Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client
@ -7,7 +7,7 @@ ms.sitesec: library
|
|||||||
author: jdeckerms
|
author: jdeckerms
|
||||||
ms.author: jdecker
|
ms.author: jdecker
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.date: 06/01/2018
|
ms.date: 07/12/2018
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
---
|
---
|
||||||
|
|
||||||
@ -15,6 +15,12 @@ ms.localizationpriority: medium
|
|||||||
|
|
||||||
This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md).
|
This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md).
|
||||||
|
|
||||||
|
## July 2018
|
||||||
|
|
||||||
|
New or changed topic | Description
|
||||||
|
--- | ---
|
||||||
|
[Set up and use Whiteboard to Whiteboard collaboration](whiteboard-collaboration.md) | Added information and links for new Microsoft Whiteboard app release.
|
||||||
|
|
||||||
## June 2018
|
## June 2018
|
||||||
|
|
||||||
New or changed topic | Description
|
New or changed topic | Description
|
||||||
|
@ -6,13 +6,16 @@ ms.sitesec: library
|
|||||||
author: jdeckerms
|
author: jdeckerms
|
||||||
ms.author: jdecker
|
ms.author: jdecker
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.date: 10/20/2017
|
ms.date: 07/12/2018
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
---
|
---
|
||||||
|
|
||||||
# Set up and use Whiteboard to Whiteboard collaboration (Surface Hub)
|
# Set up and use Whiteboard to Whiteboard collaboration (Surface Hub)
|
||||||
|
|
||||||
Microsoft Whiteboard’s latest update (17.8302.5275X or greater) includes the capability for two Surface Hubs to collaborate in real time on the same board.
|
The Microsoft Whiteboard app includes the capability for two Surface Hubs to collaborate in real time on the same board.
|
||||||
|
|
||||||
|
>[!IMPORTANT]
|
||||||
|
>A new Microsoft Whiteboard app was released on July 12, 2018. The existing Whiteboard app that comes installed on Surface Hub and is pinned to the Welcome screen cannot collaborate with the new version that can be installed on the PC. If people in your organization install the new Whiteboard on their PCs, you must install the new Whiteboard on Surface Hub to enable collaboration. To learn more about installing the new Whiteboard on your Surface Hub, see [Whiteboard on Surface Hub opt-in](https://go.microsoft.com/fwlink/p/?LinkId=2004277).
|
||||||
|
|
||||||
By ensuring that your organization meets the prerequisites, users can then ink, collaborate, and ideate together.
|
By ensuring that your organization meets the prerequisites, users can then ink, collaborate, and ideate together.
|
||||||
|
|
||||||
|
@ -335,6 +335,11 @@ You must install SQL Server with the **SQL\_Latin1\_General\_CP1\_CI\_AS** coll
|
|||||||
</tr>
|
</tr>
|
||||||
</thead>
|
</thead>
|
||||||
<tbody>
|
<tbody>
|
||||||
|
<tr class="odd">
|
||||||
|
<td align="left"><p>Microsoft SQL Server 2017</p></td>
|
||||||
|
<td align="left"><p>Standard, Enterprise, or Datacenter</p></td>
|
||||||
|
<td align="left"><p></p></td>
|
||||||
|
<td align="left"><p>64-bit</p></td>
|
||||||
<tr class="even">
|
<tr class="even">
|
||||||
<td align="left"><p>Microsoft SQL Server 2016</p></td>
|
<td align="left"><p>Microsoft SQL Server 2016</p></td>
|
||||||
<td align="left"><p>Standard, Enterprise, or Datacenter</p></td>
|
<td align="left"><p>Standard, Enterprise, or Datacenter</p></td>
|
||||||
|
@ -8,7 +8,7 @@ ms.pagetype: store
|
|||||||
author: TrudyHa
|
author: TrudyHa
|
||||||
ms.author: TrudyHa
|
ms.author: TrudyHa
|
||||||
ms.topic: conceptual
|
ms.topic: conceptual
|
||||||
ms.date: 5/31/2018
|
ms.date: 6/28/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Microsoft Store for Business and Education release history
|
# Microsoft Store for Business and Education release history
|
||||||
@ -17,6 +17,9 @@ Microsoft Store for Business and Education regularly releases new and improved f
|
|||||||
|
|
||||||
Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md)
|
Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md)
|
||||||
|
|
||||||
|
## May 2018
|
||||||
|
- **Immersive Reader app available in Microsoft Store for Education** - This app is a free tool that uses proven techniques to improve reading and writing for people regardless of their age or ability. You can add the app to your private store, so students can easily install and use it.
