Merge branch 'master' into siosulli-privacyupdates-temp

2025-06-19 12:23:37 +00:00 · 2021-10-12 10:20:46 +01:00
parent ded9d2b99a b2977c224a
commit 99fc380644
7 changed files with 89 additions and 31 deletions
--- a/windows/application-management/manage-windows-mixed-reality.md
+++ b/windows/application-management/manage-windows-mixed-reality.md
@ -50,8 +50,7 @@ Organizations that use Windows Server Update Services (WSUS) must take action to
        ```
        > [!NOTE]
-        > * On Windows 10, you must rename the FOD .CAB file to : **Microsoft-Windows-Holographic-Desktop-FOD-Package\~31bf3856ad364e35\~amd64\~\~.cab**
+        > On Windows 10 and 11, you must rename the FOD .CAB file to: **Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab**
        > * On Windows 11, you must rename the FOD .CAB file to: **Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e45~amd_64~~.cab**
   1. In **Settings** > **Update & Security** > **Windows Update**, select **Check for updates**.
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@ -9,7 +9,7 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 10/08/2020
+ms.date: 10/11/2021
 ---
 # Policies in Policy CSP supported by HoloLens 2
@ -51,6 +51,7 @@ ms.date: 10/08/2020
 - [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana)
 - [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment)
 - [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) <sup>9</sup>
 - [MixedReality/AutoLogonUser](./policy-csp-mixedreality.md#mixedreality-autologonuser) <sup>10</sup>
 - [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) <sup>9</sup>
 - [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) <sup>9</sup>
 - [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) <sup>9</sup>
@ -101,7 +102,13 @@ ms.date: 10/08/2020
 - [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart) <sup>9</sup>
 - [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate)
 - [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice)
 - [Update/AutoRestartNotificationSchedule](policy-csp-update.md#update-autorestartnotificationschedule) <sup>10</sup>
 - [Update/AutoRestartRequiredNotificationDismissal](policy-csp-update.md#update-autorestartrequirednotificationdismissal) <sup>10</sup>
 - [Update/BranchReadinessLevel](policy-csp-update.md#update-branchreadinesslevel)
 - [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates) <sup>10</sup>
 - [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates) <sup>10</sup>
 - [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod) <sup>10</sup>
 - [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot) <sup>10</sup>
 - [Update/DeferFeatureUpdatesPeriodInDays](policy-csp-update.md#update-deferfeatureupdatesperiodindays)
 - [Update/DeferQualityUpdatesPeriodInDays](policy-csp-update.md#update-deferqualityupdatesperiodindays)
 - [Update/ManagePreviewBuilds](policy-csp-update.md#update-managepreviewbuilds)
@ -109,7 +116,10 @@ ms.date: 10/08/2020
 - [Update/PauseQualityUpdates](policy-csp-update.md#update-pausequalityupdates)
 - [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday)
 - [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime)
 - [Update/ScheduleImminentRestartWarning](policy-csp-update.md#update-scheduleimminentrestartwarning) <sup>10</sup>
 - [Update/ScheduleRestartWarning](policy-csp-update.md#update-schedulerestartwarning) <sup>10</sup>
 - [Update/SetDisablePauseUXAccess](policy-csp-update.md#update-setdisablepauseuxaccess)
 - [Update/UpdateNotificationLevel](policy-csp-update.md#update-updatenotificationlevel) <sup>10</sup>
 - [Update/UpdateServiceUrl](policy-csp-update.md#update-updateserviceurl)
 - [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
 - [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi) <sup>8</sup>
@ -125,6 +135,7 @@ Footnotes:
 - 7 - Available in Windows 10, version 1909.
 - 8 - Available in Windows 10, version 2004.
