diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 823dd6a8eb..3ea273da43 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -1053,7 +1053,7 @@ { "source_path": "windows/whats-new/security.md", "redirect_url": "/itpro/windows/keep-secure/overview-of-threat-mitigations-in-windows-10", - "redirect_document_id": true + "redirect_document_id": false }, ] } \ No newline at end of file diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 05fc597867..110429fbf6 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -5,17 +5,20 @@ author: eross-msft ms.prod: edge ms.mktglfcycl: explore ms.sitesec: library -title: Available policies for Microsoft Edge (Microsoft Edge for IT Pros) +title: Available Group Policy and Mobile Data Management (MDM) settings for Microsoft Edge (Microsoft Edge for IT Pros) localizationpriority: high --- -# Available Group Policy and Mobile Data Management (MDM) settings policies for Microsoft Edge +# Available Group Policy and Mobile Data Management (MDM) settings for Microsoft Edge **Applies to:** - Windows 10, Windows Insider Program - Windows 10 Mobile, Windows Insider Program +> [!IMPORTANT] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPO's) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain. diff --git a/education/windows/index.md b/education/windows/index.md index 9554614c4c..f8db1c0562 100644 --- a/education/windows/index.md +++ b/education/windows/index.md @@ -63,7 +63,12 @@ author: CelesteDG

[Upgrade Windows 10 Pro to Pro Education from Windows Store for Business](windows-10-pro-to-pro-edu-upgrade.md)
If you have an education tenant and use Windows 10 Pro in your schools now, find out how you can opt-in to a free upgrade to Windows 10 Pro Education.

+<<<<<<< HEAD +
+

+=======

+>>>>>>> e04a8c5905ed4bcb1df7b6b60d48146df9095a12
diff --git a/smb/TOC.md b/smb/TOC.md index 4c2433fafc..2b4214e907 100644 --- a/smb/TOC.md +++ b/smb/TOC.md @@ -1 +1,2 @@ -# [SMB](index.md) +# [Windows 10 for SMB](index.md) +## [Get started: Deploy and manage a full cloud IT solution for your business](cloud-mode-business-setup.md) diff --git a/smb/cloud-mode-business-setup.md b/smb/cloud-mode-business-setup.md new file mode 100644 index 0000000000..5c56cb0492 --- /dev/null +++ b/smb/cloud-mode-business-setup.md @@ -0,0 +1,578 @@ +--- +title: Deploy and manage a full cloud IT solution for your business +description: Learn how to set up a cloud infrastructure for your business, acquire devices and apps, and configure and deploy policies to your devices. +keywords: smb, full cloud IT solution, small to medium business, deploy, setup, manage, Windows, Intune, Office 365 +ms.prod: w10 +ms.technology: smb-windows +ms.topic: hero-article +ms.author: celested +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: smb +author: CelesteDG +--- + +![Are you ready to move to the cloud?](images/business-cloud-mode.png) + +# Get started: Deploy and manage a full cloud IT solution for your business +**Applies to:** + +- Office 365 Business Premium, Azure AD Premium, Intune, Windows Store for Business, Windows 10 + +In this walkthrough, we'll show you how to deploy and manage a full cloud IT solution for your small to medium business using Office 365 Business Premium, Microsoft Azure AD, Intune, Windows Store for Business, and Windows 10. We'll show you the basics on how to: +- Acquire an Office 365 business domain +- Add Microsoft Intune and Azure Active Directory (AD) Premium licenses to your business tenant +- Set up Windows Store for Business and manage app deployment and sync with Intune +- Add users and groups in Azure AD and Intune +- Create policies and app deployment rules +- Log in as a user and start using your Windows device + +Go to the Microsoft Business site and select **Products** to learn more about pricing and purchasing options for your business. + +## Prerequisites +Here's a few things to keep in mind before you get started: +- You'll need a registered domain to successfully go through the walkthrough. + - If you already own a domain, you can add this during the Office 365 setup. + - If you don't already own a domain, you'll have the option to purchase a domain from the Office 365 admin center. We'll show how to do this as part of the walkthrough. +- You'll need an email address to create your Office 365 tenant. +- We recommend that you use Internet Explorer for the entire walkthrough. Right click on Internet Explorer and then choose **Start InPrivate Browsing**. + +## 1. Set up your cloud infrastructure +To set up a cloud infrastructure for your organization, follow the steps in this section. + +### 1.1 Set up Office 365 for business +See Set up Office 365 for business to learn more about the setup steps for businesses and nonprofits who have Office 365. You can watch video and learn how to: +- Plan your setup +- Create Office 365 accounts and how to add your domain. +- Install Office + +To set up your Office 365 business tenant, see Get Started with Office 365 for business. + +If this is the first time you're setting this up, and you'd like to see how it's done, you can follow these steps to get started: + +1. Go to the Office 365 page in the Microsoft Business site. Select **Try now** to use the Office 365 Business Premium Trial or select **Buy now** to sign up for Office 365 Business Premium. In this walkthrough, we'll select **Try now**. + + **Figure 1** - Try or buy Office 365 + + ![Office 365 for business sign up](images/office365_tryorbuy_now.png) + +2. Fill out the sign up form and provide information about you and your company. +3. Create a user ID and password to use to sign into your account. + + This step creates an onmicrosoft.com email address. You can use this email address to sign in to the various admin centers. Save your sign-in info so you can use it to sign into https://portal.office.com (the admin portal). + +4. Select **Create my account** and then enter the phone number you used in step 2 to verify your identity. You'll be asked to enter your verification code. +5. Select **You're ready to go...** which will take you to the Office 365 portal. + + > [!NOTE] + > In the Office 365 portal, icons that are greyed out are still installing. + + **Figure 2** - Office 365 portal + + ![Office 365 portal](images/office365_portal.png) + + +6. Select the **Admin** tile to go to the Office 365 admin center. +7. In the admin center, click **Next** to see the highlights and welcome info for the admin center. When you're done, click **Go to setup** to complete the Office 365 setup. + + This may take up to a half hour to complete. + + **Figure 3** - Office 365 admin center + + ![Office 365 admin center](images/office365_admin_portal.png) + + +8. Go back to the Office 365 admin center to add or buy a domain. + 1. Select the **Domains** option. + + **Figure 4** - Option to add or buy a domain + + ![Add or buy a domain in Office 365 admin center](images/office365_buy_domain.png) + + + 2. In the **Home > Domains** page, you will see the Microsoft-provided domain, such as *fabrikamdesign.onmicrosoft.com*. + + **Figure 5** - Microsoft-provided domain + + ![Microsoft-provided domain](images/office365_ms_provided_domain.png) + + - If you already have a domain, select **+ Add domain** to add your existing domain. If you select this option, you'll be required to verify that you own the domain. Follow the steps in the wizard to verify your domain. + - If you don't already own a domain, select **+ Buy domain**. If you're using a trial plan, you'll be required to upgrade your trial plan in order to buy a domain. Choose the subscription plan to use for your business and provide the details to complete your order. + + Once you've added your domain, you'll see it listed in addition to the Microsoft-provided onmicrosoft.com domain. + + **Figure 6** - Domains + + ![Verify your domains in Office 365 admin center](images/office365_additional_domain.png) + +### 1.2 Add users and assign product licenses +Once you've set up Office and added your domain, it's time to add users so they have access to Office 365. People in your organization need an account before they can sign in and access Office 365. The easiest way to add users is to add them one at a time in the Office 365 admin center. + +When adding users, you can also assign admin privileges to certain users in your team. You'll also want to assign **Product licenses** to each user so that subscriptions can be assigned to the person. + +**To add users and assign product licenses** + +1. In the Office 365 admin center, select **Users > Active users**. + + **Figure 7** - Add users + + ![Add Office 365 users](images/office365_users.png) + +2. In the **Home > Active users** page, add users individually or in bulk. + - To add users one at a time, select **+ Add a user**. + + If you select this option, you'll see the **New user** screen and you can add details about the new user including their name, user name, role, and so on. You also have the opportunity to assign **Product licenses**. For detailed step-by-step info on adding a user account, see *Add a user account in the Office 365 admin center* in Add users individually or in bulk to Office 365 - Admin Help. + + **Figure 8** - Add an individual user + + ![Add an individual user](images/office365_add_individual_user.png) + + - To add multiple users at once, select **More** and then choose **+ Import multiple users**. If you select this option, you'll need to create and upload a CSV file containing the list of users. + + The **Import multiple users** screen includes a link where you can learn more about importing multiple users and also links for downloading a sample CSV file (one with headers only and another with headers and sample user information). For detailed step-by-step info on adding multiple users to Office 365, see Add several users at the same time to Office 365 - Admin Help. Once you've added all the users, don't forget to assign **Product licenses** to the new users. + + **Figure 9** - Import multiple users + + ![Import multiple users](images/office365_import_multiple_users.png) + +3. Verify that all the users you added appear in the list of **Active users**. The **Status** should indicate the product licenses that were assigned to them. + + **Figure 10** - List of active users + + ![Verify users and assigned product licenses](images/o365_active_users.png) + +### 1.3 Add Microsoft Intune +Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see What is Intune? + +**To add Microsoft Intune to your tenant** + +1. In the Office 365 admin center, select **Billing > Purchase services**. +2. In the **Home > Purchase services** screen, search for **Microsoft Intune**. Hover over **Microsoft Intune** to see the options to start a free 30-day trial or to buy now. +3. Confirm your order to enable access to Microsoft Intune. +4. In the admin center, the Intune licenses will show as available and ready to be assigned to users. Select **Users > Active users** and then edit the product licenses assigned to the users to turn on **Intune A Direct**. + + **Figure 11** - Assign Intune licenses + + ![Assign Microsoft Intune licenses to users](images/o365_assign_intune_license.png) + +5. In the admin center, confirm that **Intune** shows up in the list under **Admin centers**. If it doesn't, sign out and then sign back in and then check again. +6. Select **Intune**. This will take you to the Intune management portal. + + **Figure 12** - Microsoft Intune management portal + + ![Microsoft Intune management portal](images/intune_portal_home.png) + +Intune should now be added to your tenant. We'll come back to Intune later when we [Configure Windows Store for Business for app distribution](#17-configure-windows-store-for-business-for-app-distribution). + +### 1.4 Add Azure AD to your domain +Microsoft Azure is an open and flexible cloud platform that enables you to quickly build, deploy, and manage apps across a global network of Microsoft-managed datacenters. In this walkthrough, we won't be using the full power of Azure and we'll primarily use it to create groups that we then use for provisioning through Intune. + +**To add Azure AD to your domain** + +1. In the Office 365 admin center, select **Admin centers > Azure AD**. + + > [!NOTE] + > You will need Azure AD Premium to configure automatic MDM enrollment with Intune. + +2. If you have not signed up for Azure AD before, you will see the following message. To proceed with the rest of the walkthrough, you need to activate an Azure subscription. + + **Figure 13** - Access to Azure AD is not available + + ![Access to Azure AD not available](images/azure_ad_access_not_available.png) + +3. From the error message, select the country/region for your business. This should match with the location you specified when you signed up for Office 365. +4. Click **Azure subscription**. This will take you to a free trial sign up screen. + + **Figure 14** - Sign up for Microsoft Azure + + ![Sign up for Microsoft Azure](images/azure_ad_sign_up_screen.png) + +5. In the **Free trial sign up** screen, fill in the required information and then click **Sign up**. +6. After you sign up, you should see the message that your subscription is ready. Click **Start managing my service**. + + **Figure 15** - Start managing your Azure subscription + + ![Start managing your Azure subscription](images/azure_ad_successful_signup.png) + + This will take you to the Microsoft Azure portal. + +### 1.5 Add groups in Azure AD +This section is the walkthrough is optional. However, we recommend that you create groups in Azure AD to manage access to corporate resources, such as apps, policies and settings, and so on. For more information, see Managing access to resources with Azure Active Directory groups. + +To add Azure AD group(s), we will use the classic Azure portal (https://manage.windowsazure.com). See Managing groups in Azure Active Directory for more information about managing groups. + +**To add groups in Azure AD** + +1. If this is the first time you're setting up your directory, when you navigate to the **Azure Active Directory** node in the classic Azure portal, you will see a screen informing you that your directory is ready for use. + + Afterwards, you should see a list of active directories. In the following example, **Fabrikam Design** is the active directory. + + **Figure 16** - Azure first sign-in screen + + ![Select Azure AD](images/azure_portal_classic_configure_directory.png) + +2. Select the directory (such as Fabrikam Design) to go to the directory's home page. + + **Figure 17** - Directory home page + + ![Directory home page](images/azure_portal_classic_directory_ready.png) + +3. From the menu options on top, select **Groups**. + + **Figure 18** - Azure AD groups + + ![Add groups in Azure AD](images/azure_portal_classic_groups.png) + +4. Select **Add a group** (from the top) or **Add group** at the bottom. +5. In the **Add Group** window, add a name, group type, and description for the group and click the checkmark to save your changes. The new group will appear on the groups list. + + **Figure 19** - Newly added group in Azure AD + + ![Verify the new group appears on the list](images/azure_portal_classic_all_users_group.png) + +6. In the **Groups** tab, select the arrow next to the group (such as **All users**), add members to the group, and then save your changes. + + The members that were added to the group will appear on the list. + + **Figure 20** - Members in the new group + + ![Members added to the new group](images/azure_portal_classic_members_added.png) + +7. Repeat steps 2-6 to add other groups. You can add groups based on their roles in your company, based on the apps that each group can use, and so on. + +### 1.6 Configure automatic MDM enrollment with Intune +Now that you have Azure AD Premium and have it properly configured, you can configure automatic MDM enrollment with Intune, which allows users to enroll their Windows devices into Intune management, join their devices directly to Azure AD, and get access to Office 365 resources after sign in. + +You can read this blog post to learn how you can combine login, Azure AD Join, and Intune MDM enrollment into an easy step so that you can bring your devices into a managed state that complies with the policies for your organization. We will use this blog post as our guide for this part of the walkthrough. + +> [!IMPORTANT] +> We will use the classic Azure portal instead of the new portal to configure automatic MDM enrollment with Intune. + +**To enable automatic MDM enrollment** + +1. In to the classic Azure portal, click on your company's Azure Active Directory to go back to the main window. Select **Applications** from the list of directory menu options. + + The list of applications for your company will appear. **Microsoft Intune** will be one of the applications on the list. + + **Figure 21** - List of applications for your company + + ![List of applications for your company](images/azure_portal_classic_applications.png) + +2. Select **Microsoft Intune** to configure the application. +3. In the Microsoft Intune configuration page, click **Configure** to start automatic MDM enrollment configuration with Intune. + + **Figure 22** - Configure Microsoft Intune in Azure + + ![Configure Microsoft Intune in Azure](images/azure_portal_classic_configure_intune_app.png) + +4. In the Microsoft Intune configuration page: + - In the **Properties** section, you should see a list of URLs for MDM discovery, MDM terms of use, and MDM compliance. + + > [!NOTE] + > The URLs are automatically configured for your Azure AD tenant so you don't need to change them. + + - In the **Manage devices for these users** section, you can specify which users' devices should be managed by Intune. + - **All** will enable all users' Windows 10 devices to be managed by Intune. + - **Groups** let you select whether only users that belong to a specific group will have their devices managed by Intune. + + > [!NOTE] + > In this step, choose the group that contains all the users in your organization as members. This is the **All** group. + +5. After you've chosen how to manage devices for users, select **Save** to enable automatic MDM enrollment with Intune. + + **Figure 23** - Configure Microsoft Intune + + ![Configure automatic MDM enrollment with Intune](images/azure_portal_classic_configure_intune_mdm_enrollment.png) + +### 1.7 Configure Windows Store for Business for app distribution +Next, you'll need to configure Windows Store for Business to distribute apps with a management tool such as Intune. + +In this part of the walkthrough, we'll be working on the Microsoft Intune management portal and Windows Store for Business. + +**To associate your Store account with Intune and configure synchronization** + +1. From the Microsoft Intune management portal, select **Admin**. +2. In the **Administration** workspace, click **Mobile Device Management**. If this is the first tiem you're using the portal, click **manage mobile devices** in the **Mobile Device Management** window. The page will refresh and you'll have new options under **Mobile Device Management**. + + **Figure 24** - Mobile device management + + ![Set up mobile device management in Intune](images/intune_admin_mdm_configure.png) + +3. Sign into Windows Store for Business using the same tenant account that you used to sign into Intune. +4. Accept the EULA. +5. In the Store portal, select **Settings > Management tools** to go to the management tools page. +6. In the **Management tools** page, find **Microsoft Intune** on the list and click **Activate** to get Intune ready to use with Windows Store for Business. + + **Figure 25** - Activate Intune as the Store management tool + + ![Activate Intune from the Store portal](images/wsfb_management_tools_activate.png) + +7. Go back to the Intune management portal, select **Admin > Mobile Device Management**, expand **Windows**, and then choose **Store for Business**. +8. In the **Windows Store for Business** page, select **Configure Sync** to sync your Store for Business volume-purchased apps with Intune. + + **Figure 26** - Configure Store for Business sync in Intune + + ![Configure Store for Business sync in Intune](images/intune_admin_mdm_store_sync.png) + +9. In the **Configure Windows Store for Business app sync** dialog box, check **Enable Windows Store for Business sync**. In the **Language** dropdown list, choose the language in which you want apps from the Store to be displayed in the Intune console and then click **OK**. + + **Figure 27** - Enable Windows Store for Business sync in Intune + + ![Enable Store for Business sync in Intune](images/intune_configure_store_app_sync_dialog.png) + + The **Windows Store for Business** page will refresh and it will show the details from the sync. + +**To buy apps from the Store** + +In your Windows Store for Business portal, you can see the list of apps that you own by going to **Manage > Inventory**. You should see the following apps in your inventory: +- Sway +- OneNote +- PowerPoint Mobile +- Excel Mobile +- Word Mobile + +In the Intune management portal, select **Apps > Apps > Volume-Purchased Apps** and verify that you can see the same list of apps appear on Intune. + +In the following example, we'll show you how to buy apps through the Windows Store for Business and then make sure the apps appear on Intune. + +**Example 1 - Add other apps like Reader and InstaNote** + +1. In the Windows Store for Business portal, click **Shop**, scroll down to the **Made by Microsoft** category, and click **Show all** to see all the Microsoft apps in the list. + + **Figure 28** - Shop for Store apps + + ![Shop for Store apps](images/wsfb_shop_microsoft_apps.png) + +2. Click to select an app, such as **Reader**. This opens the app page. +3. In the app's Store page, click **Get the app**. You should see a dialog that confirms your order. Click **Close**. This will refresh the app's Store page. +4. In the app's Store page, click **Add to private store**. +5. Next, search for another app by name (such as **InstaNote**) or repeat steps 1-4 for the **InstaNote** app. +6. Go to **Manage > Inventory** and verify that the apps you purchased appear in your inventory. + + **Figure 29** - App inventory shows the purchased apps + + ![Confirm that your inventory shows purchased apps](images/wsfb_manage_inventory_newapps.png) + + > [!NOTE] + > Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune to sync all your purchased apps. You can force a sync to make this process happen faster. For more info, see [To sync recently purchased apps](#forceappsync). + +**To sync recently purchased apps** + +If you need to sync your most recently purchased apps and have it appear in your catalog, you can do this by forcing a sync. + +1. In the Intune management portal, select **Admin > Mobile Device Management > Windows > Store for Business**. +2. In the **Windows Store for Business** page, click **Sync now** to force a sync. + + **Figure 30** - Force a sync in Intune + + ![Force a sync in Intune](images/intune_admin_mdm_forcesync.png) + +**To view purchased apps** +- In the Intune management portal, select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly. + +**To add more apps** +- If you have other apps that you want to deploy or manage, you must add it to Microsoft Intune. To deploy Win32 apps and Web links, see Add apps for enrolled devices to Intune for more info on how to do this. + +## 2. Set up devices + +### 2.1 Set up new devices +To set up new Windows devices, go through the Windows initial device setup or first-run experience to configure your device. + +**To set up a device** +1. Go through the Windows device setup experience. On a new or reset device, this starts with the **Hi there** screen on devices running Windows 10, version 1607 (Anniversary Update). The setup lets you: + - Fill in the details in the **Hi there** screen including your home country/region, preferred language, keyboard layout, and timezone + - Accept the EULA + - Customize the setup or use Express settings + + **Figure 31** - First screen in Windows device setup + + ![First screen in Windows device setup](images/win10_hithere.png) + + > [!NOTE] + > During setup, if you don't have a Wi-Fi network configured, make sure you connect the device to the Internet through a wired/Ethernet connection. + +2. In the **Who owns this PC?** screen, select **My work or school owns it** and click **Next**. +3. In the **Choose how you'll connect** screen, select **Join Azure Active Directory** and click **Next**. + + **Figure 32** - Choose how you'll connect your Windows device + + ![Choose how you'll connect the Windows device](images/win10_choosehowtoconnect.png) + +4. In the **Let's get you signed in** screen, sign in using one of the user accounts you added in section [1.2 Add users and assign product licenses](#12-add-users-and-assign-product-licenses). We suggest signing in as one of the global administrators. Later, sign in on another device using one of the non-admin accounts. + + **Figure 33** - Sign in using one of the accounts you added + + ![Sign in using one of the accounts you added](images/win10_signin_admin_account.png) + +5. If this is the first time you're signing in, you will be asked to update your password. Update the password and continue with sign-in and setup. + + Windows will continue with setup and you may be asked to set up a PIN for Windows Hello if your organization has it enabled. + +### 2.2 Verify correct device setup +Verify that the device is set up correctly and boots without any issues. + +**To verify that the device was set up correctly** +1. Click on the **Start** menu and select some of the options to make sure everything launches properly. +2. Confirm that the Store and built-in apps are working. + +### 2.3 Verify the device is Azure AD joined +In the Intune management portal, verify that the device is joined to Azure AD and shows up as being managed in Microsoft Intune. + +**To verify if the device is joined to Azure AD** +1. Check the device name on your PC. To do this, on your Windows PC, select **Settings > System > About** and then check **PC name**. + + **Figure 34** - Check the PC name on your device + + ![Check the PC name on your device](images/win10_settings_pcname.png) + +2. Log in to the Intune management portal. +3. Select **Groups** and then go to **Devices**. +4. In the **All Devices** page, look at the list of devices and select the entry that matches the name of your PC. + - Check that the device name appears in the list. Select the device and it will also show the user that's currently logged in in the **General Information** section. + - Check the **Management Channel** column and confirm that it says **Managed by Microsoft Intune**. + - Check the **AAD Registered** column and confirm that it says **Yes**. + + **Figure 35** - Check that the device appears in Intune + + ![Check that the device appears in Intune](images/intune_groups_devices_list.png) + +## 3. Manage device settings and features +You can use Microsoft Intune admin settings and policies to manage features on your organization's mobile devices and computers. For more info, see [Manage settings and features on your devices with Microsoft Intune policies](https://docs.microsoft.com/en-us/intune/deploy-use/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies). + +In this section, we'll show you how to reconfigure app deployment settings and add a new policy that will disable the camera for the Intune-managed devices and turn off Windows Hello and PINs during setup. + +### 3.1 Reconfigure app deployment settings +In some cases, if an app is missing from the device, you need to reconfigure the deployment settings for the app and set the app to require installation as soon as possible. + +**To reconfigure app deployment settings** +1. In the Intune management portal, select **Apps** and go to **Apps > Volume-Purchased Apps**. +2. Select the app, right-click, then select **Manage Deployment...