contains data about events that are specific to certain devices, such as Surface Hub and Microsoft HoloLens. For example, Microsoft HoloLens sends Holographic Processing Unit (HPU)-related events.
- **Device-specific events**. Contains data about events that are specific to certain devices, such as Surface Hub and Microsoft HoloLens. For example, Microsoft HoloLens sends Holographic Processing Unit (HPU)-related events.
- **Some crash dump types**. All crash dump types, except for heap dumps and full dumps.
- **Some crash dump types**. All crash dump types, except for heap dumps and full dumps.
If the Connected User Experiences and Telemetry component detects a problem on Windows 10 that requires gathering more detailed instrumentation, the Connected User Experiences and Telemetry component at the **Enhanced** diagnostic data level will only gather data about the events associated with the specific issue.
@ -374,11 +366,11 @@ If a device experiences problems that are difficult to identify or repeat using
However, before more data is gathered, Microsofts privacy governance team, including privacy and other subject matter experts, must approve the diagnostics request made by a Microsoft engineer. If the request is approved, Microsoft engineers can use the following capabilities to get the information:
- Ability to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.
- Ability to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.
- Ability to get registry keys.
- Ability to get registry keys.
- All crash dump types, including heap dumps and full dumps.
- All crash dump types, including heap dumps and full dumps.
> [!NOTE]
> Crash dumps collected at this diagnostic data level may unintentionally contain personal data, such as portions of memory from a documents, a web page, etc.
@ -387,7 +379,7 @@ However, before more data is gathered, Microsofts privacy governance team, in
> [!IMPORTANT]
> The Upgrade Readiness and Device Health solutions of Windows Analytics are being retired on January 31, 2020. [Update Compliance](/windows/deployment/update/update-compliance-get-started) will continue to be supported.
> For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/en-us/help/4521815/windows-analytics-retirement).
> For more information, see [Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/help/4521815/windows-analytics-retirement).
Desktop Analytics reports are powered by diagnostic data not included in the **Basic** level, such as crash reports and certain operating system events.
@ -414,7 +406,7 @@ With the retirement of Windows Analytics, this policy will continue to be suppor
-AND-
2. Enable the **LimitEnhancedDiagnosticDataWindowsAnalytics** setting, using either Group Policy or MDM.
1. Enable the **LimitEnhancedDiagnosticDataWindowsAnalytics** setting, using either Group Policy or MDM.
a. Using Group Policy, set the **Computer Configuration/Administrative Templates/Windows Components/Data collection and Preview builds/Limit Enhanced diagnostic data to the minimum required by Windows Analytics** setting to **Enabled**.

11
windows/privacy/docfx.json
View File

@ -40,11 +40,12 @@
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.privacy",
"folder_relative_path_in_docset": "./"
}
}
"./": {
"depot_name": "MSDN.privacy",
"folder_relative_path_in_docset": "./"
}
},
"titleSuffix": "Windows Privacy"
},
"fileMetadata": {},
"template": [],

6
windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
View File

@ -1413,7 +1413,11 @@ To turn off Inking & Typing data collection (note: there is no Group Policy for
-or-
- Set **RestrictImplicitTextCollection** registry REG_DWORD setting in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\InputPersonalization** to a **value of 1 (one)**
- Set **RestrictImplicitTextCollection** registry REG_DWORD setting in **HKEY_CURRENT_USER\Software\Microsoft\InputPersonalization** to a **value of 1 (one)**
-and-
- Set **RestrictImplicitInkCollection** registry REG_DWORD setting in **HKEY_CURRENT_USER\Software\Microsoft\InputPersonalization** to a **value of 1 (one)**
### <a href="" id="bkmk-act-history"></a>18.22 Activity History

6
windows/release-information/resolved-issues-windows-10-1903.yml
View File

@ -32,6 +32,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>December 10, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='231msg'></div><b>Intermittent loss of Wi-Fi connectivity</b><br>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. <br><br><a href = '#231msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 22, 2019 <br>04:10 PM PT</td></tr>
<tr><td><div id='225msg'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><br>Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.<br><br><a href = '#225msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 15, 2019 <br>05:59 PM PT</td></tr>
<tr><td><div id='317msg'></div><b>Updates may fail to install and you may receive Error 0x80073701</b><br>Installation of updates may fail and you may receive error code 0x80073701.<br><br><a href = '#317msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:11 AM PT</td></tr>
@ -60,8 +61,6 @@ sections:
<tr><td><div id='222msg'></div><b>Error attempting to update with external USB device or memory card attached </b><br>PCs with an external USB device or SD memory card attached may get error: \"This PC can't be upgraded to Windows 10.\"<br><br><a href = '#222msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>July 11, 2019 <br>01:53 PM PT</td></tr>
<tr><td><div id='230msg'></div><b>Audio not working with Dolby Atmos headphones and home theater </b><br>Users may experience audio loss with Dolby Atmos headphones or Dolby Atmos home theater.<br><br><a href = '#230msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>July 11, 2019 <br>01:53 PM PT</td></tr>
<tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 18362.175<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503293' target='_blank'>KB4503293</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a></td><td>June 27, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='224msg'></div><b>Older versions of BattlEye anti-cheat software incompatible</b><br>Users may experience a compatibility issue with some games that use older versions of BattlEye anti-cheat software.<br><br><a href = '#224msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>June 07, 2019 <br>04:26 PM PT</td></tr>
<tr><td><div id='232msg'></div><b>AMD RAID driver incompatibility </b><br>Devices running certain AMD RAID drivers may have difficulty installing the Windows 10, version 1903 update.<br><br><a href = '#232msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>June 06, 2019 <br>11:06 AM PT</td></tr>
</table>
"
@ -77,6 +76,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='348msgdesc'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><div>When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</div><div><br></div><div><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a>.</div><br><a href ='#348msg'>Back to top</a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>Resolved:<br>December 10, 2019 <br>10:00 AM PT<br><br>Opened:<br>October 29, 2019 <br>05:15 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='358msgdesc'></div><b>Unable to discover or connect to Bluetooth devices using some Qualcomm adapters</b><div>Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Qualcomm. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Qualcomm Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a> and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903.</div><br><a href ='#358msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>Resolved:<br>October 08, 2019 <br>10:00 AM PT<br><br>Opened:<br>October 25, 2019 <br>04:21 PM PT</td></tr>
</table>
"
@ -146,7 +146,5 @@ sections:
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='235msgdesc'></div><b>Loss of functionality in Dynabook Smartphone Link app</b><div>Some users may experience a loss of functionality after updating to Windows 10, version 1903 when using the Dynabook Smartphone Link application on Windows devices. Loss of functionality may affect the display of phone numbers in the Call menu and the ability to answer phone calls on the Windows PC.</div><div><br></div><div>To safeguard your update experience, we have applied a compatibility hold on devices with Dynabook Smartphone Link from being offered Windows 10, version 1903, until&nbsp;this issue is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.</div><br><a href ='#235msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>July 11, 2019 <br>01:54 PM PT<br><br>Opened:<br>May 24, 2019 <br>03:10 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='222msgdesc'></div><b>Error attempting to update with external USB device or memory card attached </b><div>If you have an external USB device or SD memory card attached when installing Windows 10, version 1903, you may get an error message stating \"This PC can't be upgraded to Windows 10.\" This is caused by inappropriate drive reassignment during installation.</div><div><br></div><div>Sample scenario: An update to Windows 10, version 1903 is attempted on a computer that has a thumb drive inserted into its USB port. Before the update, the thumb drive is mounted in the system as drive G based on the existing drive configuration. After the feature update is installed; however, the device is&nbsp;reassigned a different drive letter (e.g., drive H).</div><div><br></div><div><strong>Note</strong> The drive reassignment is not limited to removable drives. Internal hard drives may also be affected.</div><div><br></div><div>To safeguard your update experience, we have applied a hold on devices with an external USB device or SD memory card attached from being offered Windows 10, version 1903 until&nbsp;this issue is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.</div><br><a href ='#222msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>July 11, 2019 <br>01:53 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:38 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='230msgdesc'></div><b>Audio not working with Dolby Atmos headphones and home theater </b><div>After updating to Windows 10, version 1903, you may experience loss of audio with Dolby Atmos for home theater (free extension) or Dolby Atmos for headphones (paid extension) acquired through the Microsoft Store due to a licensing configuration error.</div><div>&nbsp;</div><div>This occurs due to an issue with a Microsoft Store licensing component, where license holders are not able to connect to the Dolby Access app and enable Dolby Atmos extensions.</div><div>&nbsp;</div><div>To safeguard your update experience, we have applied protective hold on devices from being offered Windows 10, version 1903 until&nbsp;this issue is resolved. This configuration error will not result in loss of access for the acquired license once the problem is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.</div><br><a href ='#230msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>July 11, 2019 <br>01:53 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:16 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='224msgdesc'></div><b>Older versions of BattlEye anti-cheat software incompatible</b><div>Microsoft and BattlEye have identified a compatibility issue with some games that use older versions of BattlEye anti-cheat software. When launching a game that uses an older, impacted version of BattlEye anti-cheat software on a device running Windows 10, version 1903, the device may experience a system crash.</div><div><br></div><div>To safeguard your gaming experience, we have applied a compatibility hold on devices with the impacted versions of BattlEye software used by games installed on your PC. This will prevent Windows 10, version 1903 from being offered until the incompatible version of BattlEye software is no longer installed on the device.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Workaround: </strong>Before updating your machine, we recommend you do one or more of the following:</div><div><br></div><ul><li>Verify that your game is up to date with the latest available version of BattlEye software. Some game platforms allow you to validate your game files, which can confirm that your installation is fully up to date.</li><li>Restart your system and open the game again.</li><li>Uninstall BattlEye using <a href=\"https://www.battleye.com/downloads/UninstallBE.exe\" target=\"_blank\">https://www.battleye.com/downloads/UninstallBE.exe</a>, and then reopen your game.</li><li>Uninstall and reinstall your game.</li></ul><div></div><div><strong>Resolution: </strong>This issue was resolved externally by BattlEye for all known impacted games. For a list of recent games that use BattlEye, go to <a href=\"https://www.battleye.com/\" target=\"_blank\" style=\"\"><u>https://www.battleye.com/</u></a>. We recommend following the workaround before updating to Windows 10, version 1903, as games with incompatible versions of BattleEye may fail to open after updating Windows. If you have confirmed your&nbsp;game is up to date&nbsp;and you have any issues with opening games related to a BattlEye error, please see <a href=\"https://www.battleye.com/support/faq/\" target=\"_blank\" style=\"\"><u>https://www.battleye.com/support/faq/</u></a>.</div><br><a href ='#224msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>June 07, 2019 <br>04:26 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:34 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='232msgdesc'></div><b>AMD RAID driver incompatibility </b><div>Microsoft and AMD have identified an incompatibility with AMD RAID driver versions earlier than 9.2.0.105. When you attempt to install&nbsp;the Windows 10, version 1903 update on a Windows 10-based computer with an affected driver version, the installation process stops and you get a message like the following:</div><p class=\"ql-indent-1\">AMD Ryzen™ or AMD Ryzen™ Threadripper™ configured in SATA or NVMe RAID mode.</div><p class=\"ql-indent-1\">“A driver is installed that causes stability problems on Windows. This driver will be disabled. Check with your software/driver provider for an updated version that runs on this version of Windows.”</div><div><strong>&nbsp;</strong></div><div>To safeguard your update experience, we have applied a compatibility hold on devices with these AMD drivers from being offered Windows 10, version 1903, until&nbsp;this issue is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution: </strong>This issue has been resolved externally by AMD. To resolve this issue, you will need to download the latest AMD RAID drivers directly from AMD at&nbsp;<a href=\"https://www.amd.com/en/support/chipsets/amd-socket-tr4/x399\" target=\"_blank\">https://www.amd.com/en/support/chipsets/amd-socket-tr4/x399</a>. The drivers must be version&nbsp;9.2.0.105 or later. Install the drivers on the affected computer, and then restart the installation process for the Windows 10, version 1903 feature update.</div><div>&nbsp;</div><div><strong>Note</strong> The safeguard hold will remain in place on machines with the older AMD RAID drivers. We recommend that you do not attempt to manually update using the <strong>Update now</strong> button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 feature update has been automatically offered to you.</div><br><a href ='#232msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>June 06, 2019 <br>11:06 AM PT<br><br>Opened:<br>May 21, 2019 <br>07:12 AM PT</td></tr>
</table>
"