|
||||||
|
|
||||||
## April 2018
|
## April 2018
|
||||||
- **Assign apps to larger groups** - We're making it easier for admins to assign apps to groups of people. Admins can assign licenses to groups of any size, and include subgroups within those groups. We’ll figure out who’s in those groups, and assign licenses to people in the groups (skipping people who already have licenses). Along the way, we’ll let you know how many licenses are needed, and provide an estimate on the time required to assign licenses.
|
- **Assign apps to larger groups** - We're making it easier for admins to assign apps to groups of people. Admins can assign licenses to groups of any size, and include subgroups within those groups. We’ll figure out who’s in those groups, and assign licenses to people in the groups (skipping people who already have licenses). Along the way, we’ll let you know how many licenses are needed, and provide an estimate on the time required to assign licenses.
|
||||||
- **Change collection order in private store** - Private store collections make it easy for groups of people to find the apps that they need. Now, you can customize the order of your private store collections.
|
- **Change collection order in private store** - Private store collections make it easy for groups of people to find the apps that they need. Now, you can customize the order of your private store collections.
|
||||||
|
@ -8,7 +8,7 @@ ms.pagetype: store
|
|||||||
author: TrudyHa
|
author: TrudyHa
|
||||||
ms.author: TrudyHa
|
ms.author: TrudyHa
|
||||||
ms.topic: conceptual
|
ms.topic: conceptual
|
||||||
ms.date: 5/31/2018
|
ms.date: 6/28/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# What's new in Microsoft Store for Business and Education
|
# What's new in Microsoft Store for Business and Education
|
||||||
@ -17,18 +17,14 @@ Microsoft Store for Business and Education regularly releases new and improved f
|
|||||||
|
|
||||||
## Latest updates for Store for Business and Education
|
## Latest updates for Store for Business and Education
|
||||||
|
|
||||||
**May 2018**
|
**June 2018**
|
||||||
|
|
||||||
| | |
|
| | |
|
||||||
|--------------------------------------|---------------------------------|
|
|--------------------------------------|---------------------------------|
|
||||||
|  |**Immersive Reader app in Microsoft Store for Education**<br /><br /> Microsoft Immersive Reader is now available for education organizations using Microsoft Store for Education. This app is a free tool that uses proven techniques to improve reading and writing for people regardless of their age or ability. You can add the app to your private store, so students can easily install and use it. Check out and download [Immersive Reader](https://educationstore.microsoft.com/en-us/store/details/immersive-reader/9PJZQZ821DQ2). <br /><br /> **Applies to**:<br /> Microsoft Store for Education |
|
|  |**Change order within private store collection**<br /><br /> Continuing our focus on improvements for private store, now you can customize the order of products in each private store collection. <br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
|
||||||
|
|
||||||
<!---
|
|
||||||
| | |
|
|
||||||
|--------------------------------------|---------------------------------|
|
|
||||||
|  |**Change order within private store collection**<br /><br /> Following last month's update to customize the order of your private store collections, now you can customize the order of products in each collection. <br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
|
|
||||||
|  |**Performance improvements in private store**<br /><br /> We continue to work on performance improvements in the private store. Now, most products new to your inventory are available in your private store within 15 minutes of adding them. <br /><br /> [Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance) <br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
|
|  |**Performance improvements in private store**<br /><br /> We continue to work on performance improvements in the private store. Now, most products new to your inventory are available in your private store within 15 minutes of adding them. <br /><br /> [Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance) <br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
|
||||||
-->
|
|
||||||
|
|
||||||
|
|
||||||
<!---
|
<!---
|
||||||
We’ve been working on bug fixes and performance improvements to provide you a better experience. Stay tuned for new features!