**. +3. Select the group(s) whose apps will be managed, and then click **Add** to add the group. +4. Click **Next** at the bottom of the app deployment settings window or select **Deployment Action** on the left column to check the deployment settings for the app. +5. For each group that you selected, set **Approval** to **Required Install**. This automatically sets **Deadline** to **As soon as possible**. If **Deadline** is not automatically set, set it to **As soon as possible**. + + **Figure 36** - Reconfigure an app's deployment setting in Intune + + ![Reconfigure app deployment settings in Intune](images/intune_apps_deploymentaction.png) + +6. Click **Finish**. +7. Repeat steps 2-6 for other apps that you want to deploy to the device(s) as soon as possible. +6. Verify that the app shows up on the device. To do this: + - Make sure you're logged in to the Windows device. + - Click the **Start** button and check the apps that appear in the **Recently added** section. If you don't see the apps that you deployed in Intune, give it a few minutes. Only apps that aren't already deployed on the device will appear in the **Recently added** section. + + **Figure 37** - Confirm that additional apps were deployed to the device + + ![Confirm that additiional apps were deployed to the device](images/win10_deploy_apps_immediately.png) + +### 3.2 Configure other settings in Intune + +**To disable the camera** +1. In the Intune management portal, select **Policy > Configuration Policies**. +2. In the **Policies** window, click **Add** to create a new policy. +3. On the **Create a New Policy** page, click **Windows** to expand the group, select **General Configuration (Windows 10 Desktop and Mobile and later)**, choose **Create and Deploy a Custom Policy**, and then click **Create Policy**. +4. On the **Create Policy** page, select **Device Capabilities**. +5. In the **General** section, add a name and description for this policy. For example: + - **Name**: Test Policy - Disable Camera + - **Description**: Disables the camera +6. Scroll down to the **Hardware** section, find **Allow camera is not configured**, toggle the button so that it changes to **Allow camera** and choose **No** from the dropdown list. + + **Figure 38** - Add a configuration policy + + ![Add a configuration policy](images/intune_policy_disablecamera.png) + +7. Click **Save Policy**. A confirmation window will pop up. +8. On the **Deploy Policy** confirmation window, select **Yes** to deploy the policy now. +9. On the **Management Deployment** window, select the user group(s) or device group(s) that you want to apply the policy to (for example, **All Users**), and then click **Add**. +10. Click **OK** to close the window. + + **Figure 39** - The new policy should appear in the **Policies** list. + + ![New policy appears on the list](images/intune_policies_newpolicy_deployed.png) + +**To turn off Windows Hello and PINs during device setup** +1. In the Intune management portal, select **Admin**. +2. Go to **Mobile Device Management > Windows > Windows Hello for Business**. +3. In the **Windows Hello for Business** page, select **Disable Windows Hello for Business on enrolled devices**. + + **Figure 40** - Policy to disable Windows Hello for Business + + ![Disable Windows Hello for Business](images/intune_policy_disable_windowshello.png) + +4. Click **Save**. + + > [!NOTE] + > This policy is a tenant-wide Intune setting. It disables Windows Hello and required PINs during setup for all enrolled devices in a tenant. + +To test whether these policies get successfully deployed to your tenant, go through [4. Add more devices and users](#4-add-more-devices-and-users) and setup another Windows device and login as one of the users. + +## 4. Add more devices and users +After your cloud infrastructure is set up and you have a device management strategy in place, you may need to add more devices or users and you want the same policies to apply to these new devices and users. In this section, we'll show you how to do this. + +### 4.1 Connect other devices to your cloud infrastructure +Adding a new device to your cloud-based tenant is easy. For new devices, you can follow the steps in [2. Set up devices](#2-set-up-devices). + +For other devices, such as those personally-owned by employees who need to connect to the corporate network to access corporate resources (BYOD), you can follow the steps in this section to get these devices connected. + + > [!NOTE] + > These steps enable users to get access to the organization's resources, but it also gives the organization some control over the device. + +**To connect a personal device to your work or school** +1. On your Windows device, go to **Settings > Accounts**. +2. Select **Access work or school** and then click **Connect** in the **Connect to work or school** page. +3. In the **Set up a work or school account** window, click **Join this device to Azure Active Directory** to add an Azure AD account to the device. + + **Figure 41** - Add an Azure AD account to the device + + ![Add an Azure AD account to the device](images/win10_add_new_user_join_aad.png) + +4. In the **Let's get you signed in** window, enter the work credentials for the account and then click **Sign in** to authenticate the user. + + **Figure 42** - Enter the account details + + ![Enter the account details](images/win10_add_new_user_account_aadwork.png) + +5. You will be asked to update the password so enter a new password. +6. Verify the details to make sure you're connecting to the right organization and then click **Join**. + + **Figure 43** - Make sure this is your organization + + ![Make sure this is your organization](images/win10_confirm_organization_details.png) + +7. You will see a confirmation window that says the device is now connected to your organization. Click **Done**. + + **Figure 44** - Confirmation that the device is now connected + + ![Confirmation that the device is now connected](images/win10_confirm_device_connected_to_org.png) + +8. The **Connect to work or school** window will refresh and will now include an entry that shows you're connected to your organization's Azure AD. This means the device is now registered in Azure AD and enrolled in MDM and the account should have access to the organization's resources. + + **Figure 45** - Device is now enrolled in Azure AD + + ![Device is enrolled in Azure AD](images/win10_device_enrolled_in_aad.png) + +9. You can confirm that the new device and user are showing up as Intune-managed by going to the Intune management portal and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later. + +### 4.2 Add a new user +You can add new users to your tenant simply by adding them to the Office 365 groups. Adding new users to Office 365 groups automatically adds them to the corresponding groups in Microsoft Intune. + +See [Add users to Office 365](https://support.office.com/en-us/article/Add-users-to-Office-365-for-business-435ccec3-09dd-4587-9ebd-2f3cad6bc2bc?ui=en-US&rs=en-US&ad=US&fromAR=1) to learn more. Once you're done adding new users, go to the Intune management portal and verify that the same users were added to the Intune groups as well. + +## Get more info + +### For IT admins +To learn more about the services and tools mentioned in this walkthrough, and learn what other tasks you can do, follow these links: +- Set up Office 365 for business +- Common admin tasks in Office 365 including email and OneDrive in Manage Office 365 +- More info about managing devices, apps, data, troubleshooting, and more in Intune documentation +- Learn more about Windows 10 in Windows 10 guide for IT pros +- Info about distributing apps to your employees, managing apps, managing settings, and more in Windows Store for Business + +### For information workers +Whether it's in the classroom, getting the most out of your devices, or learning some of the cool things you can do, we've got teachers covered. Follow these links for more info: +- Office help and training +- Windows 10 help + +## Related topics + +- [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/itpro/windows/index) diff --git a/smb/images/azure_ad_access_not_available.PNG b/smb/images/azure_ad_access_not_available.PNG new file mode 100644 index 0000000000..754ff011ea Binary files /dev/null and b/smb/images/azure_ad_access_not_available.PNG differ diff --git a/smb/images/azure_ad_sign_up_screen.PNG b/smb/images/azure_ad_sign_up_screen.PNG new file mode 100644 index 0000000000..3c369cfd5b Binary files /dev/null and b/smb/images/azure_ad_sign_up_screen.PNG differ diff --git a/smb/images/azure_ad_successful_signup.PNG b/smb/images/azure_ad_successful_signup.PNG new file mode 100644 index 0000000000..197744f309 Binary files /dev/null and b/smb/images/azure_ad_successful_signup.PNG differ diff --git a/smb/images/azure_portal_azure_ad_management.PNG b/smb/images/azure_portal_azure_ad_management.PNG new file mode 100644 index 0000000000..6401aa910b Binary files /dev/null and b/smb/images/azure_portal_azure_ad_management.PNG differ diff --git a/smb/images/azure_portal_azure_ad_management_users_groups.png b/smb/images/azure_portal_azure_ad_management_users_groups.png new file mode 100644 index 0000000000..5010765800 Binary files /dev/null and b/smb/images/azure_portal_azure_ad_management_users_groups.png differ diff --git a/smb/images/azure_portal_classic.PNG b/smb/images/azure_portal_classic.PNG new file mode 100644 index 0000000000..15132f7a07 Binary files /dev/null and b/smb/images/azure_portal_classic.PNG differ diff --git a/smb/images/azure_portal_classic_add_group.PNG b/smb/images/azure_portal_classic_add_group.PNG new file mode 100644 index 0000000000..417e9b8a72 Binary files /dev/null and b/smb/images/azure_portal_classic_add_group.PNG differ diff --git a/smb/images/azure_portal_classic_all_users_group.PNG b/smb/images/azure_portal_classic_all_users_group.PNG new file mode 100644 index 0000000000..55988d9c6c Binary files /dev/null and b/smb/images/azure_portal_classic_all_users_group.PNG differ diff --git a/smb/images/azure_portal_classic_applications.PNG b/smb/images/azure_portal_classic_applications.PNG new file mode 100644 index 0000000000..9c39a28e08 Binary files /dev/null and b/smb/images/azure_portal_classic_applications.PNG differ diff --git a/smb/images/azure_portal_classic_configure_directory.png b/smb/images/azure_portal_classic_configure_directory.png new file mode 100644 index 0000000000..1cece3e84c Binary files /dev/null and b/smb/images/azure_portal_classic_configure_directory.png differ diff --git a/smb/images/azure_portal_classic_configure_intune.PNG b/smb/images/azure_portal_classic_configure_intune.PNG new file mode 100644 index 0000000000..0daddd7e83 Binary files /dev/null and b/smb/images/azure_portal_classic_configure_intune.PNG differ diff --git a/smb/images/azure_portal_classic_configure_intune_app.png b/smb/images/azure_portal_classic_configure_intune_app.png new file mode 100644 index 0000000000..1110714b7c Binary files /dev/null and b/smb/images/azure_portal_classic_configure_intune_app.png differ diff --git a/smb/images/azure_portal_classic_configure_intune_mdm_enrollment.PNG b/smb/images/azure_portal_classic_configure_intune_mdm_enrollment.PNG new file mode 100644 index 0000000000..a85a28dd7d Binary files /dev/null and b/smb/images/azure_portal_classic_configure_intune_mdm_enrollment.PNG differ diff --git a/smb/images/azure_portal_classic_directory_ready.PNG b/smb/images/azure_portal_classic_directory_ready.PNG new file mode 100644 index 0000000000..d627036ca3 Binary files /dev/null and b/smb/images/azure_portal_classic_directory_ready.PNG differ diff --git a/smb/images/azure_portal_classic_groups.PNG b/smb/images/azure_portal_classic_groups.PNG new file mode 100644 index 0000000000..a746a0b21b Binary files /dev/null and b/smb/images/azure_portal_classic_groups.PNG differ diff --git a/smb/images/azure_portal_classic_members_added.PNG b/smb/images/azure_portal_classic_members_added.PNG new file mode 100644 index 0000000000..5cb5864330 Binary files /dev/null and b/smb/images/azure_portal_classic_members_added.PNG differ diff --git a/smb/images/azure_portal_home.PNG b/smb/images/azure_portal_home.PNG new file mode 100644 index 0000000000..5f0dcf4c5d Binary files /dev/null and b/smb/images/azure_portal_home.PNG differ diff --git a/smb/images/azure_portal_select_azure_ad.png b/smb/images/azure_portal_select_azure_ad.png new file mode 100644 index 0000000000..694d30cbdd Binary files /dev/null and b/smb/images/azure_portal_select_azure_ad.png differ diff --git a/smb/images/business-cloud-mode-graphic.png b/smb/images/business-cloud-mode-graphic.png new file mode 100644 index 0000000000..449b7ca356 Binary files /dev/null and b/smb/images/business-cloud-mode-graphic.png differ diff --git a/smb/images/business-cloud-mode.png b/smb/images/business-cloud-mode.png new file mode 100644 index 0000000000..f524b42372 Binary files /dev/null and b/smb/images/business-cloud-mode.png differ diff --git a/smb/images/deploy.png b/smb/images/deploy.png new file mode 100644 index 0000000000..8fe505f77e Binary files /dev/null and b/smb/images/deploy.png differ diff --git a/smb/images/deploy_art.png b/smb/images/deploy_art.png new file mode 100644 index 0000000000..5f2a6d0978 Binary files /dev/null and b/smb/images/deploy_art.png differ diff --git a/smb/images/intune_admin_mdm.PNG b/smb/images/intune_admin_mdm.PNG new file mode 100644 index 0000000000..3b334b27d5 Binary files /dev/null and b/smb/images/intune_admin_mdm.PNG differ diff --git a/smb/images/intune_admin_mdm_configure.png b/smb/images/intune_admin_mdm_configure.png new file mode 100644 index 0000000000..0a9cb4b99f Binary files /dev/null and b/smb/images/intune_admin_mdm_configure.png differ diff --git a/smb/images/intune_admin_mdm_forcesync.PNG b/smb/images/intune_admin_mdm_forcesync.PNG new file mode 100644 index 0000000000..96d085a261 Binary files /dev/null and b/smb/images/intune_admin_mdm_forcesync.PNG differ diff --git a/smb/images/intune_admin_mdm_store_sync.PNG b/smb/images/intune_admin_mdm_store_sync.PNG new file mode 100644 index 0000000000..3b884371b0 Binary files /dev/null and b/smb/images/intune_admin_mdm_store_sync.PNG differ diff --git a/smb/images/intune_apps_deploymentaction.PNG b/smb/images/intune_apps_deploymentaction.PNG new file mode 100644 index 0000000000..0c769017d2 Binary files /dev/null and b/smb/images/intune_apps_deploymentaction.PNG differ diff --git a/smb/images/intune_configure_store_app_sync_dialog.PNG b/smb/images/intune_configure_store_app_sync_dialog.PNG new file mode 100644 index 0000000000..abb41318f1 Binary files /dev/null and b/smb/images/intune_configure_store_app_sync_dialog.PNG differ diff --git a/smb/images/intune_groups_devices_list.PNG b/smb/images/intune_groups_devices_list.PNG new file mode 100644 index 0000000000..f571847bc7 Binary files /dev/null and b/smb/images/intune_groups_devices_list.PNG differ diff --git a/smb/images/intune_policies_newpolicy_deployed.PNG b/smb/images/intune_policies_newpolicy_deployed.PNG new file mode 100644 index 0000000000..72cb4d5db3 Binary files /dev/null and b/smb/images/intune_policies_newpolicy_deployed.PNG differ diff --git a/smb/images/intune_policy_disable_windowshello.PNG b/smb/images/intune_policy_disable_windowshello.PNG new file mode 100644 index 0000000000..2b7300c9ce Binary files /dev/null and b/smb/images/intune_policy_disable_windowshello.PNG differ diff --git a/smb/images/intune_policy_disablecamera.PNG b/smb/images/intune_policy_disablecamera.PNG new file mode 100644 index 0000000000..53fd969c00 Binary files /dev/null and b/smb/images/intune_policy_disablecamera.PNG differ diff --git a/smb/images/intune_portal_home.PNG b/smb/images/intune_portal_home.PNG new file mode 100644 index 0000000000..b63295fe42 Binary files /dev/null and b/smb/images/intune_portal_home.PNG differ diff --git a/smb/images/learn.png b/smb/images/learn.png new file mode 100644 index 0000000000..9e8f87f436 Binary files /dev/null and b/smb/images/learn.png differ diff --git a/smb/images/learn_art.png b/smb/images/learn_art.png new file mode 100644 index 0000000000..1170f9ca26 Binary files /dev/null and b/smb/images/learn_art.png differ diff --git a/smb/images/o365_active_users.PNG b/smb/images/o365_active_users.PNG new file mode 100644 index 0000000000..8ab381a59d Binary files /dev/null and b/smb/images/o365_active_users.PNG differ diff --git a/smb/images/o365_add_existing_domain.PNG b/smb/images/o365_add_existing_domain.PNG new file mode 100644 index 0000000000..e29cdca3f9 Binary files /dev/null and b/smb/images/o365_add_existing_domain.PNG differ diff --git a/smb/images/o365_additional_domain.PNG b/smb/images/o365_additional_domain.PNG new file mode 100644 index 0000000000..5682fb15f7 Binary files /dev/null and b/smb/images/o365_additional_domain.PNG differ diff --git a/smb/images/o365_admin_portal.PNG b/smb/images/o365_admin_portal.PNG new file mode 100644 index 0000000000..cfbf696310 Binary files /dev/null and b/smb/images/o365_admin_portal.PNG differ diff --git a/smb/images/o365_assign_intune_license.PNG b/smb/images/o365_assign_intune_license.PNG new file mode 100644 index 0000000000..261f096a98 Binary files /dev/null and b/smb/images/o365_assign_intune_license.PNG differ diff --git a/smb/images/o365_domains.PNG b/smb/images/o365_domains.PNG new file mode 100644 index 0000000000..ca79f71f54 Binary files /dev/null and b/smb/images/o365_domains.PNG differ diff --git a/smb/images/o365_microsoft_provided_domain.PNG b/smb/images/o365_microsoft_provided_domain.PNG new file mode 100644 index 0000000000..b2a05eb5a9 Binary files /dev/null and b/smb/images/o365_microsoft_provided_domain.PNG differ diff --git a/smb/images/o365_trynow.PNG b/smb/images/o365_trynow.PNG new file mode 100644 index 0000000000..5810f3e0f9 Binary files /dev/null and b/smb/images/o365_trynow.PNG differ diff --git a/smb/images/o365_users.PNG b/smb/images/o365_users.PNG new file mode 100644 index 0000000000..e0b462a8c5 Binary files /dev/null and b/smb/images/o365_users.PNG differ diff --git a/smb/images/office365_add_individual_user.PNG b/smb/images/office365_add_individual_user.PNG new file mode 100644 index 0000000000..87f674fa10 Binary files /dev/null and b/smb/images/office365_add_individual_user.PNG differ diff --git a/smb/images/office365_additional_domain.png b/smb/images/office365_additional_domain.png new file mode 100644 index 0000000000..940a090477 Binary files /dev/null and b/smb/images/office365_additional_domain.png differ diff --git a/smb/images/office365_admin_center.png b/smb/images/office365_admin_center.png new file mode 100644 index 0000000000..26808fc27c Binary files /dev/null and b/smb/images/office365_admin_center.png differ diff --git a/smb/images/office365_admin_portal.png b/smb/images/office365_admin_portal.png new file mode 100644 index 0000000000..fe0f81bda0 Binary files /dev/null and b/smb/images/office365_admin_portal.png differ diff --git a/smb/images/office365_buy_domain.png b/smb/images/office365_buy_domain.png new file mode 100644 index 0000000000..51ea9c1e6c Binary files /dev/null and b/smb/images/office365_buy_domain.png differ diff --git a/smb/images/office365_create_userid.png b/smb/images/office365_create_userid.png new file mode 100644 index 0000000000..fc3d070841 Binary files /dev/null and b/smb/images/office365_create_userid.png differ diff --git a/smb/images/office365_domains.png b/smb/images/office365_domains.png new file mode 100644 index 0000000000..51ea9c1e6c Binary files /dev/null and b/smb/images/office365_domains.png differ diff --git a/smb/images/office365_import_multiple_users.PNG b/smb/images/office365_import_multiple_users.PNG new file mode 100644 index 0000000000..c1b05fa2c9 Binary files /dev/null and b/smb/images/office365_import_multiple_users.PNG differ diff --git a/smb/images/office365_ms_provided_domain.png b/smb/images/office365_ms_provided_domain.png new file mode 100644 index 0000000000..18479da421 Binary files /dev/null and b/smb/images/office365_ms_provided_domain.png differ diff --git a/smb/images/office365_plan_subscription_checkout.png b/smb/images/office365_plan_subscription_checkout.png new file mode 100644 index 0000000000..340336c39e Binary files /dev/null and b/smb/images/office365_plan_subscription_checkout.png differ diff --git a/smb/images/office365_portal.png b/smb/images/office365_portal.png new file mode 100644 index 0000000000..f3a23d4a65 Binary files /dev/null and b/smb/images/office365_portal.png differ diff --git a/smb/images/office365_signup_page.png b/smb/images/office365_signup_page.png new file mode 100644 index 0000000000..ce2de7f034 Binary files /dev/null and b/smb/images/office365_signup_page.png differ diff --git a/smb/images/office365_trynow.png b/smb/images/office365_trynow.png new file mode 100644 index 0000000000..72aaeb923a Binary files /dev/null and b/smb/images/office365_trynow.png differ diff --git a/smb/images/office365_tryorbuy_now.png b/smb/images/office365_tryorbuy_now.png new file mode 100644 index 0000000000..760e3a74cc Binary files /dev/null and b/smb/images/office365_tryorbuy_now.png differ diff --git a/smb/images/office365_users.png b/smb/images/office365_users.png new file mode 100644 index 0000000000..ec9231de1b Binary files /dev/null and b/smb/images/office365_users.png differ diff --git a/smb/images/smb_portal_banner.png b/smb/images/smb_portal_banner.png new file mode 100644 index 0000000000..e38560ab5a Binary files /dev/null and b/smb/images/smb_portal_banner.png differ diff --git a/smb/images/win10_add_new_user_account_aadwork.PNG b/smb/images/win10_add_new_user_account_aadwork.PNG new file mode 100644 index 0000000000..378339b1e9 Binary files /dev/null and b/smb/images/win10_add_new_user_account_aadwork.PNG differ diff --git a/smb/images/win10_add_new_user_join_aad.PNG b/smb/images/win10_add_new_user_join_aad.PNG new file mode 100644 index 0000000000..7924250993 Binary files /dev/null and b/smb/images/win10_add_new_user_join_aad.PNG differ diff --git a/smb/images/win10_change_your_password.PNG b/smb/images/win10_change_your_password.PNG new file mode 100644 index 0000000000..bf9f164290 Binary files /dev/null and b/smb/images/win10_change_your_password.PNG differ diff --git a/smb/images/win10_choosehowtoconnect.PNG b/smb/images/win10_choosehowtoconnect.PNG new file mode 100644 index 0000000000..0a561b1913 Binary files /dev/null and b/smb/images/win10_choosehowtoconnect.PNG differ diff --git a/smb/images/win10_confirm_device_connected_to_org.PNG b/smb/images/win10_confirm_device_connected_to_org.PNG new file mode 100644 index 0000000000..a70849ebe8 Binary files /dev/null and b/smb/images/win10_confirm_device_connected_to_org.PNG differ diff --git a/smb/images/win10_confirm_organization_details.PNG b/smb/images/win10_confirm_organization_details.PNG new file mode 100644 index 0000000000..54605d39fe Binary files /dev/null and b/smb/images/win10_confirm_organization_details.PNG differ diff --git a/smb/images/win10_deivce_enrolled_in_aad.PNG b/smb/images/win10_deivce_enrolled_in_aad.PNG new file mode 100644 index 0000000000..a2c60c114e Binary files /dev/null and b/smb/images/win10_deivce_enrolled_in_aad.PNG differ diff --git a/smb/images/win10_deploy_apps_immediately.PNG b/smb/images/win10_deploy_apps_immediately.PNG new file mode 100644 index 0000000000..1e63f77939 Binary files /dev/null and b/smb/images/win10_deploy_apps_immediately.PNG differ diff --git a/smb/images/win10_device_enrolled_in_aad.png b/smb/images/win10_device_enrolled_in_aad.png new file mode 100644 index 0000000000..a2c60c114e Binary files /dev/null and b/smb/images/win10_device_enrolled_in_aad.png differ diff --git a/smb/images/win10_device_setup_complete.PNG b/smb/images/win10_device_setup_complete.PNG new file mode 100644 index 0000000000..454e30a441 Binary files /dev/null and b/smb/images/win10_device_setup_complete.PNG differ diff --git a/smb/images/win10_hithere.PNG b/smb/images/win10_hithere.PNG new file mode 100644 index 0000000000..b251b8eb7c Binary files /dev/null and b/smb/images/win10_hithere.PNG differ diff --git a/smb/images/win10_settings_pcname.PNG b/smb/images/win10_settings_pcname.PNG new file mode 100644 index 0000000000..ff815b0a8a Binary files /dev/null and b/smb/images/win10_settings_pcname.PNG differ diff --git a/smb/images/win10_signin_admin_account.PNG b/smb/images/win10_signin_admin_account.PNG new file mode 100644 index 0000000000..e6df613284 Binary files /dev/null and b/smb/images/win10_signin_admin_account.PNG differ diff --git a/smb/images/wsfb_account_details.PNG b/smb/images/wsfb_account_details.PNG new file mode 100644 index 0000000000..7a2594ec3f Binary files /dev/null and b/smb/images/wsfb_account_details.PNG differ diff --git a/smb/images/wsfb_account_details_2.PNG b/smb/images/wsfb_account_details_2.PNG new file mode 100644 index 0000000000..7e38f20099 Binary files /dev/null and b/smb/images/wsfb_account_details_2.PNG differ diff --git a/smb/images/wsfb_account_signup_saveinfo.PNG b/smb/images/wsfb_account_signup_saveinfo.PNG new file mode 100644 index 0000000000..f29280352b Binary files /dev/null and b/smb/images/wsfb_account_signup_saveinfo.PNG differ diff --git a/smb/images/wsfb_manage_inventory_newapps.PNG b/smb/images/wsfb_manage_inventory_newapps.PNG new file mode 100644 index 0000000000..070728fcad Binary files /dev/null and b/smb/images/wsfb_manage_inventory_newapps.PNG differ diff --git a/smb/images/wsfb_management_tools.PNG b/smb/images/wsfb_management_tools.PNG new file mode 100644 index 0000000000..82d11a9a25 Binary files /dev/null and b/smb/images/wsfb_management_tools.PNG differ diff --git a/smb/images/wsfb_management_tools_activate.png b/smb/images/wsfb_management_tools_activate.png new file mode 100644 index 0000000000..bb2ffd99ad Binary files /dev/null and b/smb/images/wsfb_management_tools_activate.png differ diff --git a/smb/images/wsfb_shop_microsoft_apps.PNG b/smb/images/wsfb_shop_microsoft_apps.PNG new file mode 100644 index 0000000000..562f3fd1e3 Binary files /dev/null and b/smb/images/wsfb_shop_microsoft_apps.PNG differ diff --git a/smb/images/wsfb_signup_for_account.PNG b/smb/images/wsfb_signup_for_account.PNG new file mode 100644 index 0000000000..d641587c5e Binary files /dev/null and b/smb/images/wsfb_signup_for_account.PNG differ diff --git a/smb/images/wsfb_store_portal.PNG b/smb/images/wsfb_store_portal.PNG new file mode 100644 index 0000000000..03a4ad928e Binary files /dev/null and b/smb/images/wsfb_store_portal.PNG differ diff --git a/smb/index.md b/smb/index.md index eaeb8132cd..b15093ddee 100644 --- a/smb/index.md +++ b/smb/index.md @@ -1,4 +1,45 @@ --- -title: SMB placeholder -description: SMB placeholder +title: Windows 10 for small to midsize businesses +description: Microsoft products and devices to transform and grow your businessLearn how to use Windows 10 for your small to midsize business. +keywords: Windows 10, SMB, small business, midsize business, business +ms.prod: w10 +ms.technology: smb-windows +ms.topic: article +ms.author: celested +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: smb +author: CelesteDG --- + +![Windows 10 for SMB](images/smb_portal_banner.png) + +# Windows 10 for SMB + + +## ![Learn more about Windows and other resources for SMBs](images/learn.png) Learn + +
+
+