10
windows/release-information/resolved-issues-windows-10-1909.yml
View File

@ -32,6 +32,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>December 10, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='231msg'></div><b>Intermittent loss of Wi-Fi connectivity</b><br>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. <br><br><a href = '#231msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>November 22, 2019 <br>04:10 PM PT</td></tr>
<tr><td><div id='225msg'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><br>Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.<br><br><a href = '#225msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>November 15, 2019 <br>05:59 PM PT</td></tr>
</table>
@ -44,6 +45,15 @@ sections:
<div>
</div>
"
- title: October 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='348msgdesc'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><div>When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</div><div><br></div><div><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a>.</div><br><a href ='#348msg'>Back to top</a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>Resolved:<br>December 10, 2019 <br>10:00 AM PT<br><br>Opened:<br>October 29, 2019 <br>05:15 PM PT</td></tr>
</table>
"
- title: May 2019
- items:
- type: markdown

10
windows/release-information/status-windows-10-1507.yml
View File

@ -61,7 +61,6 @@ sections:
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 10240.18368<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520011' target='_blank'>KB4520011</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that dont support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>OS Build 10240.18215<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499154' target='_blank'>KB4499154</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505051' target='_blank'>KB4505051</a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
<tr><td><div id='196msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#196msgdesc'>See details ></a></td><td>OS Build 10240.18094<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480962' target='_blank'>KB4480962</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
</table>
"
@ -82,15 +81,6 @@ sections:
</table>
"
- title: May 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that dont support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703;Windows 10, version 1607; Windows 10, version 1507;Windows 8.1; Windows 7SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008R2SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#218msg'>Back to top</a></td><td>OS Build 10240.18215<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499154' target='_blank'>KB4499154</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505051' target='_blank'>KB4505051</a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
</table>
"
- title: January 2019
- items:
- type: markdown

10
windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
View File

@ -61,7 +61,6 @@ sections:
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 14393.3274<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4519998' target='_blank'>KB4519998</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that dont support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>OS Build 14393.2969<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505052' target='_blank'>KB4505052</a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
<tr><td><div id='195msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#195msgdesc'>See details ></a></td><td>OS Build 14393.2724<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480961' target='_blank'>KB4480961</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='61msg'></div><b>Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM</b><br>Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.<br><br><a href = '#61msgdesc'>See details ></a></td><td>OS Build 14393.2608<br><br>November 13, 2018<br><a href ='https://support.microsoft.com/help/4467691' target='_blank'>KB4467691</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 19, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='36msg'></div><b>Cluster service may fail if the minimum password length is set to greater than 14</b><br>The cluster service may fail to start if “Minimum Password Length” is configured with greater than 14 characters.<br><br><a href = '#36msgdesc'>See details ></a></td><td>OS Build 14393.2639<br><br>November 27, 2018<br><a href ='https://support.microsoft.com/help/4467684' target='_blank'>KB4467684</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
@ -84,15 +83,6 @@ sections:
</table>
"
- title: May 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that dont support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703;Windows 10, version 1607; Windows 10, version 1507;Windows 8.1; Windows 7SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008R2SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#218msg'>Back to top</a></td><td>OS Build 14393.2969<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505052' target='_blank'>KB4505052</a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
</table>
"
- title: January 2019
- items:
- type: markdown

10
windows/release-information/status-windows-10-1709.yml
View File

@ -62,7 +62,6 @@ sections:
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 16299.1387<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516066' target='_blank'>KB4516066</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:05 AM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 16299.1451<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520004' target='_blank'>KB4520004</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that dont support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>OS Build 16299.1143<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4498946' target='_blank'>KB4498946</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505062' target='_blank'>KB4505062</a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
<tr><td><div id='193msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#193msgdesc'>See details ></a></td><td>OS Build 16299.904<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480978' target='_blank'>KB4480978</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
</table>
"
@ -92,15 +91,6 @@ sections:
</table>
"
- title: May 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that dont support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703;Windows 10, version 1607; Windows 10, version 1507;Windows 8.1; Windows 7SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008R2SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#218msg'>Back to top</a></td><td>OS Build 16299.1143<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4498946' target='_blank'>KB4498946</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505062' target='_blank'>KB4505062</a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
</table>
"
- title: January 2019
- items:
- type: markdown

10
windows/release-information/status-windows-10-1803.yml
View File

@ -66,7 +66,6 @@ sections:
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 17134.1006<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516058' target='_blank'>KB4516058</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:05 AM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 17134.1069<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520008' target='_blank'>KB4520008</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that dont support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>OS Build 17134.765<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499167' target='_blank'>KB4499167</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505064' target='_blank'>KB4505064</a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
<tr><td><div id='192msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#192msgdesc'>See details ></a></td><td>OS Build 17134.523<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480966' target='_blank'>KB4480966</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
</table>
"
@ -96,15 +95,6 @@ sections:
</table>
"
- title: May 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that dont support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703;Windows 10, version 1607; Windows 10, version 1507;Windows 8.1; Windows 7SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008R2SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#218msg'>Back to top</a></td><td>OS Build 17134.765<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499167' target='_blank'>KB4499167</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505064' target='_blank'>KB4505064</a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
</table>
"
- title: January 2019
- items:
- type: markdown

12
windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
View File

@ -67,10 +67,8 @@ sections:
<tr><td><div id='360msg'></div><b>Microsoft Defender Advanced Threat Protection might stop running</b><br>The Microsoft Defender ATP service might stop running and might fail to send reporting data.<br><br><a href = '#360msgdesc'>See details ></a></td><td>OS Build 17763.832<br><br>October 15, 2019<br><a href ='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4523205' target='_blank'>KB4523205</a></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 17763.737<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4512578' target='_blank'>KB4512578</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:05 AM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 17763.805<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4519338' target='_blank'>KB4519338</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that dont support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>OS Build 17763.503<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505056' target='_blank'>KB4505056</a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
<tr><td><div id='211msg'></div><b>Devices with some Asian language packs installed may receive an error</b><br>Devices with Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"<br><br><a href = '#211msgdesc'>See details ></a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 03, 2019 <br>10:59 AM PT</td></tr>
<tr><td><div id='191msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail </b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#191msgdesc'>See details ></a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='90msg'></div><b>Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort</b><br>Upgrade block: Certain new Intel display drivers may accidentally turn on unsupported features in Windows.<br><br><a href = '#90msgdesc'>See details ></a></td><td>OS Build 17763.134<br><br>November 13, 2018<br><a href ='https://support.microsoft.com/help/4467708' target='_blank'>KB4467708</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>March 15, 2019 <br>12:00 PM PT</td></tr>
</table>
"
@ -105,7 +103,6 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that dont support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703;Windows 10, version 1607; Windows 10, version 1507;Windows 8.1; Windows 7SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008R2SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#218msg'>Back to top</a></td><td>OS Build 17763.503<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505056' target='_blank'>KB4505056</a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='211msgdesc'></div><b>Devices with some Asian language packs installed may receive an error</b><div>After installing the April 2019 Cumulative Update (<a href=\"https://support.microsoft.com/help/4493509\" target=\"_blank\">KB4493509</a>), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Workaround: </strong></div><ol><li>Uninstall and reinstall any recently added language packs.&nbsp;For instructions, see \"<a href=\"https://support.microsoft.com/help/4496404/windows-10-manage-the-input-and-display-language\" target=\"_blank\">Manage the input and display language settings in Windows 10</a>\".</li><li>Click <strong>Check for Updates</strong> and install the April 2019 Cumulative Update. For instructions, see \"<a href=\"https://support.microsoft.com/help/4027667/windows-10-update\" target=\"_blank\">Update Windows 10</a>\".</li></ol><div><strong>Note: </strong>If reinstalling the language pack does not mitigate the issue, reset your PC as follows:</div><ol><ol><li>Go to <strong>Settings app</strong> -&gt; <strong>Recovery</strong>.</li><li>Click on <strong>Get Started</strong> under <strong>\"Reset this PC\"</strong> recovery option.</li><li>Select <strong>\"Keep my Files\"</strong>.</li></ol></ol><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#211msg'>Back to top</a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 03, 2019 <br>10:59 AM PT<br><br>Opened:<br>May 02, 2019 <br>04:36 PM PT</td></tr>
</table>
"
@ -118,12 +115,3 @@ sections:
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='191msgdesc'></div><b>Certain operations performed on a Cluster Shared Volume may fail </b><div>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesnt have administrator privilege.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>Do one of the following:&nbsp;&nbsp;</div><ul><li>Perform the operation from a process that has administrator privilege.&nbsp;</li><li>Perform the operation from a node that doesnt have CSV ownership.&nbsp;</li></ul><div></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#191msg'>Back to top</a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
</table>
"
- title: November 2018
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='90msgdesc'></div><b>Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort</b><div><strong>Upgrade block:</strong> Microsoft has identified issues with certain new Intel display drivers. Intel inadvertently released versions of its display driver (versions 24.20.100.6344, 24.20.100.6345) to OEMs that accidentally turned on unsupported features in Windows.&nbsp;</div><div>&nbsp;</div><div>As a result, after updating to Windows 10, version 1809, audio playback from a monitor or television connected to a PC via HDMI, USB-C, or a DisplayPort may not function correctly on devices with these drivers.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019&nbsp;</li></ul><div></div><div><strong>Next steps:</strong> Intel has released updated drivers to OEM device manufacturers. OEMs need to make the updated driver available via Windows Update.</div><div><br></div><div>For more information, see the <a href=\"https://www.intel.com/content/www/us/en/support/articles/000031612/graphics-drivers.html\" target=\"_blank\">Intel Customer Support article</a>.</div><div><br></div><div><strong>Note:</strong> This Intel display driver issue is different from the Intel Smart Sound Technology driver (version 09.21.00.3755) audio issue previously <a href=\"https://answers.microsoft.com/en-us/windows/forum/all/windows-10-audio-stops-working-after-installing/5a541c88-89e1-4bf3-b356-2837d564b109\" target=\"_blank\">documented</a>.</div><br><a href ='#90msg'>Back to top</a></td><td>OS Build 17763.134<br><br>November 13, 2018<br><a href ='https://support.microsoft.com/help/4467708' target='_blank'>KB4467708</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>March 15, 2019 <br>12:00 PM PT<br><br>Opened:<br>November 13, 2018 <br>10:00 AM PT</td></tr>
</table>
"