 - 9 - Available in [Windows Holographic, version 20H2](/hololens/hololens-release-notes#windows-holographic-version-20h2)
 - 10 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2)
 ## Related topics
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 10/06/2020
+ms.date: 10/12/2021
 ms.reviewer: 
 manager: dansimp
 ---
@ -23,6 +23,9 @@ manager: dansimp
  <dd>
    <a href="#mixedreality-aadgroupmembershipcachevalidityindays">MixedReality/AADGroupMembershipCacheValidityInDays</a>
  </dd>
  <dd>
    <a href="#mixedreality-autologonuser">MixedReality/AutoLogonUser</a>
  </dd>
  <dd>
    <a href="#mixedreality-brightnessbuttondisabled">MixedReality/BrightnessButtonDisabled</a>
  </dd>
@ -50,28 +53,28 @@ manager: dansimp
 </tr>
 <tr>
    <td>HoloLens (1st gen) Development Edition</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens (1st gen) Commercial Suite</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens 2</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>✔️</td>
 </tr>
 </table>
 Steps to use this policy correctly:
 1. Create a device configuration profile for kiosk targeting Azure AD groups and assign it to HoloLens device(s).
-1. Create a custom OMA URI-based device configuration that sets this policy value to desired number of days (> 0) and assign it to HoloLens device(s).
+1. Create a custom OMA URI-based device configuration that sets this policy value to chosen number of days (> 0) and assign it to HoloLens devices.
    1. The URI value should be entered in OMA-URI text box as ./Vendor/MSFT/Policy/Config/MixedReality/AADGroupMembershipCacheValidityInDays
    1. The value can be between min / max allowed.
 1. Enroll HoloLens devices and verify both configurations get applied to the device.
 1. Let Azure AD user 1 sign-in when internet is available. Once the user signs-in and Azure AD group membership is confirmed successfully, cache will be created.
 1. Now Azure AD user 1 can take HoloLens offline and use it for kiosk mode as long as policy value allows for X number of days.
-1. Steps 4 and 5 can be repeated for any other Azure AD user N. The key point here is that any Azure AD user must sign-in to device using Internet at least once. Then we can determine that they are member of Azure AD group to which Kiosk configuration is targeted.
+1. Steps 4 and 5 can be repeated for any other Azure AD user N. The key point is that any Azure AD user must sign in to device using Internet at least once. Then we can determine that they are member of Azure AD group to which Kiosk configuration is targeted.
 > [!NOTE]
 > Until step 4 is performed for a Azure AD user will experience failure behavior mentioned similar to “disconnected” environments.
@ -79,6 +82,50 @@ Steps to use this policy correctly:
 <!--/SupportedSKUs-->
 <hr/>
 <!--Policy-->
 <a href="" id="mixedreality-autologonuser"></a>**MixedReality/AutoLogonUser**  
 <!--SupportedSKUs-->
 <table>
 <tr>
    <th>Windows Edition</th>
    <th>Supported?</th>
 </tr>
 <tr>
    <td>HoloLens (1st gen) Development Edition</td>
    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens (1st gen) Commercial Suite</td>
    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens 2</td>
    <td>✔️</td>
 </tr>
 </table>
 <!--/Description-->
 This new AutoLogonUser policy controls whether a user will be automatically logged on. Some customers want to set up devices that are tied to an identity but don't want any sign in experience. Imagine picking up a device and using remote assist immediately. Or have a benefit of being able to rapidly  distribute HoloLens devices and enable their end users to speed up login.
 When the policy is set to a non-empty value, it specifies the email address of the auto log on user. The specified user must logon to the device at least once to enable autologon.
 The OMA-URI of new policy `./Device/Vendor/MSFT/Policy/Config/MixedReality/AutoLogonUser`
 <!--SupportedValues-->
 String value
 - User with the same email address will have autologon enabled.
 On a device where this policy is configured, the user specified in the policy will need to log on at least once. Subsequent reboots of the device after the first logon will have the specified user automatically logged on. Only a single autologon user is supported. Once enabled, the automatically logged on user will not be able to log out manually. To log on as a different user, the policy must first be disabled.
 > [!NOTE]
 >
 > - Some events such as major OS updates may require the specified user to logon to the device again to resume auto-logon behavior.
 > - Auto-logon is only supported for MSA and AAD users.