Windows 10 for business
Learn how Windows 10 and Windows devices can help your business.

+

SMB blog
Read about the latest stories, technology insights, and business strategies for SMBs.

+
+
+

How to buy
Go here when you're ready to buy or want to learn more about Microsoft products you can use to help transform your business.

+
+
+ +## ![Deploy a Microsoft solution for your business](images/deploy.png) Deploy + +
+
+

[Get started: Deploy and manage a full cloud IT solution for your business](cloud-mode-business-setup.md)
Find out how easy it is to deploy and manage a full cloud IT solution for your small to midsize business using Microsoft cloud services and tools.

+
+
+

+
+
+ + ## Related topics + +- [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/itpro/windows/index) \ No newline at end of file diff --git a/windows/deploy/TOC.md b/windows/deploy/TOC.md index 615e8a2869..e177c6b199 100644 --- a/windows/deploy/TOC.md +++ b/windows/deploy/TOC.md @@ -1,18 +1,18 @@ # [Deploy Windows 10](index.md) ## [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) -## [Manage Windows upgrades with Upgrade Analytics](manage-windows-upgrades-with-upgrade-analytics.md) -### [Upgrade Analytics architecture](upgrade-analytics-architecture.md) -### [Upgrade Analytics requirements](upgrade-analytics-requirements.md) -### [Upgrade Analytics release notes](upgrade-analytics-release-notes.md) -### [Get started with Upgrade Analytics](upgrade-analytics-get-started.md) -#### [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md) -### [Use Upgrade Analytics to manage Windows upgrades](use-upgrade-analytics-to-manage-windows-upgrades.md) -#### [Upgrade overview](upgrade-analytics-upgrade-overview.md) -#### [Step 1: Identify apps](upgrade-analytics-identify-apps.md) -#### [Step 2: Resolve issues](upgrade-analytics-resolve-issues.md) -#### [Step 3: Deploy Windows](upgrade-analytics-deploy-windows.md) -#### [Additional insights](upgrade-analytics-additional-insights.md) -### [Troubleshoot Upgrade Analytics](troubleshoot-upgrade-analytics.md) +## [Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness.md) +### [Upgrade Readiness architecture](upgrade-readiness-architecture.md) +### [Upgrade Readiness requirements](upgrade-readiness-requirements.md) +### [Upgrade Readiness release notes](upgrade-readiness-release-notes.md) +### [Get started with Upgrade Readiness](upgrade-readiness-get-started.md) +#### [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md) +### [Use Upgrade Readiness to manage Windows upgrades](use-upgrade-readiness-to-manage-windows-upgrades.md) +#### [Upgrade overview](upgrade-readiness-upgrade-overview.md) +#### [Step 1: Identify apps](upgrade-readiness-identify-apps.md) +#### [Step 2: Resolve issues](upgrade-readiness-resolve-issues.md) +#### [Step 3: Deploy Windows](upgrade-readiness-deploy-windows.md) +#### [Additional insights](upgrade-readiness-additional-insights.md) +### [Troubleshoot Upgrade Readiness](troubleshoot-upgrade-readiness.md) ## [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md) ### [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) ### [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md) @@ -51,6 +51,7 @@ ## [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md) ## [Upgrade to Windows 10 with System Center Configuration Manager](upgrade-to-windows-10-with-system-center-configuraton-manager.md) ## [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) +## [Convert MBR partition to GPT](mbr-to-gpt.md) ## [Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) ## [Windows 10 upgrade paths](windows-10-upgrade-paths.md) ## [Windows 10 edition upgrade](windows-10-edition-upgrades.md) diff --git a/windows/deploy/change-history-for-deploy-windows-10.md b/windows/deploy/change-history-for-deploy-windows-10.md index 008852fd99..a3c2c4364e 100644 --- a/windows/deploy/change-history-for-deploy-windows-10.md +++ b/windows/deploy/change-history-for-deploy-windows-10.md @@ -12,12 +12,17 @@ author: greg-lindsay This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md). ## RELEASE: Windows 10, version 1703 - The topics in this library have been updated for Windows 10, version 1703 (also known as the Creators Update). The provisioning topics have been moved to [Configure Windows 10](../configure/index.md). +## March 2017 +| New or changed topic | Description | +|----------------------|-------------| +| [Convert MBR partition to GPT](mbr-to-gpt.md) | New | + ## February 2017 | New or changed topic | Description | |----------------------|-------------| +| [Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness.md) | Multiple topics updated, name changed from Upgrade Analytics to Upgrade Readiness, and other content updates. | | [USMT Requirements](usmt-requirements.md) | Updated: Vista support removed and other minor changes | | [Get started with Upgrade Analytics](upgrade-analytics-get-started.md) | Updated structure and content | | [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md) | Added as a separate page from get started | diff --git a/windows/deploy/images/mbr2gpt-volume.PNG b/windows/deploy/images/mbr2gpt-volume.PNG new file mode 100644 index 0000000000..d69bed87fb Binary files /dev/null and b/windows/deploy/images/mbr2gpt-volume.PNG differ diff --git a/windows/deploy/images/mbr2gpt-workflow.png b/windows/deploy/images/mbr2gpt-workflow.png new file mode 100644 index 0000000000..f7741cf0c3 Binary files /dev/null and b/windows/deploy/images/mbr2gpt-workflow.png differ diff --git a/windows/deploy/images/ua-cg-08.png b/windows/deploy/images/ua-cg-08.png index 4d7f924d76..f256b2f097 100644 Binary files a/windows/deploy/images/ua-cg-08.png and b/windows/deploy/images/ua-cg-08.png differ diff --git a/windows/deploy/images/ua-cg-09-old.png b/windows/deploy/images/ua-cg-09-old.png new file mode 100644 index 0000000000..b9aa1cea41 Binary files /dev/null and b/windows/deploy/images/ua-cg-09-old.png differ diff --git a/windows/deploy/images/ua-cg-09.png b/windows/deploy/images/ua-cg-09.png index b9aa1cea41..0150a24ee5 100644 Binary files a/windows/deploy/images/ua-cg-09.png and b/windows/deploy/images/ua-cg-09.png differ diff --git a/windows/deploy/images/ua-cg-15.png b/windows/deploy/images/ua-cg-15.png index 5362db66da..009315fc4a 100644 Binary files a/windows/deploy/images/ua-cg-15.png and b/windows/deploy/images/ua-cg-15.png differ diff --git a/windows/deploy/images/ur-overview.PNG b/windows/deploy/images/ur-overview.PNG new file mode 100644 index 0000000000..f1818d7073 Binary files /dev/null and b/windows/deploy/images/ur-overview.PNG differ diff --git a/windows/deploy/images/ur-target-version.png b/windows/deploy/images/ur-target-version.png new file mode 100644 index 0000000000..43f0c9aa0c Binary files /dev/null and b/windows/deploy/images/ur-target-version.png differ diff --git a/windows/deploy/index.md b/windows/deploy/index.md index c18d5390a9..651b89f466 100644 --- a/windows/deploy/index.md +++ b/windows/deploy/index.md @@ -17,13 +17,14 @@ Learn about deploying Windows 10 for IT professionals. |Topic |Description | |------|------------| |[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) |To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task. | -|[Manage Windows upgrades with Upgrade Analytics](manage-windows-upgrades-with-upgrade-analytics.md) |With Upgrade Analytics, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows telemetry enabled, Upgrade Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | +|[Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | |[Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, see the following Windows 10 PoC deployment guides: [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md), [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md). | |[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT), and MDT 2013 Update 2 specifically. | |[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) |If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or, more specifically, MDT 2013 Update 2. | |[Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md) |The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a Microsoft Deployment Toolkit (MDT) 2013 Update 2 task sequence to completely automate the process. | |[Upgrade to Windows 10 with System Center Configuration Manager](upgrade-to-windows-10-with-system-center-configuraton-manager.md) |The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a System Center Configuration Manager task sequence to completely automate the process. | |[Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) |This topic provides a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade. | +|[Convert MBR partition to GPT](mbr-to-gpt.md) |This topic provides detailed instructions for using the MBR2GPT partition conversion tool. | |[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. | |[Windows 10 edition upgrade](windows-10-edition-upgrades.md) |With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. | |[Windows 10 upgrade paths](windows-10-upgrade-paths.md) |You can upgrade directly to Windows 10 from a previous operating system. | diff --git a/windows/deploy/manage-windows-upgrades-with-upgrade-analytics.md b/windows/deploy/manage-windows-upgrades-with-upgrade-analytics.md index a7d55fda76..9b25d3cea1 100644 --- a/windows/deploy/manage-windows-upgrades-with-upgrade-analytics.md +++ b/windows/deploy/manage-windows-upgrades-with-upgrade-analytics.md @@ -1,43 +1,4 @@ --- title: Manage Windows upgrades with Upgrade Analytics (Windows 10) -description: Provides an overview of the process of managing Windows upgrades with Upgrade Analytics. -ms.prod: w10 -author: greg-lindsay +redirect_url: manage-windows-upgrades-with-upgrade-readiness --- - -# Manage Windows upgrades with Upgrade Analytics - -Upgrading to new operating systems has traditionally been a challenging, complex, and slow process for many enterprises. Discovering applications and drivers and then testing them for potential compatibility issues have been among the biggest pain points. - -With the release of Upgrade Analytics, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With new Windows versions being released multiple times a year, ensuring application and driver compatibility on an ongoing basis is key to adopting new Windows versions as they are released. - -Microsoft developed Upgrade Analytics in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Analytics was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10. - -With Windows telemetry enabled, Upgrade Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. - -Use Upgrade Analytics to get: - -- A visual workflow that guides you from pilot to production -- Detailed computer and application inventory -- Powerful computer level search and drill-downs -- Guidance and insights into application and driver compatibility issues, with suggested fixes -- Data driven application rationalization tools -- Application usage information, allowing targeted validation; workflow to track validation progress and decisions -- Data export to commonly used software deployment tools, including System Center Configuration Manager - -The Upgrade Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. - -**Important** For system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see: - -- [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization) -- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services) -- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) - -##**Related topics** - -[Upgrade Analytics architecture](upgrade-analytics-architecture.md)
-[Upgrade Analytics requirements](upgrade-analytics-requirements.md)
-[Upgrade Analytics release notes](upgrade-analytics-release-notes.md)
-[Get started with Upgrade Analytics](upgrade-analytics-get-started.md)
-[Use Upgrade Analytics to manage Windows upgrades](use-upgrade-analytics-to-manage-windows-upgrades.md)
-[Troubleshoot Upgrade Analytics](troubleshoot-upgrade-analytics.md)
diff --git a/windows/deploy/manage-windows-upgrades-with-upgrade-readiness.md b/windows/deploy/manage-windows-upgrades-with-upgrade-readiness.md new file mode 100644 index 0000000000..de269889bf --- /dev/null +++ b/windows/deploy/manage-windows-upgrades-with-upgrade-readiness.md @@ -0,0 +1,43 @@ +--- +title: Manage Windows upgrades with Upgrade Readiness (Windows 10) +description: Provides an overview of the process of managing Windows upgrades with Upgrade Readiness. +ms.prod: w10 +author: greg-lindsay +--- + +# Manage Windows upgrades with Upgrade Readiness + +Upgrading to new operating systems has traditionally been a challenging, complex, and slow process for many enterprises. Discovering applications and drivers and then testing them for potential compatibility issues have been among the biggest pain points. + +With the release of Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With new Windows versions being released multiple times a year, ensuring application and driver compatibility on an ongoing basis is key to adopting new Windows versions as they are released. Windows Upgrade Readiness not only supports upgrade management from Windows 7, Windows 8.1 to Windows 10, but also Windows 10 upgrades in the [Windows as a service](https://technet.microsoft.com/en-us/itpro/windows/manage/waas-overview) model. + +Microsoft developed Upgrade Readiness in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Readiness was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10. + +With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. + +Use Upgrade Readiness to get: + +- A visual workflow that guides you from pilot to production +- Detailed computer and application inventory +- Powerful computer level search and drill-downs +- Guidance and insights into application and driver compatibility issues, with suggested fixes +- Data driven application rationalization tools +- Application usage information, allowing targeted validation; workflow to track validation progress and decisions +- Data export to commonly used software deployment tools, including System Center Configuration Manager + +The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. + +**Important** For system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see: + +- [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization) +- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services) +- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) + +##**Related topics** + +[Upgrade Readiness architecture](upgrade-readiness-architecture.md)
+[Upgrade Readiness requirements](upgrade-readiness-requirements.md)
+[Upgrade Readiness release notes](upgrade-readiness-release-notes.md)
+[Get started with Upgrade Readiness](upgrade-readiness-get-started.md)
+[Use Upgrade Readiness to manage Windows upgrades](use-upgrade-readiness-to-manage-windows-upgrades.md)
+[Troubleshoot Upgrade Readiness](troubleshoot-upgrade-readiness.md)
diff --git a/windows/deploy/mbr-to-gpt.md b/windows/deploy/mbr-to-gpt.md new file mode 100644 index 0000000000..5775e4b633 --- /dev/null +++ b/windows/deploy/mbr-to-gpt.md @@ -0,0 +1,384 @@ +--- +title: MBR2GPT +description: How to use the MBR2GPT tool to convert MBR partitions to GPT +keywords: deploy, troubleshoot, windows, 10, upgrade, partition, mbr, gpt +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: deploy +author: greg-lindsay +localizationpriority: high +--- + +# MBR2GPT.EXE + +**Applies to** +- Windows 10 + +## Summary + +**MBR2GPT.EXE** converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS). + +You can use MBR2GPT to perform the following: + +- \[Within the Windows PE environment\]: Convert any attached MBR-formatted disk to GPT, including the system disk. +- \[From within the currently running OS\]: Convert any attached MBR-formatted disk to GPT, including the system disk. + +>MBR2GPT is available in Windows 10 version 1703, also known as Windows 10 Creator's Update, and later versions. +>The tool is available in both the full OS environment and Windows PE. + +You can use MBR2GPT to convert an MBR disk with BitLocker-encrypted volumes as long as protection has been suspended. To resume BitLocker after conversion, you will need to delete the existing protectors and recreate them. + +The MBR2GPT tool can convert operating system disks that have earlier versions of Windows installed, such as Windows 10 versions 1507, 1511, and 1607. However, you must run the tool while booted into Windows 10 version 1703 or later, and perform an offline conversion. + +>[!IMPORTANT] +>After the disk has been converted to GPT partition style, the firmware must be reconfigured to boot in UEFI mode.
Make sure that your device supports UEFI before attempting to convert the disk. + +## Syntax + + +
MBR2GPT /validate|convert [/disk:\] [/logs:\] [/map:\=\] [/allowFullOS] +
+ +### Options + +| Option | Description | +|----|-------------| +|/validate| Instructs MBR2GPT.exe to perform only the disk validation steps and report whether the disk is eligible for conversion. | +|/convert| Instructs MBR2GPT.exe to perform the disk validation and to proceed with the conversion if all validation tests pass. | +|/disk:\| Specifies the disk number of the disk to be converted to GPT. If not specified, the system disk is used. The mechanism used is the same as that used by the diskpart.exe tool **SELECT DISK SYSTEM** command.| +|/logs:\| Specifies the directory where MBR2GPT.exe logs should be written. If not specified, **%windir%** is used. If specified, the directory must already exist, it will not be automatically created or overwritten.| +|/map:\=\| Specifies additional partition type mappings between MBR and GPT. The MBR partition number is specified in decimal notation, not hexidecimal. The GPT GUID can contain brackets, for example: **/map:42={af9b60a0-1431-4f62-bc68-3311714a69ad}**. Multiple /map options can be specified if multiple mappings are required. | +|/allowFullOS| By default, MBR2GPT.exe is blocked unless it is run from Windows PE. This option overrides this block and enables disk conversion while running in the full Windows environment.| + +## Examples + +### Validation example + +In the following example, disk 0 is validated for conversion. Errors and warnings are logged to the default location, **%windir%**. + +``` +X:\>mbr2gpt /validate /disk:0 +MBR2GPT: Attempting to validate disk 0 +MBR2GPT: Retrieving layout of disk +MBR2GPT: Validating layout, disk sector size is: 512 +MBR2GPT: Validation completed successfully +``` + +### Conversion example + +In the following example: + +1. The current disk partition layout is displayed prior to conversion - three partitions are present on the MBR disk (disk 0): a system reserved partition, a Windows partition, and a recovery partition. A DVD-ROM is also present as volume 0. +2. The OS volume is selected, partitions are listed, and partition details are displayed for the OS partition. The [MBR partition type](https://msdn.microsoft.com/library/windows/desktop/aa363990.aspx) is **07** corresponding to the installable file system (IFS) type. +2. The MBR2GPT tool is used to convert disk 0. +3. The DISKPART tool displays that disk 0 is now using the GPT format. +4. The new disk layout is displayed - four partitions are present on the GPT disk: three are identical to the previous partitions and one is the new EFI system partition (volume 3). +5. The OS volume is selected again, and detail displays that it has been converted to the [GPT partition type](https://msdn.microsoft.com/library/windows/desktop/aa365449.aspx) of **ebd0a0a2-b9e5-4433-87c0-68b6b72699c7** corresponding to the **PARTITION_BASIC_DATA_GUID** type. + +>As noted in the output from the MBR2GPT tool, you must make changes to the computer firmware so that the new EFI system partition will boot properly. + +``` +DISKPART> list volume + + Volume ### Ltr Label Fs Type Size Status Info + ---------- --- ----------- ----- ---------- ------- --------- -------- + Volume 0 F CENA_X64FRE UDF DVD-ROM 4027 MB Healthy + Volume 1 C System Rese NTFS Partition 499 MB Healthy + Volume 2 D Windows NTFS Partition 58 GB Healthy + Volume 3 E Recovery NTFS Partition 612 MB Healthy Hidden + +DISKPART> select volume 2 + +Volume 2 is the selected volume. + +DISKPART> list partition + + Partition ### Type Size Offset + ------------- ---------------- ------- ------- + Partition 1 Primary 499 MB 1024 KB +* Partition 2 Primary 58 GB 500 MB + Partition 3 Recovery 612 MB 59 GB + +DISKPART> detail partition + +Partition 2 +Type : 07 +Hidden: No +Active: No +Offset in Bytes: 524288000 + + Volume ### Ltr Label Fs Type Size Status Info + ---------- --- ----------- ----- ---------- ------- --------- -------- +* Volume 2 D Windows NTFS Partition 58 GB Healthy + +DISKPART> exit + +Leaving DiskPart... + +X:\>mbr2gpt /convert /disk:0 + +MBR2GPT will now attempt to convert disk 0. +If conversion is successful the disk can only be booted in GPT mode. +These changes cannot be undone! + +MBR2GPT: Attempting to convert disk 0 +MBR2GPT: Retrieving layout of disk +MBR2GPT: Validating layout, disk sector size is: 512 bytes +MBR2GPT: Trying to shrink the system partition +MBR2GPT: Trying to shrink the OS partition +MBR2GPT: Creating the EFI system partition +MBR2GPT: Installing the new boot files +MBR2GPT: Performing the layout conversion +MBR2GPT: Migrating default boot entry +MBR2GPT: Adding recovery boot entry +MBR2GPT: Fixing drive letter mapping +MBR2GPT: Conversion completed successfully +MBR2GPT: Before the new system can boot properly you need to switch the firmware to boot to UEFI mode! + +X:\>diskpart + +Microsoft DiskPart version 10.0.15048.0 + +Copyright (C) Microsoft Corporation. +On computer: MININT-K71F13N + +DISKPART> list disk + + Disk ### Status Size Free Dyn Gpt + -------- ------------- ------- ------- --- --- + Disk 0 Online 60 GB 0 B * + +DISKPART> select disk 0 + +Disk 0 is now the selected disk. + +DISKPART> list volume + + Volume ### Ltr Label Fs Type Size Status Info + ---------- --- ----------- ----- ---------- ------- --------- -------- + Volume 0 F CENA_X64FRE UDF DVD-ROM 4027 MB Healthy + Volume 1 D Windows NTFS Partition 58 GB Healthy + Volume 2 C System Rese NTFS Partition 499 MB Healthy Hidden + Volume 3 FAT32 Partition 100 MB Healthy Hidden + Volume 4 E Recovery NTFS Partition 612 MB Healthy Hidden + +DISKPART> select volume 1 + +Volume 1 is the selected volume. + +DISKPART> list partition + + Partition ### Type Size Offset + ------------- ---------------- ------- ------- + Partition 1 Recovery 499 MB 1024 KB +* Partition 2 Primary 58 GB 500 MB + Partition 4 System 100 MB 59 GB + Partition 3 Recovery 612 MB 59 GB + +DISKPART> detail partition + +Partition 2 +Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 +Hidden : No +Required: No +Attrib : 0000000000000000 +Offset in Bytes: 524288000 + + Volume ### Ltr Label Fs Type Size Status Info + ---------- --- ----------- ----- ---------- ------- --------- -------- +* Volume 1 D Windows NTFS Partition 58 GB Healthy + +``` + +## Specifications + +### Disk conversion workflow + +The following steps illustrate high-level phases of the MBR-to-GPT conversion process: + +1. Disk validation is performed. +2. The disk is repartitioned to create an EFI system partition (ESP) if one does not already exist. +3. UEFI boot files are installed to the ESP. +4. GPT metatdata and layout information is applied. +5. The boot configuration data (BCD) store is updated. +6. Drive letter assignments are restored. + +### Disk validation + +Before any change to the disk is made, MBR2GPT validates the layout and geometry of the selected disk to ensure that: +- The disk is currently using MBR +- There is enough space not occupied by partitions to store the primary and secondary GPTs: + - 16KB + 2 sectors at the front of the disk + - 16KB + 1 sector at the end of the disk +- There are at most 3 primary partitions in the MBR partition table +- One of the partitions is set as active and is the system partition +- The BCD store on the system partition contains a default OS entry pointing to an OS partition +- The volume IDs can retrieved for each volume which has a drive letter assigned +- All partitions on the disk are of MBR types recognized by Windows or has a mapping specified using the /map command-line option + +If any of these checks fails, the conversion will not proceed and an error will be returned. + +### Creating an EFI system partition + +For Windows to remain bootable after the conversion, an EFI system partition (ESP) must be in place. MBR2GPT creates the ESP using the following rules: + +1. The existing MBR system partition is reused if it meets these requirements: + a. It is not also the OS or Windows Recovery Environment partition + b. It is at least 100MB (or 260MB for 4K sector size disks) in size + c. It is less than or equal to 1GB in size. This is a safety precaution to ensure it is not a data partition. + d. If the conversion is being performed from the full OS, the disk being converted is not the system disk. +2. If the existing MBR system partition cannot be reused, a new ESP is created by shrinking the OS partition. This new partition has a size of 100MB (or 260MB for 4K sector size disks) and is formatted FAT32. + +If the existing MBR system partition is not reused for the ESP, it is no longer used by the boot process after the conversion. Other partitions are not modified. + +### Partition type mapping and partition attributes + +Since GPT partitions use a different set of type IDs than MBR partitions, each partition on the converted disk must be assigned a new type ID. The partition type mapping follows these rules: + +1. The ESP is always set to partition type PARTITION_SYSTEM_GUID (c12a7328-f81f-11d2-ba4b-00a0c93ec93b). +2. If an MBR partition is of a type that matches one of the entries specified in the /map switch, the specified GPT partition type ID is used. +3. If the MBR partition is of type 0x27, the partition is converted to a GPT partition of type PARTITION_MSFT_RECOVERY_GUID (de94bba4-06d1-4d40-a16a-bfd50179d6ac). +4. All other MBR partitions recognized by Windows are converted to GPT partitions of type PARTITION_BASIC_DATA_GUID (ebd0a0a2-b9e5-4433-87c0-68b6b72699c7). + +In addition to applying the correct partition types, partitions of type PARTITION_MSFT_RECOVERY_GUID also have the following GPT attributes set: +- GPT_ATTRIBUTE_PLATFORM_REQUIRED (0x0000000000000001) +- GPT_BASIC_DATA_ATTRIBUTE_NO_DRIVE_LETTER (0x8000000000000000) + +For more information about partition types, see: +- [GPT partition types](https://msdn.microsoft.com/library/windows/desktop/aa365449.aspx) +- [MBR partition types](https://msdn.microsoft.com/library/windows/desktop/aa363990.aspx) + + +### Persisting drive letter assignments + +The conversion tool will attempt to remap all drive letter assignment information contained in the registry that correspond to the volumes of the converted disk. If a drive letter assignment cannot be restored, an error will be displayed at the console and in the log, so that you can manually perform the correct assignment of the drive letter. **Important**: this code runs after the layout conversion has taken place, so the operation cannot be undone at this stage. + +The conversion tool will obtain volume unique ID data before and after the layout conversion, organizing this information into a lookup table. It will then iterate through all the entries in **HKLM\SYSTEM\MountedDevices**, and for each entry do the following: + +1. Check if the unique ID corresponds to any of the unique IDs for any of the volumes that are part of the converted disk. +2. If found, set the value to be the new unique ID, obtained after the layout conversion. +3. If the new unique ID cannot be set and the value name starts with \DosDevices, issue a console and log warning about the need for manual intervention in properly restoring the drive letter assignment. + +## Troubleshooting + +The tool will display status information in its output. Both validation and conversion are clear if any errors are encountered. For example, if one or more partitions do not translate properly, this is displayed and the conversion not performed. To view more detail about any errors that are encountered, see the associated [log files](#logs). + +### Logs + +Four log files are created by the MBR2GPT tool: + +- diagerr.xml +- diagwrn.xml +- setupact.log +- setuperr.log + +These files contain errors and warnings encountered during disk validation and conversion. Information in these files can be helpful in diagnosing problems with the tool. The setupact.log and setuperr.log files will have the most detailed information about disk layouts, processes, and other information pertaining to disk validation and conversion. Note: The setupact*.log files are different than the Windows Setup files that are found in the %Windir%\Panther directory. + +The default location for all these log files in Windows PE is **%windir%**. + +### Interactive help + +To view a list of options available when using the tool, type **mbr2gpt /?** + +The following text is displayed: + +``` + +C:\> mbr2gpt /? + +Converts a disk from MBR to GPT partitioning without modifying or deleting data on the disk. + +MBR2GPT.exe /validate|convert [/disk:] [/logs:] [/map:=] [/allowFullOS] + +Where: + + /validate + - Validates that the selected disk can be converted + without performing the actual conversion. + + /convert + - Validates that the selected disk can be converted + and performs the actual conversion. + + /disk: + - Specifies the disk number of the disk to be processed. + If not specified, the system disk is processed. + + /logs: + - Specifies the directory for logging. By default logs + are created in the %windir% directory. + + /map:= + - Specifies the GPT partition type to be used for a + given MBR partition type not recognized by Windows. + Multiple /map switches are allowed. + + /allowFullOS + - Allows the tool to be used from the full Windows + environment. By default, this tool can only be used + from the Windows Preinstallation Environment. + +``` + +### Return codes + +MBR2GPT has the following associated return codes: + +| Return code | Description | +|----|-------------| +|0| Conversion completed successfully.| +|1| Conversion was canceled by the user.| +|2| Conversion failed due to an internal error.| +|3| Conversion failed due to an initialization error.| +|4| Conversion failed due to invalid command-line parameters. | +|5| Conversion failed due to error reading the geometry and layout of the selected disk.| +|6| Conversion failed because one or more volumes on the disk is encrypted.| +|7| Conversion failed because the geometry and layout of the selected disk do not meet requirements.| +|8| Conversion failed due to error while creating the EFI system partition.| +|9| Conversion failed due to error installing boot files.| +|10| Conversion failed due to error while applying GPT layout.| +|100| Conversion to GPT layout succeeded, but some boot configuration data entries could not be restored.| + + +### Determining the partition type + +You can type the following command at a Windows PowerShell prompt to display the disk number and partition type. Example output is also shown: + + +``` +PS C:\> Get-Disk | ft -Auto + +Number Friendly Name Serial Number HealthStatus OperationalStatus Total Size Partition Style +------ ------------- ------------- ------------ ----------------- ---------- --------------- +0 MTFDDAK256MAM-1K1 13050928F47C Healthy Online 238.47 GB MBR +1 ST1000DM003-1ER162 Z4Y3GD8F Healthy Online 931.51 GB GPT +``` + +You can also view the partition type of a disk by opening the Disk Management tool, right-clicking the disk number, clicking **Properties**, and then clicking the **Volumes** tab. See the following example: + +![Volumes](images/mbr2gpt-volume.PNG) + + +If Windows PowerShell and Disk Management are not available, such as when you are using Windows PE, you can determine the partition type at a command prompt with the diskpart tool. To determine the partition style, type **diskpart** and then type **list disk**. See the following example: + +``` +DISKPART> list disk + + Disk ### Status Size Free Dyn Gpt + -------- ------------- ------- ------- --- --- + Disk 0 Online 238 GB 0 B + Disk 1 Online 931 GB 0 B * +``` + +In this example, Disk 0 is formatted with the MBR partition style, and Disk 1 is formatted using GPT. + + + + +## Related topics + +[Using MBR2GPT with Configuration Manager OSD](https://miketerrill.net/tag/mbr2gpt/) +
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx) +
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) diff --git a/windows/deploy/troubleshoot-upgrade-analytics.md b/windows/deploy/troubleshoot-upgrade-analytics.md index 03c096cc19..dc7f8428f2 100644 --- a/windows/deploy/troubleshoot-upgrade-analytics.md +++ b/windows/deploy/troubleshoot-upgrade-analytics.md @@ -1,38 +1,4 @@ --- title: Troubleshoot Upgrade Analytics (Windows 10) -description: Provides troubleshooting information for Upgrade Analytics. -ms.prod: w10 -author: greg-lindsay +redirect_url: troubleshoot-upgrade-readiness --- - -# Troubleshoot Upgrade Analytics - -If you’re having issues seeing data in Upgrade Analytics after running the Upgrade Analytics Deployment script, make sure it completes successfully without any errors. Check the output of the script in the command window and/or log UA_dateTime_machineName.txt to ensure all steps were completed successfully. In addition, we recommend that you wait at least 48 hours before checking OMS for data after the script first completes without reporting any error. - -If you still don’t see data in Upgrade Analytics, follow these steps: - -1. Download and extract UpgradeAnalytics.zip. Ensure the “Diagnostics” folder is included. - -2. Edit the script as described in [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md). - -3. Check that isVerboseLogging is set to $true. - -4. Run the script again. Log files will be saved to the directory specified in the script. - -5. Open a support case with Microsoft Support through your regular channel and provide this information. - -## Disable Upgrade Analytics - -If you want to stop using Upgrade Analytics and stop sending telemetry data to Microsoft, follow these steps: - -1. Unsubscribe from the Upgrade Analytics solution in the OMS portal. In the OMS portal, go to **Settings** > **Connected Sources** > **Windows Telemetry** and choose the **Unsubscribe** option. - - ![Upgrade Analytics unsubscribe](images/upgrade-analytics-unsubscribe.png) - -2. Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the telemetry level to **Security**: - - **Windows 7 and Windows 8.1**: Delete CommercialDataOptIn registry property from *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection* - **Windows 10**: Follow the instructions in the [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#enterprise-management) topic. - -3. If you enabled **Internet Explorer Site Discovery**, you can disable Internet Explorer data collection by setting the *IEDataOptIn* registry key to value "0". The IEDataOptIn key can be found under: *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*. -4. You can also remove the “CommercialId” key from: "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection". **This is an optional step**. diff --git a/windows/deploy/troubleshoot-upgrade-readiness.md b/windows/deploy/troubleshoot-upgrade-readiness.md new file mode 100644 index 0000000000..700408bdd6 --- /dev/null +++ b/windows/deploy/troubleshoot-upgrade-readiness.md @@ -0,0 +1,38 @@ +--- +title: Troubleshoot Upgrade Readiness (Windows 10) +description: Provides troubleshooting information for Upgrade Readiness. +ms.prod: w10 +author: greg-lindsay +--- + +# Troubleshoot Upgrade Readiness + +If you’re having issues seeing data in Upgrade Readiness after running the Upgrade Readiness Deployment script, make sure it completes successfully without any errors. Check the output of the script in the command window and/or log UA_dateTime_machineName.txt to ensure all steps were completed successfully. In addition, we recommend that you wait at least 48 hours before checking OMS for data after the script first completes without reporting any error. + +If you still don’t see data in Upgrade Readiness, follow these steps: + +1. Download and extract UpgradeAnalytics.zip. Ensure the “Diagnostics” folder is included. + +2. Edit the script as described in [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md). + +3. Check that isVerboseLogging is set to $true. + +4. Run the script again. Log files will be saved to the directory specified in the script. + +5. Open a support case with Microsoft Support through your regular channel and provide this information. + +## Disable Upgrade Readiness + +If you want to stop using Upgrade Readiness and stop sending telemetry data to Microsoft, follow these steps: + +1. Unsubscribe from the Upgrade Readiness solution in the OMS portal. In the OMS portal, go to **Settings** > **Connected Sources** > **Windows Telemetry** and choose the **Unsubscribe** option. + + ![Upgrade Readiness unsubscribe](images/upgrade-analytics-unsubscribe.png) + +2. Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the telemetry level to **Security**: + + **Windows 7 and Windows 8.1**: Delete CommercialDataOptIn registry property from *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection* + **Windows 10**: Follow the instructions in the [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#enterprise-management) topic. + +3. If you enabled **Internet Explorer Site Discovery**, you can disable Internet Explorer data collection by setting the *IEDataOptIn* registry key to value "0". The IEDataOptIn key can be found under: *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*. +4. You can also remove the “CommercialId” key from: "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection". **This is an optional step**. diff --git a/windows/deploy/upgrade-analytics-additional-insights.md b/windows/deploy/upgrade-analytics-additional-insights.md index fd99d97682..3a3dd06910 100644 --- a/windows/deploy/upgrade-analytics-additional-insights.md +++ b/windows/deploy/upgrade-analytics-additional-insights.md @@ -1,81 +1,4 @@ --- title: Upgrade Analytics - Additional insights -description: Explains additional features of Upgrade Analytics. -ms.prod: w10 -author: greg-lindsay +redirect_url: upgrade-readiness-additional-insights --- - -# Upgrade Analytics - Additional insights - -This topic provides information on additional features that are available in Upgrade Analytics to provide insights into your environment. These include: - -- [Site discovery](#site-discovery): An inventory of web sites that are accessed by client computers running Windows 7 or Windows 8.1 using Internet Explorer. -- [Office add-ins](#office-add-ins): A list of the Microsoft Office add-ins that are installed on client computers. - -## Site discovery - -The site discovery feature in Upgrade Analytics provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 8.1 and Windows 7. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data. - -> Note: Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, the data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees. - -### Install prerequisite security update for Internet Explorer - -Ensure the following prerequisites are met before using site discovery: - -1. Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update. -2. Install the update for customer experience and diagnostic telemetery ([KB3080149](https://support.microsoft.com/kb/3080149)). -3. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md) to allow Internet Explorer data collection before you run it. - - If necessary, you can also enable it by creating the following registry entry. - - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection - - Entry name: IEDataOptIn - - Data type: DWORD - - Values: - - > *IEOptInLevel = 0 Internet Explorer data collection is disabled* - > - > *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones* - > - > *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones* - > - > *IEOptInLevel = 3 Data collection is enabled for all sites* - - For more information about Internet Explorer Security Zones, see [About URL Security Zones](https://msdn.microsoft.com/library/ms537183.aspx). - - ![Create the IEDataOptIn registry key](images/upgrade-analytics-create-iedataoptin.png) - -### Review most active sites - -This blade indicates the most visited sites by computers in your environment. Review this list to determine which web applications and sites are used most frequently. The number of visits is based on the total number of views, and not by the number of unique devices accessing a page. - -For each site, the fully qualified domain name will be listed. You can sort the data by domain name or by URL. - -![Most active sites](Images/upgrade-analytics-most-active-sites.png) - -Click the name of any site in the list to drill down into more details about the visits, including the time of each visit and the computer name. - -![Site domain detail](images/upgrade-analytics-site-domain-detail.png) - -### Review document modes in use - -This blade provides information about which document modes are used in the sites that are visited in your environment. Document modes are used to provide compatibility with older versions of Internet Explorer. Sites that use older technologies may require additional testing and are less likely to be compatible with Microsoft Edge. Counts are based on total page views and not the number of unique devices. For more information about document modes, see [Deprecated document modes](https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/deprecated-document-modes). - -![Site activity by document mode](images/upgrade-analytics-site-activity-by-doc-mode.png) - -### Run browser-related queries - -You can run predefined queries to capture more info, such as sites that have Enterprise Mode enabled, or the number of unique computers that have visited a site. For example, this query returns the most used ActiveX controls. You can modify and save the predefined queries. - -![](images/upgrade-analytics-query-activex-name.png) - -## Office add-ins - -Office add-ins provides a list of the Microsoft Office add-ins in your environment, and enumerates the computers that have these add-ins installed. This information should not affect the upgrade decision workflow, but can be helpful to an administrator. - -## Related topics - -[Upgrade Analytics release notes](upgrade-analytics-release-notes.md) diff --git a/windows/deploy/upgrade-analytics-architecture.md b/windows/deploy/upgrade-analytics-architecture.md index e7e639105a..d1ab6fecdb 100644 --- a/windows/deploy/upgrade-analytics-architecture.md +++ b/windows/deploy/upgrade-analytics-architecture.md @@ -1,30 +1,4 @@ --- title: Upgrade Analytics architecture (Windows 10) -description: Describes Upgrade Analytics architecture. -ms.prod: w10 -author: greg-lindsay +redirect_url: upgrade-readiness-architecture --- - -# Upgrade Analytics architecture - -Microsoft analyzes system, application, and driver telemetry data to help you determine when computers are upgrade-ready, allowing you to simplify and accelerate Windows upgrades in your organization. The diagram below illustrates how Upgrade Analytics components work together in a typical installation. - - - -![Upgrade Analytics architecture](images/upgrade-analytics-architecture.png) - -After you enable Windows telemetry on user computers and install the compatibility update KB (1), user computers send computer, application and driver telemetry data to a secure Microsoft data center through the Microsoft Data Management Service (2). After you configure Upgrade Analytics, telemetry data is analyzed by the Upgrade Analytics Service (3) and pushed to your OMS workspace (4). You can then use the Upgrade Analytics solution (5) to plan and manage Windows upgrades. - -For more information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see: - -[Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
-[Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
-[Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
- -##**Related topics** - -[Upgrade Analytics requirements](upgrade-analytics-requirements.md)
-[Upgrade Analytics release notes](upgrade-analytics-release-notes.md)
-[Get started with Upgrade Analytics](upgrade-analytics-get-started.md)
diff --git a/windows/deploy/upgrade-analytics-deploy-windows.md b/windows/deploy/upgrade-analytics-deploy-windows.md index 57b8c26f7f..76c41c573a 100644 --- a/windows/deploy/upgrade-analytics-deploy-windows.md +++ b/windows/deploy/upgrade-analytics-deploy-windows.md @@ -1,97 +1,4 @@ --- title: Upgrade Analytics - Get a list of computers that are upgrade-ready (Windows 10) -description: Describes how to get a list of computers that are ready to be upgraded in Upgrade Analytics. -ms.prod: w10 -author: greg-lindsay +redirect_url: upgrade-readiness-deploy-windows --- - -# Upgrade Analytics - Step 3: Deploy Windows - -All of your work up to now involved reviewing and resolving application and driver issues. Along the way, as you’ve resolved issues and decided which applications and drivers are ready to upgrade, you’ve been building a list of computers that are upgrade ready. -The blades in the **Deploy** section are: - -- [Deploy eligible computers](#deploy-eligible-computers) -- [Deploy computers by group](#computer-groups) - ->Computers that are listed in this step are assigned an **UpgradeDecision** value, and the total count of computers in each upgrade decision category is displayed. Additionally, computers are assigned an **UpgradeAssessment** value. This value is displayed by drilling down into a specific upgrade decision category. For information about upgrade assessment values, see [Upgrade assessment](#upgrade-assessment). - -## Deploy eligible computers - -In this blade, computers grouped by upgrade decision are listed. The upgrade decision on the machines is a calculated value based on the upgrade decision status for the apps and drivers installed on the computer. This value cannot be modified directly. The upgrade decision is calculated in the following ways: -- **Review in progress**: At least one app or driver installed on the computer is marked **Review in progress**. -- **Ready to upgrade**: All apps and drivers installed on the computer are marked as **Ready to Upgrade**. -- **Won’t upgrade**: At least one app or driver installed on the computer is marked as **Won’t upgrade**, or a system requirement is not met. - - - -![Deploy eligible computers](images/ua-cg-16.png) - -Select **Export computers** for more details, including computer name, manufacturer and model, and Windows edition currently running on the computer. Sort or further query the data and then select **Export** to generate and save a comma-separated value (csv) list of upgrade-ready computers. - ->**Important**
When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time. - -## Computer groups - -Computer groups allow you to segment your environment by creating device groups based on OMS log search results, or by importing groups from Active Directory, WSUS or System Center Configuration Manager. Computer groups are an OMS feature. For more information, see [Computer groups in OMS](https://blogs.technet.microsoft.com/msoms/2016/04/04/computer-groups-in-oms/). - -Query based computer groups are recommended in the initial release of this feature. A feature known as **Configuration Manager Upgrade Analytics Connector** is anticipated in a future release that will enable synchronization of **ConfigMgr Collections** with computer groups in OMS. - -### Getting started with Computer Groups - -When you sign in to OMS, you will see a new blade entitled **Computer Groups**. See the following example: - -![Computer groups](images/ua-cg-01.png) - -To create a computer group, open **Log Search** and create a query based on **Type=UAComputer**, for example: - -``` -Type=UAComputer Manufacturer=DELL -``` - -![Computer groups](images/ua-cg-02.png) - -When you are satisfied that the query is returning the intended results, add the following text to your search: - -``` -| measure count() by Computer -``` - -This will ensure every computer only shows up once. Then, save your group by clicking **Save** and **Yes**. See the following example: - -![Computer groups](images/ua-cg-03.png) - -Your new computer group will now be available in Upgrade Analytics. See the following example: - -![Computer groups](images/ua-cg-04.png) - -### Using Computer Groups - -When you drill into a computer group, you will see that computers are categorized by **UpgradeDecision**. For computers with the status **Review in progress** or **Won’t upgrade** you can drill down to view issues that cause a computer to be in each category, or you can simply display a list of the computers in the category. For computers that are designated **Ready to upgrade**, you can go directly to the list of computers that are ready. - -![Computer groups](images/ua-cg-05.png) - -Viewing a list of computers in a certain status is self-explanatory, Let’s look at what happens when you click the details link on **Review in progress**: - -![Computer groups](images/ua-cg-06.png) - -Next, select if you want to see application issues (**UAApp**) or driver issues (**UADriver**). See the following example of selecting **UAApp**: - -![Computer groups](images/ua-cg-07.png) - -A list of apps that require review so that Dell Computers are ready for upgrade to Windows 10 is displayed. - -### Upgrade assessment - -Upgrade assessment and guidance details are explained in the following table. - -| Upgrade assessment | Action required before or after upgrade pilot? | Issue | What it means | Guidance | -|-----------------------|------------------------------------------------|----------|-----------------|---------------| -| No known issues | No | None | Computers will upgrade seamlessly.
| OK to use as-is in pilot. | -| OK to pilot, fixed during upgrade | No, for awareness only | Application or driver will not migrate to new OS | The currently installed version of an application or driver won’t migrate to the new operating system; however, a compatible version is installed with the new operating system. | OK to use as-is in pilot. | -| OK to pilot with new driver from Windows Update | Yes | Driver will not migrate to new OS | The currently installed version of a driver won’t migrate to the new operating system; however, a newer, compatible version is available from Windows Update. | Although a compatible version of the driver is installed during upgrade, a newer version is available from Windows Update.