8
windows/release-information/status-windows-10-1903.yml
View File

@ -64,16 +64,14 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>December 10, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='322msg'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><br>Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.<br><br><a href = '#322msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>November 25, 2019 <br>05:25 PM PT</td></tr>
<tr><td><div id='231msg'></div><b>Intermittent loss of Wi-Fi connectivity</b><br>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. <br><br><a href = '#231msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 22, 2019 <br>04:10 PM PT</td></tr>
<tr><td><div id='225msg'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><br>Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.<br><br><a href = '#225msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 15, 2019 <br>05:59 PM PT</td></tr>
<tr><td><div id='317msg'></div><b>Updates may fail to install and you may receive Error 0x80073701</b><br>Installation of updates may fail and you may receive error code 0x80073701.<br><br><a href = '#317msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:11 AM PT</td></tr>
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:05 AM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 18362.418<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='228msg'></div><b>Intel Audio displays an intcdaud.sys notification</b><br>Devices with a range of Intel Display Audio device drivers may experience battery drain.<br><br><a href = '#228msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 12, 2019 <br>08:04 AM PT</td></tr>
<tr><td><div id='226msg'></div><b>Gamma ramps, color profiles, and night light settings do not apply in some cases</b><br>Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.<br><br><a href = '#226msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>July 26, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='233msg'></div><b>D3D applications and games may fail to enter full-screen mode on rotated displays</b><br>Some Direct3D (D3D) applications and games may fail to enter full-screen mode on rotated displays.<br><br><a href = '#233msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Mitigated<br><a href = 'https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>May 21, 2019 <br>04:45 PM PT</td></tr>
<tr><td><div id='223msg'></div><b>Duplicate folders and documents showing in user profile directory</b><br>An empty folder with the same name may be created if known folders (e.g. Desktop, Documents) are redirected.<br><br><a href = '#223msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>May 21, 2019 <br>07:16 AM PT</td></tr>
</table>
"
@ -99,7 +97,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='348msgdesc'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><div>When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</div><div><br></div><div><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Workaround: </strong>To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using <a href=\"https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc725595(v=ws.11)\" rel=\"noopener noreferrer\" target=\"_blank\">these instructions</a>. If you prefer to create a new local user, see <a href=\"https://support.microsoft.com/help/4026923\" rel=\"noopener noreferrer\" target=\"_blank\">KB4026923</a>.</div><div><br></div><div><strong>Next steps: </strong>We are working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#348msg'>Back to top</a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>November 12, 2019 <br>08:05 AM PT<br><br>Opened:<br>October 29, 2019 <br>05:15 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='348msgdesc'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><div>When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</div><div><br></div><div><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a>.</div><br><a href ='#348msg'>Back to top</a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>Resolved:<br>December 10, 2019 <br>10:00 AM PT<br><br>Opened:<br>October 29, 2019 <br>05:15 PM PT</td></tr>
</table>
"
@ -121,7 +119,5 @@ sections:
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='225msgdesc'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><div>Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows 10, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#225msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 15, 2019 <br>05:59 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:29 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='228msgdesc'></div><b>Intel Audio displays an intcdaud.sys notification</b><div>Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain.&nbsp;If you see an <strong>intcdaud.sys</strong> notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).</div><div>&nbsp;&nbsp;</div><div>To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until&nbsp;updated device drivers have been installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with updated drivers from your device manufacturer (OEM) or Intel. The safeguard hold has been removed.</div><div><br></div><div><strong>Note </strong>If you are still experiencing the issue described, please contact your device manufacturer (OEM).</div><br><a href ='#228msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 12, 2019 <br>08:04 AM PT<br><br>Opened:<br>May 21, 2019 <br>07:22 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='226msgdesc'></div><b>Gamma ramps, color profiles, and night light settings do not apply in some cases</b><div>Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.</div><div><br></div><div>Microsoft has identified some scenarios in which these features may have issues or stop working, for example:</div><ul><li>Connecting to (or disconnecting from) an external monitor, dock, or projector</li><li>Rotating the screen</li><li>Updating display drivers or making other display mode changes</li><li>Closing full screen applications</li><li>Applying custom color profiles</li><li>Running applications that rely on custom gamma ramps</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a> and the safeguard hold has been removed.</div><br><a href ='#226msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>Resolved:<br>July 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:28 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='233msgdesc'></div><b>D3D applications and games may fail to enter full-screen mode on rotated displays</b><div>Some Direct3D&nbsp;(D3D) applications and games (e.g., 3DMark) may fail to enter full-screen mode on displays where the display orientation has been changed from the default (e.g., a landscape display in portrait mode).</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li><li>Server: Windows Server, version 1903</li></ul><div></div><div><strong>Workaround: </strong>To work around this issue, do one of the following:</div><ul><li>Run applications in windowed mode or, if available, on a secondary non-rotated display.&nbsp;</li><li>Change compatibility settings for the applications to “Disable Full Screen Optimizations.”</li></ul><div></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and estimates a solution will be available in late May.</div><br><a href ='#233msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Mitigated<br><a href = 'https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Last updated:<br>May 21, 2019 <br>04:45 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:05 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='223msgdesc'></div><b>Duplicate folders and documents showing in user profile directory</b><div>If you have redirected known folders (e.g. Desktop, Documents, or Pictures folders) you may see an empty folder with the same name in your %userprofile% directories after updating to Windows 10, version 1903. This may occur if known folders were redirected when you chose to back up your content to OneDrive using the OneDrive wizard, or if you chose to back up your content during the Windows Out-of-Box-Experience (OOBE). This may also occur if you redirected your known folders manually through the Properties dialog box in File Explorer. This issue does not cause any user files to be deleted and a solution is in progress.</div><div><br></div><div>To safeguard your update experience, we have applied a quality hold on devices with redirected known folders from being offered Windows 10, version 1903, until&nbsp;this issue is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and estimates a solution will be available in late May.</div><div><strong>Note </strong>We recommend that you do not attempt to manually update to Windows 10, version 1903 using the <strong>Update now</strong> button or the Media Creation Tool until this issue has been resolved.</div><br><a href ='#223msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Last updated:<br>May 21, 2019 <br>07:16 AM PT<br><br>Opened:<br>May 21, 2019 <br>07:16 AM PT</td></tr>
</table>
"

4
windows/release-information/status-windows-10-1909.yml
View File

@ -64,10 +64,10 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>December 10, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='322msg'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><br>Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.<br><br><a href = '#322msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>November 25, 2019 <br>05:25 PM PT</td></tr>
<tr><td><div id='231msg'></div><b>Intermittent loss of Wi-Fi connectivity</b><br>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. <br><br><a href = '#231msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>November 22, 2019 <br>04:10 PM PT</td></tr>
<tr><td><div id='225msg'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><br>Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.<br><br><a href = '#225msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>November 15, 2019 <br>05:59 PM PT</td></tr>
<tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:05 AM PT</td></tr>
</table>
"
@ -92,7 +92,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='348msgdesc'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><div>When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</div><div><br></div><div><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Workaround: </strong>To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using <a href=\"https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc725595(v=ws.11)\" rel=\"noopener noreferrer\" target=\"_blank\">these instructions</a>. If you prefer to create a new local user, see <a href=\"https://support.microsoft.com/help/4026923\" rel=\"noopener noreferrer\" target=\"_blank\">KB4026923</a>.</div><div><br></div><div><strong>Next steps: </strong>We are working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#348msg'>Back to top</a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>November 12, 2019 <br>08:05 AM PT<br><br>Opened:<br>October 29, 2019 <br>05:15 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='348msgdesc'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><div>When setting up a new Windows device using the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.</div><div><br></div><div><strong>Note</strong> This issue does not affect using a Microsoft Account during OOBE.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709</li><li>Server: Windows Server, version 1909; Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href='https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a>.</div><br><a href ='#348msg'>Back to top</a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4530684' target='_blank'>KB4530684</a></td><td>Resolved:<br>December 10, 2019 <br>10:00 AM PT<br><br>Opened:<br>October 29, 2019 <br>05:15 PM PT</td></tr>
</table>
"