|
We’ve been working on bug fixes and performance improvements to provide you a better experience. Stay tuned for new features!
|
||||||
@ -42,6 +38,9 @@ We’ve been working on bug fixes and performance improvements to provide you a
|
|||||||
|
|
||||||
## Previous releases and updates
|
## Previous releases and updates
|
||||||
|
|
||||||
|
[May 2018](release-history-microsoft-store-business-education.md#may-2018)
|
||||||
|
- Immersive Reading app available in Microsoft Store for Education
|
||||||
|
|
||||||
[April 2018](release-history-microsoft-store-business-education.md#april-2018)
|
[April 2018](release-history-microsoft-store-business-education.md#april-2018)
|
||||||
- Assign apps to larger groups
|
- Assign apps to larger groups
|
||||||
- Change collection order in private store
|
- Change collection order in private store
|
||||||
|
@ -44,7 +44,7 @@ The following table describes the parameters in the XML file that define the con
|
|||||||
|
|
||||||
### Parameters that define the packages in the connection group
|
### Parameters that define the packages in the connection group
|
||||||
|
|
||||||
In the <Packages> section of the connection group XML file, you list the member packages in the connection group by specifying each package’s unique package identifier and version identifier, as described in the following table. The first package in the list has the highest precedence.
|
In the **<Packages>** section of the connection group XML file, you list the member packages in the connection group by specifying each package’s unique package identifier and version identifier, as described in the following table. The first package in the list has the highest precedence.
|
||||||
|
|
||||||
|Field|Description|
|
|Field|Description|
|
||||||
|---|---|
|
|---|---|
|
||||||
|
@ -1,47 +1,52 @@
|
|||||||
---
|
---
|
||||||
title: How to Convert a Package Created in a Previous Version of App-V (Windows 10)
|
title: How to convert a package created in a previous version of App-V (Windows 10)
|
||||||
description: How to Convert a Package Created in a Previous Version of App-V
|
description: How to convert a package created in a previous version of App-V.
|
||||||
author: MaggiePucciEvans
|
author: MaggiePucciEvans
|
||||||
ms.pagetype: mdop, appcompat, virtualization
|
ms.pagetype: mdop, appcompat, virtualization
|
||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.date: 04/19/2017
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
# How to convert a package created in a previous version of App-V
|
||||||
|
|
||||||
|
>Applies to: Windows 10, version 1607
|
||||||
|
|
||||||
# How to Convert a Package Created in a Previous Version of App-V
|
You can use the package converter utility to upgrade virtual application packages created by previous versions of App-V. This section will tell you how to convert existing virtual application packages for upgrade.
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10, version 1607
|
|
||||||
|
|
||||||
You can use the package converter utility to upgrade virtual application packages that have been created with previous versions of App-V.
|
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>If you are running a computer with a 64-bit architecture, you must use the x86 version of Windows PowerShell.
|
>If you are running a computer with a 64-bit architecture, you must use the x86 version of Windows PowerShell.
|
||||||
|
|
||||||
The package converter can only directly convert packages that were created by using the App-V 4.5 sequencer or later. Packages that were created using a version prior to App-V 4.5 must be upgraded to at least App-V 4.5 before conversion.
|
The package converter can only directly convert packages created by an App-V sequencer version 4.5 or later. Packages created with an App-V version earlier than 4.5 must be upgraded to at least App-V 4.5 before conversion.
|
||||||
|
|
||||||
The following information provides direction for converting existing virtual application packages.
|
|
||||||
|
|
||||||
>[!IMPORTANT]
|
>[!IMPORTANT]
|
||||||
> You must configure the package converter to always save the package ingredients file to a secure location and directory. A secure location is accessible only by an administrator. Additionally, when you deploy the package, you should save the package to a location that is secure, or make sure that no other user is allowed to be logged in during the conversion process.