If the computer automatically receives updates from Windows Update, no action is required. Otherwise, replace the new in-box driver with the Windows Update version after upgrading.

| - -Select **Export computers** to view pilot-ready computers organized by operating system. After you select the computers you want to use in a pilot, click Export to generate and save a comma-separated value (csv) file. - ->**Important**> When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time. \ No newline at end of file diff --git a/windows/deploy/upgrade-analytics-deployment-script.md b/windows/deploy/upgrade-analytics-deployment-script.md index 06bff0e12b..0db5694e53 100644 --- a/windows/deploy/upgrade-analytics-deployment-script.md +++ b/windows/deploy/upgrade-analytics-deployment-script.md @@ -1,103 +1,4 @@ --- title: Upgrade Analytics deployment script (Windows 10) -description: Deployment script for Upgrade Analytics. -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -author: greg-lindsay ---- - -# Upgrade Analytics deployment script - -To automate the steps provided in [Get started with Upgrade Analytics](upgrade-analytics-get-started.md), and to troubleshoot data sharing issues, you can run the [Upgrade Analytics deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409), developed by Microsoft. - -For detailed information about using the upgrade analytics deployment script, also see the [Upgrade Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/2016/09/20/new-version-of-the-upgrade-analytics-deployment-script-available/). - -> The following guidance applies to version 11.11.16 or later of the Upgrade Analytics deployment script. If you are using an older version, please download the latest from [Download Center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409). - -The Upgrade Analytics deployment script does the following: - -1. Sets commercial ID key + CommercialDataOptIn + RequestAllAppraiserVersions keys. -2. Verifies that user computers can send data to Microsoft. -3. Checks whether the computer has a pending restart.   -4. Verifies that the latest version of KB package 10.0.x is installed (version 10.0.14348 or later is required, but version 10.0.14913 or later is recommended). -5. If enabled, turns on verbose mode for troubleshooting. -6. Initiates the collection of the telemetry data that Microsoft needs to assess your organization’s upgrade readiness. -7. If enabled, displays the script’s progress in a cmd window, providing you immediate visibility into issues (success or fail for each step) and/or writes to log file. - -To run the Upgrade Analytics deployment script: - -1. Download the [Upgrade Analytics deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and extract UpgradeAnalytics.zip. Inside, there are two folders: Pilot and Deployment. The Pilot folder contains advanced logging that can help troubleshoot issues and is intended to be run from an elevated command prompt. The Deployment folder offers a lightweight script intended for broad deployment through ConfigMgr or other software deployment system. We recommend manually running the Pilot version of the script on 5-10 machines to verify that everything is configured correctly. Once you have confirmed that data is flowing successfully, proceed to run the Deployment version throughout your organization. - -2. Edit the following parameters in RunConfig.bat: - - 1. Provide a storage location for log information. You can store log information on a remote file share or a local directory. If the script is blocked from creating the log file for the given path, it creates the log files in the drive with the Windows directory. Example: %SystemDrive%\\UADiagnostics - - 2. Input your commercial ID key. This can be found in your OMS workspace under Settings -> Connected Sources -> Windows Telemetry. - - 3. By default, the script sends log information to both the console and the log file. To change the default behavior, use one of the following options: - - > *logMode = 0 log to console only* -> - > *logMode = 1 log to file and console* -> - > *logMode = 2 log to file only* - -3. To enable Internet Explorer data collection, set AllowIEData to IEDataOptIn. By default, AllowIEData is set to Disable. Then use one of the following options to determine what Internet Explorer data can be collected: - - > *IEOptInLevel = 0 Internet Explorer data collection is disabled* - > - > *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones* - > - > *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones* - > - > *IEOptInLevel = 3 Data collection is enabled for all sites* - -4. After you finish editing the parameters in RunConfig.bat, you are ready to run the script. If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system. - -
- -The deployment script displays the following exit codes to let you know if it was successful, or if an error was encountered. - -
- - -
Exit codeMeaningSuggested fix -
0Success -
1Unexpected error occurred while executing the script The files in the deployment script are likely corrupted. Download the [latest script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the download center and try again. -
2Error when logging to console. $logMode = 0. Try changing the $logMode value to **1** and try again. -
3Error when logging to console and file. $logMode = 1.Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location. -
4Error when logging to file. $logMode = 2.Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location. -
5Error when logging to console and file. $logMode = unknown.Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location. -
6The commercialID parameter is set to unknown. Modify the script.Set the value for CommercialID in runconfig.bat file. -
8Failure to create registry key path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection. Verify that the configuration script has access to this location. -
9Error when writing CommercialId to registry.Verify that the configuration script has access to this location. -
10Error when writing CommercialDataOptIn to registry.Verify that the configuration script has access to this location. -
11Function -SetupCommercialId: Unexpected failure.Verify that the configuration script has access to this location. -
12Can’t connect to Microsoft – Vortex. Check your network/proxy settings.Verify that the required endpoints are whitelisted correctly. -
13Can’t connect to Microsoft – setting. Verify that the required endpoints are whitelisted correctly. -
14Can’t connect to Microsoft – compatexchange. Verify that the required endpoints are whitelisted. -
15Error connecting to Microsoft:Unexpected failure. -
16Machine requires reboot. The reboot is required to complete the installation of the compatibility update and related KBs. Reboot the machine before running the Upgrade Analytics deployment script. -
17Function -CheckRebootRequired: Unexpected failure.The reboot is required to complete the installation of the compatibility update and related KBs. Reboot the machine before running the Upgrade Analytics deployment script. -
18Outdated compatibility update KB package. Update via Windows Update/WSUS. -The configuration script detected a version of the Compatibility update module that is older than the minimum required to correctly collect the data required by Upgrade Analytics solution. Use the latest version of the Compatibility update for Windows 7 SP1/Windows 8.1. -
19The compatibility update failed with unexpected exception. The files in the deployment script are likely corrupted. Download the [latest script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the download center and try again. -
20Error writing RequestAllAppraiserVersions registry key. This registry key is required for data collection to work correctly. Verify that the configuration script has access to this location. -
21Function – SetRequestAllAppraiserVersions: Unexpected failure.This registry key is required for data collection to work correctly. Verify that the configuration script has access to this location. -
22RunAppraiser failed with unexpected exception. Check %windir%\System32 directory for a file called CompatTelRunner.exe. If the file does not exist, reinstall the required compatibility updates which include this file, and check your organization group policy to make sure it does not remove this file. -
23Error finding system variable %WINDIR%. Make sure that this environment variable is available on the machine. -
24SetIEDataOptIn failed when writing IEDataOptIn to registry. Verify that the deployment script in running in a context that has access to the registry key. -
25SetIEDataOptIn failed with unexpected exception. The files in the deployment script are likely corrupted. Download the latest script from the [download center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and try again. -
26The operating system is Server or LTSB SKU. The script does not support Server or LTSB SKUs. -
27The script is not running under System account.The Upgrade Analytics configuration script must be run as system. -
28Could not create log file at the specified logPath. Make sure the deployment script has access to the location specified in the logPath parameter. -
29 Connectivity check failed for proxy authentication. Install the cumulative updates on the machine and enable the `DisableEnterpriseAuthProxy` authentication proxy setting. The `DisableEnterpriseAuthProxy` setting is enabled by default for Windows 7. For Windows 8.1 machines, set the `DisableEnterpriseAuthProxy` setting to **0** (not disabled). For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688). -
30Connectivity check failed. Registry key property `DisableEnterpriseAuthProxy` is not enabled. The `DisableEnterpriseAuthProxy` setting is enabled by default for Windows 7. For Windows 8.1 machines, set the `DisableEnterpriseAuthProxy` setting to **0** (not disabled). For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688). -
31There is more than one instance of the Upgrade Analytics data collector running at the same time on this machine. Use the Windows Task Manager to check if CompatTelRunner.exe is running, and wait until it has completed to rerun the script. -**The Upgrade Analytics task is scheduled to run daily at 3 a.m.** -
- -
- +redirect_url: upgrade-readiness-deployment-script +--- \ No newline at end of file diff --git a/windows/deploy/upgrade-analytics-get-started.md b/windows/deploy/upgrade-analytics-get-started.md index 58a6877174..575fd2ed00 100644 --- a/windows/deploy/upgrade-analytics-get-started.md +++ b/windows/deploy/upgrade-analytics-get-started.md @@ -1,130 +1,4 @@ --- title: Get started with Upgrade Analytics (Windows 10) -description: Explains how to get started with Upgrade Analytics. -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: deploy -author: greg-lindsay ---- - -# Get started with Upgrade Analytics - -This topic explains how to obtain and configure Upgrade Analytics for your organization. - -You can use Upgrade Analytics to plan and manage your upgrade project end-to-end. Upgrade Analytics works by establishing communications between computers in your organization and Microsoft. Upgrade Analytics collects computer, application, and driver data for analysis. This data is used to identify compatibility issues that can block your upgrade and to suggest fixes that are known to Microsoft. - -Before you begin, consider reviewing the following helpful information:
- - [Upgrade Analytics requirements](https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-requirements): Provides detailed requirements to use Upgrade Analytics.
- - [Upgrade Analytics blog](https://blogs.technet.microsoft.com/UpgradeAnalytics): Contains announcements of new features and provides helpful tips for using Upgrade Analytics. - ->If you are using System Center Configuration Manager, also check out information about how to integrate Upgrade Analytics with Configuration Manager: [Integrate Upgrade Analytics with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics). - -When you are ready to begin using Upgrade Analytics, perform the following steps: - -1. Review [data collection and privacy](#data-collection-and-privacy) information. -2. [Add Upgrade Analytics to OMS](#add-upgrade-analytics-to-operations-management-suite). -3. [Enable data sharing](#enable-data-sharing). -4. [Deploy required updates](#deploy-the-compatibility-update-and-related-kbs) to computers, and validate using a pilot deployment. -5. [Deploy Upgrade Analytics at scale](#deploy-upgrade-analytics-at-scale). - -## Data collection and privacy - -To enable system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see the following topics: - -- [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization) -- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services) -- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) - -## Add Upgrade Analytics to Operations Management Suite - -Upgrade Analytics is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing your on-premises and cloud environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/documentation/articles/operations-management-suite-overview/). - -If you are already using OMS, you’ll find Upgrade Analytics in the Solutions Gallery. Select the **Upgrade Analytics** tile in the gallery and then click **Add** on the solution's details page. Upgrade Analytics is now visible in your workspace. - -If you are not using OMS: - -1. Go to the [Upgrade Analytics page on Microsoft.com](https://go.microsoft.com/fwlink/?LinkID=799190&clcid=0x409) and click **Sign up** to kick off the onboarding process. -2. Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. -3. Create a new OMS workspace. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Select **Create**. -4. If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator. - - > If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. Your workspace opens. - -1. To add the Upgrade Analytics solution to your workspace, go to the **Solutions Gallery**. Select the **Upgrade Analytics** tile in the gallery and then select **Add** on the solution’s details page. The solution is now visible on your workspace. Note that you may need to scroll to find Upgrade Analytics. - -2. Click the **Upgrade Analytics** tile to configure the solution. The **Settings Dashboard** opens. - -### Generate your commercial ID key - -Microsoft uses a unique commercial ID to map information from user computers to your OMS workspace. Generate your commercial ID key in OMS and then deploy it to user computers. - -1. On the Settings Dashboard, navigate to the **Windows telemetry** panel. - - ![upgrade-analytics-telemetry](images/upgrade-analytics-telemetry.png) - -2. On the Windows telemetry panel, copy and save your commercial ID key. You’ll need to insert this key into the Upgrade Analytics deployment script later so it can be deployed to user computers. - - >**Important**
Regenerate a commercial ID key only if your original ID key can no longer be used. Regenerating a commercial ID key resets the data in your workspace for all solutions that use the ID. Additionally, you’ll need to deploy the new commercial ID key to user computers again. - -### Subscribe to Upgrade Analytics - -For Upgrade Analytics to receive and display upgrade readiness data from Microsoft, subscribe your OMS workspace to Upgrade Analytics. - -1. On the **Windows telemetry** panel, click **Subscribe**. The button changes to **Unsubscribe**. Unsubscribe from the Upgrade Analytics solution if you no longer want to receive upgrade-readiness information from Microsoft. Note that user computer data will continue to be shared with Microsoft for as long as the opt-in keys are set on user computers and the proxy allows the traffic. - -1. Click **Overview** on the Settings Dashboard to return to your OMS workspace portal. The Upgrade Analytics tile now displays summary data. Click the tile to open Upgrade Analytics. - -## Enable data sharing - -To enable data sharing, whitelist the following endpoints. Note that you may need to get approval from your security group to do this. - -Note: The compatibility update KB runs under the computer’s system account. If you are using user authenticated proxies, read [this blog post](https://go.microsoft.com/fwlink/?linkid=838688) to learn what you need to do to run it under the logged on user account. - -| **Endpoint** | **Function** | -|---------------------------------------------------------|-----------| -| `https://v10.vortex-win.data.microsoft.com/collect/v1`
`https://Vortex-win.data.microsoft.com/health/keepalive` | Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint. | -| `https://settings.data.microsoft.com/qos` | Enables the compatibility update KB to send data to Microsoft. | -| `https://go.microsoft.com/fwlink/?LinkID=544713`
`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc` | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. | - - -## Deploy the compatibility update and related KBs - -The compatibility update KB scans your computers and enables application usage tracking. If you don’t already have these KBs installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using Windows Server Update Services (WSUS) or your software distribution solution, such as System Center Configuration Manager. - -| **Operating System** | **KBs** | -|----------------------|-----------------------------------------------------------------------------| -| Windows 8.1 | [KB 2976978](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2976978)
Performs diagnostics on the Windows 8.1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed.
For more information about this KB, see

[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)
Provides updated configuration and definitions for compatibility diagnostics performed on the system.
For more information about this KB, see
NOTE: KB2976978 must be installed before you can download and install KB3150513. | -| Windows 7 SP1 | [KB2952664](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2952664)
Performs diagnostics on the Windows 7 SP1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed.
For more information about this KB, see

[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)
Provides updated configuration and definitions for compatibility diagnostics performed on the system.
For more information about this KB, see
NOTE: KB2952664 must be installed before you can download and install KB3150513. | - -IMPORTANT: Restart user computers after you install the compatibility update KBs for the first time. - -If you are planning to enable IE Site Discovery, you will need to install a few additional KBs. - -| **Site discovery** | **KB** | -|----------------------|-----------------------------------------------------------------------------| -| [Review site discovery](upgrade-analytics-review-site-discovery.md) | [KB3080149](http://www.catalog.update.microsoft.com/Search.aspx?q=3080149)
Updates the Diagnostic and Telemetry tracking service to existing devices. This update is only necessary on Windows 7 and Windows 8.1 devices.
For more information about this KB, see

Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update. | - -### Deploy the Upgrade Analytics deployment script - -You can use the Upgrade Analytics deployment script to automate and verify your deployment. - -See [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md) for information on obtaining and running the script, and for a description of the error codes that can be displayed. - ->After data is sent from computers to Microsoft, it generally takes 48 hours for the data to populate in Upgrade Analytics. The compatibility update KB takes several minutes to run. If the KB does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Upgrade Analytics. For this reason, you can expect most your computers to be populated in OMS in about 1-2 weeks after deploying the KB and configuration to user computers. - -## Deploy Upgrade Analytics at scale - -When you have completed a pilot deployment, you are ready to automate data collection and distribute the deployment script to the remaining computers in your organization. - -### Automate data collection - -To ensure that user computers are receiving the most up to date data from Microsoft, we recommend that you establish the following data sharing and analysis processes. - -- Enable automatic updates for the compatibility update and related KBs. These KBs are updated frequently to include the latest application and driver issue information as we discover it during testing. -- Schedule the Upgrade Analytics deployment script to automatically run so that you don’t have to manually initiate an inventory scan each time the compatibility update KBs are updated. Computers are re-scanned only when the compatibility KBs are updated, so if your inventory changes significantly between KB releases you won’t see the changes in Upgrade Analytics until you run the script again. -- Schedule monthly user computer scans to view monthly active computer and usage information. - -### Distribute the deployment script at scale - -Use a software distribution system such as System Center Configuration Manager to distribute the Upgrade Analytics deployment script at scale. For more information, see the [Upgrade Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/2016/09/20/new-version-of-the-upgrade-analytics-deployment-script-available/). \ No newline at end of file +redirect_url: upgrade-readiness-get-started +--- \ No newline at end of file diff --git a/windows/deploy/upgrade-analytics-identify-apps.md b/windows/deploy/upgrade-analytics-identify-apps.md index cfd5df068f..6ff2df414c 100644 --- a/windows/deploy/upgrade-analytics-identify-apps.md +++ b/windows/deploy/upgrade-analytics-identify-apps.md @@ -1,36 +1,5 @@ --- title: Upgrade Analytics - Identify important apps (Windows 10) -description: Describes how to prepare your environment so that you can use Upgrade Analytics to manage Windows upgrades. -ms.prod: w10 -author: greg-lindsay +redirect_url: upgrade-readiness-identify-apps --- -# Upgrade Analytics - Step 1: Identify important apps - -This is the first step of the Upgrade Analytics workflow. In this step, applications are listed and grouped by importance level. Setting the importance level enables you to prioritize applications for upgrade. - - - -![Prioritize applications](images/upgrade-analytics-prioritize.png) - -Select **Assign importance** to change an application’s importance level. By default, applications are marked **Not reviewed** or **Low install count** until you assign a different importance level to them. - -To change an application’s importance level: - -1. Select **Not reviewed** or **Low install count** on the **Prioritize applications** blade to view the list of applications with that importance level. -2. Select the applications you want to change to a specific importance level and then select the appropriate option from the **Select importance level** list. -3. Click **Save** when finished. - -Importance levels include: - -| Importance level | When to use it | Recommendation | -|--------------------|------------------|------------------| -| Low install count | We give you a head start by identifying applications that are installed on 2% or less of your total computer inventory. \[Number of computers application is installed on/total number of computers in your inventory.\]

Low install count applications are automatically marked as **Ready to upgrade** in the **UpgradeDecision** column unless they have issues that need attention.
| Be sure to review low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates. For example, payroll apps or tax accounting apps tend to be installed on a relatively small number of machines but are still considered business critical applications.

| -| Not reviewed | Applications that are installed on more than 2% of your total computer inventory are marked not reviewed until you set their importance level.

| Once you’ve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns. | -| Business critical | By default, no applications are marked as business critical because only you can make that determination. If you know that an application is critical to your organization’s functioning, mark it **Business critical**.

| You may also want to change the application’s status to **Review in progress** in the **UpgradeDecision** column to let other team members know that you’re working on getting this business critical application upgrade-ready. Once you’ve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**.
| -| Important | By default, no applications are marked as important because only you can make that determination. If the application is important but not critical to your organization’s functioning, mark it **Important**. | You may also want to change the application’s status to **Review in progress** in the **UpgradeDecision** column to let other team members know that you’re working on getting this important application upgrade-ready. Once you’ve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**.
| -| Ignore | By default, no applications are marked as ignore because only you can make that determination. If the application is not important to your organization’s functioning, such as user-installed applications and games, you may not want to spend time and money validating that these applications will migrate successfully. Mark these applications **Ignore**.
| Set the application’s importance level to **Ignore** to let other team members know that it can be left as-is with no further investigation or testing. If you set the importance level to ignore, and this is an app that you are not planning on testing or validating, consider changing the upgrade decision to **Ready to upgrade**. By marking these apps ready to upgrade, you are indicating that you are comfortable upgrading with the app remaining in its current state.

| -| Review in progress | Once you’ve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns.
| As you learn more about the application’s importance to your organization’s functioning, change the importance level to **Business critical**, **Important**, or **Ignore**.