10
windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
View File

@ -63,7 +63,6 @@ sections:
<tr><td><div id='374msg'></div><b>MSRT might fail to install and be re-offered from Windows Update or WSUS </b><br>The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.<br><br><a href = '#374msgdesc'>See details ></a></td><td><br><a href ='' target='_blank'></a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>November 15, 2019 <br>05:59 PM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4519976' target='_blank'>KB4519976</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='310msg'></div><b>IA64 and x64 devices may fail to start after installing updates</b><br>After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.<br><br><a href = '#310msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>August 17, 2019 <br>12:59 PM PT</td></tr>
<tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that dont support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499164' target='_blank'>KB4499164</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505050' target='_blank'>KB4505050</a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
</table>
"
@ -92,12 +91,3 @@ sections:
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='310msgdesc'></div><b>IA64 and x64 devices may fail to start after installing updates</b><div>IA64 devices (in any configuration) and x64 devices using EFI boot that were provisioned after the July 9th updates and/or skipped the recommended update (KB3133977), may fail to start with the following error:</div><div><strong>\"File: \\Windows\\system32\\winload.efi</strong></div><div><strong>Status: 0xc0000428</strong></div><div><strong>Info: Windows cannot verify the digital signature for this file.\"</strong></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Take Action: </strong>To resolve this issue please follow the steps outlined in the&nbsp;<a href=\"https://support.microsoft.com/help/4472027\" target=\"_blank\">SHA-2 support FAQ</a> article for error code 0xc0000428.</div><br><a href ='#310msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>August 17, 2019 <br>12:59 PM PT<br><br>Opened:<br>August 13, 2019 <br>08:34 AM PT</td></tr>
</table>
"
- title: May 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that dont support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703;Windows 10, version 1607; Windows 10, version 1507;Windows 8.1; Windows 7SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008R2SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#218msg'>Back to top</a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499164' target='_blank'>KB4499164</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505050' target='_blank'>KB4505050</a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
</table>
"

2
windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
View File

@ -62,7 +62,6 @@ sections:
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='375msg'></div><b>Printing from 32-bit apps might fail on a 64-bit OS</b><br>When attempting to print, you may receive an error or the application may stop responding or close.<br><br><a href = '#375msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512489' target='_blank'>KB4512489</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4525250' target='_blank'>KB4525250</a></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520005' target='_blank'>KB4520005</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that dont support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499151' target='_blank'>KB4499151</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505050' target='_blank'>KB4505050</a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
<tr><td><div id='217msg'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><br>With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.<br><br><a href = '#217msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493443' target='_blank'>KB4493443</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 15, 2019 <br>05:53 PM PT</td></tr>
<tr><td><div id='161msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#161msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480963' target='_blank'>KB4480963</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
</table>
@ -90,7 +89,6 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that dont support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703;Windows 10, version 1607; Windows 10, version 1507;Windows 8.1; Windows 7SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008R2SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#218msg'>Back to top</a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499151' target='_blank'>KB4499151</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505050' target='_blank'>KB4505050</a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='217msgdesc'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><div>If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1</li><li>Server: Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong></div><div>If you see any of the previous dictionary updates listed below, uninstall it from <strong>Programs and features</strong> &gt; <strong>Uninstall or change a program</strong>. New words that were in previous dictionary updates are also in this update.</div><ul><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1080)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1080)</li></ul><br><a href ='#217msg'>Back to top</a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493443' target='_blank'>KB4493443</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 15, 2019 <br>05:53 PM PT<br><br>Opened:<br>May 15, 2019 <br>05:53 PM PT</td></tr>
</table>
"

2
windows/release-information/status-windows-server-2012.yml
View File

@ -62,7 +62,6 @@ sections:
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='375msg'></div><b>Printing from 32-bit apps might fail on a 64-bit OS</b><br>When attempting to print, you may receive an error or the application may stop responding or close.<br><br><a href = '#375msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512482' target='_blank'>KB4512482</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4525253' target='_blank'>KB4525253</a></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520007' target='_blank'>KB4520007</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
<tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that dont support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499171' target='_blank'>KB4499171</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505050' target='_blank'>KB4505050</a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
<tr><td><div id='217msg'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><br>With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.<br><br><a href = '#217msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493462' target='_blank'>KB4493462</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 15, 2019 <br>05:53 PM PT</td></tr>
<tr><td><div id='187msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#187msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480975' target='_blank'>KB4480975</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
</table>
@ -90,7 +89,6 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that dont support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703;Windows 10, version 1607; Windows 10, version 1507;Windows 8.1; Windows 7SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008R2SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#218msg'>Back to top</a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499171' target='_blank'>KB4499171</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505050' target='_blank'>KB4505050</a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='217msgdesc'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><div>If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1</li><li>Server: Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong></div><div>If you see any of the previous dictionary updates listed below, uninstall it from <strong>Programs and features</strong> &gt; <strong>Uninstall or change a program</strong>. New words that were in previous dictionary updates are also in this update.</div><ul><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1080)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1080)</li></ul><br><a href ='#217msg'>Back to top</a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493462' target='_blank'>KB4493462</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 15, 2019 <br>05:53 PM PT<br><br>Opened:<br>May 15, 2019 <br>05:53 PM PT</td></tr>
</table>
"

2
windows/release-information/windows-message-center.yml
View File

@ -50,6 +50,8 @@ sections:
text: "
<table border ='0'><tr><td width='80%'>Message</td><td width='20%'>Date</td></tr>
<tr><td id='376'><a href = 'https://support.microsoft.com/help/4530684' target='_blank'><b>Take action: December 2019 security update available for all supported versions of Windows</b></a><a class='docon docon-link heading-anchor' aria-labelledby='376' href='#376'></a><br><div>The December 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>. To be informed about the latest updates and releases, follow us on Twitter&nbsp;<a href=\"https://twitter.com/windowsupdate\" rel=\"noopener noreferrer\" target=\"_blank\">@WindowsUpdate</a>.</div></td><td>December 10, 2019 <br>08:00 AM PT</td></tr>
<tr><td id='378'><b>Timing of Windows 10 optional update releases (December 2019)</b><a class='docon docon-link heading-anchor' aria-labelledby='378' href='#378'></a><br><div>For the balance of this calendar year, there will be no optional non-security “C” and “D” releases for Windows 10. The \"C\" releases normally target the third week of the month, with \"D\" releases targeting the fourth week.&nbsp;For more information on the different types of monthly quality updates, see our&nbsp;<a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" rel=\"noopener noreferrer\" target=\"_blank\">Windows 10 update servicing cadence primer</a>.</div></td><td>December 10, 2019 <br>08:00 AM PT</td></tr>
<tr><td id='369'><a href = 'https://aka.ms/how-to-get-1909' target='_blank'><b>Windows 10, version 1909 now available</b></a><a class='docon docon-link heading-anchor' aria-labelledby='369' href='#369'></a><br><div>Learn how to get Windows 10, version 1909 (the November 2019 Update), and explore how weve worked to make this a great experience for all devices, including a new, streamlined (and fast) update experience for devices updating directly from the May 2019 Update.</div></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
<tr><td id='370'><a href = 'https://aka.ms/1909mechanics' target='_blank'><b>Windows 10, version 1909 delivery options</b></a><a class='docon docon-link heading-anchor' aria-labelledby='370' href='#370'></a><br><div>Learn how devices running Windows 10, version 1903 can update to Windows 10, version 1909 using the same servicing technology used to deliver monthly quality updates, resulting in a single restart and reducing update-related downtime.</div></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
<tr><td id='371'><a href = 'https://aka.ms/whats-new-in-1909' target='_blank'><b>Whats new for IT pros in Windows 10, version 1909</b></a><a class='docon docon-link heading-anchor' aria-labelledby='371' href='#371'></a><br><div>Explore the latest features for IT, get information about media availability and related tools, and find answers to frequently asked questions.</div></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>

7
windows/security/docfx.json
View File

@ -45,9 +45,14 @@
"depot_name": "MSDN.security",
"folder_relative_path_in_docset": "./"
}
},
"titleSuffix": "Microsoft 365 Security"
},
"fileMetadata": {
"titleSuffix":{
"threat-protection/**/*.md": "Windows security"
}
},
"fileMetadata": {},
"template": [],
"dest": "security",
"markdownEngineName": "markdig"

4
windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md
View File

@ -23,7 +23,9 @@ ms.reviewer:
* Windows 10, version 1703
Dynamic lock enables you to configure Windows 10 devices to automatically lock when Bluetooth paired device signal falls below the maximum Received Signal Strength Indicator (RSSI) value. You configure the dynamic lock policy using Group Policy. You can locate the policy setting at **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business**. The name of the policy is **Configure dynamic lock factors**.
Dynamic lock enables you to configure Windows 10 devices to automatically lock when Bluetooth paired device signal falls below the maximum Received Signal Strength Indicator (RSSI) value. This makes it more difficult for someone to gain access to your device if you step away from your PC and forget to lock it.
You configure the dynamic lock policy using Group Policy. You can locate the policy setting at **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business**. The name of the policy is **Configure dynamic lock factors**.
The Group Policy Editor, when the policy is enabled, creates a default signal rule policy with the following value:

2
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
View File

@ -151,7 +151,7 @@ Sign-in a certificate authority or management workstations with _Domain Admin eq
Sign-in to an **AD FS Windows Server 2016** computer with _Enterprise Admin_ equivalent credentials.
1. Open an elevated command prompt.
2. Run `certutil -dsTemplate WHFBAuthentication,msPKI-Private-Key-Flag,+CTPRIVATEKEY_FLAG_HELLO_LOGON_KEY`
2. Run `certutil -dsTemplate WHFBAuthentication msPKI-Private-Key-Flag +CTPRIVATEKEY_FLAG_HELLO_LOGON_KEY`
> [!NOTE]
> If you gave your Windows Hello for Business Authentication certificate template a different name, then replace **WHFBAuthentication** in the above command with the name of your certificate template. It's important that you use the template name rather than the template display name. You can view the template name on the **General** tab of the certificate template using the Certificate Template management console (certtmpl.msc). Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on our Windows Server 2012 or later certificate authority.

5
windows/security/threat-protection/microsoft-defender-atp/improve-request-performance.md → windows/security/includes/improve-request-performance.md
View File

@ -16,11 +16,8 @@ ms.collection: M365-security-compliance
ms.topic: article
---
# Improve request performance
>[!NOTE]
>For better performance, you can use server closer to your geo location:
> - api-us.securitycenter.windows.com
> - api-eu.securitycenter.windows.com
> - api-uk.securitycenter.windows.com
> - api-uk.securitycenter.windows.com

4
windows/security/threat-protection/microsoft-defender-atp/machineactionsnote.md → windows/security/includes/machineactionsnote.md
View File

@ -9,7 +9,5 @@ author: mjcaparas
ms.prod: w10
---
# Perform a Machine Action via the Microsoft Defender ATP API
>[!Note]
> This page focuses on performing a machine action via API. See [take response actions on a machine](respond-machine-alerts.md) for more information about response actions functionality via Microsoft Defender ATP.
> This page focuses on performing a machine action via API. See [take response actions on a machine](../threat-protection/microsoft-defender-atp/respond-machine-alerts.md) for more information about response actions functionality via Microsoft Defender ATP.