|
>In order to keep your files secure, you must configure the package converter to always save the package ingredients file to a secure location and directory that can only be accessed by an administrator. When you deploy the package, you should either save the package to a secure location or make sure that no other users can sign in during the conversion process.
|
||||||
|
|
||||||
## App-V 4.6 installation folder is redirected to virtual file system root
|
## App-V 4.6 installation folder is redirected to virtual file system root
|
||||||
|
|
||||||
When you convert packages from App-V 4.6 to App-V for Windows 10, the App-V for Windows 10 package can access the hardcoded drive that you were required to use when you created 4.6 packages. The drive letter will be the drive you selected as the installation drive on the 4.6 sequencing machine. (The default drive letter is Q:\\.)
|
When you convert packages from App-V 4.6 to App-V for Windows 10, the App-V for Windows 10 package can access the hardcoded drive that you were required to use when you created 4.6 packages. The drive letter will be the drive you selected as the installation drive on the 4.6 sequencing machine. (The default drive is drive Q.)
|
||||||
|
|
||||||
**Technical Details:** The App-V package converter will save the App-V 4.6 installation root folder and short folder names in the FilesystemMetadata.xml file in the Filesystem element. When the App-V for Windows 10 client creates the virtual process, it will map requests from the App-V 4.6 installation root to the virtual file system root.
|
The App-V package converter will save the App-V 4.6 installation root folder and short folder names in the FilesystemMetadata.xml file in the **Filesystem** element. When the App-V for Windows 10 client creates the virtual process, it will map requests from the App-V 4.6 installation root to the virtual file system root.
|
||||||
|
|
||||||
## Getting started
|
## Getting started
|
||||||
|
|
||||||
1. Install the App-V Sequencer on a computer in your environment. For information about how to install the Sequencer, see [How to Install the Sequencer](appv-install-the-sequencer.md).
|
1. Install the App-V Sequencer on a computer in your environment. For information about how to install the Sequencer, see [How to install the Sequencer](appv-install-the-sequencer.md).
|
||||||
|
|
||||||
2. The following cmdlets are available:
|
2. You can enter the following cmdlets to check or convert packages:
|
||||||
|
|
||||||
- **Test-AppvLegacyPackage** – This cmdlet is designed to check packages. It will return information about any failures with the package such as missing **.sft** files, an invalid source, **.osd** file errors, or invalid package version. This cmdlet will not parse the **.sft** file or do any in depth validation. For information about options and basic functionality for this cmdlet, using Windows PowerShell, type `Test-AppvLegacyPackage -?`.
|
- **Test-AppvLegacyPackage**—This cmdlet checks packages. It will return information about any failures with the package such as missing **.sft** files, an invalid source, **.osd** file errors, or invalid package version. This cmdlet will not parse the **.sft** file or do any in-depth validation. For information about options and basic functionality for this cmdlet, using Windows PowerShell, enter the following cmdlet:
|
||||||
|
|
||||||
- **ConvertFrom-AppvLegacyPackage** – To convert an existing package, type `ConvertFrom-AppvLegacyPackage c:\contentStore c:\convertedPackages`. In this command, `c:\contentStore` represents the location of the existing package and `c:\convertedPackages` is the output directory to which the resulting App-V for Windows 10 virtual application package file will be saved. By default, if you do not specify a new name, the old package name will be used.
|
```PowerShell
|
||||||
|
Test-AppvLegacyPackage -?
|
||||||
|
```
|
||||||
|
|
||||||
|
- **ConvertFrom-AppvLegacyPackage**—This cmdlet converts packages from legacy versions to updated versions. To convert an existing package, enter the following cmdlet:
|
||||||
|
|
||||||
|
```PowerShell
|
||||||
|
ConvertFrom-AppvLegacyPackage C:\contentStore C:\convertedPackages
|
||||||
|
```
|
||||||
|
|
||||||
|
In this cmdlet, `C:\contentStore` represents the location of the existing package and `C:\convertedPackages` is the output directory to which the resulting App-V for Windows 10 virtual application package file will be saved. By default, if you do not specify a new name, the old package name will be used.