Until you’ve determined that priority applications will migrate successfully, leave the upgrade decision status as **Review in progress**.
| - diff --git a/windows/deploy/upgrade-analytics-prepare-your-environment.md b/windows/deploy/upgrade-analytics-prepare-your-environment.md new file mode 100644 index 0000000000..796b1298d8 --- /dev/null +++ b/windows/deploy/upgrade-analytics-prepare-your-environment.md @@ -0,0 +1,4 @@ +--- +title: Upgrade Analytics - Identify important apps (Windows 10) +redirect_url: upgrade-readiness-identify-apps +--- \ No newline at end of file diff --git a/windows/deploy/upgrade-analytics-release-notes.md b/windows/deploy/upgrade-analytics-release-notes.md new file mode 100644 index 0000000000..694618d4d7 --- /dev/null +++ b/windows/deploy/upgrade-analytics-release-notes.md @@ -0,0 +1,4 @@ +--- +title: Upgrade Analytics release notes (Windows 10) +redirect_url: https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-requirements#important-information-about-this-release +--- \ No newline at end of file diff --git a/windows/deploy/upgrade-analytics-requirements.md b/windows/deploy/upgrade-analytics-requirements.md index 3875acc090..1b99be1621 100644 --- a/windows/deploy/upgrade-analytics-requirements.md +++ b/windows/deploy/upgrade-analytics-requirements.md @@ -1,88 +1,5 @@ --- title: Upgrade Analytics requirements (Windows 10) -description: Provides requirements for Upgrade Analytics. -ms.prod: w10 -author: greg-lindsay +redirect_url: upgrade-readiness-requirements --- -# Upgrade Analytics requirements - -This article introduces concepts and steps needed to get up and running with Upgrade Analytics. We recommend that you review this list of requirements before getting started as you may need to collect information, such as account credentials, and get approval from internal IT groups, such as your network security group, before you can start using Upgrade Analytics. - -## Supported upgrade paths - -To perform an in-place upgrade, user computers must be running the latest version of either Windows 7 SP1 or Windows 8.1. After you enable Windows telemetry, Upgrade Analytics performs a full inventory of computers so that you can see which version of Windows is installed on each computer. - -The compatibility update KB that sends telemetry data from user computers to Microsoft data centers works with Windows 7 SP1 and Windows 8.1 only. Upgrade Analytics cannot evaluate Windows XP or Windows Vista for upgrade eligibility. - - - -If you need to update user computers to Windows 7 SP1 or Windows 8.1, use Windows Update or download and deploy the applicable package from the Microsoft Download Center. - -Note: Upgrade Analytics is designed to best support in-place upgrades. In-place upgrades do not support migrations from BIOS to UEFI or from 32-bit to 64-bit architecture. If you need to migrate computers in these scenarios, use the wipe-and-reload method. Upgrade Analytics insights are still valuable in this scenario, however, you can ignore in-place upgrade specific guidance. - -See [Windows 10 Specifications](http://www.microsoft.com/en-US/windows/windows-10-specifications) for additional information about computer system requirements. - -## Operations Management Suite - -Upgrade Analytics is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing on premise and cloud computing environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/). - -If you’re already using OMS, you’ll find Upgrade Analytics in the Solutions Gallery. Click the Upgrade Analytics tile in the gallery and then click Add on the solution’s details page. Upgrade Analytics is now visible in your workspace. - -If you are not using OMS, go to [the Upgrade Analytics page on Microsoft.com](https://www.microsoft.com/en-us/WindowsForBusiness/upgrade-analytics) and select **Sign up** to kick off the OMS onboarding process. During the onboarding process, you’ll create an OMS workspace and add the Upgrade Analytics solution to it. - -Important: You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory, use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. - -## System Center Configuration Manager integration - -Upgrade Analytics can be integrated with your installation of Configuration Manager. For more information, see [Integrate Upgrade Analytics with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics). - -## Telemetry and data sharing - -After you’ve signed in to Operations Management Suite and added the Upgrade Analytics solution to your workspace, you’ll need to complete the following tasks to allow user computer data to be shared with and assessed by Upgrade Analytics. - -See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) for more information about what user computer data Upgrade Analytics collects and assesses. See [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization) for more information about how Microsoft uses Windows telemetry data. - -**Whitelist telemetry endpoints.** To enable telemetry data to be sent to Microsoft, you’ll need to whitelist the following Microsoft telemetry endpoints on your proxy server or firewall. You may need to get approval from your security group to do this. - -`https://v10.vortex-win.data.microsoft.com/collect/v1`
-`https://vortex-win.data.microsoft.com/health/keepalive`
-`https://settings-win.data.microsoft.com/settings`
-`https://vortex.data.microsoft.com/health/keepalive`
-`https://settings.data.microsoft.com/qos`
-`https://go.microsoft.com/fwlink/?LinkID=544713`
-`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc/extended`
- ->**Note** The compatibility update KB runs under the computer’s system account and does not support user authentication in this release. - -**Generate your commercial ID key.** Microsoft uses a unique commercial ID GUID to map data from your computers to your OMS workspace. You’ll need to generate your commercial ID key in OMS. We recommend that you save your commercial ID key as you’ll need it later. - -**Subscribe your OMS workspace to Upgrade Analytics.** For Upgrade Analytics to receive and display upgrade readiness data from Microsoft, you’ll need to subscribe your OMS workspace to Upgrade Analytics. - -**Enable telemetry and connect data sources.** To allow Upgrade Analytics to collect system, application, and driver data and assess your organization’s upgrade readiness, communication must be established between Upgrade Analytics and user computers. You’ll need to connect Upgrade Analytics to your data sources and enable telemetry to establish communication. - -**Deploy compatibility update and related KBs.** The compatibility update KB scans your systems and enables application usage tracking. If you don’t already have this KB installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using Windows Server Update Services (WSUS) or your software distribution solution, such as System Center Configuration Manager. - ->**Important**
The compatibility update and related KBs are updated frequently to include new compatibility issues as they become known to Microsoft. We recommend that you use a deployment system that allows for automatic updates of these KBs. The compatibility update KB collects inventory information from computers only when it is updated. - -**Configure and deploy Upgrade Analytics deployment script.** Configure and deploy the Upgrade Analytics deployment script to user computers to finish setting up. - -## Important information about this release - -Before you get started configuring Upgrade Anatlyics, review the following tips and limitations about this release. - -**User authenticated proxies are not supported in this release.** User computers communicate with Microsoft through Windows telemetry. The Windows telemetry client runs in System context and requires a connection to various Microsoft telemetry endpoints. User authenticated proxies are not supported at this time. Work with your Network Administrator to ensure that user computers can communicate with telemetry endpoints. - -**Upgrade Analytics does not support on-premises Windows deployments.** Upgrade Analytics is built as a cloud service, which allows Upgrade Analytics to provide you with insights based on the data from user computers and other Microsoft compatibility services. Cloud services are easy to get up and running and are cost-effective because there is no requirement to physically implement and maintain services on-premises. - -**In-region data storage requirements.** Windows telemetry data from user computers is encrypted, sent to, and processed at Microsoft-managed secure data centers located in the US. Our analysis of the upgrade readiness-related data is then provided to you through the Upgrade Analytics solution in the Microsoft Operations Management Suite (OMS) portal. At the time this topic is being published, only OMS workspaces created in the East US and West Europe are supported. We’re adding support for additional regions and we’ll update this information when new international regions are supported. - -### Tips - -- When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export a list with fewer items. - -- Sorting data by clicking a column heading may not sort your complete list of items. For information about how to sort data in OMS, see [Sorting DocumentDB data using Order By](https://azure.microsoft.com/documentation/articles/documentdb-orderby). - -## Get started - -See [Get started with Upgrade Analytics](upgrade-analytics-get-started.md) for detailed, step-by-step instructions for configuring Upgrade Analytics and getting started on your Windows upgrade project. diff --git a/windows/deploy/upgrade-analytics-resolve-issues.md b/windows/deploy/upgrade-analytics-resolve-issues.md index ec6f782f9e..9514c81869 100644 --- a/windows/deploy/upgrade-analytics-resolve-issues.md +++ b/windows/deploy/upgrade-analytics-resolve-issues.md @@ -1,145 +1,5 @@ --- title: Upgrade Analytics - Resolve application and driver issues (Windows 10) -description: Describes how to resolve application and driver issues that can occur during an upgrade with Upgrade Analytics. -ms.prod: w10 -author: greg-lindsay +redirect_url: upgrade-readiness-resolve-issues --- -# Upgrade Analytics - Step 2: Resolve app and driver issues - -This section of the Upgrade Analytics workflow reports application and driver inventory and shows you which applications have known issues, which applications have no known issues, and which drivers have issues. We identify applications and drivers that need attention and suggest fixes when we know about them. - -You can change an application’s upgrade decision and a driver’s upgrade decision from the blades in this section. To change an application’s or a driver’s importance level, select **User changes**. Select the item you want to change and then select the appropriate option from the **Select upgrade decision** list. - -Upgrade decisions include: - -| Upgrade decision | When to use it | Guidance | -|--------------------|-------------------|-------------| -| Not reviewed | All drivers are marked as Not reviewed by default.

Any app that has not been marked **Low install count** will also have an upgrade decision of **Not reviewed** by default.
| Apps you have not yet reviewed or are waiting to review later should be marked as **Not reviewed**. When you start to investigate an application or a driver to determine upgrade readiness, change their upgrade decision to **Review in progress**.

| -| Review in progress | When you start to investigate an application or a driver to determine upgrade readiness, change its upgrade decision to **Review in progress**.

Until you’ve determined that applications and drivers will migrate successfully or you’ve resolved blocking issues, leave the upgrade decision status as **Review in progress**.

| Once you’ve fixed any issues and validated that the application or driver will migrate successfully, change the upgrade decision to **Ready to upgrade**.
| -| Ready to upgrade | Mark applications and drivers **Ready to upgrade** once you’ve resolved all blocking issues and you’re confident that they will upgrade successfully, or if you’ve decided to upgrade them as-is. | Applications with no known issues and with low installation rates are marked **Ready to upgrade** by default.

In Step 1, you might have marked some of your apps as **Ignore**. These should be marked as **Ready to upgrade**. Apps with low installation rates are marked as **Ready to upgrade** by default. Be sure to review any low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates.
| -| Won’t upgrade | By default, no applications or drivers are marked **Won’t upgrade** because only you can make that determination.

Use **Won’t upgrade** for applications and drivers that you do not work on your target operating system, or that you are unable to upgrade.
| If, during your investigation into an application or driver, you determine that they should not or cannot be upgraded, mark them **Won’t upgrade**.

| - -The blades in the **Resolve issues** section are: - -- Review applications with known issues -- Review applications with no known issues -- Review drivers with known issues - -As you review applications with known issues, you can also see ISV support statements or applications using [Ready for Windows](https://www.readyforwindows.com/). - -## Review applications with known issues - -Applications with issues known to Microsoft are listed, grouped by upgrade assessment into **Attention needed** or **Fix available**. - - - -![Review applications with known issues](images/upgrade-analytics-apps-known-issues.png) - -To change an application's upgrade decision: - -1. Select **Decide upgrade readiness** to view applications with issues. -2. In the table view, select an **UpgradeDecision** value. -3. Select **Decide upgrade readiness** to change the upgrade decision for each application. -4. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list. -5. Click **Save** when finished. - -IMORTANT: Ensure that you have the most recent versions of the compatibility update and related KBs installed to get the most up-to-date compatibility information. - -For applications assessed as **Attention needed**, review the table below for details about known issues and for guidance about how to resolve them, when possible. - -| Upgrade Assessment | Action required prior to upgrade? | Issue | What it means | Guidance | -|--------------------|-----------------------------------|-----------|-----------------|------------| -| Attention needed | No | Application is removed during upgrade | Compatibility issues were detected and the application will not migrate to the new operating system.
| No action is required for the upgrade to proceed. | -| Attention needed | Yes | Blocking upgrade | Blocking issues were detected and Upgrade Analytics is not able to remove the application during upgrade.

The application may work on the new operating system.
| Remove the application before upgrading, and reinstall and test on new operating system. | -| Attention needed | No | Evaluate application on new OS | The application will migrate, but issues were detected that may impact its performance on the new operating system. | No action is required for the upgrade to proceed, but be sure to test the application on the new operating system.
| -| Attention needed | No | Does not work with new OS, but won’t block upgrade | The application is not compatible with the new operating system, but won’t block the upgrade. | No action is required for the upgrade to proceed, however, you’ll have to install a compatible version of the application on the new operating system.
| -| Attention needed | Yes | Does not work with new OS, and will block upgrade | The application is not compatible with the new operating system and will block the upgrade. | Remove the application before upgrading.

A compatible version of the application may be available.
| -| Attention needed | Yes | May block upgrade, test application | Issues were detected that may interfere with the upgrade, but need to be investigated further.
| Test the application’s behavior during upgrade. If it blocks the upgrade, remove it before upgrading and reinstall and test it on the new operating system.
| -| Attention needed | Maybe | Multiple | Multiple issues are affecting the application. See detailed view for more information.| When you see Multiple in the query detailed view, click **Query** to see details about what issues were detected with the different versions of the application. | - -For applications assessed as **Fix available**, review the table below for details about known issues and ways to fix them that are known to Microsoft. - -| Upgrade Assessment | Action required prior to upgrade? | Issue | What it means | Guidance | -|--------------------|-----------------------------------|----------|-----------------|-------------| -| Fix available | Yes | Blocking upgrade, update application to newest version | The existing version of the application is not compatible with the new operating system and won’t migrate. A compatible version of the application is available. | Update the application before upgrading. | -| Fix available | No | Reinstall application after upgrading | The application is compatible with the new operating system, but must be reinstalled after upgrading. The application is removed during the upgrade process.
| No action is required for the upgrade to proceed. Reinstall application on the new operating system. | -| Fix available | Yes | Blocking upgrade, but can be reinstalled after upgrading | The application is compatible with the new operating system, but won’t migrate. | Remove the application before upgrading and reinstall on the new operating system.
| -| Fix available | Yes | Disk encryption blocking upgrade | The application’s encryption features are blocking the upgrade. | Disable the encryption feature before upgrading and enable it again after upgrading.
| - -### ISV support for applications with Ready for Windows - -[Ready for Windows](https://www.readyforwindows.com/) lists software solutions that are supported and in use for Windows 10. This site leverages data about application adoption from commercial Windows 10 installations and helps IT managers upgrade to Windows 10 with confidence. For more information, see [Ready for Windows Frequently Asked Questions](https://developer.microsoft.com/windows/ready-for-windows/#/faq/). - -Click **Review Applications With Known Issues** to see the status of applications for Ready for Windows and corresponding guidance. For example: - -![Upgrade analytics Ready for Windows status](images/upgrade-analytics-ready-for-windows-status.png) - -If there are known issues with an application, the specific guidance for that known issue takes precedence over the Ready for Windows guidance. - -![Upgrade analytics Ready for Windows status guidance precedence](images/upgrade-analytics-ready-for-windows-status-guidance-precedence.png) - -If you query with RollupLevel="NamePublisher", each version of the application can have a different status for Ready for Windows. In this case, different values appear for Ready for Windows. - -![Name publisher rollup](images/upgrade-analytics-namepub-rollup.png) - -The following table lists possible values for **ReadyForWindows** and what they mean. For more information, see [What does the Adoption Status mean?](https://developer.microsoft.com/en-us/windows/ready-for-windows#/faq/?scrollTo=faqStatuses) - -| Ready for Windows Status | Query rollup level | What this means | Guidance | -|-------------------|--------------------------|-----------------|----------| -|Supported version available | Granular | The software provider has declared support for one or more versions of this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10. | -| Highly adopted | Granular | This version of this application has been highly adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 100,000 commercial Windows 10 devices. | -| Adopted | Granular | This version of this application has been adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 10,000 commercial Windows 10 devices. | -| Insufficient Data | Granular | Too few commercial Windows 10 devices are sharing information about this version of this application for Microsoft to categorize its adoption. | N/A | -| Contact developer | Granular | There may be compatibility issues with this version of the application, so Microsoft recommends contacting the software provider to learn more. | Check [Ready for Windows](https://www.readyforwindows.com/) for additional information.| -|Supported version available | NamePublisher | The software provider has declared support for this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10.| -|Adoption status available | NamePublisher | A Ready for Windows adoption status is available for one or more versions of this application. Please check Ready for Windows to learn more. |Check [Ready for Windows](https://www.readyforwindows.com/) for adoption information for this application.| -| Unknown | Any | There is no Ready for Windows information available for this version of this application. Information may be available for other versions of the application at [Ready for Windows](https://www.readyforwindows.com/). | N/A | - -## Review applications with no known issues - -Applications with no issues known to Microsoft are listed, grouped by upgrade decision. - -![Review applications with no known issues](images/upgrade-analytics-apps-no-known-issues.png) - -Applications with no known issues that are installed on 2% or less of your total computer inventory \[number of computers application is installed on/total number of computers in your inventory\] are automatically marked **Ready to upgrade** and included in the applications reviewed count. Applications with no known issues that are installed on more than 2% of your total computer inventory are automatically marked **Not reviewed**. - -Be sure to review low install count applications for any business critical or important applications that may not yet be upgrade-ready, despite their low installation rates. - -To change an application's upgrade decision: - -1. Select **Decide upgrade readiness** to view applications with issues. Select **Table** to view the list in a table. - -2. Select **User changes** to change the upgrade decision for each application. - -3. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list. - -4. Click **Save** when finished. - -## Review drivers with known issues - -Drivers that won’t migrate to the new operating system are listed, grouped by availability. - -![Review drivers with known issues](images/upgrade-analytics-drivers-known.png) - -Availability categories are explained in the table below. - -| Driver availability | Action required before or after upgrade? | What it means | Guidance | -|-----------------------|------------------------------------------|----------------|--------------| -| Available in-box | No, for awareness only | The currently installed version of an application or driver won’t migrate to the new operating system; however, a compatible version is installed with the new operating system.
| No action is required for the upgrade to proceed. | -| Import from Windows Update | Yes | The currently installed version of a driver won’t migrate to the new operating system; however, a compatible version is available from Windows Update.
| If the computer automatically receives updates from Windows Update, no action is required. Otherwise, import a new driver from Windows Update after upgrading.
| -| Available in-box and from Windows Update | Yes | The currently installed version of a driver won’t migrate to the new operating system.

Although a new driver is installed during upgrade, a newer version is available from Windows Update.
| If the computer automatically receives updates from Windows Update, no action is required. Otherwise, import a new driver from Windows Update after upgrading.
| -| Check with vendor | Yes | The driver won’t migrate to the new operating system and we are unable to locate a compatible version.
| Check with the independent hardware vendor (IHV) who manufactures the driver for a solution. | - -To change a driver’s upgrade decision: - -1. Select **Decide upgrade readiness** and then select the group of drivers you want to review. Select **Table** to view the list in a table. - -2. Select **User changes** to enable user input. - -3. Select the drivers you want to change to a specific upgrade decision and then select the appropriate option from the **Select upgrade decision** list. - -4. Click **Save** when finished. - diff --git a/windows/deploy/upgrade-analytics-review-site-discovery.md b/windows/deploy/upgrade-analytics-review-site-discovery.md new file mode 100644 index 0000000000..00fd0a4784 --- /dev/null +++ b/windows/deploy/upgrade-analytics-review-site-discovery.md @@ -0,0 +1,7 @@ +--- +title: Review site discovery +redirect_url: upgrade-readiness-additional-insights +--- + + + diff --git a/windows/deploy/upgrade-analytics-upgrade-overview.md b/windows/deploy/upgrade-analytics-upgrade-overview.md index 4d1885b34a..72c4b10125 100644 --- a/windows/deploy/upgrade-analytics-upgrade-overview.md +++ b/windows/deploy/upgrade-analytics-upgrade-overview.md @@ -1,51 +1,4 @@ --- title: Upgrade Analytics - Upgrade Overview (Windows 10) -description: Displays the total count of computers sharing data and upgraded. -ms.prod: w10 -author: greg-lindsay +redirect_url: upgrade-readiness-upgrade-overview --- - -# Upgrade Analytics - Upgrade overview - -The first blade in the Upgrade Analytics solution is the upgrade overview blade. This blade displays the total count of computers sharing data with Microsoft, and the count of computers upgraded. As you successfully upgrade computers, the count of computers upgraded increases. - -The upgrade overivew blade displays data refresh status, including the date and time of the most recent data update and whether user changes are reflected. The following status changes are reflected on the upgrade overview blade: - -- Computers with incomplete data: - - Less than 4% = count is displayed in green. - - 4% - 10% = Count is displayed in amber. - - Greater than 10% = Count is displayed in red. -- Delay processing device inventory data = The "Last updated" banner is displayed in amber. -- Pending user changes = User changes count displays "Data refresh pending" in amber. -- No pending user changes = User changes count displays "Up to date" in green. - -In the following example, less than 4% of (3k\355k) computers have incomplete data, and there are no pending user changes: - -![Upgrade overview](images/ua-cg-17.png) - - - -If data processing is delayed, you can continue using your workspace as normal. However, any changes or additional information that is added might not be displayed. Data is typically refreshed and the display will return to normal again within 24 hours. - -Select **Total computers** for a list of computers and details about them, including: - -- Computer ID and computer name -- Computer manufacturer -- Computer model -- Operating system version and build -- Count of system requirement, application, and driver issues per computer -- Upgrade assessment based on analysis of computer telemetry data -- Upgrade decision status - -Select **Total applications** for a list of applications discovered on user computers and details about them, including: - -- Application vendor -- Application version -- Count of computers the application is installed on -- Count of computers that opened the application at least once in the past 30 days -- Percentage of computers in your total computer inventory that opened the application in the past 30 days -- Issues detected, if any -- Upgrade assessment based on analysis of application data -- Rollup level \ No newline at end of file diff --git a/windows/deploy/upgrade-readiness-additional-insights.md b/windows/deploy/upgrade-readiness-additional-insights.md new file mode 100644 index 0000000000..e7a8b7a54c --- /dev/null +++ b/windows/deploy/upgrade-readiness-additional-insights.md @@ -0,0 +1,81 @@ +--- +title: Upgrade Readiness - Additional insights +description: Explains additional features of Upgrade Readiness. +ms.prod: w10 +author: greg-lindsay +--- + +# Upgrade Readiness - Additional insights + +This topic provides information on additional features that are available in Upgrade Readiness to provide insights into your environment. These include: + +- [Site discovery](#site-discovery): An inventory of web sites that are accessed by client computers running Windows 7 or Windows 8.1 using Internet Explorer. +- [Office add-ins](#office-add-ins): A list of the Microsoft Office add-ins that are installed on client computers. + +## Site discovery + +The site discovery feature in Upgrade Readiness provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 8.1 and Windows 7. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data. + +> Note: Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, the data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees. + +### Install prerequisite security update for Internet Explorer + +Ensure the following prerequisites are met before using site discovery: + +1. Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update. +2. Install the update for customer experience and diagnostic telemetery ([KB3080149](https://support.microsoft.com/kb/3080149)). +3. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md) to allow Internet Explorer data collection before you run it. + + If necessary, you can also enable it by creating the following registry entry. + + HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection + + Entry name: IEDataOptIn + + Data type: DWORD + + Values: + + > *IEOptInLevel = 0 Internet Explorer data collection is disabled* + > + > *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones* + > + > *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones* + > + > *IEOptInLevel = 3 Data collection is enabled for all sites* + + For more information about Internet Explorer Security Zones, see [About URL Security Zones](https://msdn.microsoft.com/library/ms537183.aspx). + + ![Create the IEDataOptIn registry key](images/upgrade-analytics-create-iedataoptin.png) + +### Review most active sites + +This blade indicates the most visited sites by computers in your environment. Review this list to determine which web applications and sites are used most frequently. The number of visits is based on the total number of views, and not by the number of unique devices accessing a page. + +For each site, the fully qualified domain name will be listed. You can sort the data by domain name or by URL. + +![Most active sites](Images/upgrade-analytics-most-active-sites.png) + +Click the name of any site in the list to drill down into more details about the visits, including the time of each visit and the computer name. + +![Site domain detail](images/upgrade-analytics-site-domain-detail.png) + +### Review document modes in use + +This blade provides information about which document modes are used in the sites that are visited in your environment. Document modes are used to provide compatibility with older versions of Internet Explorer. Sites that use older technologies may require additional testing and are less likely to be compatible with Microsoft Edge. Counts are based on total page views and not the number of unique devices. For more information about document modes, see [Deprecated document modes](https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/deprecated-document-modes). + +![Site activity by document mode](images/upgrade-analytics-site-activity-by-doc-mode.png) + +### Run browser-related queries + +You can run predefined queries to capture more info, such as sites that have Enterprise Mode enabled, or the number of unique computers that have visited a site. For example, this query returns the most used ActiveX controls. You can modify and save the predefined queries. + +![](images/upgrade-analytics-query-activex-name.png) + +## Office add-ins + +Office add-ins provides a list of the Microsoft Office add-ins in your environment, and enumerates the computers that have these add-ins installed. This information should not affect the upgrade decision workflow, but can be helpful to an administrator. + +## Related topics + +[Upgrade Readiness release notes](upgrade-readiness-release-notes.md) diff --git a/windows/deploy/upgrade-readiness-architecture.md b/windows/deploy/upgrade-readiness-architecture.md new file mode 100644 index 0000000000..c4cafc8768 --- /dev/null +++ b/windows/deploy/upgrade-readiness-architecture.md @@ -0,0 +1,30 @@ +--- +title: Upgrade Readiness architecture (Windows 10) +description: Describes Upgrade Readiness architecture. +ms.prod: w10 +author: greg-lindsay +--- + +# Upgrade Readiness architecture + +Microsoft analyzes system, application, and driver telemetry data to help you determine when computers are upgrade-ready, allowing you to simplify and accelerate Windows upgrades in your organization. The diagram below illustrates how Upgrade Readiness components work together in a typical installation. + + + +![Upgrade Readiness architecture](images/upgrade-analytics-architecture.png) + +After you enable Windows telemetry on user computers and install the compatibility update KB (1), user computers send computer, application and driver telemetry data to a secure Microsoft data center through the Microsoft Data Management Service (2). After you configure Upgrade Readiness, telemetry data is analyzed by the Upgrade Readiness Service (3) and pushed to your OMS workspace (4). You can then use the Upgrade Readiness solution (5) to plan and manage Windows upgrades. + +For more information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see: + +[Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
+[Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
+[Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
+ +##**Related topics** + +[Upgrade Readiness requirements](upgrade-readiness-requirements.md)
+[Upgrade Readiness release notes](upgrade-readiness-release-notes.md)
+[Get started with Upgrade Readiness](upgrade-readiness-get-started.md)
diff --git a/windows/deploy/upgrade-readiness-deploy-windows.md b/windows/deploy/upgrade-readiness-deploy-windows.md new file mode 100644 index 0000000000..bb54670f8d --- /dev/null +++ b/windows/deploy/upgrade-readiness-deploy-windows.md @@ -0,0 +1,97 @@ +--- +title: Upgrade Readiness - Get a list of computers that are upgrade-ready (Windows 10) +description: Describes how to get a list of computers that are ready to be upgraded in Upgrade Readiness. +ms.prod: w10 +author: greg-lindsay +--- + +# Upgrade Readiness - Step 3: Deploy Windows + +All of your work up to now involved reviewing and resolving application and driver issues. Along the way, as you’ve resolved issues and decided which applications and drivers are ready to upgrade, you’ve been building a list of computers that are upgrade ready. +The blades in the **Deploy** section are: + +- [Deploy eligible computers](#deploy-eligible-computers) +- [Deploy computers by group](#computer-groups) + +>Computers that are listed in this step are assigned an **UpgradeDecision** value, and the total count of computers in each upgrade decision category is displayed. Additionally, computers are assigned an **UpgradeAssessment** value. This value is displayed by drilling down into a specific upgrade decision category. For information about upgrade assessment values, see [Upgrade assessment](#upgrade-assessment). + +## Deploy eligible computers + +In this blade, computers grouped by upgrade decision are listed. The upgrade decision on the machines is a calculated value based on the upgrade decision status for the apps and drivers installed on the computer. This value cannot be modified directly. The upgrade decision is calculated in the following ways: +- **Review in progress**: At least one app or driver installed on the computer is marked **Review in progress**. +- **Ready to upgrade**: All apps and drivers installed on the computer are marked as **Ready to Upgrade**. +- **Won’t upgrade**: At least one app or driver installed on the computer is marked as **Won’t upgrade**, or a system requirement is not met. + + + +![Deploy eligible computers](images/ua-cg-16.png) + +Select **Export computers** for more details, including computer name, manufacturer and model, and Windows edition currently running on the computer. Sort or further query the data and then select **Export** to generate and save a comma-separated value (csv) list of upgrade-ready computers. + +>**Important**
When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time. + +## Computer groups + +Computer groups allow you to segment your environment by creating device groups based on OMS log search results, or by importing groups from Active Directory, WSUS or System Center Configuration Manager. Computer groups are an OMS feature. For more information, see [Computer groups in OMS](https://blogs.technet.microsoft.com/msoms/2016/04/04/computer-groups-in-oms/). + +Query based computer groups are recommended in the initial release of this feature. A feature known as **Configuration Manager Upgrade Readiness Connector** is anticipated in a future release that will enable synchronization of **ConfigMgr Collections** with computer groups in OMS. + +### Getting started with Computer Groups + +When you sign in to OMS, you will see a new blade entitled **Computer Groups**. See the following example: + +![Computer groups](images/ua-cg-01.png) + +To create a computer group, open **Log Search** and create a query based on **Type=UAComputer**, for example: + +``` +Type=UAComputer Manufacturer=DELL +``` + +![Computer groups](images/ua-cg-02.png) + +When you are satisfied that the query is returning the intended results, add the following text to your search: + +``` +| measure count() by Computer +``` + +This will ensure every computer only shows up once. Then, save your group by clicking **Save** and **Yes**. See the following example: + +![Computer groups](images/ua-cg-03.png) + +Your new computer group will now be available in Upgrade Readiness. See the following example: + +![Computer groups](images/ua-cg-04.png) + +### Using Computer Groups + +When you drill into a computer group, you will see that computers are categorized by **UpgradeDecision**. For computers with the status **Review in progress** or **Won’t upgrade** you can drill down to view issues that cause a computer to be in each category, or you can simply display a list of the computers in the category. For computers that are designated **Ready to upgrade**, you can go directly to the list of computers that are ready. + +![Computer groups](images/ua-cg-05.png) + +Viewing a list of computers in a certain status is self-explanatory, Let’s look at what happens when you click the details link on **Review in progress**: + +![Computer groups](images/ua-cg-06.png) + +Next, select if you want to see application issues (**UAApp**) or driver issues (**UADriver**). See the following example of selecting **UAApp**: + +![Computer groups](images/ua-cg-07.png) + +A list of apps that require review so that Dell Computers are ready for upgrade to Windows 10 is displayed. + +### Upgrade assessment + +Upgrade assessment and guidance details are explained in the following table. + +| Upgrade assessment | Action required before or after upgrade pilot? | Issue | What it means | Guidance | +|-----------------------|------------------------------------------------|----------|-----------------|---------------| +| No known issues | No | None | Computers will upgrade seamlessly.
| OK to use as-is in pilot. | +| OK to pilot, fixed during upgrade | No, for awareness only | Application or driver will not migrate to new OS | The currently installed version of an application or driver won’t migrate to the new operating system; however, a compatible version is installed with the new operating system. | OK to use as-is in pilot. | +| OK to pilot with new driver from Windows Update | Yes | Driver will not migrate to new OS | The currently installed version of a driver won’t migrate to the new operating system; however, a newer, compatible version is available from Windows Update. | Although a compatible version of the driver is installed during upgrade, a newer version is available from Windows Update.