2
windows/security/threat-protection/microsoft-defender-atp/prerelease.md → windows/security/includes/prerelease.md
View File

@ -9,7 +9,5 @@ author: mjcaparas
ms.prod: w10
---
# Microsoft Defender ATP Pre-release Disclaimer
> [!IMPORTANT]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

2
windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
View File

@ -314,7 +314,7 @@ Troubleshooting Network Unlock issues begins by verifying the environment. Many
- Verify the **Network (Certificate Based)** protector is listed on the client. This can be done using either manage-bde or Windows PowerShell cmdlets. For example the following command will list the key protectors currently configured on the C: drive of the lcoal computer:
```powershell
manage-bde protectors get C:
manage-bde -protectors -get C:
```
>**Note:** Use the output of manage-bde along with the WDS debug log to determine if the proper certificate thumbprint is being used for Network Unlock

9
windows/security/threat-protection/TOC.md
View File

@ -448,13 +448,6 @@
#### [Common Vulnerabilities and Exposures (CVE) to KB map]()
##### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md)
#### [API for custom alerts (Deprecated)]()
##### [Use the threat intelligence API to create custom alerts (Deprecated)](microsoft-defender-atp/use-custom-ti.md)
##### [Create custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/custom-ti-api.md)
##### [PowerShell code examples (Deprecated)](microsoft-defender-atp/powershell-example-code.md)
##### [Python code examples (Deprecated)](microsoft-defender-atp/python-example-code.md)
##### [Experiment with custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/experiment-custom-ti.md)
##### [Troubleshoot custom threat intelligence issues (Deprecated)](microsoft-defender-atp/troubleshoot-custom-ti.md)
#### [Pull detections to your SIEM tools]()
##### [Learn about different ways to pull detections](microsoft-defender-atp/configure-siem.md)
@ -466,7 +459,7 @@
##### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md)
#### [Reporting]()
##### [Create and build Power BI reports using Microsoft Defender ATP data](microsoft-defender-atp/powerbi-reports.md)
##### [Create and build Power BI reports using Microsoft Defender ATP data (deprecated)](microsoft-defender-atp/powerbi-reports.md)
##### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
##### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md)

66
windows/security/threat-protection/auditing/event-4716.md
View File

@ -154,3 +154,69 @@ For 4716(S): Trusted domain information was modified.
- Any changes in Active Directory domain trust settings must be monitored and alerts should be triggered. If this change was not planned, investigate the reason for the change.
## Anonymous Logon account
If the account reported in the event is **Anonymous Logon**, it means the password is changed by system automatic password reset. For example:
```
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: <time>
Event ID: 4716
Task Category: Authentication Policy Change
Level: Information
Keywords: Audit Success
User: N/A
Computer: <fqdn>
Description:
Trusted domain information was modified. //When trust gets reset, this event generates
Subject:
Security ID: ANONYMOUS LOGON //Confirms that anonymous logon account is reported when Automatic password reset for the trust is performed
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x3E6
```
After the event, one more event ID is generated:
```
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: <time>
Event ID: 4742
Task Category: Computer Account Management
Level: Information
Keywords: Audit Success
User: N/A
Computer: <fqdn>
Description:
A computer account was changed.
Subject:
Security ID: ANONYMOUS LOGON
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x3E6
Computer Account That Was Changed:
Security ID: CONTOSO\CONTOSOPEERTREE$ //OBJECT representing the TRUST object
Account Name: CONTOSOPEERTREE$
Account Domain: CONTOSO
Password Last Set: 10/9/2019 12:02:08 PM
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 10/1/2019 4:02:43 PM
Event ID: 4716
Task Category: Authentication Policy Change
Level: Information
Keywords: Audit Success
User: N/A
Computer: W-REDAD-P01.red.lhgroup.de
Description:
Trusted domain information was modified.
Subject:
Security ID: S-1-5-21-1313371058-2156521407-1595812000-1103 //Shows the respective domain Sid
Account Name: U806391a //Users who has modified the attribute.
Account Domain: RED
Logon ID: 0x16049916
```

7
windows/security/threat-protection/device-guard/memory-integrity.md
View File

@ -11,7 +11,6 @@ ms.pagetype: security
ms.localizationpriority: medium
author: levinec
ms.author: ellevin
ms.date: 08/09/2018
ms.reviewer:
manager: dansimp
---
@ -22,8 +21,6 @@ manager: dansimp
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
Memory integrity is a powerful system mitigation that leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code. Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor. Memory integrity helps block many types of malware from running on computers that run Windows 10 and Windows Server 2016.
> [!NOTE]
> For more information, see [Device protection in Windows Defender Security Center](https://support.microsoft.com/help/4096339/windows-10-device-protection-in-windows-defender-security-center).
Memory integrity is a feature of Windows that ensures code running in the Windows kernel is securely designed and trustworthy. It uses hardware virtualization and Hyper-V to protect Windows kernel mode processes from the injection and execution of malicious or unverified code. The integrity of code that runs on Windows is validated by memory integrity, making Windows resistant to attacks from malicious software. Memory integrity is a powerful security boundary that helps to block many types of malware from running in Windows 10 and Windows Server 2016 environments.
For more information about Windows Security, see [Device protection in Windows Security](https://support.microsoft.com/help/4096339/windows-10-device-protection-in-windows-defender-security-center).

21
windows/security/threat-protection/index.md
View File

@ -136,13 +136,16 @@ Integrate Microsoft Defender Advanced Threat Protection into your existing workf
- [Role-based access control (RBAC)](microsoft-defender-atp/rbac.md)
- [Reporting and trends](microsoft-defender-atp/powerbi-reports.md)
<a name="mtp"></a>
<a name="integration"></a>
**[Integration with Microsoft solutions](microsoft-defender-atp/threat-protection-integration.md)** <br>
Microsoft Defender ATP directly integrates with various Microsoft solutions, including:
- Intune
- Office 365 ATP
- Azure ATP
- Azure Security Center
- Skype for Business
- Microsoft Cloud App Security
**[Microsoft Threat Protection](microsoft-defender-atp/threat-protection-integration.md)** <br>
Microsoft Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace. Bring the power of Microsoft threat protection to your organization.
- [Conditional access](microsoft-defender-atp/conditional-access.md)
- [Office 365 ATP](microsoft-defender-atp/threat-protection-integration.md)
- [Azure ATP](microsoft-defender-atp/threat-protection-integration.md)
- [Azure Security Center](microsoft-defender-atp/threat-protection-integration.md)
- [Skype for Business](microsoft-defender-atp/threat-protection-integration.md)
- [Microsoft Cloud App Security](microsoft-defender-atp/microsoft-cloud-app-security-integration.md)
<a name="mtp"></a>
**[Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)**<br>
With Microsoft Threat Protection, Microsoft Defender ATP and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate and automatically respond to sophisticated attacks.

5
windows/security/threat-protection/intelligence/criteria.md
View File

@ -152,9 +152,7 @@ Microsoft maintains a worldwide network of analysts and intelligence systems whe
## Potentially unwanted application (PUA)
Our PUA protection aims to safeguard user productivity and ensure enjoyable Windows experiences. This optional protection, available to enterprises, helps deliver more productive, performant, and delightful Windows experiences.
Home users can also block downloads from PUA in the new Chromium-based Edge browser by going to **Settings** > **Privacy and services** and turning on **Block potentially unwanted apps**.
Our PUA protection aims to safeguard user productivity and ensure enjoyable Windows experiences. This protection helps deliver more productive, performant, and delightful Windows experiences. For instruction on how to enable PUA protection in Chromium-based Microsoft Edge and Windows Defender Antivirus, see [Detect and block potentially unwanted applications](../windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md).
*PUAs are not considered malware.*
@ -173,3 +171,4 @@ Microsoft uses specific categories and the category definitions to classify soft
* **Evasion software:** Software that actively tries to evade detection by security products, including software that behaves differently in the presence of security products.
* **Poor industry reputation:** Software that trusted security providers detect with their security products. The security industry is dedicated to protecting customers and improving their experiences. Microsoft and other organizations in the security industry continuously exchange knowledge about files we have analyzed to provide users with the best possible protection.