|
||||||
|
|
||||||
Additionally, the package converter optimizes performance of packages in App-V for Windows 10 by setting the package to stream fault the App-V package. This is more performant than the primary feature block and fully downloading the package. The flag **DownloadFullPackageOnFirstLaunch** allows you to convert the package and set the package to be fully downloaded by default.
|
Additionally, the package converter optimizes performance of packages in App-V for Windows 10 by setting the package to stream fault the App-V package. This is more performant than the primary feature block and fully downloading the package. The flag **DownloadFullPackageOnFirstLaunch** allows you to convert the package and set the package to be fully downloaded by default.
|
||||||
|
|
||||||
@ -50,15 +55,38 @@ When you convert packages from App-V 4.6 to App-V for Windows 10, the App-V for
|
|||||||
|
|
||||||
### Advanced Conversion Tips
|
### Advanced Conversion Tips
|
||||||
|
|
||||||
- Piping - Windows PowerShell supports piping. Piping allows you to call `dir c:\contentStore\myPackage | Test-AppvLegacyPackage`. In this example, the directory object that represents `myPackage` will be given as input to the `Test-AppvLegacyPackage` command and bound to the `-Source` parameter. Piping like this is especially useful when you want to batch commands together; for example, `dir .\ | Test-AppvLegacyPackage | ConvertFrom-AppvLegacyAppvPackage -Target .\ConvertedPackages`. This piped command would test the packages and then pass those objects on to actually be converted. You can also apply a filter on packages without errors or only specify a directory which contains an **.sprj** file or pipe them to another cmdlet that adds the filtered package to the server or publishes them to the App-V client.
|
- Piping—Windows PowerShell supports piping. Piping allows you to enter cmdlets like this example:
|
||||||
|
|
||||||
- Batching - The Windows PowerShell command enables batching. More specifically, the cmdlets support taking a string\[\] object for the `-Source` parameter which represents a list of directory paths. This allows you to enter `$packages = dir c:\contentStore` and then call `ConvertFrom-AppvLegacyAppvPackage-Source $packages -Target c:\ConvertedPackages` or to use piping and call `dir c:\ContentStore | ConvertFrom-AppvLegacyAppvPackage -Target C:\ConvertedPackages`.
|
```PowerShell
|
||||||
|
dir C:\contentStore\myPackage | Test-AppvLegacyPackage
|
||||||
|
```
|
||||||
|
|
||||||
- Other functionality - Windows PowerShell has other built-in functionality for features such as aliases, piping, lazy-binding, .NET object, and many others. All of these are usable in Windows PowerShell and can help you create advanced scenarios for the Package Converter.
|
In this example, the directory object that represents `myPackage` will be given as input to the **Test-AppvLegacyPackage** cmdlet and bound to the *-Source* parameter. Piping like this is especially useful when you want to batch commands together, such as in the following example cmdlet:
|
||||||
|
|
||||||
|
```PowerShell
|
||||||
|
dir .\ | Test-AppvLegacyPackage | ConvertFrom-AppvLegacyAppvPackage -Target .\ConvertedPackages
|
||||||
|
```
|
||||||
|
|
||||||
|
This piped example command tests packages, then passes the objects on for conversion. You can also apply a filter on packages without errors or only specify a directory which contains an **.sprj** file or pipe them to another cmdlet that adds the filtered package to the server or publishes them to the App-V client.