If the computer automatically receives updates from Windows Update, no action is required. Otherwise, replace the new in-box driver with the Windows Update version after upgrading.

| + +Select **Export computers** to view pilot-ready computers organized by operating system. After you select the computers you want to use in a pilot, click Export to generate and save a comma-separated value (csv) file. + +>**Important**> When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time. \ No newline at end of file diff --git a/windows/deploy/upgrade-readiness-deployment-script.md b/windows/deploy/upgrade-readiness-deployment-script.md new file mode 100644 index 0000000000..e1decfb250 --- /dev/null +++ b/windows/deploy/upgrade-readiness-deployment-script.md @@ -0,0 +1,265 @@ +--- +title: Upgrade Readiness deployment script (Windows 10) +description: Deployment script for Upgrade Readiness. +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: deploy +author: greg-lindsay +--- + +# Upgrade Readiness deployment script + +To automate the steps provided in [Get started with Upgrade Readiness](upgrade-readiness-get-started.md), and to troubleshoot data sharing issues, you can run the [Upgrade Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409), developed by Microsoft. + +>[!IMPORTANT] +>Upgrade Readiness was previously called Upgrade Analytics. References to Upgrade Analytics in any scripts or online content pertain to the Upgrade Readiness solution. + +For detailed information about using the Upgrade Readiness (also known as upgrade analytics) deployment script, see the [Upgrade Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/2016/09/20/new-version-of-the-upgrade-analytics-deployment-script-available/). + +> The following guidance applies to version 11.11.16 or later of the Upgrade Readiness deployment script. If you are using an older version, please download the latest from the [Download Center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409). + +The Upgrade Readiness deployment script does the following: + +1. Sets commercial ID key + CommercialDataOptIn + RequestAllAppraiserVersions keys. +2. Verifies that user computers can send data to Microsoft. +3. Checks whether the computer has a pending restart.   +4. Verifies that the latest version of KB package 10.0.x is installed (version 10.0.14348 or later is required, but version 10.0.14913 or later is recommended). +5. If enabled, turns on verbose mode for troubleshooting. +6. Initiates the collection of the telemetry data that Microsoft needs to assess your organization’s upgrade readiness. +7. If enabled, displays the script’s progress in a cmd window, providing you immediate visibility into issues (success or fail for each step) and/or writes to log file. + +To run the Upgrade Readiness deployment script: + +1. Download the [Upgrade Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and extract UpgradeAnalytics.zip. Inside, there are two folders: Pilot and Deployment. The Pilot folder contains advanced logging that can help troubleshoot issues and is intended to be run from an elevated command prompt. The Deployment folder offers a lightweight script intended for broad deployment through ConfigMgr or other software deployment system. We recommend manually running the Pilot version of the script on 5-10 machines to verify that everything is configured correctly. Once you have confirmed that data is flowing successfully, proceed to run the Deployment version throughout your organization. + +2. Edit the following parameters in RunConfig.bat: + + 1. Provide a storage location for log information. You can store log information on a remote file share or a local directory. If the script is blocked from creating the log file for the given path, it creates the log files in the drive with the Windows directory. Example: %SystemDrive%\\UADiagnostics + + 2. Input your commercial ID key. This can be found in your OMS workspace under Settings -> Connected Sources -> Windows Telemetry. + + 3. By default, the script sends log information to both the console and the log file. To change the default behavior, use one of the following options: + + > *logMode = 0 log to console only* +> + > *logMode = 1 log to file and console* +> + > *logMode = 2 log to file only* + +3. To enable Internet Explorer data collection, set AllowIEData to IEDataOptIn. By default, AllowIEData is set to Disable. Then use one of the following options to determine what Internet Explorer data can be collected: + + > *IEOptInLevel = 0 Internet Explorer data collection is disabled* + > + > *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones* + > + > *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones* + > + > *IEOptInLevel = 3 Data collection is enabled for all sites* + +4. After you finish editing the parameters in RunConfig.bat, you are ready to run the script. If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system. + +The deployment script displays the following exit codes to let you know if it was successful, or if an error was encountered. + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Exit codeMeaning +Suggested fix + +
0Success +N/A + +
1Unexpected error occurred while executing the script. + The files in the deployment script are likely corrupted. Download the [latest script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the download center and try again. + +
2Error when logging to console. $logMode = 0.
(console only) +		Try changing the $logMode value to **1** and try again.
$logMode value 1 logs to both console and file. + +
3Error when logging to console and file. $logMode = 1. +Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location. + +
4Error when logging to file. $logMode = 2. +Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location. + +
5Error when logging to console and file. $logMode = unknown. +Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location. + +
6The commercialID parameter is set to unknown.
Modify the runConfig.bat file to set the CommercialID value. +		The value for parameter in the runconfig.bat file should match the Commercial ID key for your workspace. +
See [Generate your Commercial ID key](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-get-started#generate-your-commercial-id-key) for instructions on generating a Commercial ID key for your workspace. + +
8Failure to create registry key path:
**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**
+		The Commercial Id property is set at the following registry key path:
**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**
+
Verify that the context under which the script in running has access to the registry key. + +
9The script failed to write Commercial Id to registry. +
Error creating or updating registry key: **CommercialId** at
**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**
+		Verify that the context under which the script in running has access to the registry key. + +
10Error when writing **CommercialDataOptIn** to the registry at
**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**
+		Verify that the deployment script is running in a context that has access to the registry key. + +
11Function **SetupCommercialId** failed with an unexpected exception. +The **SetupCommercialId** function updates the Commercial Id at the registry key path:
**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**

Verify that the configuration script has access to this location. + +
12Can’t connect to Microsoft - Vortex. Check your network/proxy settings. +**Http Get** on the end points did not return a success exit code.
+For Windows 10, connectivity is verified by connecting to https://v10.vortex-win.data.microsoft.com/health/keepalive.
+For previous operating systems, connectivity is verified by connecting to https://vortex-win.data.microsoft.com/health/keepalive. +
If there is an error verifying connectivity, this will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing). + + +
13Can’t connect to Microsoft - setting. +An error occurred connecting to https://settings.data.microsoft.com/qos. This error will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing). + + +
14Can’t connect to Microsoft - compatexchange. +An error occurred connecting to https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc . This error will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing). + +
15Function CheckVortexConnectivity failed with an unexpected exception. +This error will prevent the collected data from being sent to Upgrade Readiness. To resolve this issue, verify that the required endpoints are correctly whitelisted. For more information, see [Enable data sharing](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#enable-data-sharing). Check the logs for the exception message and the HResult. + +
16The computer requires a reboot before running the script. +A reboot is required to complete the installation of the compatibility update and related KBs. Reboot the computer before running the Upgrade Readiness deployment script. + +
17Function **CheckRebootRequired** failed with an unexpected exception. +A reboot is required to complete installation of the compatibility update and related KBs. Check the logs for the exception message and the HResult. + +
18Appraiser KBs not installed or **appraiser.dll** not found. +Either the Appraiser KBs are not installed, or the **appraiser.dll** file was not found. For more information, see appraiser telemetry events and fields information in the [Data collection](https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-get-started#data-collection-and-privacy) and privacy topic. + +
19Function **CheckAppraiserKB**, which checks the compatibility update KBs, failed with unexpected exception. +Check the logs for the Exception message and HResult. The script will not run further if this error is not fixed. + +
20An error occurred when creating or updating the registry key **RequestAllAppraiserVersions** at
**HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Appraiser**
+		The registry key is required for data collection to work correctly. Verify that the script is running in a context that has access to the registry key. + +
21Function **SetRequestAllAppraiserVersions** failed with an unexpected exception. +Check the logs for the exception message and HResult. + +
22**RunAppraiser** failed with unexpected exception. +Check the logs for the exception message and HResult. Check the **%windir%\System32*8 directory for the file **CompatTelRunner.exe**. If the file does not exist, reinstall the required compatibility updates which include this file, and check your organization's Group Policy to verify it does not remove this file. + +
23Error finding system variable **%WINDIR%**. +Verify that this environment variable is configured on the computer. + +
24The script failed when writing **IEDataOptIn** to the registry. An error occurred when creating registry key **IEOptInLevel** at
**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**
+		This is a required registry key for IE data collection to work correctly. Verify that the deployment script in running in a context that has access to the registry key. Check the logs for the exception message and HResult. + +
25The function **SetIEDataOptIn** failed with unexpected exception. +Check the logs for the exception message and HResult. + +
26The operating system is Server or LTSB SKU. + The script does not support Server or LTSB SKUs. + +
27The script is not running under **System** account. +The Upgrade Readiness configuration script must be run as **System**. + +
28Could not create log file at the specified **logPath**. + Make sure the deployment script has access to the location specified in the **logPath** parameter. + +
29Connectivity check failed for proxy authentication. +Install the cumulative updates on the computer and enable the **DisableEnterpriseAuthProxy** authentication proxy setting. +
The **DisableEnterpriseAuthProxy** setting is enabled by default for Windows 7. +
For Windows 8.1 computers, set the **DisableEnterpriseAuthProxy** setting to **0** (not disabled). +
For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688). + +
30Connectivity check failed. Registry key property **DisableEnterpriseAuthProxy** is not enabled. +The **DisableEnterpriseAuthProxy** setting is enabled by default for Windows 7. +
For Windows 8.1 computers, set the **DisableEnterpriseAuthProxy** setting to **0** (not disabled). +
For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688). + +
31There is more than one instance of the Upgrade Readiness data collector running at the same time on this computer. +Use the Windows Task Manager to check if **CompatTelRunner.exe** is running, and wait until it has completed to rerun the script. The Upgrade Readiness task is scheduled to run daily at 3 a.m. + +
32Appraiser version on the machine is outdated. +The configuration script detected a version of the compatibility update module that is older than the minimum required to correctly collect the data required by Upgrade Readiness solution. Use the latest version of the [compatibility update](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#deploy-the-compatibility-update-and-related-kbs) for Windows 7 SP1/Windows 8.1. + +
33**CompatTelRunner.exe** exited with an exit code +**CompatTelRunner.exe** runs the appraise task on the machine. If it fails, it will provide a specific exit code. The script will return exit code 33 when **CompatTelRunner.exe** itself exits with an exit code. Please check the logs for more details. + +
34Function **CheckProxySettings** failed with an unexpected exception. +Check the logs for the exception message and HResult. + +
35Function **CheckAuthProxy** failed with an unexpected exception. +Check the logs for the exception message and HResult. + +
36Function **CheckAppraiserEndPointsConnectivity** failed with an unexpected exception. +Check the logs for the exception message and HResult. + +
37**Diagnose_internal.cmd** failed with an unexpected exception. +Check the logs for the exception message and HResult. + +
38Function **Get-SqmID** failed with an unexpected exception. +Check the logs for the exception message and HResult. + +
39For Windows 10: AllowTelemetry property is not set to 1 or higher at registry key path
**HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection**
+or
**HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**
+		For Windows 10 machines, the **AllowTelemetry** property should be set to 1 or greater to enable data collection. The script will throw an error if this is not true. For more information, see [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization). + +
40Function **CheckTelemetryOptIn** failed with an unexpected exception. +Check the logs for the exception message and HResult. + +
41The script failed to impersonate the currently logged on user. +The script mimics the UTC client to collect upgrade readiness data. When auth proxy is set, the UTC client impersonates the logged on user. The script also tries to mimic this, but the process failed. + +
42Function **StartImpersonatingLoggedOnUser** failed with an unexpected exception. +Check the logs for the exception message and HResult. + +
43Function **EndImpersonatingLoggedOnUser** failed with an unexpected exception. +Check the logs for the exception message and HResult. + +
+ +
+ + + + + diff --git a/windows/deploy/upgrade-readiness-get-started.md b/windows/deploy/upgrade-readiness-get-started.md new file mode 100644 index 0000000000..9f9abda9b2 --- /dev/null +++ b/windows/deploy/upgrade-readiness-get-started.md @@ -0,0 +1,133 @@ +--- +title: Get started with Upgrade Readiness (Windows 10) +description: Explains how to get started with Upgrade Readiness. +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: deploy +author: greg-lindsay +--- + +# Get started with Upgrade Readiness + +This topic explains how to obtain and configure Upgrade Readiness for your organization. + +You can use Upgrade Readiness to plan and manage your upgrade project end-to-end. Upgrade Readiness works by establishing communications between computers in your organization and Microsoft. Upgrade Readiness collects computer, application, and driver data for analysis. This data is used to identify compatibility issues that can block your upgrade and to suggest fixes that are known to Microsoft. + +Before you begin, consider reviewing the following helpful information:
+ - [Upgrade Readiness requirements](upgrade-readiness-requirements.md): Provides detailed requirements to use Upgrade Readiness.
+ - [Upgrade Readiness blog](https://blogs.technet.microsoft.com/UpgradeAnalytics): Contains announcements of new features and provides helpful tips for using Upgrade Readiness. + +>If you are using System Center Configuration Manager, also check out information about how to integrate Upgrade Readiness with Configuration Manager: [Integrate Upgrade Readiness with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics). + +When you are ready to begin using Upgrade Readiness, perform the following steps: + +1. Review [data collection and privacy](#data-collection-and-privacy) information. +2. [Add Upgrade Readiness to OMS](#add-upgrade-readiness-to-operations-management-suite). +3. [Enable data sharing](#enable-data-sharing). +4. [Deploy required updates](#deploy-the-compatibility-update-and-related-kbs) to computers, and validate using a pilot deployment. +5. [Deploy Upgrade Readiness at scale](#deploy-upgrade-readiness-at-scale). + +## Data collection and privacy + +To enable system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see the following topics: + +- [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization) +- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services) +- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) + +## Add Upgrade Readiness to Operations Management Suite + +Upgrade Readiness is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing your on-premises and cloud environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/documentation/articles/operations-management-suite-overview/). + +If you are already using OMS, you’ll find Upgrade Readiness in the Solutions Gallery. Select the **Upgrade Readiness** tile in the gallery and then click **Add** on the solution's details page. Upgrade Readiness is now visible in your workspace. + +If you are not using OMS: + +1. Go to the [Upgrade Readiness page on Microsoft.com](https://go.microsoft.com/fwlink/?LinkID=799190&clcid=0x409) and click **Sign up** to kick off the onboarding process. +2. Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. +3. Create a new OMS workspace. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Select **Create**. +4. If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator. + + > If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. Your workspace opens. + +1. To add the Upgrade Readiness solution to your workspace, go to the **Solutions Gallery**. Select the **Upgrade Readiness** tile in the gallery and then select **Add** on the solution’s details page. The solution is now visible on your workspace. Note that you may need to scroll to find Upgrade Readiness. + +2. Click the **Upgrade Readiness** tile to configure the solution. The **Settings Dashboard** opens. + +### Generate your commercial ID key + +Microsoft uses a unique commercial ID to map information from user computers to your OMS workspace. Generate your commercial ID key in OMS and then deploy it to user computers. + +1. On the Settings Dashboard, navigate to the **Windows telemetry** panel. + + ![upgrade-readiness-telemetry](images/upgrade-analytics-telemetry.png) + +2. On the Windows telemetry panel, copy and save your commercial ID key. You’ll need to insert this key into the Upgrade Readiness deployment script later so it can be deployed to user computers. + + >**Important**
Regenerate a commercial ID key only if your original ID key can no longer be used. Regenerating a commercial ID key resets the data in your workspace for all solutions that use the ID. Additionally, you’ll need to deploy the new commercial ID key to user computers again. + +### Subscribe to Upgrade Readiness + +For Upgrade Readiness to receive and display upgrade readiness data from Microsoft, subscribe your OMS workspace to Upgrade Readiness. + +1. On the **Windows telemetry** panel, click **Subscribe**. The button changes to **Unsubscribe**. Unsubscribe from the Upgrade Readiness solution if you no longer want to receive upgrade-readiness information from Microsoft. Note that user computer data will continue to be shared with Microsoft for as long as the opt-in keys are set on user computers and the proxy allows the traffic. + +1. Click **Overview** on the Settings Dashboard to return to your OMS workspace portal. The Upgrade Readiness tile now displays summary data. Click the tile to open Upgrade Readiness. + +## Enable data sharing + +To enable data sharing, whitelist the following endpoints. Note that you may need to get approval from your security group to do this. + +Note: The compatibility update KB runs under the computer’s system account. If you are using user authenticated proxies, read [this blog post](https://go.microsoft.com/fwlink/?linkid=838688) to learn what you need to do to run it under the logged on user account. + +| **Endpoint** | **Function** | +|---------------------------------------------------------|-----------| +| `https://v10.vortex-win.data.microsoft.com/collect/v1`
`https://Vortex-win.data.microsoft.com/health/keepalive` | Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint. | +| `https://settings.data.microsoft.com/qos` | Enables the compatibility update KB to send data to Microsoft. | +| `https://go.microsoft.com/fwlink/?LinkID=544713`
`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc` | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. | + + +## Deploy the compatibility update and related KBs + +The compatibility update KB scans your computers and enables application usage tracking. If you don’t already have these KBs installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using Windows Server Update Services (WSUS) or your software distribution solution, such as System Center Configuration Manager. + +| **Operating System** | **KBs** | +|----------------------|-----------------------------------------------------------------------------| +| Windows 10 | The latest cumulative updates must be installed on Windows 10 computers to make sure that the required compatibility KBs are installed. You can find the latest cumulative update on the [Microsoft Update Catalog](https://catalog.update.microsoft.com)

Note: Windows 10 LTSB is not supported by Upgrade Readiness. See [Upgrade readiness requirements](upgrade-readiness-requirements.md) for more information. | +| Windows 8.1 | [KB 2976978](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2976978)
Performs diagnostics on the Windows 8.1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed.
For more information about this KB, see

[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)
Provides updated configuration and definitions for compatibility diagnostics performed on the system.
For more information about this KB, see
NOTE: KB2976978 must be installed before you can download and install KB3150513. | +| Windows 7 SP1 | [KB2952664](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2952664)
Performs diagnostics on the Windows 7 SP1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed.
For more information about this KB, see

[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)
Provides updated configuration and definitions for compatibility diagnostics performed on the system.
For more information about this KB, see
NOTE: KB2952664 must be installed before you can download and install KB3150513. | + +IMPORTANT: Restart user computers after you install the compatibility update KBs for the first time. + +If you are planning to enable IE Site Discovery, you will need to install a few additional KBs. + +| **Site discovery** | **KB** | +|----------------------|-----------------------------------------------------------------------------| +| [Review site discovery](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-additional-insights#site-discovery) | [KB3080149](http://www.catalog.update.microsoft.com/Search.aspx?q=3080149)
Updates the Diagnostic and Telemetry tracking service to existing devices. This update is only necessary on Windows 7 and Windows 8.1 devices.
For more information about this KB, see

Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update. | + +### Deploy the Upgrade Readiness deployment script + +You can use the Upgrade Readiness deployment script to automate and verify your deployment. + +See [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md) for information on obtaining and running the script, and for a description of the error codes that can be displayed. + +>After data is sent from computers to Microsoft, it generally takes 48 hours for the data to populate in Upgrade Readiness. The compatibility update KB takes several minutes to run. If the KB does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Upgrade Readiness. For this reason, you can expect most your computers to be populated in OMS in about 1-2 weeks after deploying the KB and configuration to user computers. + +## Deploy Upgrade Readiness at scale + +When you have completed a pilot deployment, you are ready to automate data collection and distribute the deployment script to the remaining computers in your organization. + +### Automate data collection + +To ensure that user computers are receiving the most up to date data from Microsoft, we recommend that you establish the following data sharing and analysis processes. + +- Enable automatic updates for the compatibility update and related KBs. These KBs are updated frequently to include the latest application and driver issue information as we discover it during testing. +- Schedule the Upgrade Readiness deployment script to automatically run so that you don’t have to manually initiate an inventory scan each time the compatibility update KBs are updated. +- Schedule monthly user computer scans to view monthly active computer and usage information. + +>When you run the deployment script, it initiates a full scan. The daily scheduled task to capture the deltas are created when the update package is installed. A full scan averages to about 2 MB, but the delta scans are very small. For Windows 10 devices, its already part of the OS. This is the **Windows Compat Appraiser** task. Deltas are invoked via the nightly scheduled task. It attempts to run around 3AM, but if system is off at that time, the task will run when the system is turned on. + +### Distribute the deployment script at scale + +Use a software distribution system such as System Center Configuration Manager to distribute the Upgrade Readiness deployment script at scale. For more information, see the [Upgrade Readiness blog](https://blogs.technet.microsoft.com/upgradeanalytics/2016/09/20/new-version-of-the-upgrade-analytics-deployment-script-available/). \ No newline at end of file diff --git a/windows/deploy/upgrade-readiness-identify-apps.md b/windows/deploy/upgrade-readiness-identify-apps.md new file mode 100644 index 0000000000..33b5d248c5 --- /dev/null +++ b/windows/deploy/upgrade-readiness-identify-apps.md @@ -0,0 +1,36 @@ +--- +title: Upgrade Readiness - Identify important apps (Windows 10) +description: Describes how to prepare your environment so that you can use Upgrade Readiness to manage Windows upgrades. +ms.prod: w10 +author: greg-lindsay +--- + +# Upgrade Readiness - Step 1: Identify important apps + +This is the first step of the Upgrade Readiness workflow. In this step, applications are listed and grouped by importance level. Setting the importance level enables you to prioritize applications for upgrade. + + + +![Prioritize applications](images/upgrade-analytics-prioritize.png) + +Select **Assign importance** to change an application’s importance level. By default, applications are marked **Not reviewed** or **Low install count** until you assign a different importance level to them. + +To change an application’s importance level: + +1. Select **Not reviewed** or **Low install count** on the **Prioritize applications** blade to view the list of applications with that importance level. +2. Select the applications you want to change to a specific importance level and then select the appropriate option from the **Select importance level** list. +3. Click **Save** when finished. + +Importance levels include: + +| Importance level | When to use it | Recommendation | +|--------------------|------------------|------------------| +| Low install count | We give you a head start by identifying applications that are installed on 2% or less of your total computer inventory. \[Number of computers application is installed on/total number of computers in your inventory.\]

Low install count applications are automatically marked as **Ready to upgrade** in the **UpgradeDecision** column unless they have issues that need attention.
| Be sure to review low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates. For example, payroll apps or tax accounting apps tend to be installed on a relatively small number of machines but are still considered business critical applications.

| +| Not reviewed | Applications that are installed on more than 2% of your total computer inventory are marked not reviewed until you set their importance level.

| Once you’ve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns. | +| Business critical | By default, no applications are marked as business critical because only you can make that determination. If you know that an application is critical to your organization’s functioning, mark it **Business critical**.

| You may also want to change the application’s status to **Review in progress** in the **UpgradeDecision** column to let other team members know that you’re working on getting this business critical application upgrade-ready. Once you’ve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**.
| +| Important | By default, no applications are marked as important because only you can make that determination. If the application is important but not critical to your organization’s functioning, mark it **Important**. | You may also want to change the application’s status to **Review in progress** in the **UpgradeDecision** column to let other team members know that you’re working on getting this important application upgrade-ready. Once you’ve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**.
| +| Ignore | By default, no applications are marked as ignore because only you can make that determination. If the application is not important to your organization’s functioning, such as user-installed applications and games, you may not want to spend time and money validating that these applications will migrate successfully. Mark these applications **Ignore**.
| Set the application’s importance level to **Ignore** to let other team members know that it can be left as-is with no further investigation or testing. If you set the importance level to ignore, and this is an app that you are not planning on testing or validating, consider changing the upgrade decision to **Ready to upgrade**. By marking these apps ready to upgrade, you are indicating that you are comfortable upgrading with the app remaining in its current state.

| +| Review in progress | Once you’ve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns.
| As you learn more about the application’s importance to your organization’s functioning, change the importance level to **Business critical**, **Important**, or **Ignore**.

Until you’ve determined that priority applications will migrate successfully, leave the upgrade decision status as **Review in progress**.
| + diff --git a/windows/deploy/upgrade-readiness-release-notes.md b/windows/deploy/upgrade-readiness-release-notes.md new file mode 100644 index 0000000000..e023406035 --- /dev/null +++ b/windows/deploy/upgrade-readiness-release-notes.md @@ -0,0 +1,5 @@ +--- +title: Upgrade Readiness release notes (Windows 10) +description: Provides tips and limitations about Upgrade Readiness. +redirect_url: https://technet.microsoft.com/itpro/windows/deploy/upgrade-readiness-requirements#important-information-about-this-release +--- \ No newline at end of file diff --git a/windows/deploy/upgrade-readiness-requirements.md b/windows/deploy/upgrade-readiness-requirements.md new file mode 100644 index 0000000000..5f706bab59 --- /dev/null +++ b/windows/deploy/upgrade-readiness-requirements.md @@ -0,0 +1,95 @@ +--- +title: Upgrade Readiness requirements (Windows 10) +description: Provides requirements for Upgrade Readiness. +ms.prod: w10 +author: greg-lindsay +--- + +# Upgrade Readiness requirements + +This article introduces concepts and steps needed to get up and running with Upgrade Readiness. We recommend that you review this list of requirements before getting started as you may need to collect information, such as account credentials, and get approval from internal IT groups, such as your network security group, before you can start using Upgrade Readiness. + +## Supported upgrade paths + +### Windows 7 and Windows 8.1 + +To perform an in-place upgrade, user computers must be running the latest version of either Windows 7 SP1 or Windows 8.1. After you enable Windows telemetry, Upgrade Readiness performs a full inventory of computers so that you can see which version of Windows is installed on each computer. + +The compatibility update KB that sends telemetry data from user computers to Microsoft data centers works with Windows 7 SP1 and Windows 8.1 only. Upgrade Readiness cannot evaluate Windows XP or Windows Vista for upgrade eligibility. + + + +If you need to update user computers to Windows 7 SP1 or Windows 8.1, use Windows Update or download and deploy the applicable package from the Microsoft Download Center. + +Note: Upgrade Readiness is designed to best support in-place upgrades. In-place upgrades do not support migrations from BIOS to UEFI or from 32-bit to 64-bit architecture. If you need to migrate computers in these scenarios, use the wipe-and-reload method. Upgrade Readiness insights are still valuable in this scenario, however, you can ignore in-place upgrade specific guidance. + +See [Windows 10 Specifications](http://www.microsoft.com/en-US/windows/windows-10-specifications) for additional information about computer system requirements. + +### Windows 10 + +Keeping Windows 10 up to date involves deploying a feature update, and Upgrade Readiness tools help you prepare and plan for these Windows updates. +The latest cumulative updates must be installed on Windows 10 computers to make sure that the required compatibility KBs are installed. You can find the latest cumulative update on the [Microsoft Update Catalog](https://catalog.update.microsoft.com). + +Windows 10 LTSB is not supported by Upgrade Readiness. The LTSB (long term servicing branch) of Windows 10 is not intended for general deployment, and does not receive feature updates, therefore it is not compatible with Upgrade Readiness. See [Windows as a service overview](https://technet.microsoft.com/en-us/itpro/windows/manage/waas-overview#long-term-servicing-branch) to understand more about LTSB. + +## Operations Management Suite + +Upgrade Readiness is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing on premise and cloud computing environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/). + +If you’re already using OMS, you’ll find Upgrade Readiness in the Solutions Gallery. Click the Upgrade Readiness tile in the gallery and then click Add on the solution’s details page. Upgrade Readiness is now visible in your workspace. + +If you are not using OMS, go to the [Upgrade Readiness page](https://www.microsoft.com/en-us/WindowsForBusiness/upgrade-analytics) on Microsoft.com and select **Sign up** to kick off the OMS onboarding process. During the onboarding process, you’ll create an OMS workspace and add the Upgrade Readiness solution to it. + +Important: You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory, use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. You also need an Azure subscription to link to your OMS workspace. The account you used to create the workspace must have administrator permissions on the Azure subscription in order to link the workspace to the Azure account. Once the link has been established, you can revoke the administrator permissions. + +## System Center Configuration Manager integration + +Upgrade Readiness can be integrated with your installation of Configuration Manager. For more information, see [Integrate Upgrade Readiness with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics). + +## Telemetry and data sharing + +After you’ve signed in to Operations Management Suite and added the Upgrade Readiness solution to your workspace, you’ll need to complete the following tasks to allow user computer data to be shared with and assessed by Upgrade Readiness. + +See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) for more information about what user computer data Upgrade Readiness collects and assesses. See [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization) for more information about how Microsoft uses Windows telemetry data. + +**Whitelist telemetry endpoints.** To enable telemetry data to be sent to Microsoft, you’ll need to whitelist the following Microsoft telemetry endpoints on your proxy server or firewall. You may need to get approval from your security group to do this. + +`https://v10.vortex-win.data.microsoft.com/collect/v1`
+`https://vortex-win.data.microsoft.com/health/keepalive`
+`https://settings.data.microsoft.com/qos`
+`https://go.microsoft.com/fwlink/?LinkID=544713`
+`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc`
+ +>**Note** The compatibility update KB runs under the computer’s system account and does not support user authentication in this release. + +**Generate your commercial ID key.** Microsoft uses a unique commercial ID GUID to map data from your computers to your OMS workspace. You’ll need to generate your commercial ID key in OMS. We recommend that you save your commercial ID key as you’ll need it later. + +**Subscribe your OMS workspace to Upgrade Readiness.** For Upgrade Readiness to receive and display upgrade readiness data from Microsoft, you’ll need to subscribe your OMS workspace to Upgrade Readiness. + +**Enable telemetry and connect data sources.** To allow Upgrade Readiness to collect system, application, and driver data and assess your organization’s upgrade readiness, communication must be established between Upgrade Readiness and user computers. You’ll need to connect Upgrade Readiness to your data sources and enable telemetry to establish communication. + +**Deploy compatibility update and related KBs.** The compatibility update KB scans your systems and enables application usage tracking. If you don’t already have this KB installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using Windows Server Update Services (WSUS) or your software distribution solution, such as System Center Configuration Manager. + +>**Important**
The compatibility update and related KBs are updated frequently to include new compatibility issues as they become known to Microsoft. We recommend that you use a deployment system that allows for automatic updates of these KBs. The compatibility update KB collects inventory information from computers only when it is updated. + +**Configure and deploy Upgrade Readiness deployment script.** Configure and deploy the Upgrade Readiness deployment script to user computers to finish setting up. + +## Important information about this release + +Before you get started configuring Upgrade Anatlyics, review the following tips and limitations about this release. + +**User authenticated proxies are not supported in this release.** User computers communicate with Microsoft through Windows telemetry. The Windows telemetry client runs in System context and requires a connection to various Microsoft telemetry endpoints. User authenticated proxies are not supported at this time. Work with your Network Administrator to ensure that user computers can communicate with telemetry endpoints. + +**Upgrade Readiness does not support on-premises Windows deployments.** Upgrade Readiness is built as a cloud service, which allows Upgrade Readiness to provide you with insights based on the data from user computers and other Microsoft compatibility services. Cloud services are easy to get up and running and are cost-effective because there is no requirement to physically implement and maintain services on-premises. + +**In-region data storage requirements.** Windows telemetry data from user computers is encrypted, sent to, and processed at Microsoft-managed secure data centers located in the US. Our analysis of the upgrade readiness-related data is then provided to you through the Upgrade Readiness solution in the Microsoft Operations Management Suite (OMS) portal. At the time this topic is being published, only OMS workspaces created in the East US and West Europe are supported. We’re adding support for additional regions and we’ll update this information when new international regions are supported. + +### Tips + +- When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export a list with fewer items. + +- Sorting data by clicking a column heading may not sort your complete list of items. For information about how to sort data in OMS, see [Sorting DocumentDB data using Order By](https://azure.microsoft.com/documentation/articles/documentdb-orderby). + +## Get started + +See [Get started with Upgrade Readiness](upgrade-readiness-get-started.md) for detailed, step-by-step instructions for configuring Upgrade Readiness and getting started on your Windows upgrade project. diff --git a/windows/deploy/upgrade-readiness-resolve-issues.md b/windows/deploy/upgrade-readiness-resolve-issues.md new file mode 100644 index 0000000000..7436b86607 --- /dev/null +++ b/windows/deploy/upgrade-readiness-resolve-issues.md @@ -0,0 +1,152 @@ +--- +title: Upgrade Readiness - Resolve application and driver issues (Windows 10) +description: Describes how to resolve application and driver issues that can occur during an upgrade with Upgrade Readiness. +ms.prod: w10 +author: greg-lindsay +--- + +# Upgrade Readiness - Step 2: Resolve app and driver issues + +This section of the Upgrade Readiness workflow reports application and driver inventory and shows you which applications have known issues, which applications have no known issues, and which drivers have issues. We identify applications and drivers that need attention and suggest fixes when we know about them. + +You can change an application’s upgrade decision and a driver’s upgrade decision from the blades in this section. To change an application’s or a driver’s importance level, select **User changes**. Select the item you want to change and then select the appropriate option from the **Select upgrade decision** list. + +Upgrade decisions include: + +| Upgrade decision | When to use it | Guidance | +|--------------------|-------------------|-------------| +| Not reviewed | All drivers are marked as Not reviewed by default.