14
windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md
View File

@ -1,8 +1,8 @@
---
title: Top scoring in industry tests
title: Top scoring in industry tests (AV-TEST, AV Comparatives, SE Labs, MITRE ATT&CK)
ms.reviewer:
description: Microsoft Defender ATP consistently achieves high scores in independent tests. View the latest scores and analysis.
keywords: security, malware, av-comparatives, av-test, av, antivirus, windows, defender, scores, endpoint detection and response, next generation protection, MITRE, WDATP
keywords: av-test, av-comparatives, SE labs, MITRE ATT&CK, antivirus test, av testing, security product testing, security industry tests, industry antivirus tests, best antivirus, endpoint protection platform, EPP, endpoint detection and response, EDR, Windows Defender Antivirus, Windows 10, Microsoft Defender Antivirus, WDAV, MDATP, Microsoft Threat Protection, security, malware, av, antivirus, scores, next generation protection
ms.prod: w10
ms.mktglfcycl: secure
ms.sitesec: library
@ -24,7 +24,7 @@ Microsoft Defender Advanced Threat Protection ([Microsoft Defender ATP](https://
[Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) consistently performs highly in independent tests, displaying how it is a top choice in the antivirus market. Keep in mind, these tests only provide results for antivirus and do not test for additional security protections.
Windows Defender Antivirus is the [next generation protection](https://www.youtube.com/watch?v=Xy3MOxkX_o4) capability in the Microsoft Defender ATP security stack that addresses the latest and most sophisticated threats today. In some cases, customers might not even know they were protected because a cyberattack is stopped [milliseconds after a campaign starts](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign). That's because Windows Defender Antivirus detects and stops malware at first sight with [machine learning](https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering), [artificial intelligence](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak), behavioral analysis, and other advanced technologies.
Windows Defender Antivirus is the [next generation protection](https://www.youtube.com/watch?v=Xy3MOxkX_o4) capability in the [Microsoft Defender ATP Windows 10 security stack](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) that addresses the latest and most sophisticated threats today. In some cases, customers might not even know they were protected because a cyberattack is stopped [milliseconds after a campaign starts](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign). That's because Windows Defender Antivirus and other [endpoint protection platform (EPP)](https://www.microsoft.com/security/blog/2019/08/23/gartner-names-microsoft-a-leader-in-2019-endpoint-protection-platforms-magic-quadrant/) capabilities in Microsoft Defender ATP detect and stops malware at first sight with [machine learning](https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering), [artificial intelligence](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak), behavioral analysis, and other advanced technologies.
<br><br>
![String of images showing scores](./images/Transparency-report-November1.png)
@ -94,8 +94,10 @@ MITRE tested the ability of products to detect techniques commonly used by the t
## To what extent are tests representative of protection in the real world?
It is important to remember that Microsoft sees a wider and broader set of threats beyond whats tested in the evaluations highlighted in this topic. For example, in an average month we identify over 100 million new threats. Even if an independent tester can acquire and test 1% of those threats, that is a million tests across 20 or 30 products. In other words, the vastness of the malware landscape makes it extremely difficult to evaluate the quality of protection against real world threats.
Independent security industry tests aim to evaluate the best antivirus and security products in an unbiased manner. However, it is important to remember that Microsoft sees a wider and broader set of threats beyond whats tested in the evaluations highlighted in this topic. For example, in an average month Microsoft's security products identify over 100 million new threats. Even if an independent tester can acquire and test 1% of those threats, that is a million tests across 20 or 30 products. In other words, the vastness of the malware landscape makes it extremely difficult to evaluate the quality of protection against real world threats.
The capabilities within Microsoft Defender ATP provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses?ocid=cx-docs-avreports) that are not factored into industry antivirus tests, and address some of the latest and most sophisticated threats. Isolating AV from the rest of Microsoft Defender ATP creates a partial picture of how Microsoft's security stack operates in the real world. For example, attack surface reduction and endpoint detection & response capabilities can help prevent malware from getting onto devices in the first place. We have proven that [Microsoft Defender ATP components catch samples](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports) that Windows Defender Antivirus missed in these industry tests, which is more representative of how effectively Microsoft's security suite protects customers in the real world.
The capabilities within Microsoft Defender ATP provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses) that are not factored into industry antivirus tests, and address some of the latest and most sophisticated threats. Isolating AV from the rest of Microsoft Defender ATP creates a partial picture of how Microsoft's security stack operates in the real world. For example, attack surface reduction and endpoint detection & response capabilities can help prevent malware from getting onto devices in the first place. We have proven that [Microsoft Defender ATP components catch samples](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA) that Windows Defender Antivirus missed in these industry tests, which is more representative of how effectively Microsoft's security suite protects customers in the real world.
With independent tests, customers can view one aspect of their security suite but can't assess the complete protection of all the security features. Microsoft is highly engaged in working with several independent testers to evolve security testing to focus on the end-to-end security stack. In the meantime, customers can evaluate Microsoft Defender Advanced Threat Protection in their own networks by signing up for a [90-day trial of Microsoft Defender ATP](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=cx-docs-avreports), or [enabling Preview features on existing tenants](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview-settings).
With independent tests, customers can view one aspect of their security suite but can't assess the complete protection of all the security features. Microsoft is highly engaged in working with several independent testers to evolve security testing to focus on the end-to-end security stack.
[Learn more about Microsoft Defender ATP](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) and evaluate it in your own network by signing up for a [90-day trial of Microsoft Defender ATP](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), or [enabling Preview features on existing tenants](../microsoft-defender-atp/preview-settings.md).

2
windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
View File

@ -67,7 +67,7 @@ If successful, this method returns 200 - Ok response code and the updated Machin
Here is an example of a request that adds machine tag.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/tags

2
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
View File

@ -25,7 +25,7 @@ ms.date: 10/08/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
[!include[Prerelease information](prerelease.md)]
[!include[Prerelease information](../../includes/prerelease.md)]
The [Advanced hunting](advanced-hunting-overview.md) schema is made up of multiple tables that provide either event information or information about machines and other entities. To effectively build queries that span multiple tables, you need to understand the tables and the columns in the Advanced hunting schema.

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md
View File

@ -24,9 +24,9 @@ ms.date: 11/12/2019
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
[!include[Prerelease information](prerelease.md)]
[!include[Prerelease information](../../includes/prerelease.md)]
Each row in the DeviceTvmSecureConfigurationAssessment table contains an assessment event for a specific security configuration from [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md). Use this reference to check the latest assessment results and determine whether devices are compliant.

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md
View File

@ -24,9 +24,9 @@ ms.date: 11/12/2019
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
[!include[Prerelease information](prerelease.md)]
[!include[Prerelease information](../../includes/prerelease.md)]
The DeviceTvmSecureConfigurationAssessmentKB table in the Advanced hunting schema contains information about the various secure configurations — such as whether a device has automatic updates on — checked by [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md). It also includes risk information, related industry benchmarks, and applicable MITRE ATT&CK techniques and tactics. Use this reference to construct queries that return information from the table.

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md
View File

@ -24,10 +24,10 @@ ms.date: 11/12/2019
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
[!include[Prerelease information](prerelease.md)]
[!include[Prerelease information](../../includes/prerelease.md)]
The DeviceTvmSoftwareInventoryVulnerabilities table in the Advanced hunting schema contains the [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) inventory of software on your devices as well as any known vulnerabilities in these software products. This table also includes operating system information, CVE IDs, and vulnerability severity information. Use this reference to construct queries that return information from the table.

4
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md
View File

@ -24,9 +24,9 @@ ms.date: 11/12/2019
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
[!include[Prerelease information](prerelease.md)]
[!include[Prerelease information](../../includes/prerelease.md)]
The DeviceTvmSoftwareInventoryVulnerabilities table in the Advanced hunting schema contains the list of vulnerabilities [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) assesses devices for. Use this reference to construct queries that return information from the table.

2
windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
View File

@ -65,7 +65,7 @@ If successful, this method returns 201 - Created response code and [Machine Acti
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
POST https://api.securitycenter.windows.com/api/machines/fb9ab6be3965095a09c057be7c90f0a2/collectInvestigationPackage

2
windows/security/threat-protection/microsoft-defender-atp/configure-and-manage-tvm.md
View File

@ -21,7 +21,7 @@ ms.topic: article
**Applies to:**
- [Microsoft Defender Advanced Threat Protection Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
[!include[Prerelease information](../../includes/prerelease.md)]
This section guides you through the steps you need to take to configure Threat & Vulnerability Management's integration with Microsoft Intune or Microsoft System Center Configuration Manager (SCCM) for a seamless collaboration of issue remediation.

2
windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md
View File

@ -29,7 +29,7 @@ ms.date: 09/03/2018
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
[!include[Prerelease information](prerelease.md)]
[!include[Prerelease information](../../includes/prerelease.md)]
You'll need to take the following configuration steps to enable the managed security service provider (MSSP) integration.

2
windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
View File

@ -76,7 +76,7 @@ If successful, this method returns 200 OK, and a new [alert](alerts.md) object i
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
POST https://api.securitycenter.windows.com/api/alerts/CreateAlertByReference

414
windows/security/threat-protection/microsoft-defender-atp/custom-ti-api.md
View File

