From 79be99f04f6adb67b1be8945b1e40a0d993cd9a7 Mon Sep 17 00:00:00 2001 From: roh-kan Date: Fri, 8 Oct 2021 00:02:51 +0800 Subject: [PATCH 01/12] Fix Typo in command Related Issue: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10014 --- windows/deployment/update/windows-update-errors.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md index ac67414ec6..b30011a355 100644 --- a/windows/deployment/update/windows-update-errors.md +++ b/windows/deployment/update/windows-update-errors.md @@ -173,7 +173,7 @@ The following table provides information about common errors you might run into | Message | Description | Mitigation | |---------|-------------|------------| -| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically, a component store corruption caused when a component is in a partially installed state. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt and run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device. | +| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically, a component store corruption caused when a component is in a partially installed state. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt and run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device. | ## 0x8007371b From 62d0a8c423f70fac274770653d98535e165136d5 Mon Sep 17 00:00:00 2001 From: David Mebane Date: Thu, 7 Oct 2021 16:53:37 -0700 Subject: [PATCH 02/12] Update update-compliance-get-started.md --- windows/deployment/update/update-compliance-get-started.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index bb55b0dff1..b50e741721 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -23,7 +23,8 @@ ms.topic: article - Windows 11 > [!IMPORTANT] -> **A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing"**. If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must configure devices with this additional policy. You can do this by rerunning the [Update Compliance Configuration Script](update-compliance-configuration-script.md) if you configure your devices through Group Policy, or refer to [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) for details on manually configuring the new policy for both Group Policy and MDM. +> **A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing"**. If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must configure devices with this additional policy. You can do this by rerunning the [Update Compliance Configuration Script](update-compliance-configuration-script.md) if you configure your devices through Group Policy, or refer to [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) for details on manually configuring the new policy for both Group Policy and MDM. +> Devices must have this policy configured by January 31st, 2022 to remain enrolled in Update Compliance. Devices without this policy configured, including Windows 10 releases prior to version 1809 which do not support this policy, will stop appearing in Update Compliance reports after this date. This topic introduces the high-level steps required to enroll to the Update Compliance solution and configure devices to send data to it. The following steps cover the enrollment and device configuration workflow. From ae9a36ec88363e39c94af2714a228ce7e8e60d18 Mon Sep 17 00:00:00 2001 From: roh-kan Date: Fri, 8 Oct 2021 18:49:03 +0800 Subject: [PATCH 03/12] Update punctuation Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/windows-update-errors.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md index b30011a355..fc07839d42 100644 --- a/windows/deployment/update/windows-update-errors.md +++ b/windows/deployment/update/windows-update-errors.md @@ -173,7 +173,7 @@ The following table provides information about common errors you might run into | Message | Description | Mitigation | |---------|-------------|------------| -| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically, a component store corruption caused when a component is in a partially installed state. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt and run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device. | +| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically, a component store corruption caused when a component is in a partially installed state. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt, run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device. | ## 0x8007371b From 69e1bbd3d1f64537cbe625f1af5415b069330545 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Sun, 10 Oct 2021 15:21:37 -0700 Subject: [PATCH 04/12] Update windowsdefenderapplicationguard-csp.md --- .../mdm/windowsdefenderapplicationguard-csp.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index 468313fb87..546bdf3f0c 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -50,8 +50,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. The following list shows the supported values: - 0 - Disable Microsoft Defender Application Guard - 1 - Enable Microsoft Defender Application Guard for Microsoft Edge ONLY -- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY -- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments +- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY (Added in Windows 10, version 2004) +- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments (Added in Windows 10, version 2004) **Settings/ClipboardFileType** Determines the type of content that can be copied from the host to Application Guard environment and vice versa. @@ -279,7 +279,7 @@ Value type is integer. Supported operation is Get. - Bit 6 - Set to 1 when system reboot is required. **PlatformStatus** -Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device. +Added in Windows 10, version 2004. Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device. Value type is integer. Supported operation is Get. From c66f5f99b1ee002661c50a9faa0adebe380d5c7f Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 11 Oct 2021 15:42:03 +0300 Subject: [PATCH 05/12] Update Best practices https://github.com/MicrosoftDocs/windows-itpro-docs/issues/9916 --- ...ntrol-behavior-of-the-elevation-prompt-for-standard-users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md index de0490479f..37b331657f 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md @@ -46,7 +46,7 @@ This policy setting determines the behavior of the elevation prompt for standard ### Best practices 1. Configure the **User Account Control: Behavior of the elevation prompt for standard users** to **Automatically deny elevation requests**. This setting requires the user to log on with an administrative account to run programs that require elevation of privilege. -2. As a security best practice, standard users should not have knowledge of administrative passwords. However, if your users have both standard and administrator-level accounts, set **Prompt for credentials** so that the users do not choose to always log on with their administrator accounts, and they shift their behavior to use the standard user account. +2. As a security best practice, standard users should not have knowledge of administrative passwords. However, if your users have both standard and administrator-level accounts, set **Prompt for credentials on the secure desktop** so that the users do not choose to always log on with their administrator accounts, and they shift their behavior to use the standard user account. ### Location From f5bd247967a1e8f05ee132a989ef0d6909671be4 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Mon, 11 Oct 2021 08:10:56 -0700 Subject: [PATCH 06/12] Update windows/client-management/mdm/windowsdefenderapplicationguard-csp.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../mdm/windowsdefenderapplicationguard-csp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index 546bdf3f0c..946c8013d8 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -50,8 +50,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. The following list shows the supported values: - 0 - Disable Microsoft Defender Application Guard - 1 - Enable Microsoft Defender Application Guard for Microsoft Edge ONLY -- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY (Added in Windows 10, version 2004) -- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments (Added in Windows 10, version 2004) +- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY (added in Windows 10, version 2004) +- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments (added in Windows 10, version 2004) **Settings/ClipboardFileType** Determines the type of content that can be copied from the host to Application Guard environment and vice versa. From 69d27ba5c9f625fd8fc9c3b9d50b369bb6ece943 Mon Sep 17 00:00:00 2001 From: Jaime Ondrusek Date: Mon, 11 Oct 2021 08:16:48 -0700 Subject: [PATCH 07/12] Update windows/deployment/update/update-compliance-get-started.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/update-compliance-get-started.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index b50e741721..c01d76b407 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -24,7 +24,8 @@ ms.topic: article > [!IMPORTANT] > **A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing"**. If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must configure devices with this additional policy. You can do this by rerunning the [Update Compliance Configuration Script](update-compliance-configuration-script.md) if you configure your devices through Group Policy, or refer to [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) for details on manually configuring the new policy for both Group Policy and MDM. -> Devices must have this policy configured by January 31st, 2022 to remain enrolled in Update Compliance. Devices without this policy configured, including Windows 10 releases prior to version 1809 which do not support this policy, will stop appearing in Update Compliance reports after this date. +> +> Devices must have this policy configured by January 31, 2022, to remain enrolled in Update Compliance. Devices without this policy configured, including Windows 10 releases prior to version 1809 which do not support this policy, will stop appearing in Update Compliance reports after this date. This topic introduces the high-level steps required to enroll to the Update Compliance solution and configure devices to send data to it. The following steps cover the enrollment and device configuration workflow. From 111b18461fe8d3def2f69d6f3de704bb3cae543a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 11 Oct 2021 10:05:18 -0700 Subject: [PATCH 08/12] Update user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md --- ...ntrol-behavior-of-the-elevation-prompt-for-standard-users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md index 37b331657f..688bce1b38 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 +ms.date: 10/11/2021 ms.technology: mde --- From 3db37ef4d18ceb33b0bac31bd302baa68b447db2 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 11 Oct 2021 10:06:31 -0700 Subject: [PATCH 09/12] Update windowsdefenderapplicationguard-csp.md --- .../mdm/windowsdefenderapplicationguard-csp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index 946c8013d8..ccd89eb916 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -5,8 +5,8 @@ ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: manikadhiman -ms.date: 07/07/2020 +author: dansimp +ms.date: 10/11/2021 ms.reviewer: manager: dansimp --- From 1e76f571a9691abe59297eefb3c8ae17efd2aef8 Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Mon, 11 Oct 2021 13:14:32 -0700 Subject: [PATCH 10/12] New 21H2 HoloLens 2 Policies --- ...es-in-policy-csp-supported-by-hololens2.md | 13 ++- .../mdm/policy-csp-mixedreality.md | 80 +++++++++++++++---- 2 files changed, 75 insertions(+), 18 deletions(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md index 507b737aa0..b312ee27f9 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md @@ -9,7 +9,7 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 10/08/2020 +ms.date: 10/11/2021 --- # Policies in Policy CSP supported by HoloLens 2 @@ -51,6 +51,7 @@ ms.date: 10/08/2020 - [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana) - [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment) - [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) 9 +- [MixedReality/AutoLogonUser](./policy-csp-mixedreality.md#mixedreality-autologonuser) 10 - [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) 9 - [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) 9 - [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) 9 @@ -101,7 +102,13 @@ ms.date: 10/08/2020 - [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart) 9 - [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate) - [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice) +- [Update/AutoRestartNotificationSchedule](policy-csp-update.md#update-autorestartnotificationschedule) 10 +- [Update/AutoRestartRequiredNotificationDismissal](policy-csp-update.md#update-autorestartrequirednotificationdismissal) 10 - [Update/BranchReadinessLevel](policy-csp-update.md#update-branchreadinesslevel) +- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates) 10 +- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates) 10 +- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod) 10 +- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot) 10 - [Update/DeferFeatureUpdatesPeriodInDays](policy-csp-update.md#update-deferfeatureupdatesperiodindays) - [Update/DeferQualityUpdatesPeriodInDays](policy-csp-update.md#update-deferqualityupdatesperiodindays) - [Update/ManagePreviewBuilds](policy-csp-update.md#update-managepreviewbuilds) @@ -109,7 +116,10 @@ ms.date: 10/08/2020 - [Update/PauseQualityUpdates](policy-csp-update.md#update-pausequalityupdates) - [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday) - [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime) +- [Update/ScheduleImminentRestartWarning](policy-csp-update.md#update-scheduleimminentrestartwarning) 10 +- [Update/ScheduleRestartWarning](policy-csp-update.md#update-schedulerestartwarning) 10 - [Update/SetDisablePauseUXAccess](policy-csp-update.md#update-setdisablepauseuxaccess) +- [Update/UpdateNotificationLevel](policy-csp-update.md#update-updatenotificationlevel) 10 - [Update/UpdateServiceUrl](policy-csp-update.md#update-updateserviceurl) - [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration) - [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi) 8 @@ -125,6 +135,7 @@ Footnotes: - 7 - Available in Windows 10, version 1909. - 8 - Available in Windows 10, version 2004. - 9 - Available in [Windows Holographic, version 20H2](/hololens/hololens-release-notes#windows-holographic-version-20h2) +- 10 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2) ## Related topics diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index 42e192202e..2d549c3a18 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 10/06/2020 +ms.date: 10/12/2021 ms.reviewer: manager: dansimp --- @@ -23,6 +23,9 @@ manager: dansimp
MixedReality/AADGroupMembershipCacheValidityInDays
+
+ MixedReality/AutoLogonUser +
MixedReality/BrightnessButtonDisabled
@@ -50,15 +53,15 @@ manager: dansimp HoloLens (1st gen) Development Edition - cross mark + ❌ HoloLens (1st gen) Commercial Suite - cross mark + ❌ HoloLens 2 - check mark9 + ✔️ @@ -79,6 +82,50 @@ Steps to use this policy correctly:
+ +**MixedReality/AutoLogonUser** + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
HoloLens (1st gen) Development Edition
HoloLens (1st gen) Commercial Suite
HoloLens 2✔️
+ + +This new AutoLogonUser policy controls whether a user will be automatically logged on. Some customers want to set up devices that are tied to an identity but don't want any sign-in experience. Imagine picking up a device and using remote assist immediately. Or have a benefit of being able to rapidly distribute HoloLens devices and enable their end users to expedite login. + +When the policy is set to a non-empty value, it specifies the email address of the auto-logon user. The specified user must logon to the device at least once to enable auto-logon. + +The OMA-URI of new policy `./Device/Vendor/MSFT/Policy/Config/MixedReality/AutoLogonUser` + + +String value +- User with the same email address will have auto logon enabled. + +On a device where this policy is configured, the user specified in the policy will need to logon at least once. Subsequent reboots of the device after the first logon will have the specified user automatically logged on. Only a single auto-logon user is supported. Once enabled, the automatically logged on user will not be able to log out manually. To logon as a different user, the policy must first be disabled. + +> [!NOTE] +> +> - Some events such as major OS updates may require the specified user to logon to the device again to resume auto-logon behavior. +> - Auto-logon is only supported for MSA and AAD users. + + +
+ [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -114,15 +161,15 @@ Supported values are 0-60. The default value is 0 (day) and maximum value is 60 HoloLens (1st gen) Development Edition - cross mark + ❌ HoloLens (1st gen) Commercial Suite - cross mark + ❌ HoloLens 2 - check mark9 + ✔️ @@ -167,15 +214,15 @@ The following list shows the supported values: HoloLens (1st gen) Development Edition - cross mark + ❌ HoloLens (1st gen) Commercial Suite - cross mark + ❌ HoloLens 2 - check mark9 + ✔️ @@ -221,15 +268,15 @@ The following list shows the supported values: HoloLens (1st gen) Development Edition - cross mark + ❌ HoloLens (1st gen) Commercial Suite - cross mark + ❌ HoloLens 2 - check mark9 + ✔️ @@ -274,15 +321,15 @@ The following list shows the supported values: HoloLens (1st gen) Development Edition - cross mark + ❌ HoloLens (1st gen) Commercial Suite - cross mark + ❌ HoloLens 2 - check mark9 + ✔️ @@ -317,4 +364,3 @@ The following list shows the supported values:
- From da790514fab01155f8f9cd957c8cb1da70827c5e Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Mon, 11 Oct 2021 13:22:18 -0700 Subject: [PATCH 11/12] 80 --- .../client-management/mdm/policy-csp-mixedreality.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index 2d549c3a18..d08161c676 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -68,13 +68,13 @@ manager: dansimp Steps to use this policy correctly: 1. Create a device configuration profile for kiosk targeting Azure AD groups and assign it to HoloLens device(s). -1. Create a custom OMA URI-based device configuration that sets this policy value to desired number of days (> 0) and assign it to HoloLens device(s). +1. Create a custom OMA URI-based device configuration that sets this policy value to chosen number of days (> 0) and assign it to HoloLens devices. 1. The URI value should be entered in OMA-URI text box as ./Vendor/MSFT/Policy/Config/MixedReality/AADGroupMembershipCacheValidityInDays 1. The value can be between min / max allowed. 1. Enroll HoloLens devices and verify both configurations get applied to the device. 1. Let Azure AD user 1 sign-in when internet is available. Once the user signs-in and Azure AD group membership is confirmed successfully, cache will be created. 1. Now Azure AD user 1 can take HoloLens offline and use it for kiosk mode as long as policy value allows for X number of days. -1. Steps 4 and 5 can be repeated for any other Azure AD user N. The key point here is that any Azure AD user must sign-in to device using Internet at least once. Then we can determine that they are member of Azure AD group to which Kiosk configuration is targeted. +1. Steps 4 and 5 can be repeated for any other Azure AD user N. The key point is that any Azure AD user must sign in to device using Internet at least once. Then we can determine that they are member of Azure AD group to which Kiosk configuration is targeted. > [!NOTE] > Until step 4 is performed for a Azure AD user will experience failure behavior mentioned similar to “disconnected” environments. @@ -106,17 +106,17 @@ Steps to use this policy correctly: -This new AutoLogonUser policy controls whether a user will be automatically logged on. Some customers want to set up devices that are tied to an identity but don't want any sign-in experience. Imagine picking up a device and using remote assist immediately. Or have a benefit of being able to rapidly distribute HoloLens devices and enable their end users to expedite login. +This new AutoLogonUser policy controls whether a user will be automatically logged on. Some customers want to set up devices that are tied to an identity but don't want any sign in experience. Imagine picking up a device and using remote assist immediately. Or have a benefit of being able to rapidly distribute HoloLens devices and enable their end users to speed up login. -When the policy is set to a non-empty value, it specifies the email address of the auto-logon user. The specified user must logon to the device at least once to enable auto-logon. +When the policy is set to a non-empty value, it specifies the email address of the auto log on user. The specified user must logon to the device at least once to enable autologon. The OMA-URI of new policy `./Device/Vendor/MSFT/Policy/Config/MixedReality/AutoLogonUser` String value -- User with the same email address will have auto logon enabled. +- User with the same email address will have autologon enabled. -On a device where this policy is configured, the user specified in the policy will need to logon at least once. Subsequent reboots of the device after the first logon will have the specified user automatically logged on. Only a single auto-logon user is supported. Once enabled, the automatically logged on user will not be able to log out manually. To logon as a different user, the policy must first be disabled. +On a device where this policy is configured, the user specified in the policy will need to log on at least once. Subsequent reboots of the device after the first logon will have the specified user automatically logged on. Only a single autologon user is supported. Once enabled, the automatically logged on user will not be able to log out manually. To log on as a different user, the policy must first be disabled. > [!NOTE] > From cc199092888715b753f46e5849a892a25b2279cd Mon Sep 17 00:00:00 2001 From: qianw211 <41130658+qianw211@users.noreply.github.com> Date: Mon, 11 Oct 2021 14:45:58 -0700 Subject: [PATCH 12/12] updating the note on win11 fod file --- windows/application-management/manage-windows-mixed-reality.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md index e33d30d8b8..ecfbf1a470 100644 --- a/windows/application-management/manage-windows-mixed-reality.md +++ b/windows/application-management/manage-windows-mixed-reality.md @@ -50,8 +50,7 @@ Organizations that use Windows Server Update Services (WSUS) must take action to ``` > [!NOTE] - > * On Windows 10, you must rename the FOD .CAB file to : **Microsoft-Windows-Holographic-Desktop-FOD-Package\~31bf3856ad364e35\~amd64\~\~.cab** - > * On Windows 11, you must rename the FOD .CAB file to: **Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e45~amd_64~~.cab** + > On Windows 10 and 11, you must rename the FOD .CAB file to: **Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab** 1. In **Settings** > **Update & Security** > **Windows Update**, select **Check for updates**.