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
@ -114,15 +161,15 @@ Supported values are 0-60. The default value is 0 (day) and maximum value is 60
 </tr>
 <tr>
    <td>HoloLens (1st gen) Development Edition</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens (1st gen) Commercial Suite</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens 2</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>✔️</td>
 </tr>
 </table>
@ -167,15 +214,15 @@ The following list shows the supported values:
 </tr>
 <tr>
    <td>HoloLens (1st gen) Development Edition</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens (1st gen) Commercial Suite</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens 2</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>✔️</td>
 </tr>
 </table>
@ -221,15 +268,15 @@ The following list shows the supported values:
 </tr>
 <tr>
    <td>HoloLens (1st gen) Development Edition</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens (1st gen) Commercial Suite</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens 2</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>✔️</td>
 </tr>
 </table>
@ -274,15 +321,15 @@ The following list shows the supported values:
 </tr>
 <tr>
    <td>HoloLens (1st gen) Development Edition</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens (1st gen) Commercial Suite</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens 2</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>✔️</td>
 </tr>
 </table>
@ -317,4 +364,3 @@ The following list shows the supported values:
 <hr/>
 <!--/Policies-->
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@ -5,8 +5,8 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
-ms.date: 07/07/2020
+ms.date: 10/11/2021
 ms.reviewer: 
 manager: dansimp
 ---
@ -50,8 +50,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 The following list shows the supported values:
 - 0 - Disable Microsoft Defender Application Guard
 - 1 - Enable Microsoft Defender Application Guard for Microsoft Edge ONLY
- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY
+- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY (added in Windows 10, version 2004)
- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments
+- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments (added in Windows 10, version 2004)
 <a href="" id="clipboardfiletype"></a>**Settings/ClipboardFileType**  
 Determines the type of content that can be copied from the host to Application Guard environment and vice versa. 
@ -279,7 +279,7 @@ Value type is integer. Supported operation is Get.
 - Bit 6 - Set to 1 when system reboot is required.
 <a href="" id="platformstatus"></a>**PlatformStatus**  
-Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device. 
+Added in Windows 10, version 2004. Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device. 
 Value type is integer. Supported operation is Get.
--- a/windows/deployment/update/update-compliance-get-started.md
+++ b/windows/deployment/update/update-compliance-get-started.md
@ -23,7 +23,9 @@ ms.topic: article
 - Windows 11
 > [!IMPORTANT]
-> **A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing"**. If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must configure devices with this additional policy. You can do this by rerunning the [Update Compliance Configuration Script](update-compliance-configuration-script.md) if you configure your devices through Group Policy, or refer to [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) for details on manually configuring the new policy for both Group Policy and MDM. 
+> **A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing"**. If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must configure devices with this additional policy. You can do this by rerunning the [Update Compliance Configuration Script](update-compliance-configuration-script.md) if you configure your devices through Group Policy, or refer to [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) for details on manually configuring the new policy for both Group Policy and MDM.
 >
 > Devices must have this policy configured by January 31, 2022, to remain enrolled in Update Compliance. Devices without this policy configured, including Windows 10 releases prior to version 1809 which do not support this policy, will stop appearing in Update Compliance reports after this date.
 This topic introduces the high-level steps required to enroll to the Update Compliance solution and configure devices to send data to it. The following steps cover the enrollment and device configuration workflow.
--- a/windows/deployment/update/windows-update-errors.md
+++ b/windows/deployment/update/windows-update-errors.md
@ -173,7 +173,7 @@ The following table provides information about common errors you might run into
 | Message | Description | Mitigation |
 |---------|-------------|------------|
-| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically, a component store corruption caused when a component is in a partially installed state. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. | 
+| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically, a component store corruption caused when a component is in a partially installed state. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt, run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. | 
 ## 0x8007371b
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 04/19/2017
+ms.date: 10/11/2021
 ms.technology: mde
 ---
@ -46,7 +46,7 @@ This policy setting determines the behavior of the elevation prompt for standard
 ### Best practices
 1.  Configure the **User Account Control: Behavior of the elevation prompt for standard users** to **Automatically deny elevation requests**. This setting requires the user to log on with an administrative account to run programs that require elevation of privilege.
-2.  As a security best practice, standard users should not have knowledge of administrative passwords. However, if your users have both standard and administrator-level accounts, set **Prompt for credentials** so that the users do not choose to always log on with their administrator accounts, and they shift their behavior to use the standard user account.
+2.  As a security best practice, standard users should not have knowledge of administrative passwords. However, if your users have both standard and administrator-level accounts, set **Prompt for credentials on the secure desktop** so that the users do not choose to always log on with their administrator accounts, and they shift their behavior to use the standard user account.
 ### Location