@ -1,414 +0,0 @@
---
title: Create custom alerts using the threat intelligence API
description: Create your custom alert definitions and indicators of compromise in Microsoft Defender ATP using the available APIs in Windows Enterprise, Education, and Pro editions.
keywords: alert definitions, indicators of compromise, threat intelligence, custom threat intelligence, rest api, api
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Create custom alerts using the threat intelligence (TI) application program interface (API) (Deprecated)
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-customti-abovefoldlink)
You can define custom alert definitions and indicators of compromise (IOC) using the threat intelligence API. Creating custom threat intelligence alerts allows you to generate specific alerts that are applicable to your organization.
## Before you begin
Before creating custom alerts, you'll need to enable the threat intelligence application in Azure Active Directory and generate access tokens. For more information, see [Enable the custom threat intelligence application](enable-custom-ti.md).
### Use the threat intelligence REST API to create custom threat intelligence alerts
You can call and specify the resource URLs using one of the following operations to access and manipulate a threat intelligence resource:
- GET
- POST
- PATCH
- PUT (used for managing entities relations only)
- DELETE
All threat intelligence API requests use the following basic URL pattern:
```
https://TI.SecurityCenter.Windows.com/{version}/{resource}?[query_parameters]
```
For this URL:
- `https://TI.SecurityCenter.Windows.com` is the threat intelligence API endpoint.
- `{version}` is the target service version. Currently, the only supported version is: v1.0.
- `{resource}` is resource segment or path, such as:
- AlertDefinitions (for specific single resource, add: (id))
- IndicatorsOfCompromise (for specific single resource, add: (id))
- `[query_parameters]` represents additional query parameters such as $filter and $select.
**Quotas**</br>
Each tenant has a defined quota that limits the number of possible alert definitions, IOCs and another quota for IOCs of Action different than “equals” in the system. If you upload data beyond this quota, you'll encounter an HTTP error status code 507 (Insufficient Storage).
## Request an access token from the token issuing endpoint
Microsoft Defender ATP Threat Intelligence API uses OAuth 2.0. In the context of Microsoft Defender ATP, the alert definitions are a protected resource. To issue tokens for ad-hoc, non-automatic operations you can use the **Settings** page and click the **Generate Token** button. However, if youd like to create an automated client, you need to use the “Client Credentials Grant” flow. For more information, see the [OAuth 2.0 authorization framework](https://tools.ietf.org/html/rfc6749#section-4.4).
For more information about the authorization flow, see [OAuth 2.0 authorization flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-protocols-oauth-code#oauth-20-authorization-flow).
Make an HTTP POST request to the token issuing endpoint with the following parameters, replacing `<ClientId>`, `<ClientSecret>`, and `<AuthorizationServerUrl>` with your app's client ID, client secret and authorization server URL.
>[!NOTE]
> The authorization server URL is `https://login.windows.net/<AADTenantID>/oauth2/token`. Replace `<AADTenantID>` with your Azure Active Directory tenant ID.
>[!NOTE]
> The `<ClientId>`, `<ClientSecret>`, and the `<AuthorizationServerUrl>` are all provided to you when enabling the custom threat intelligence application. For more information, see [Enable the custom threat intelligence application](enable-custom-ti.md).
```
POST <AuthorizationServerUrl> HTTP/1.1
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id=<ClientId>
&client_secret=<ClientSecret>
&resource=https://graph.microsoft.com
```
The response will include an access token and expiry information.
```json
{
"token_type": "Bearer",
"expires_in": "3599",
"ext_expires_in": "0",
"expires_on": "1449685363",
"not_before": "1449681463",
"resource": "https://graph.microsoft.com",
"access_token": "<token>"
}
```
## Threat intelligence API metadata
The metadata document ($metadata) is published at the service root.
For example, you can view the service document for the v1.0 version using the following URL:
```
https://TI.SecurityCenter.Windows.com/v1.0/$metadata
```
The metadata allows you to see and understand the data model of the custom threat intelligence, including the entity types and sets, complex types, and enums that make up the request and response packets sent to and from the threat intelligence API.
You can use the metadata to understand the relationships between entities in the custom threat intelligence and establish URLs that navigate between entities.
The following sections show a few basic programming pattern calls to the threat intelligence API.
## Create new resource
Typically, you'd need to create an alert definition to start creating custom threat intelligence. An ID is created for that alert definition.
You can then proceed to create an indicator of compromise and associate it to the ID of the alert definition.
### Create a new alert definition
```json
POST https://TI.SecurityCenter.Windows.com/v1.0/AlertDefinitions HTTP/1.1
Authorization: Bearer <access_token>
Content-Type: application/json;
{
"Name": " The name of the alert definition. Does not appear in the portal. Max length: 100 ",
"Severity": "Low",
"InternalDescription": "Internal description for the alert definition. Does not appear in the portal. Max length: 350",
"Title": "A short, one sentence, description of the alert definition. Max length: 120",
"UxDescription": "Max length: 500",
"RecommendedAction": "Custom text to explain what should be done in case of detection. Max length: 2000",
"Category": "Category from the metadata",
"Enabled": true
}
```
The following values correspond to the alert sections surfaced on Microsoft Defender Security Center:
![Image of alert from the portal](images/atp-custom-ti-mapping.png)
Highlighted section | JSON key name
:---:|:---
1 | Title
2 | Severity
3 | Category
4 | UX description
5 | Recommended Action
If successful, you should get a 201 CREATED response containing the representation of the newly created alert definition, for example:
```json
"Name": "Connection to restricted company IP address",
"Severity": "Low",
"InternalDescription": "Unusual connection to restricted IP from production machine",
"Title": "Connection to restricted company IP address",
"UxDescription": "Any connection to this IP address from a production machine should be suspicious. Only special build machines should access this IP address.",
"RecommendedAction": "Isolate machine immediately and contact machine owner for awareness.",
"Category": "Trojan",
"Id": 2,
"CreatedAt": "2017-02-01T10:46:22.08Z",
"CreatedBy": "User1",
"LastModifiedAt": null,
"LastModifiedBy": null,
"Enabled": true
```
### Create a new indicator of compromise
```json
POST https://TI.SecurityCenter.Windows.com/v1.0/IndicatorsOfCompromise HTTP/1.1
Authorization: Bearer <access_token>
Content-Type: application/json;
{
"Type": "SHA1",
"Value": "8311e8b377736fb93b18b15372355f3f26c4cd29",
"DetectionFunction": "Equals",
"Enabled": true,
"AlertDefinition@odata.bind": "AlertDefinitions(1)"
}
```
If successful, you should get a 201 CREATED response containing the representation of the newly created indicators of compromise in the payload.
The API currently supports the following IOC types:
- Sha1
- Sha256
- Md5
- IpAddress
- DomainName
And the following operators:
- Equals
- StartWith
- EndWith
- Contains
## Bulk upload of alert definitions and IOCs
Bulk upload of multiple entities can be done by sending an HTTP POST request to `/{resource}/Actions.BulkUpload`. </br>
>[!WARNING]
>- This operation is atomic. The entire operation can either succeed or fail. If one alert definition or IOC has a malformed property, the entire upload will fail.
>- If your upload exceeds the IOCs or alert definitions quota, the entire operation will fail. Consider limiting your uploads.
The requests body should contain a single JSON object with a single field. The name of the field in the case that the entity is alert definition is `alertDefinitions` and in the case of IOC is `iocs`. This fields value should contain a list of the desired entities.
For example:
Sending an HTTP POST to https://TI.SecurityCenter.Windows.com/V1.0/IndicatorsOfCompromise/Actions.BulkUpload
JSON Body:
```json
{
"iocs": [{
"Type": "SHA1",
"Value": "b68e0b50420dbb03cb8e56a927105bf4b06f3793",
"DetectionFunction": "Equals",
"Enabled": true,
"AlertDefinition@odata.bind": "AlertDefinitions(1)"
},
{
"Type": "SHA1",
"Value": "b68e0b50420dbb03cb8e56a927105bf4b06f3793",
"DetectionFunction": "Equals",
"Enabled": true,
"AlertDefinition@odata.bind": "AlertDefinitions(1)"
}
]
}
```
>[!NOTE]
> - Max bulk size is 5000 entities
## Read existing data
### Get a specific resource
```json
GET https://TI.SecurityCenter.Windows.com/v1.0/IndicatorsOfCompromise(1) HTTP/1.1
Authorization: Bearer <access_token>
Accept: application/json;odata.metadata=none
```
If successful, you should get a 200 OK response containing a single indicator of compromise representation (for the specified ID) in the payload, as shown as follows:
```json
HTTP/1.1 200 OK
content - type: application/json;odata.metadata = none
{
"value": [{
"Type": "SHA1",
"Value": "abcdeabcde1212121212abcdeabcde1212121212",
"DetectionFunction": "Equals",
"ExpiresAt": null,
"Id": 1,
"CreatedAt": "2016-12-05T15:51:02Z",
"CreatedBy": "user2@Company1.contoso.com",
"LastModifiedAt": null,
"LastModifiedBy": null,
"Enabled": true
}]
}
```
### Get the entire collection of entities of a given resource
```
GET https://TI.SecurityCenter.Windows.com/v1.0/AlertDefinitions HTTP/1.1
Authorization: Bearer <access_token>
```
If successful, you should get a 200 OK response containing the collection of alert definitions representation in the payload, as shown as follows:
```json
HTTP/1.1 200 OK
content - type: application / json;odata.metadata = none
{
"@odata.context": "https://TI.SecurityCenter.Windows.com/V1.0/$metadata#AlertDefinitions",
"value": [{
"Name": "Demo alert definition",
"Severity": "Medium",
"InternalDescription": "Some description",
"Title": "Demo short ux description",
"UxDescription": "Demo ux description",
"RecommendedAction": "Actions",
"Category": "Malware",
"Id": 1,
"CreatedAt": "2016-12-05T15:50:53Z",
"CreatedBy": "user@Company1.contoso.com",
"LastModifiedAt": null,
"LastModifiedBy": null,
"Enabled": true
},
{
"Name": "Demo alert definition 2",
"Severity": "Low",
"InternalDescription": "Some description",
"Title": "Demo short ux description2",
"UxDescription": "Demo ux description2",
"RecommendedAction": null,
"Category": "Malware",
"Id": 2,
"CreatedAt": "2016-12-06T13:30:00Z",
"CreatedBy": "user2@Company1.contoso.com",
"LastModifiedAt": null,
"LastModifiedBy": null,
"Enabled": true
}
]
}
```
## Update an existing resource
You can use the same pattern for both full and partial updates.
```json
PATCH https://TI.SecurityCenter.Windows.com/v1.0/AlertDefinitions(2) HTTP/1.1
Authorization: Bearer <access_token>
Content-Type: application/json;
Accept: application/json;odata.metadata=none
{
"Category": "Backdoor",
"Enabled": false
}
```
If successful, you should get a 200 OK response containing the updated alert definition representation (per the specified ID) in the payload.
## Update the association (relation) between an indicator of compromise to a different alert definition
```json
PUT https://TI.SecurityCenter.Windows.com/v1.0/IndicatorsOfCompromise(3)/AlertDefinition/$ref HTTP/1.1
Authorization : Bearer <access_token>
Content-Type: application/json;
{
"@odata.id": "https://TI.SecurityCenter.Windows.com/v1.0/AlertDefinitions(6)"
}
```
## Delete a resource
```
DELETE https://TI.SecurityCenter.Windows.com/v1.0/IndicatorsOfCompromise(1) HTTP/1.1
Authorization: Bearer <access_token>
```
If successful, you should get a 204 NO CONTENT response.
>[!NOTE]
> - Deleting an alert definition also deletes its corresponding IOCs.
> - Deleting an IOC or an alert definition will not delete or hide past alerts matching the alert definition. However, deleting an alert definition and creating a new one with the exact same metadata will result in new alerts in the portal. It's not advised to delete an alert definition and create a new one with the same content.
## Delete all
You can use the HTTP DELETE method sent to the relevant source to delete all resources.
```
DELETE https://TI.SecurityCenter.Windows.com/v1.0/IndicatorsOfCompromise HTTP/1.1
Authorization : Bearer <access_token>
```
If successful, you should get a 204 NO CONTENT response.
## Delete all IOCs connected to a given alert definition
This action will delete all the IOCs associated with a given alert definition without deleting the alert definition itself.
For example, deleting all of the IOCs associated with the alert definition with ID `1` deletes all those IOCs without deleting the alert definition itself.
Send an HTTP POST to `https://TI.SecurityCenter.Windows.com/V1.0/AlertDefinitions(1)/Actions.DeleteIOCs`.
Upon a successful request the response will be HTTP 204.
>[!NOTE]
> As with all OData actions, this action is sending an HTTP POST request not DELETE.
## Microsoft Defender ATP optional query parameters
The Microsoft Defender ATP threat intelligence API provides several optional query parameters that you can use to specify and control the amount of data returned in a response. The threat intelligence API supports the following query options:
Name | Value | Description
:---|:---|:--
$select | string | Comma-separated list of properties to include in the response.
$expand | string | Comma-separated list of relationships to expand and include in the response.
$orderby | string | Comma-separated list of properties that are used to sort the order of items in the response collection.
$filter | string | Filters the response based on a set of criteria.
$top | int | The number of items to return in a result set.
$skip | int | The number of items to skip in a result set.
$count | boolean | A collection and the number of items in the collection.
These parameters are compatible with the [OData V4 query language](http://docs.oasis-open.org/odata/odata/v4.0/errata03/os/complete/part2-url-conventions/odata-v4.0-errata03-os-part2-url-conventions-complete.html#_Toc453752356).
## Code examples
The following articles provide detailed code examples that demonstrate how to use the custom threat intelligence API in several programming languages:
- [PowerShell code examples](powershell-example-code.md)
- [Python code examples](python-example-code.md)
## Related topics
- [Understand threat intelligence concepts](threat-indicator-concepts.md)
- [Enable the custom threat intelligence API in Microsoft Defender ATP](enable-custom-ti.md)
- [PowerShell code examples for the custom threat intelligence API](powershell-example-code.md)
- [Python code examples for the custom threat intelligence API](python-example-code.md)
- [Experiment with custom threat intelligence alerts](experiment-custom-ti.md)
- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md)