|
||||||
|
|
||||||
|
- Batching—The Windows PowerShell command enables batching. More specifically, the cmdlets support taking a string\[\] object for the *-Source* parameter that represents a list of directory paths. This allows you to enter the following cmdlets together:
|
||||||
|
|
||||||
|
```PowerShell
|
||||||
|
$packages = dir C:\contentStore
|
||||||
|
ConvertFrom-AppvLegacyAppvPackage-Source $packages -Target C:\ConvertedPackages
|
||||||
|
```
|
||||||
|
|
||||||
|
Alternatively, you can use piping like this:
|
||||||
|
|
||||||
|
```PowerShell
|
||||||
|
dir C:\ContentStore | ConvertFrom-AppvLegacyAppvPackage -Target C:\ConvertedPackages
|
||||||
|
```
|
||||||
|
|
||||||
|
- Other functionality—Windows PowerShell has other built-in functionality for features such as aliases, lazy-binding, .NET Object, and many others. These features can help you create advanced scenarios for the Package Converter.
|
||||||
|
|
||||||
## Have a suggestion for App-V?
|
## Have a suggestion for App-V?
|
||||||
|
|
||||||
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
|
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
|
@ -1,70 +1,47 @@
|
|||||||
---
|
---
|
||||||
title: How to Create a Connection Group with User-Published and Globally Published Packages (Windows 10)
|
title: How to create a connection croup with user-published and globally published packages (Windows 10)
|
||||||
description: How to Create a Connection Group with User-Published and Globally Published Packages
|
description: How to create a connection croup with user-published and globally published packages.
|
||||||
author: MaggiePucciEvans
|
author: MaggiePucciEvans
|
||||||
ms.pagetype: mdop, appcompat, virtualization
|
ms.pagetype: mdop, appcompat, virtualization
|
||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.date: 04/19/2017
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
# How to create a connection croup with user-published and globally published packages
|
||||||
|
|
||||||
|
>Applies to: Windows 10, version 1607
|
||||||
# How to Create a Connection Group with User-Published and Globally Published Packages
|
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10, version 1607
|
|
||||||
|
|
||||||
You can create user-entitled connection groups that contain both user-published and globally published packages, using either of the following methods:
|
You can create user-entitled connection groups that contain both user-published and globally published packages, using either of the following methods:
|
||||||
|
|
||||||
- [How to use Windows PowerShell cmdlets to create user-entitled connection groups](#how-to-use-windows-powershell-cmdlets-to-create-user-entitled-connection-groups)
|
- [How to use Windows PowerShell cmdlets to create user-entitled connection groups](#how-to-use-windows-powershell-cmdlets-to-create-user-entitled-connection-groups)
|
||||||
|
|
||||||
- [How to use the App-V Server to create user-entitled connection groups](#how-to-use-the-app-v-server-to-create-user-entitled-connection-groups)
|
- [How to use the App-V Server to create user-entitled connection groups](#how-to-use-the-app-v-server-to-create-user-entitled-connection-groups)
|
||||||
|
|
||||||
## What to know before you start:
|
## Unsupported scenarios and potential issues
|
||||||
|
|
||||||
<table>
|
Here are some important things to know before you get started:
|
||||||
<colgroup>
|
|
||||||
<col width="50%" />
|
|
||||||
<col width="50%" />
|
|
||||||
</colgroup>
|
|
||||||
<thead>
|
|
||||||
<tr class="header">
|
|
||||||
<th align="left">Unsupported scenarios and potential issues</th>
|
|
||||||
<th align="left">Result</th>
|
|
||||||
</tr>
|
|
||||||
</thead>
|
|
||||||
<tbody>
|
|
||||||
<tr class="odd">
|
|
||||||
<td align="left"><p>You cannot include user-published packages in globally entitled connection groups.</p></td>
|
|
||||||
<td align="left"><p>The connection group will fail.</p></td>
|
|
||||||
</tr>
|
|
||||||
<tr class="even">
|
|
||||||
<td align="left"><p>If you publish a package globally and then create a user-published connection group in which you’ve made that package non-optional, you can still run <strong>Unpublish-AppvClientPackage <package> -global</strong> to unpublish the package, even when that package is being used in another connection group.</p></td>
|
|
||||||
<td align="left"><p>If any other connection groups are using that package, the package will fail in those connection groups.</p>
|
|
||||||
<p>To avoid inadvertently unpublishing a non-optional package that is being used in another connection group, we recommend that you track the connection groups in which you’ve used a non-optional package.</p></td>
|
|
||||||
</tr>
|
|
||||||
</tbody>
|
|
||||||
</table>
|
|
||||||
|
|
||||||
|
- If you add user-published packages in globally entitled connection groups, the connection group will fail.