Any app that has not been marked **Low install count** will also have an upgrade decision of **Not reviewed** by default.
| Apps you have not yet reviewed or are waiting to review later should be marked as **Not reviewed**. When you start to investigate an application or a driver to determine upgrade readiness, change their upgrade decision to **Review in progress**.

| +| Review in progress | When you start to investigate an application or a driver to determine upgrade readiness, change its upgrade decision to **Review in progress**.

Until you’ve determined that applications and drivers will migrate successfully or you’ve resolved blocking issues, leave the upgrade decision status as **Review in progress**.

| Once you’ve fixed any issues and validated that the application or driver will migrate successfully, change the upgrade decision to **Ready to upgrade**.
| +| Ready to upgrade | Mark applications and drivers **Ready to upgrade** once you’ve resolved all blocking issues and you’re confident that they will upgrade successfully, or if you’ve decided to upgrade them as-is. | Applications with no known issues and with low installation rates are marked **Ready to upgrade** by default.

In Step 1, you might have marked some of your apps as **Ignore**. These should be marked as **Ready to upgrade**. Apps with low installation rates are marked as **Ready to upgrade** by default. Be sure to review any low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates.
| +| Won’t upgrade | By default, no applications or drivers are marked **Won’t upgrade** because only you can make that determination.

Use **Won’t upgrade** for applications and drivers that you do not work on your target operating system, or that you are unable to upgrade.
| If, during your investigation into an application or driver, you determine that they should not or cannot be upgraded, mark them **Won’t upgrade**.

| + +The blades in the **Resolve issues** section are: + +- Review applications with known issues +- Review applications with no known issues +- Review drivers with known issues + +As you review applications with known issues, you can also see ISV support statements or applications using [Ready for Windows](https://www.readyforwindows.com/). + +## Review applications with known issues + +Applications with issues known to Microsoft are listed, grouped by upgrade assessment into **Attention needed** or **Fix available**. + + + +![Review applications with known issues](images/upgrade-analytics-apps-known-issues.png) + +To change an application's upgrade decision: + +1. Select **Decide upgrade readiness** to view applications with issues. +2. In the table view, select an **UpgradeDecision** value. +3. Select **Decide upgrade readiness** to change the upgrade decision for each application. +4. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list. +5. Click **Save** when finished. + +IMORTANT: Ensure that you have the most recent versions of the compatibility update and related KBs installed to get the most up-to-date compatibility information. + +For applications assessed as **Attention needed**, review the table below for details about known issues and for guidance about how to resolve them, when possible. + +| Upgrade Assessment | Action required prior to upgrade? | Issue | What it means | Guidance | +|--------------------|-----------------------------------|-----------|-----------------|------------| +| Attention needed | No | Application is removed during upgrade | Compatibility issues were detected and the application will not migrate to the new operating system.
| No action is required for the upgrade to proceed. | +| Attention needed | Yes | Blocking upgrade | Blocking issues were detected and Upgrade Analytics is not able to remove the application during upgrade.

The application may work on the new operating system.
| Remove the application before upgrading, and reinstall and test on new operating system. | +| Attention needed | No | Evaluate application on new OS | The application will migrate, but issues were detected that may impact its performance on the new operating system. | No action is required for the upgrade to proceed, but be sure to test the application on the new operating system.
| +| Attention needed | No | Does not work with new OS, but won’t block upgrade | The application is not compatible with the new operating system, but won’t block the upgrade. | No action is required for the upgrade to proceed, however, you’ll have to install a compatible version of the application on the new operating system.
| +| Attention needed | Yes | Does not work with new OS, and will block upgrade | The application is not compatible with the new operating system and will block the upgrade. | Remove the application before upgrading.

A compatible version of the application may be available.
| +| Attention needed | Yes | May block upgrade, test application | Issues were detected that may interfere with the upgrade, but need to be investigated further.
| Test the application’s behavior during upgrade. If it blocks the upgrade, remove it before upgrading and reinstall and test it on the new operating system.
| +| Attention needed | Maybe | Multiple | Multiple issues are affecting the application. See detailed view for more information.| When you see Multiple in the query detailed view, click **Query** to see details about what issues were detected with the different versions of the application. | + +For applications assessed as **Fix available**, review the table below for details about known issues and ways to fix them that are known to Microsoft. + +| Upgrade Assessment | Action required prior to upgrade? | Issue | What it means | Guidance | +|--------------------|-----------------------------------|----------|-----------------|-------------| +| Fix available | Yes | Blocking upgrade, update application to newest version | The existing version of the application is not compatible with the new operating system and won’t migrate. A compatible version of the application is available. | Update the application before upgrading. | +| Fix available | No | Reinstall application after upgrading | The application is compatible with the new operating system, but must be reinstalled after upgrading. The application is removed during the upgrade process.
| No action is required for the upgrade to proceed. Reinstall application on the new operating system. | +| Fix available | Yes | Blocking upgrade, but can be reinstalled after upgrading | The application is compatible with the new operating system, but won’t migrate. | Remove the application before upgrading and reinstall on the new operating system.
| +| Fix available | Yes | Disk encryption blocking upgrade | The application’s encryption features are blocking the upgrade. | Disable the encryption feature before upgrading and enable it again after upgrading.
| + +### ISV support for applications with Ready for Windows + +[Ready for Windows](https://www.readyforwindows.com/) lists software solutions that are supported and in use for Windows 10. This site leverages data about application adoption from commercial Windows 10 installations and helps IT managers upgrade to Windows 10 with confidence. For more information, see [Ready for Windows Frequently Asked Questions](https://developer.microsoft.com/windows/ready-for-windows/#/faq/). + +Click **Review Applications With Known Issues** to see the status of applications for Ready for Windows and corresponding guidance. For example: + +![Upgrade analytics Ready for Windows status](images/upgrade-analytics-ready-for-windows-status.png) + +If there are known issues with an application, the specific guidance for that known issue takes precedence over the Ready for Windows guidance. + +![Upgrade analytics Ready for Windows status guidance precedence](images/upgrade-analytics-ready-for-windows-status-guidance-precedence.png) + +If you query with RollupLevel="NamePublisher", each version of the application can have a different status for Ready for Windows. In this case, different values appear for Ready for Windows. + +![Name publisher rollup](images/upgrade-analytics-namepub-rollup.png) + +>[!TIP] +>Within the Upgrade Readiness data model, an object of Type **UAApp** refers to a particular application installed on a specific computer. + +>To support dynamic aggregation and summation of data the Upgrade Readiness solution "rolls up" (aggregates) data in preprocessing. Rolling up to the **Granular** level enables display of the **App** level. In Upgrade Readiness terminology, an **App** is a unique combination of: app name, app vendor, app version, and app language. Thus, at the Granular level, you can see attributes such as **total install count**, which is the number of machines with a specific **App** installed. + +>Upgrade Readiness also has a roll up level of **NamePublisher**, This level enables you to ignore different app versions within your organization for a particular app. In other words, **NamePublisher** displays statistics about a given app, aggregated across all versions. + +The following table lists possible values for **ReadyForWindows** and what they mean. For more information, see [What does the Adoption Status mean?](https://developer.microsoft.com/en-us/windows/ready-for-windows#/faq/?scrollTo=faqStatuses) + +| Ready for Windows Status | Query rollup level | What this means | Guidance | +|-------------------|--------------------------|-----------------|----------| +|Supported version available | Granular | The software provider has declared support for one or more versions of this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10. | +| Highly adopted | Granular | This version of this application has been highly adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 100,000 commercial Windows 10 devices. | +| Adopted | Granular | This version of this application has been adopted within the Windows 10 Enterprise ecosystem. | This application has been installed on at least 10,000 commercial Windows 10 devices. | +| Insufficient Data | Granular | Too few commercial Windows 10 devices are sharing information about this version of this application for Microsoft to categorize its adoption. | N/A | +| Contact developer | Granular | There may be compatibility issues with this version of the application, so Microsoft recommends contacting the software provider to learn more. | Check [Ready for Windows](https://www.readyforwindows.com/) for additional information.| +|Supported version available | NamePublisher | The software provider has declared support for this application on Windows 10. | The ISV has declared support for a version of this application on Windows 10.| +|Adoption status available | NamePublisher | A Ready for Windows adoption status is available for one or more versions of this application. Please check Ready for Windows to learn more. |Check [Ready for Windows](https://www.readyforwindows.com/) for adoption information for this application.| +| Unknown | Any | There is no Ready for Windows information available for this version of this application. Information may be available for other versions of the application at [Ready for Windows](https://www.readyforwindows.com/). | N/A | + +## Review applications with no known issues + +Applications with no issues known to Microsoft are listed, grouped by upgrade decision. + +![Review applications with no known issues](images/upgrade-analytics-apps-no-known-issues.png) + +Applications with no known issues that are installed on 2% or less of your total computer inventory \[number of computers application is installed on/total number of computers in your inventory\] are automatically marked **Ready to upgrade** and included in the applications reviewed count. Applications with no known issues that are installed on more than 2% of your total computer inventory are automatically marked **Not reviewed**. + +Be sure to review low install count applications for any business critical or important applications that may not yet be upgrade-ready, despite their low installation rates. + +To change an application's upgrade decision: + +1. Select **Decide upgrade readiness** to view applications with issues. Select **Table** to view the list in a table. + +2. Select **User changes** to change the upgrade decision for each application. + +3. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list. + +4. Click **Save** when finished. + +## Review drivers with known issues + +Drivers that won’t migrate to the new operating system are listed, grouped by availability. + +![Review drivers with known issues](images/upgrade-analytics-drivers-known.png) + +Availability categories are explained in the table below. + +| Driver availability | Action required before or after upgrade? | What it means | Guidance | +|-----------------------|------------------------------------------|----------------|--------------| +| Available in-box | No, for awareness only | The currently installed version of an application or driver won’t migrate to the new operating system; however, a compatible version is installed with the new operating system.
| No action is required for the upgrade to proceed. | +| Import from Windows Update | Yes | The currently installed version of a driver won’t migrate to the new operating system; however, a compatible version is available from Windows Update.
| If the computer automatically receives updates from Windows Update, no action is required. Otherwise, import a new driver from Windows Update after upgrading.
| +| Available in-box and from Windows Update | Yes | The currently installed version of a driver won’t migrate to the new operating system.

Although a new driver is installed during upgrade, a newer version is available from Windows Update.
| If the computer automatically receives updates from Windows Update, no action is required. Otherwise, import a new driver from Windows Update after upgrading.
| +| Check with vendor | Yes | The driver won’t migrate to the new operating system and we are unable to locate a compatible version.
| Check with the independent hardware vendor (IHV) who manufactures the driver for a solution. | + +To change a driver’s upgrade decision: + +1. Select **Decide upgrade readiness** and then select the group of drivers you want to review. Select **Table** to view the list in a table. + +2. Select **User changes** to enable user input. + +3. Select the drivers you want to change to a specific upgrade decision and then select the appropriate option from the **Select upgrade decision** list. + +4. Click **Save** when finished. + diff --git a/windows/deploy/upgrade-readiness-upgrade-overview.md b/windows/deploy/upgrade-readiness-upgrade-overview.md new file mode 100644 index 0000000000..29777cad6f --- /dev/null +++ b/windows/deploy/upgrade-readiness-upgrade-overview.md @@ -0,0 +1,62 @@ +--- +title: Upgrade Readiness - Upgrade Overview (Windows 10) +description: Displays the total count of computers sharing data and upgraded. +ms.prod: w10 +author: greg-lindsay +--- + +# Upgrade Readiness - Upgrade overview + +The first blade in the Upgrade Readiness solution is the upgrade overview blade. This blade displays the total count of computers sharing data with Microsoft, and the count of computers upgraded. As you successfully upgrade computers, the count of computers upgraded increases. + +The upgrade overivew blade displays data refresh status, including the date and time of the most recent data update and whether user changes are reflected. The upgrade overview blade also displays the current target OS version. For more information about the target OS version, see [target version](use-upgrade-readiness-to-manage-windows-upgrades.md). + +The following color-coded status changes are reflected on the upgrade overview blade: + +- The "Last updated" banner: + - No delay in processing device inventory data = "Last updated" banner is displayed in green. + - Delay processing device inventory data = "Last updated" banner is displayed in amber. +- Computers with incomplete data: + - Less than 4% = Count is displayed in black. + - 4% - 10% = Count is displayed in amber. + - Greater than 10% = Count is displayed in red. +- User changes: + - Pending user changes = User changes count displays "Data refresh pending" in amber. + - No pending user changes = User changes count displays "Up to date" in green. +- Target version: + - If the current value matches the recommended value, the version is displayed in green. + - If the current value is an older OS version than the recommended value, but not deprecated, the version is displayed in amber. + - If the current value is a deprecated OS version, the version is displayed in red. + +In the following example, there is no delay in data processing, less than 4% of computers (6k\294k) have incomplete data, there are no pending user changes, and the currently selected target OS version is the same as the recommended version: + +![Upgrade overview](images/ur-overview.png) + + + +If data processing is delayed, you can continue using your workspace as normal. However, any changes or additional information that is added might not be displayed. Data is typically refreshed and the display will return to normal again within 24 hours. + +If there are computers with incomplete data, verify that you have installed the latest compatibilty update and run the most recent [Update Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the Microsoft download center. + +Select **Total computers** for a list of computers and details about them, including: + +- Computer ID and computer name +- Computer manufacturer +- Computer model +- Operating system version and build +- Count of system requirement, application, and driver issues per computer +- Upgrade assessment based on analysis of computer telemetry data +- Upgrade decision status + +Select **Total applications** for a list of applications discovered on user computers and details about them, including: + +- Application vendor +- Application version +- Count of computers the application is installed on +- Count of computers that opened the application at least once in the past 30 days +- Percentage of computers in your total computer inventory that opened the application in the past 30 days +- Issues detected, if any +- Upgrade assessment based on analysis of application data +- Rollup level \ No newline at end of file diff --git a/windows/deploy/use-upgrade-analytics-to-manage-windows-upgrades.md b/windows/deploy/use-upgrade-analytics-to-manage-windows-upgrades.md index 3b686e8dae..3d23267aa8 100644 --- a/windows/deploy/use-upgrade-analytics-to-manage-windows-upgrades.md +++ b/windows/deploy/use-upgrade-analytics-to-manage-windows-upgrades.md @@ -1,52 +1,4 @@ --- title: Use Upgrade Analytics to manage Windows upgrades (Windows 10) -description: Describes how to use Upgrade Analytics to manage Windows upgrades. -ms.prod: w10 -author: greg-lindsay +redirect_url: use-upgrade-readiness-to-manage-windows-upgrades --- - -# Use Upgrade Analytics to manage Windows upgrades - -You can use Upgrade Analytics to prioritize and work through application and driver issues, assign and track issue resolution status, and identify computers that are ready to upgrade. Upgrade Analytics enables you to deploy Windows with confidence, knowing that you’ve addressed potential blocking issues. - -- Based on telemetry data from user computers, Upgrade Analytics identifies application and driver compatibility issues that may block Windows upgrades, allowing you to make data-driven decisions about your organization’s upgrade readiness. -- Information is refreshed daily so you can monitor upgrade progress. Any changes your team makes, such as assigning application importance and marking applications as ready to upgrade, are reflected 24 hours after you make them. - -When you are ready to begin the upgrade process, a workflow is provided to guide you through critical high-level tasks. - -![Workflow](images/ua-cg-15.png) - -Each step in the workflow is enumerated using blue tiles. Helpful data is provided on white tiles to help you get started, to monitor your progress, and to complete each step. - ->**Important**: You can use the [Target OS](#target-os) setting to evaluate computers that are runnign a specified version of Windows before starting the Upgrade Analytics workflow. By default, the Target OS is configured to the released version of Windows 10 for the Current Branch for Business (CBB). - -The following information and workflow is provided: - -- [Upgrade overview](upgrade-analytics-upgrade-overview.md): Review compatibility and usage information about computers, applications, and drivers. -- [Step 1: Identify important apps](upgrade-analytics-identify-apps.md): Assign importance levels to prioritize your applications. -- [Step 2: Resolve issues](upgrade-analytics-resolve-issues.md): Identify and resolve problems with applications. -- [Step 3: Deploy](upgrade-analytics-deploy-windows.md): Start the upgrade process. - -Also see the following topic for information about additional items that can be affected by the upgrade process: - -- [Additional insights](upgrade-analytics-additional-insights.md): Find out which MS Office add-ins are installed, and review web site activity. - -## Target OS - -The target OS setting is used to evaluate the number of computers that are already running the default version of Windows 10, or a later version. - -As mentioned previously, the default target OS in Upgrade Analytics is set to the released version of the Current Branch for Business (CBB). CBB can be determined by reviewing [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx). The target OS setting is used to evaluate the number of computers that are already running this version of Windows, or a later version. - -The number displayed under **Computers upgraded** in the Upgrade Overview blade is the total number of computers that are already running the same or a later version of Windows compared to the target OS. It also is used in the evaluation of apps and drivers: Known issues and guidance for the apps and drivers in Upgrade Analytics is based on the target OS version. - -You now have the ability to change the Windows 10 version you wish to target. The available options currently are: Windows 10 version 1507, Windows 10 version 1511, and Windows version 1610. - -To change the target OS setting, click on **Solutions Settings**, which appears at the top when you open you Upgrade Analytics solution: - -![Target OS](images/ua-cg-08.png) - ->You must be signed in to Upgrade Analytics as an administrator to view settings. - -On the **Upgrade Analytics Settings** page, choose one of the options in the drop down box and click **Save**. The changes in the target OS setting are reflected in evaluations when a new snapshot is uploaded to your workspace. - -![Target OS](images/ua-cg-09.png) diff --git a/windows/deploy/use-upgrade-readiness-to-manage-windows-upgrades.md b/windows/deploy/use-upgrade-readiness-to-manage-windows-upgrades.md new file mode 100644 index 0000000000..cd081245c1 --- /dev/null +++ b/windows/deploy/use-upgrade-readiness-to-manage-windows-upgrades.md @@ -0,0 +1,54 @@ +--- +title: Use Upgrade Readiness to manage Windows upgrades (Windows 10) +description: Describes how to use Upgrade Readiness to manage Windows upgrades. +ms.prod: w10 +author: greg-lindsay +--- + +# Use Upgrade Readiness to manage Windows upgrades + +You can use Upgrade Readiness to prioritize and work through application and driver issues, assign and track issue resolution status, and identify computers that are ready to upgrade. Upgrade Readiness enables you to deploy Windows with confidence, knowing that you’ve addressed potential blocking issues. + +- Based on telemetry data from user computers, Upgrade Readiness identifies application and driver compatibility issues that may block Windows upgrades, allowing you to make data-driven decisions about your organization’s upgrade readiness. +- Information is refreshed daily so you can monitor upgrade progress. Any changes your team makes, such as assigning application importance and marking applications as ready to upgrade, are reflected 24 hours after you make them. + +When you are ready to begin the upgrade process, a workflow is provided to guide you through critical high-level tasks. + +![Workflow](images/ua-cg-15.png) + +Each step in the workflow is enumerated using blue tiles. Helpful data is provided on white tiles to help you get started, to monitor your progress, and to complete each step. + +>**Important**: You can use the [Target version](#target-version) setting to evaluate computers that are runnign a specified version of Windows before starting the Upgrade Readiness workflow. By default, the Target version is configured to the released version of Windows 10 for the Current Branch for Business (CBB). + +The following information and workflow is provided: + +- [Upgrade overview](upgrade-readiness-upgrade-overview.md): Review compatibility and usage information about computers, applications, and drivers. +- [Step 1: Identify important apps](upgrade-readiness-identify-apps.md): Assign importance levels to prioritize your applications. +- [Step 2: Resolve issues](upgrade-readiness-resolve-issues.md): Identify and resolve problems with applications. +- [Step 3: Deploy](upgrade-readiness-deploy-windows.md): Start the upgrade process. + +Also see the following topic for information about additional items that can be affected by the upgrade process: + +- [Additional insights](upgrade-readiness-additional-insights.md): Find out which MS Office add-ins are installed, and review web site activity. + +## Target version + +The target version setting is used to evaluate the number of computers that are already running the default version of Windows 10, or a later version. The target version of Windows 10 is displayed on the upgrade overview tile. See the following example: + +![Target version](images/ur-target-version.png) + +As mentioned previously, the default target version in Upgrade Readiness is set to the released version of the Current Branch for Business (CBB). CBB can be determined by reviewing [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx). The target version setting is used to evaluate the number of computers that are already running this version of Windows, or a later version. + +The number displayed under **Computers upgraded** in the Upgrade Overview blade is the total number of computers that are already running the same or a later version of Windows compared to the target version. It also is used in the evaluation of apps and drivers: Known issues and guidance for the apps and drivers in Upgrade Readiness is based on the target operating system version. + +You now have the ability to change the Windows 10 version you wish to target. The available options currently are: Windows 10 version 1507, Windows 10 version 1511, and Windows version 1610. + +To change the target version setting, click on **Solutions Settings**, which appears at the top when you open you Upgrade Readiness solution: + +![Target version](images/ua-cg-08.png) + +>You must be signed in to Upgrade Readiness as an administrator to view settings. + +On the **Upgrade Readiness Settings** page, choose one of the options in the drop down box and click **Save**. The changes in the target version setting are reflected in evaluations when a new snapshot is uploaded to your workspace. + +![Target version](images/ua-cg-09.png) diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index e3a7bddc5d..5125d56c73 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -774,6 +774,13 @@ ##### [Configure an Azure Active Directory application for SIEM integration](configure-aad-windows-defender-advanced-threat-protection.md) ##### [Configure Splunk to consume Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md) ##### [Configure HP ArcSight to consume Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) +#### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) +##### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) +##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) +##### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) +##### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) +##### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) +##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) #### [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) ##### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md) ###### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines) diff --git a/windows/keep-secure/code/example.ps1 b/windows/keep-secure/code/example.ps1 new file mode 100644 index 0000000000..278824d13a --- /dev/null +++ b/windows/keep-secure/code/example.ps1 @@ -0,0 +1,52 @@ +$tenantId = '{Your Tenant ID}' +$clientId = '{Your Client ID}' +$clientSecret = '{Your Client Secret}' + +$authUrl = "https://login.windows.net/{0}/oauth2/token" -f $tenantId + +$tokenPayload = @{ + "resource"='https://graph.windows.net' + "client_id" = $clientId + "client_secret" = $clientSecret + "grant_type"='client_credentials'} + +$response = Invoke-RestMethod $authUrl -Method Post -Body $tokenPayload +$token = $response.access_token + +$headers = @{ + "Content-Type"="application/json" + "Accept"="application/json" + "Authorization"="Bearer {0}" -f $token } + +$apiBaseUrl = "https://ti.securitycenter.windows.com/V1.0/" + +$alertDefinitions = + (Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) -Method Get -Headers $headers).value + +$alertDefinitionPayload = @{ + "Name"= "The alert's name" + "Severity"= "Low" + "InternalDescription"= "An internal description of the Alert" + "Title"= "The Title" + "UxDescription"= "Description of the alerts" + "RecommendedAction"= "The alert's recommended action" + "Category"= "Trojan" + "Enabled"= "true"} + +$alertDefinition = + Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) ` + -Method Post -Headers $headers -Body ($alertDefinitionPayload | ConvertTo-Json) + +$alertDefinitionId = $alertDefinition.Id + +$iocPayload = @{ + "Type"="Sha1" + "Value"="dead1111eeaabbccddeeaabbccddee11ffffffff" + "DetectionFunction"="Equals" + "Enabled"="true" + "AlertDefinition@odata.bind"="AlertDefinitions({0})" -f $alertDefinitionId } + + +$ioc = + Invoke-RestMethod ("{0}IndicatorsOfCompromise" -f $apiBaseUrl) ` + -Method Post -Headers $headers -Body ($iocPayload | ConvertTo-Json) diff --git a/windows/keep-secure/code/example.py b/windows/keep-secure/code/example.py new file mode 100644 index 0000000000..7bf906738c --- /dev/null +++ b/windows/keep-secure/code/example.py @@ -0,0 +1,53 @@ +import json +import requests +from pprint import pprint + +tenant_id="{your tenant ID}" +client_id="{your client ID}" +client_secret="{your client secret}" + +auth_url = "https://login.windows.net/{0}/oauth2/token".format(tenant_id) + +payload = {"resource": "https://graph.windows.net", + "client_id": client_id, + "client_secret": client_secret, + "grant_type": "client_credentials"} + +response = requests.post(auth_url, payload) +token = json.loads(response.text)["access_token"] + +with requests.Session() as session: + session.headers = { + 'Authorization': 'Bearer {}'.format(token), + 'Content-Type': 'application/json', + 'Accept': 'application/json'} + + response = session.get("https://ti.securitycenter.windows.com/V1.0/AlertDefinitions") + pprint(json.loads(response.text)) + + alert_definition = {"Name": "The alert's name", + "Severity": "Low", + "InternalDescription": "An internal description of the alert", + "Title": "The Title", + "UxDescription": "Description of the alerts", + "RecommendedAction": "The alert's recommended action", + "Category": "Trojan", + "Enabled": True} + + response = session.post( + "https://ti.securitycenter.windows.com/V1.0/AlertDefinitions", + json=alert_definition) + + alert_definition_id = json.loads(response.text)["Id"] + + ioc = {'Type': "Sha1", + 'Value': "dead1111eeaabbccddeeaabbccddee11ffffffff", + 'DetectionFunction': "Equals", + 'Enabled': True, + "AlertDefinition@odata.bind": "AlertDefinitions({0})".format(alert_definition_id)} + + response = session.post( + "https://ti.securitycenter.windows.com/V1.0/IndicatorsOfCompromise", + json=ioc) + + pprint(json.loads(response.text)) diff --git a/windows/keep-secure/credential-guard.md b/windows/keep-secure/credential-guard.md index 8c70f3782d..7d3b48530d 100644 --- a/windows/keep-secure/credential-guard.md +++ b/windows/keep-secure/credential-guard.md @@ -40,12 +40,10 @@ Here's a high-level overview on how the LSA is isolated by using virtualization- ## Requirements -For Credential Guard to provide protections, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally Credential Guard blocks specific authentication capabilities, so applications which require blocked capabilities will break. We will refer to this as [Application requirements](#application-requirements). Beyond that, computers can meet additional hardware and firmware requirements, and receive additional protection—those computers will be more hardened against certain threats. To keep this section brief, those will be in [Security Considerations](#security-considerations). +For Credential Guard to provide protections, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally Credential Guard blocks specific authentication capabilities, so applications which require blocked capabilities will break. We will refer to this as [Application requirements](#application-requirements). Beyond that, computers can meet additional hardware and firmware qualifications, and receive additional protection—those computers will be more hardened against certain threats. To keep this section brief, those will be in [Security Considerations](#security-considerations). ### Hardware and software requirements -To deploy Credential Guard, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements. Beyond that, computers can meet additional hardware and firmware requirements, and receive additional protection—those computers will be more hardened against certain threats. - To provide basic protection against OS level attempts to read Credential Manager domain credentials, NTLM and Kerberos derived credentials, Credential Manager uses: - Support for Virtualization-based security (required) - TPM 2.0 either discrete or firmware (preferred - provides binding to hardware) @@ -82,14 +80,15 @@ Applications may cause performance issues when they attempt to hook the isolated ### Security considerations -The following tables provide more information about the hardware, firmware, and software required for deployment of Credential Guard. The tables describe baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, available in 2016, and announced as options for 2017. +All computers that meet baseline protections for hardware, firmware, and software can use Credential Guard. +Computers that meet additional qualifications can provide additional protections to further reduce the attack surface. +The following tables describe baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017. > [!NOTE] -> Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new computers. This requirement is not restated in the tables that follow.
-> If you are an OEM, see the requirements information at [PC OEM requirements for Device Guard and Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514.aspx).
-> Starting in Widows 10, 1607, TPM 2.0 is required. +> Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new computers.
+> If you are an OEM, see [PC OEM requirements for Device Guard and Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514.aspx).
-#### Baseline protection recommendations +#### Baseline protections |Baseline Protections | Description | |---------------------------------------------|----------------------------------------------------| @@ -101,9 +100,9 @@ The following tables provide more information about the hardware, firmware, and | Software: Qualified **Windows operating system** | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise

Important:
Windows Server 2016 running as a domain controller does not support Credential Guard. Only Device Guard is supported in this configuration.