2
windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
View File

@ -42,7 +42,7 @@ Application | Ti.ReadWrite.All | 'Read and write Indicators'
Delete https://api.securitycenter.windows.com/api/indicators/{id}
```
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
## Request headers

2
windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md
View File

@ -47,7 +47,7 @@ Enable security information and event management (SIEM) integration so you can p
> [!WARNING]
>The client secret is only displayed once. Make sure you keep a copy of it in a safe place.<br>
For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti.md#learn-how-to-get-a-new-client-secret).
![Image of SIEM integration from Settings menu](images/siem_details.png)

161
windows/security/threat-protection/microsoft-defender-atp/experiment-custom-ti.md
View File

@ -1,161 +0,0 @@
---
title: Experiment with custom threat intelligence alerts
description: Use this end-to-end guide to start using the Microsoft Defender ATP threat intelligence API.
keywords: alert definitions, indicators of compromise, threat intelligence, custom threat intelligence, rest api, api
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 11/09/2017
---
# Experiment with custom threat intelligence (TI) alerts (Deprecated)
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-experimentcustomti-abovefoldlink)
With the Microsoft Defender ATP threat intelligence API, you can create custom threat intelligence alerts that can help you keep track of possible attack activities in your organization.
For more information about threat intelligence concepts, see [Understand threat intelligence concepts](threat-indicator-concepts.md).
This article demonstrates an end-to-end usage of the threat intelligence API to get you started in using the threat intelligence API.
You'll be guided through sample steps so you can experience how the threat intelligence API feature works. Sample steps include creating alerts definitions and indicators of compromise (IOCs), and examples of how triggered custom TI alerts look like.
## Step 1: Enable the threat intelligence API and obtain authentication details
To use the threat intelligence API feature, you'll need to enable the feature. For more information, see [Enable the custom threat intelligence application](enable-custom-ti.md).
This step is required to generate security credentials that you need to use while working with the API.
## Step 2: Create a sample alert definition and IOCs
This step will guide you in creating an alert definition and an IOC for a malicious IP.
1. Open a Windows PowerShell ISE.
2. Copy and paste the following PowerShell script. This script will upload a sample alert definition and IOC to Microsoft Defender ATP which you can use to generate an alert.
NOTE:
Make sure you replace the authUrl, clientId, and clientSecret values with your details which you saved in when you enabled the threat intelligence application.
~~~~
$authUrl = 'Your Authorization URL'
$clientId = 'Your Client ID'
$clientSecret = 'Your Client Secret'
Try
{
$tokenPayload = @{
"resource" = 'https://graph.windows.net'
"client_id" = $clientId
"client_secret" = $clientSecret
"grant_type"='client_credentials'}
"Fetching an access token"
$response = Invoke-RestMethod $authUrl -Method Post -Body $tokenPayload
$token = $response.access_token
"Token fetched successfully"
$headers = @{
"Content-Type" = "application/json"
"Accept" = "application/json"
"Authorization" = "Bearer {0}" -f $token }
$apiBaseUrl = "https://ti.securitycenter.windows.com/V1.0/"
$alertDefinitionPayload = @{
"Name" = "Test Alert"
"Severity" = "Medium"
"InternalDescription" = "A test alert used to demonstrate the Microsoft Defender ATP TI API feature"
"Title" = "Test alert."
"UxDescription" = "This is a test alert based on a sample custom alert definition. This alert was triggered manually using a provided test command. It indicates that the Threat Intelligence API has been properly enabled."
"RecommendedAction" = "No recommended action for this test alert."
"Category" = "SuspiciousNetworkTraffic"
"Enabled" = "true"}
"Creating an Alert Definition"
$alertDefinition =
Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) `
-Method Post -Headers $headers -Body ($alertDefinitionPayload | ConvertTo-Json)
"Alert Definition created successfully"
$alertDefinitionId = $alertDefinition.Id
$iocPayload = @{
"Type"="IpAddress"
"Value"="52.184.197.12"
"DetectionFunction"="Equals"
"Enabled"="true"
"AlertDefinition@odata.bind"="AlertDefinitions({0})" -f $alertDefinitionId }
"Creating an Indicator of Compromise"
$ioc =
Invoke-RestMethod ("{0}IndicatorsOfCompromise" -f $apiBaseUrl) `
-Method Post -Headers $headers -Body ($iocPayload | ConvertTo-Json)
"Indicator of Compromise created successfully"
"All done!"
}
Catch
{
"Something went wrong! Got the following exception message: {0}" -f $_.Exception.Message
}
~~~~
3. Run the script and verify that the operation succeeded in the results the window. Wait up to 20 minutes until the new or updated alert definition propagates to the detection engines.
![Image of the script running](images/atp-running-script.png)
NOTE:<br>
If you get the exception “The remote server returned an error: (407) Proxy Authentication Required", you need to add the proxy configuration by adding the following code to the PowerShell script:
~~~~
$webclient=New-Object System.Net.WebClient
$creds=Get-Credential
$webclient.Proxy.Credentials=$creds
~~~~
## Step 3: Simulate a custom TI alert
This step will guide you in simulating an event in connection to a malicious IP that will trigger the Microsoft Defender ATP custom TI alert.
1. Open a Windows PowerShell ISE in the machine you onboarded to Microsoft Defender ATP.
2. Type `Invoke-WebRequest 52.184.197.12` in the editor and click **Run**. This call will generate a network communication event to a Microsoft's dedicated demo server that will raise an alert based on the custom alert definition.
![Image of editor with command to Invoke-WebRequest](images/atp-simulate-custom-ti.png)
## Step 4: Explore the custom alert in the portal
This step will guide you in exploring the custom alert in the portal.
1. Open [Microsoft Defender Security Center](http://securitycenter.windows.com/) on a browser.
2. Log in with your Microsoft Defender ATP credentials.
3. The dashboard should display the custom TI alert for the victim machine resulting from the simulated attack.
![Image of sample custom ti alert in the portal](images/atp-sample-custom-ti-alert.png)
> [!NOTE]
> There is a latency time of approximately 20 minutes between the time a custom TI is introduced and when it becomes effective.
## Related topics
- [Understand threat intelligence concepts](threat-indicator-concepts.md)
- [Enable the custom threat intelligence API in Microsoft Defender ATP](enable-custom-ti.md)
- [Create custom alerts using the threat intelligence API](custom-ti-api.md)
- [PowerShell code examples for the custom threat intelligence API](powershell-example-code.md)
- [Python code examples for the custom threat intelligence API](python-example-code.md)
- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md)

2
windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
View File

@ -67,7 +67,7 @@ If the timestamp is not in the past 30 days - 400 Bad Request.
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
GET https://api.securitycenter.windows.com/api/machines/findbyip(ip='10.248.240.38',timestamp=2018-09-22T08:44:05Z)

2
windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md
View File

@ -64,7 +64,7 @@ If successful, this method returns 200 OK, and the [alert](alerts.md) entity in
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
GET https://api.securitycenter.windows.com/api/alerts/441688558380765161_2136280442

2
windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md
View File

@ -61,7 +61,7 @@ If successful and alert and domain exist - 200 OK. If alert not found - 404 Not
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
GET https://api.securitycenter.windows.com/alerts/636688558380765161_2136280442/domains

2
windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md
View File

@ -61,7 +61,7 @@ If successful and alert and files exist - 200 OK. If alert not found - 404 Not F
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
GET https://api.securitycenter.windows.com/api/alerts/636688558380765161_2136280442/files

2
windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md
View File

@ -62,7 +62,7 @@ If successful and alert and an IP exist - 200 OK. If alert not found - 404 Not F
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
GET https://api.securitycenter.windows.com/alerts/636688558380765161_2136280442/ips

2
windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md
View File

@ -63,7 +63,7 @@ If successful and alert and machine exist - 200 OK. If alert not found or machin
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```

2
windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md
View File

@ -62,7 +62,7 @@ If successful and alert and a user exists - 200 OK with user in the body. If ale
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```

2
windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
View File

@ -78,7 +78,7 @@ Here is an example of the request.
GET https://api.securitycenter.windows.com/api/alerts
```
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
**Response**

2
windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md
View File

@ -63,7 +63,7 @@ If successful and domain exists - 200 OK with list of [alert](alerts.md) entitie
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
GET https://api.securitycenter.windows.com/api/domains/client.wns.windows.com/alerts

2
windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md
View File

@ -62,7 +62,7 @@ If successful and domain exists - 200 OK with list of [machine](machine.md) enti
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```

2
windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md
View File

@ -60,7 +60,7 @@ If successful and domain exists - 200 OK, with statistics object in the response
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
GET https://api.securitycenter.windows.com/api/domains/example.com/stats

2
windows/security/threat-protection/microsoft-defender-atp/get-file-information.md
View File

@ -59,7 +59,7 @@ If successful and file exists - 200 OK with the [file](files.md) entity in the b
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
GET https://api.securitycenter.windows.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1

2
windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md
View File

@ -64,7 +64,7 @@ If successful and file exists - 200 OK with list of [alert](alerts.md) entities
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
GET https://api.securitycenter.windows.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/alerts

2
windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md
View File

@ -64,7 +64,7 @@ If successful and file exists - 200 OK with list of [machine](machine.md) entiti
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
GET https://api.securitycenter.windows.com/api/files/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/machines

2
windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md
View File

@ -61,7 +61,7 @@ If successful and file exists - 200 OK with statistical data in the body. If fil
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
GET https://api.securitycenter.windows.com/api/files/6532ec91d513acc05f43ee0aa3002599729fd3e1/stats

2
windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md
View File

@ -64,7 +64,7 @@ If successful and IP exists - 200 OK with list of [alert](alerts.md) entities in
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```

2
windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
View File

@ -61,7 +61,7 @@ If successful and ip exists - 200 OK with statistical data in the body. IP do no
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
GET https://api.securitycenter.windows.com/api/ips/10.209.67.177/stats

2
windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md
View File

@ -66,7 +66,7 @@ If machine with the specified id was not found - 404 Not Found.
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
GET https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07

2
windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md
View File

@ -62,7 +62,7 @@ If successful and machine exist - 200 OK with list of [user](user.md) entities i
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
GET https://api.securitycenter.windows.com/api/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/logonusers

2
windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md
View File

@ -62,7 +62,7 @@ If successful and machine exists - 200 OK with list of [alert](alerts.md) entiti
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```

2
windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md
View File

@ -61,7 +61,7 @@ If successful, this method returns 200, Ok response code with a [Machine Action]
Here is an example of the request.
[!include[Improve request performance](improve-request-performance.md)]
[!include[Improve request performance](../../includes/improve-request-performance.md)]
```
GET https://api.securitycenter.windows.com/api/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba

Some files were not shown because too many files have changed in this diff Show More