|
||||||
|
- Track the connection groups where you've used a non-optional package before removing it with the **Unpublish-AppvClientPackage <</span>package> -global** cmdlet.
|
||||||
|
|
||||||
|
In situations where you have a gobally published package that's listed as non-optional in a user-published connection group that also appears in other packages, running **Unpublish-AppvClientPackage <</span>package> -global** cmdlet can unpublish the package from every connection group containing that package. Tracking connection groups can help you avoid unintentionally unpublishing non-optional packages.
|
||||||
|
|
||||||
## How to use Windows PowerShell cmdlets to create user-entitled connection groups
|
## How to use Windows PowerShell cmdlets to create user-entitled connection groups
|
||||||
|
|
||||||
1. Add and publish packages by using the following commands:
|
1. Add and publish packages by using the following commands:
|
||||||
|
|
||||||
```
|
```PowerShell
|
||||||
Add-AppvClientPackage <Package1_AppV_file_Path>
|
Add-AppvClientPackage <Package1_AppV_file_Path>
|
||||||
Add-AppvClientPackage <Package2_AppV_file_Path>
|
Add-AppvClientPackage <Package2_AppV_file_Path>
|
||||||
Publish-AppvClientPackage -PackageId <Package1_ID> -VersionId <Package1_Version_ID> -Global
|
Publish-AppvClientPackage -PackageId <Package1_ID> -VersionId <Package1_Version_ID> -Global
|
||||||
Publish-AppvClientPackage -PackageId <Package2_ID> -VersionId <Package2_Version_ID>
|
Publish-AppvClientPackage -PackageId <Package2_ID> -VersionId <Package2_Version_ID>
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Create the connection group XML file. For more information, see [About the Connection Group File](appv-connection-group-file.md).
|
2. Create the connection group XML file. For more information, see [About the connection group file](appv-connection-group-file.md).
|
||||||
|
|
||||||
3. Add and publish the connection group by using the following commands:
|
3. Add and publish the connection group by using the following commands:
|
||||||
|
|
||||||
```
|
```PowerShell
|
||||||
Add-AppvClientConnectionGroup <Connection_Group_XML_file_Path>
|
Add-AppvClientConnectionGroup <Connection_Group_XML_file_Path>
|
||||||
Enable-AppvClientConnectionGroup -GroupId <CG_Group_ID> -VersionId <CG_Version_ID>
|
Enable-AppvClientConnectionGroup -GroupId <CG_Group_ID> -VersionId <CG_Version_ID>
|
||||||
```
|
```
|
||||||
@ -73,15 +50,14 @@ You can create user-entitled connection groups that contain both user-published
|
|||||||
|
|
||||||
1. Open the App-V Management Console.
|
1. Open the App-V Management Console.
|
||||||
|
|
||||||
2. Follow the instructions in [How to Publish a Package by Using the Management Console](appv-publish-a-packages-with-the-management-console.md) to publish packages globally and to the user.
|
2. Follow the instructions in [How to publish a package by using the Management Console](appv-publish-a-packages-with-the-management-console.md) to publish packages globally and to the user.
|
||||||
|
|
||||||
3. Follow the instructions in [How to Create a Connection Group](appv-create-a-connection-group.md) to create the connection group, and add the user-published and globally published packages.
|
3. Follow the instructions in [How to create a connection group](appv-create-a-connection-group.md) to create the connection group and add the user-published and globally published packages.
|
||||||
|
|
||||||
## Have a suggestion for App-V?
|
## Have a suggestion for App-V?
|
||||||
|
|
||||||
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
|
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
|
- [Managing Connection Groups](appv-managing-connection-groups.md)
|
||||||
[Managing Connection Groups](appv-managing-connection-groups.md)
|
|
||||||
|
@ -1,51 +1,47 @@
|
|||||||
---
|
---
|
||||||
title: How to Create a Connection Group (Windows 10)
|
title: How to create a connection group (Windows 10)
|
||||||
description: How to Create a Connection Group
|
description: How to create a connection group with the App-V Management Console.