**Security benefits**: Support for VBS and for management features that simplify configuration of Credential Guard. | > [!IMPORTANT] -> The preceding table lists requirements for baseline protections. The following tables list requirements for improved security. You can use Credential Guard with hardware, firmware, and software that support baseline protections, even if they do not support protections for improved security. However, we strongly recommend meeting the requirements for improved security to significantly strengthen the level of security that Credential Guard can provide. +> The following tables list additional qualifications for improved security. We strongly recommend meeting the additional qualifications to significantly strengthen the level of security that Credential Guard can provide. -#### 2015 Additional Security Recommendations (starting with Windows 10, version 1507, and Windows Server 2016, Technical Preview 4) +#### 2015 Additional security qualifications starting with Windows 10, version 1507, and Windows Server 2016 Technical Preview 4 | Protections for Improved Security | Description | |---------------------------------------------|----------------------------------------------------| @@ -113,10 +112,10 @@ The following tables provide more information about the hardware, firmware, and
-#### 2016 Additional Security Recommendations (starting with Windows 10, version 1607, and Windows Server 2016) +#### 2016 Additional security qualifications starting with Windows 10, version 1607, and Windows Server 2016 > [!IMPORTANT] -> The following tables list requirements for improved security, beyond the level of protection described in the preceding tables. You can use Credential Guard with hardware, firmware, and software that do not support the following protections for improved security. As your systems meet more requirements, more protections become available to them. +> The following tables list additional qualifications for improved security. Systems that meet these additional qualifications can provide more protections. | Protections for Improved Security | Description | |---------------------------------------------|----------------------------------------------------| @@ -126,9 +125,9 @@ The following tables provide more information about the hardware, firmware, and
-#### 2017 Additional security requirements starting with Windows 10, version 1703 +#### 2017 Additional security qualifications starting with Windows 10, version 1703 -The following table lists requirements for Windows 10, version 1703, which are in addition to all preceding requirements. +The following table lists qualifications for Windows 10, version 1703, which are in addition to all preceding qualifications. | Protection for Improved Security | Description | |---------------------------------------------|----------------------------------------------------| diff --git a/windows/keep-secure/custom-ti-api-windows-defender-advanced-threat-protection.md b/windows/keep-secure/custom-ti-api-windows-defender-advanced-threat-protection.md index 7c5f60b159..8c54c753a6 100644 --- a/windows/keep-secure/custom-ti-api-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/custom-ti-api-windows-defender-advanced-threat-protection.md @@ -11,7 +11,7 @@ author: mjcaparas localizationpriority: high --- -# Create custom alerts using the threat intelligence (TI) Application program interface (API) +# Create custom alerts using the threat intelligence (TI) application program interface (API) **Applies to:** @@ -23,12 +23,12 @@ localizationpriority: high [Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] -You can define custom alert definitions and indicators of compromise (IOC) using the threat intelligence API. Creating custom threat intelligence alerts allows you to create specific alerts that are applicable to your organization. +You can define custom alert definitions and indicators of compromise (IOC) using the threat intelligence API. Creating custom threat intelligence alerts allows you to generate specific alerts that are applicable to your organization. ## Before you begin Before creating custom alerts, you'll need to enable the threat intelligence application in Azure Active Directory and generate access tokens. For more information, see [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md). -### Use the threat intelligence REST APIs to create custom threat intelligence alerts +### Use the threat intelligence REST API to create custom threat intelligence alerts You can call and specify the resource URLs using one of the following operations to access and manipulate a threat intelligence resource, you call and specify the resource URLs using one of the following operations: - GET @@ -347,11 +347,13 @@ These parameters are compatible with the [OData V4 query language](http://docs.o ## Code examples The following articles provide detailed code examples that demonstrate how to use the custom threat intelligence API in several programming languages: -- PowerShell code examples -- Python code examples +- [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) +- [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) ## Related topics -- [Understand threat intelligence](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) +- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) - [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) +- [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) +- [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) - [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md index 38074271e9..e62a85a083 100644 --- a/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md @@ -40,6 +40,8 @@ Before you can create custom threat intelligence (TI) using REST API, you'll nee You’ll need to use the access token in the Authorization header when doing REST API calls. ## Related topics -- [Understand threat intelligence](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) -- [Create custom threat intelligence](custom-ti-api-windows-defender-advanced-threat-protection.md) +- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) +- [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) +- [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) +- [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) - [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md b/windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md index 897187ce25..749d25c114 100644 --- a/windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md @@ -50,10 +50,10 @@ This status indicates that there's limited communication between the machine and The following suggested actions can help fix issues related to a misconfigured machine with impaired communication: -- [Ensure the endpoint has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-endpoint-has-an-internet-connection) +- [Ensure the endpoint has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-endpoint-has-an-internet-connection)
The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service. -- Verify client connectivity to Windows Defender ATP service URLs
+- [Verify client connectivity to Windows Defender ATP service URLs](configure-proxy-internet-windows-defender-advanced-threat-protection.md#verify-client-connectivity-to-windows-defender-atp-service-urls)
Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Windows Defender ATP service URLs. If you took corrective actions and the machine status is still misconfigured, [open a support ticket](http://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409). @@ -62,16 +62,16 @@ If you took corrective actions and the machine status is still misconfigured, [o A misconfigured machine with status ‘No sensor data’ has communication with the service but can only report partial sensor data. Follow theses actions to correct known issues related to a misconfigured machine with status ‘Impaired communication’: -- [Ensure the endpoint has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-endpoint-has-an-internet-connection) +- [Ensure the endpoint has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-endpoint-has-an-internet-connection)
The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service. -- Verify client connectivity to Windows Defender ATP service URLs
+- [Verify client connectivity to Windows Defender ATP service URLs](configure-proxy-internet-windows-defender-advanced-threat-protection.md#verify-client-connectivity-to-windows-defender-atp-service-urls)
Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Windows Defender ATP service URLs. -- [Ensure the telemetry and diagnostics service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled) +- [Ensure the telemetry and diagnostics service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled)
If the endpoints aren't reporting correctly, you might need to check that the Windows 10 telemetry and diagnostics service is set to automatically start and is running on the endpoint. -- [Ensure that Windows Defender is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-is-not-disabled-by-a-policy) +- [Ensure that Windows Defender is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-is-not-disabled-by-a-policy)
If your endpoints are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled. If you took corrective actions and the machine status is still misconfigured, [open a support ticket](http://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409). diff --git a/windows/keep-secure/hello-identity-verification.md b/windows/keep-secure/hello-identity-verification.md index 7e5139aeaf..c13f490b56 100644 --- a/windows/keep-secure/hello-identity-verification.md +++ b/windows/keep-secure/hello-identity-verification.md @@ -72,7 +72,7 @@ Imagine that someone is looking over your shoulder as you get money from an ATM Windows Hello helps protect user identities and user credentials. Because the user doesn't enter a password (except during provisioning), it helps circumvent phishing and brute force attacks. It also helps prevent server breaches because Windows Hello credentials are an asymmetric key pair, which helps prevent replay attacks when these keys are protected by TPMs. -For customers using a hybrid Active Directory and Azure Active Directorye environment, Windows Hello also enables Windows 10 Mobile devices to be used as [a remote credential](hello-prepare-people-to-use.md#bmk-remote) when signing into Windows 10 PCs. During the sign-in process, the Windows 10 PC can connect using Bluetooth to access Windows Hello on the user’s Windows 10 Mobile device. Because users carry their phone with them, Windows Hello makes implementing two-factor authentication across the enterprise less costly and complex than other solutions. +For customers using a hybrid Active Directory and Azure Active Directory environment, Windows Hello also enables Windows 10 Mobile devices to be used as [a remote credential](hello-prepare-people-to-use.md#bmk-remote) when signing into Windows 10 PCs. During the sign-in process, the Windows 10 PC can connect using Bluetooth to access Windows Hello on the user’s Windows 10 Mobile device. Because users carry their phone with them, Windows Hello makes implementing two-factor authentication across the enterprise less costly and complex than other solutions. > [!NOTE] >  Phone sign-in is currently limited to select Technology Adoption Program (TAP) participants. diff --git a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md index 69a0b102c6..640b0a524c 100644 --- a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md @@ -40,7 +40,7 @@ When you investigate a specific machine, you'll see: ![Image of machine details page](images/atp-machine-details-view.png) -The machine details, total logged on users and machine reporting sections display various attributes about the machine. You’ll see details such as machine name, health status, actions you can take on the machine. For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md). +The machine details, total logged on users and machine reporting sections display various attributes about the machine. You’ll see details such as machine name, health state, actions you can take on the machine. For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md). You'll also see other information such as domain, operating system (OS), total logged on users and who frequently and less frequently logged on, IP address, and how long it's been reporting sensor data to the Windows Defender ATP service. diff --git a/windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md b/windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md index b06391c16d..5574319409 100644 --- a/windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md @@ -26,88 +26,54 @@ localizationpriority: high This article provides PowerShell code examples for using the custom threat intelligence API. These code examples demonstrate the following tasks: -- [Obtain an Azure AD access token](#obtain-an-azure-ad-access-token) -- [Create headers](#create-headers) -- [Create calls to the custom threat intelligence API](#create-calls-to-the-custom-threat-intelligence-api) -- [Create a new alert definition](#create-a-new-alert-definition) -- [Create a new indicator of compromise](#create-a-new-indicator-of-compromise) +- [Obtain an Azure AD access token](#token) +- [Create headers](#headers) +- [Create calls to the custom threat intelligence API](#calls) +- [Create a new alert definition](#alert-definition) +- [Create a new indicator of compromise](#ioc) -## Obtain an Azure AD access token + +## Step 1: Obtain an Azure AD access token The following example demonstrates how to obtain an Azure AD access token that you can use to call methods in the custom threat intelligence API. After you obtain a token, you have 60 minutes to use this token in calls to the custom threat intelligence API before the token expires. After the token expires, you can generate a new token. -Replace the *tenant\_id*, *client_id*, and *client_secret* values with the ones you got from **Preferences settings** page in the portal: +Replace the *tenantid*, *clientid*, and *clientSecret* values with the ones you got from **Preferences settings** page in the portal: -``` +[!code[CustomTIAPI](./code/example.ps1#L1-L14)] -$tenantId = '{Your Tenant ID} -$clientId = '{Your Client ID}' -$clientSecret = '{Your Client Secret}' + +## Step 2: Create headers used for the requests with the API +Use the following code to create the headers used for the requests with the API: -$authUrl = "https://login.windows.net/{0}/oauth2/token" -f $tenantId +[!code[CustomTIAPI](./code/example.ps1#L16-L19)] -$tokenPayload = @{ - "resource"='https://graph.windows.net' - "client_id" = $clientId - "client_secret" = $clientSecret - "grant_type"='client_credentials'} + +## Step 3: Create calls to the custom threat intelligence API +After creating the headers, you can now create calls to the API. The following example demonstrates how you can view all the alert definition entities: -$response = Invoke-RestMethod $authUrl -Method Post -Body $tokenPayload -$token = $response.access_token +[!code[CustomTIAPI](./code/example.ps1#L21-L24)] -``` +The response is empty on initial use of the API. -## Create headers -The following example demonstrates how to create headers used for the requests with the API. + +## Step 4: Create a new alert definition +The following example demonstrates how you to create a new alert definition. -``` -$headers = @{} -$headers.Add("Content-Type", "application/json") -$headers.Add("Accept", "application/json") -$headers.Add("Authorization", "Bearer {0}" -f $token) +[!code[CustomTIAPI](./code/example.ps1#L26-L39)] -``` + +## Step 5: Create a new indicator of compromise +You can now use the alert ID obtained from creating a new alert definition to create a new indicator of compromise. -## Create calls to the custom threat intelligence API -The following example demonstrates how to view all alert definition entities by creating a call to the API. +[!code[CustomTIAPI](./code/example.ps1#L43-L53)] -``` -$apiBaseUrl = "https://ti.securitycenter.windows.com/V1.0/" -$alertDefinitions = - (Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) -Method Get -Headers $headers).value -``` +## Complete code +You can use the complete code to create calls to the API. -If this is the first time to use the API, the response is empty. +[!code[CustomTIAPI](./code/example.ps1#L1-L53)] -## Create a new alert definition -The following example shows how to create a new alert definition. - -``` -$alertDefinitionPayload = @{ - "Name"= "The Alert's Name" - "Severity"= "Low" - "InternalDescription"= "An internal description of the Alert" - "Title"= "The Title" - "UxDescription"= "Description of the alerts" - "RecommendedAction"= "The alert's recommended action" - "Category"= "Trojan" - "Enabled"= "true"} - - -$alertDefinition = - Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) -Method Post -Headers $headers -Body ($alertDefinitionPayload | ConvertTo-Json) -``` - -## Create a new indicator of compromise -The following example shows how to use the alert ID obtained from creating a new alert definition to create a new indicator of compromise. - -``` -$iocPayload = @{ - "Type"="Sha1" - "Value"="dead1111eeaabbccddeeaabbccddee11ffffffff" - "DetectionFunction"="Equals" - "Enabled"="true" - "AlertDefinition@odata.bind"="AlertDefinitions({0})" -f $alertDefinitionId } - - -$ioc = Invoke-RestMethod ("{0}IndicatorsOfCompromise" -f $apiBaseUrl) -Method Post -Headers $headers -Body ($iocPayload | ConvertTo-Json) -``` +## Related topics +- [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) +- [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) +- [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) +- [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) +- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/preview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/preview-windows-defender-advanced-threat-protection.md index a85f157968..3a89c15e0b 100644 --- a/windows/keep-secure/preview-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/preview-windows-defender-advanced-threat-protection.md @@ -34,18 +34,20 @@ For more information, see [Turn on the preview experience](preview-settings-wind ## Preview features The following features are included in the preview release: -- [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) - Take action on machine related alerts to quickly respond to detected attacks by isolating machines or collecting an investigation package. +- [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) - Quickly respond to detected attacks by isolating machines or collecting an investigation package. - [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network) - [Undo machine isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#undo-machine-isolation) - [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines) -- [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md) - Take action on file related alerts to quickly respond to detected attacks by stopping and quarantining files or blocking a file. +- [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md) - Quickly respond to detected attacks by stopping and quarantining files or blocking a file. - [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network) - [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine) - [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network) -- [Check sensor status](check-sensor-status-windows-defender-advanced-threat-protection.md) - Check an endpoint's ability to provide sensor data and communicate with the Windows Defender ATP service and fix sensor issues if you identify problematic machines. +- [Check sensor health state](check-sensor-status-windows-defender-advanced-threat-protection.md) - Check an endpoint's ability to provide sensor data and communicate with the Windows Defender ATP service and fix known issues. - [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md) +- [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) - Create custom threat intelligence alerts using the threat intelligence API to generate alerts that are applicable to your organization. + >[!NOTE] -> All response features require machines to be on the latest Windows 10 Insider Preview build and above. +> All response actions require machines to be on the latest Windows 10 Insider Preview build. diff --git a/windows/keep-secure/python-example-code-windows-defender-advanced-threat-protection.md b/windows/keep-secure/python-example-code-windows-defender-advanced-threat-protection.md index 4b482cc066..6e63d9f1b5 100644 --- a/windows/keep-secure/python-example-code-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/python-example-code-windows-defender-advanced-threat-protection.md @@ -27,95 +27,55 @@ localizationpriority: high You must [install](http://docs.python-requests.org/en/master/user/install/#install) the "[requests](http://docs.python-requests.org/en/master/)" python library. These code examples demonstrate the following tasks: -- [Obtain an Azure AD access token](#obtain-an-azure-ad-access-token) -- [Create request session object](#create-a-request's-session-object) -- [Create calls to the custom threat intelligence API](#create-calls-to-the-custom-threat-intelligence-api) -- [Create a new alert definition](#create-a-new-alert-definition) -- [Create a new indicator of compromise](#create-a-new-indicator-of-compromise) +- [Obtain an Azure AD access token](#token) +- [Create request session object](#session-object) +- [Create calls to the custom threat intelligence API](#calls) +- [Create a new alert definition](#alert-definition) +- [Create a new indicator of compromise](#ioc) -## Obtain an Azure AD access token + +## Step 1: Obtain an Azure AD access token The following example demonstrates how to obtain an Azure AD access token that you can use to call methods in the custom threat intelligence API. After you obtain a token, you have 60 minutes to use this token in calls to the custom threat intelligence API before the token expires. After the token expires, you can generate a new token. Replace the *tenant\_id*, *client_id*, and *client_secret* values with the ones you got from **Preferences settings** page in the portal: -``` - -import json -import requests -from pprint import pprint - -tenant_id="{your tenant ID}" -client_id="{your client ID" -client_secret="{your client secret}" - -full_auth_url = r"https://login.windows.net/{0}/oauth2/token".format(tenant_id) - -payload = {"resource": "https://graph.windows.net", - "client_id": client_id, - "client_secret": client_secret, - "grant_type": "client_credentials"} +[!code[CustomTIAPI](./code/example.py#L1-L17)] -response = requests.post(full_auth_url, payload) -token = json.loads(response.text)["access_token"] -``` - -## Create request session object + +## Step 2: Create request session object Add HTTP headers to the session object, including the Authorization header with the token that was obtained. -``` -with requests.Session() as session: - session.headers = { - 'Authorization': 'Bearer {}'.format(token), - 'Content-Type': 'application/json', - 'Accept': 'application/json'} -``` +[!code[CustomTIAPI](./code/example.py#L19-L23)] -## Create calls to the custom threat intelligence API -The following example shows how to view all of the alert definition entities by creating a call to the API. + +## Step 3: Create calls to the custom threat intelligence API +After adding HTTP headers to the session object, you can now create calls to the API. The following example demonstrates how you can view all the alert definition entities: ->[!NOTE] -> All code is still within the ```with``` statement with the same indention level. +[!code[CustomTIAPI](./code/example.py#L25-L26)] -```json +The response is empty on initial use of the API. -response = session.get("https://ti.securitycenter.windows.com/V1.0/AlertDefinitions") -pprint(json.loads(response.text)) -``` + +## Step 4: Create a new alert definition +The following example demonstrates how you to create a new alert definition. -If this is the first time to use the API, the response is empty. +[!code[CustomTIAPI](./code/example.py#L28-L39)] -## Create a new alert definition -The following example shows how to create a new alert definition. + +## Step 5: Create a new indicator of compromise +You can now use the alert ID obtained from creating a new alert definition to create a new indicator of compromise. -``` +[!code[CustomTIAPI](./code/example.py#L41-L51)] -alert_definition = {"Name": "The Alert's Name", - "Severity": "Low", - "InternalDescription": "An internal description of the Alert", - "Title": "The Title", - "UxDescription": "Description of the alerts", - "RecommendedAction": "The alert's recommended action", - "Category": "Trojan", - "Enabled": True} +## Complete code +You can use the complete code to create calls to the API. -response = session.post( - "https://ti.securitycenter.windows.com/V1.0/AlertDefinitions", - json=alert_definition) -``` +[!code[CustomTIAPI](./code/example.py#L1-L53)] -## Create a new indicator of compromise -The following example shows how to use the alert ID obtained from creating a new alert definition to create a new indicator of compromise. - -``` -alert_definition_id = json.loads(response.text)["Id"] - ioc = {'Type': "Sha1", - 'Value': "dead1111eeaabbccddeeaabbccddee11ffffffff", - 'DetectionFunction': "Equals", - 'Enabled': True, - "AlertDefinition@odata.bind": "AlertDefinitions({0})".format(alert_definition_id)} - - response = session.post( - "https://ti.securitycenter.windows.com/V1.0/IndicatorsOfCompromise", - json=ioc) -``` +## Related topics +- [Understand threat intelligence](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) +- [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) +- [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) +- [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) +- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md b/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md index 49742f17e8..0bba05e0b7 100644 --- a/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md +++ b/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md @@ -39,9 +39,9 @@ You can deploy Device Guard in phases, and plan these phases in relation to the > [!WARNING] > Virtualization-based protection of code integrity may be incompatible with some devices and applications. We strongly recommend testing this configuration in your lab before enabling virtualization-based protection of code integrity on production systems. Failure to do so may result in unexpected failures up to and including data loss or a blue screen error (also called a stop error). -The following tables provide more information about the hardware, firmware, and software required for deployment of various Device Guard features. The tables describe baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, available in 2016, and announced as options for 2017. +The following tables provide more information about the hardware, firmware, and software required for deployment of various Device Guard features. The tables describe baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017. -> **Notes** +> **Notes**
> • To understand the requirements in the following tables, you will need to be familiar with the main features in Device Guard: configurable code integrity policies, virtualization-based security (VBS), and Universal Extensible Firmware Interface (UEFI) Secure Boot. For information about these features, see [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats).
> • Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new computers. diff --git a/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md index 4cd712c7a8..0d15caf8a1 100644 --- a/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ localizationpriority: high [Some information relates to pre–released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] -You can take action on file related alerts to quickly respond to detected attacks by stopping and quarantining files or blocking a file. After taking action on files, you can check activity details on the Action center. +Quickly respond to detected attacks by stopping and quarantining files or blocking a file. After taking action on files, you can check activity details on the Action center. >[!NOTE] > These response actions are only available for machines on Windows 10, version 1703. diff --git a/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md index e4ffc6abe9..7262eeac48 100644 --- a/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ localizationpriority: high [Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] -You can take action on machine related alerts to quickly respond to detected attacks by isolating machines or collecting an investigation package. After taking action on machines, you can check activity details on the Action center. +Quickly respond to detected attacks by isolating machines or collecting an investigation package. After taking action on machines, you can check activity details on the Action center. >[!NOTE] > These response actions are only available for machines on Windows 10, version 1703. diff --git a/windows/keep-secure/threat-indicator-concepts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/threat-indicator-concepts-windows-defender-advanced-threat-protection.md index 32dc72d7fd..be6cfe9d8e 100644 --- a/windows/keep-secure/threat-indicator-concepts-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/threat-indicator-concepts-windows-defender-advanced-threat-protection.md @@ -11,7 +11,7 @@ author: mjcaparas localizationpriority: high --- -# Understand threat indicators +# Understand threat intelligence concepts **Applies to:** @@ -47,7 +47,9 @@ Here is an example of an IOC: IOCs have a many-to-one relationship with alert definitions such that an alert definition can have many IOCs that correspond to it. -## Related topic +## Related topics - [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) -- [Create custom threat indicators using REST API](custom-ti-api-windows-defender-advanced-threat-protection.md) +- [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) +- [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) +- [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) - [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md index 5448e0e2f5..d63bd1bf4c 100644 --- a/windows/keep-secure/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md @@ -44,3 +44,11 @@ If your client secret expires or if you've misplaced the copy provided when you 6. Click **Save**. The key value is displayed. 7. Copy the value and save it in a safe place. + + +## Related topics +- [Understand threat intelligence](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) +- [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) +- [Create custom threat intelligence](custom-ti-api-windows-defender-advanced-threat-protection.md) +- [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) +- [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/use-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/use-custom-ti-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..0757a26702 --- /dev/null +++ b/windows/keep-secure/use-custom-ti-windows-defender-advanced-threat-protection.md @@ -0,0 +1,39 @@ +--- +title: Use the threat intelligence API in Windows Defender Advanced Threat Protection to create custom alerts +description: Use the custom threat intelligence API to create custom alerts for your organization. +keywords: threat intelligence, alert definitions, indicators of compromise +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +author: mjcaparas +localizationpriority: high +--- + +# Use the threat intelligence API to create custom alerts + +**Applies to:** + +- Windows 10 Enterprise +- Windows 10 Education +- Windows 10 Pro +- Windows 10 Pro Education +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] + +Understand threat intelligence concepts, then enable the custom threat intelligence application so that you can proceed to create custom threat intelligence alerts that are specific to your organization. + +You can use the code examples to guide you in creating calls to the custom threat intelligence API. + +## In this section + +Topic | Description +:---|:--- +[Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) | Understand the concepts around threat intelligence so that you can effectively create custom intelligence for your organization. +[Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) | Set up the custom threat intelligence application through the Windows Defender ATP portal so that you can create custom threat intelligence (TI) using REST API. +[Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) | Create custom threat intelligence alerts so that you can generate specific alerts that are applicable to your organization. +[PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) | Use the PowerShell code examples to guide you in using the custom threat intelligence API. +[Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) | Use the Python code examples to guide you in using the custom threat intelligence API. +[Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) | Learn how to address possible issues you might encounter while using the threat intelligence API. diff --git a/windows/manage/windows-libraries.md b/windows/manage/windows-libraries.md index 1608798dce..f8937e7a43 100644 --- a/windows/manage/windows-libraries.md +++ b/windows/manage/windows-libraries.md @@ -10,10 +10,10 @@ author: jasongerend ms.date: 2/6/2017 description: All about Windows Libraries, which are containers for users' content, such as Documents and Pictures. --- -> Applies to: Windows 10, Windows 8.1, Windows 7, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 - # Windows Libraries +> Applies to: Windows 10, Windows 8.1, Windows 7, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 + Libraries are virtual containers for users’ content. A library can contain files and folders stored on the local computer or in a remote storage location. In Windows Explorer, users interact with libraries in ways similar to how they would interact with other folders. Libraries are built upon the legacy known folders (such as My Documents, My Pictures, and My Music) that users are familiar with, and these known folders are automatically included in the default libraries and set as the default save location. ## Features for Users