|
||||||
author: MaggiePucciEvans
|
author: MaggiePucciEvans
|
||||||
ms.pagetype: mdop, appcompat, virtualization
|
ms.pagetype: mdop, appcompat, virtualization
|
||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.date: 04/19/2017
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
# How to create a connection group
|
||||||
|
|
||||||
|
>Applies to: Windows 10, version 1607
|
||||||
|
|
||||||
# How to Create a Connection Group
|
Use these steps to create a connection group by using the App-V Management Console. To use Windows PowerShell to create connection groups, see [How to manage connection groups on a stand-alone computer by using Windows PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md).
|
||||||
|
|
||||||
**Applies to**
|
When you place packages in a connection group, their package root paths merge. If you remove packages, only the remaining packages maintain the merged root.
|
||||||
- Windows 10, version 1607
|
|
||||||
|
|
||||||
Use these steps to create a connection group by using the App-V Management Console. To use Windows PowerShell to create connection groups, see [How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md).
|
## Create a connection group
|
||||||
|
|
||||||
When you place packages in a connection group, their package root paths are merged. If you remove packages, only the remaining packages maintain the merged root.
|
|
||||||
|
|
||||||
**To create a connection group**
|
|
||||||
|
|
||||||
1. In the App-V Management Console, select **CONNECTION GROUPS** to display the Connection Groups library.
|
1. In the App-V Management Console, select **CONNECTION GROUPS** to display the Connection Groups library.
|
||||||
|
|
||||||
2. Select **ADD CONNECTION GROUP** to create a new connection group.
|
2. Select **ADD CONNECTION GROUP** to create a new connection group.
|
||||||
|
|
||||||
3. In the **New Connection Group** pane, type a description for the group.
|
3. In the **New Connection Group** pane, enter a description for the group.
|
||||||
|
|
||||||
4. Click **EDIT** in the **CONNECTED PACKAGES** pane to add a new application to the connection group.
|
4. Select **EDIT** in the **CONNECTED PACKAGES** pane to add a new application to the connection group.
|
||||||
|
|
||||||
5. In the **PACKAGES Entire Library** pane, select the application to be added, and click the arrow to add the application.
|
5. In the **PACKAGES Entire Library** pane, select the application to be added, then select the arrow to add the application.
|
||||||
|
|
||||||
To remove an application, select the application to be removed in the **PACKAGES IN** pane and click the arrow.
|
To remove an application, select the application to be removed in the **PACKAGES IN** pane and select the arrow.
|
||||||
|
|
||||||
To reprioritize the applications in your connection group, use the arrows in the **PACKAGES IN** pane.
|
To reprioritize the applications in your connection group, use the arrows in the **PACKAGES IN** pane.
|
||||||
|
|
||||||
**Important**<br>
|
>[!IMPORTANT]
|
||||||
By default, the Active Directory Domain Services access configurations that are associated with a specific application are not added to the connection group. To transfer the Active Directory access configuration, select **ADD PACKAGE ACCESS TO GROUP ACCESS**, which is located in the **PACKAGES IN** pane.
|
>By default, the Active Directory Domain Services access configurations that are associated with a specific application are not added to the connection group. To transfer the Active Directory access configuration, select **ADD PACKAGE ACCESS TO GROUP ACCESS**, which is located in the **PACKAGES IN** pane.
|
||||||
|
|
||||||
6. After adding all the applications and configuring Active Directory access, click **Apply**.
|
6. After adding all the applications and configuring Active Directory access, select **Apply**.
|
||||||
|
|
||||||
## Have a suggestion for App-V?
|
## Have a suggestion for App-V?
|
||||||
|
|
||||||
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
|
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
[Operations for App-V](appv-operations.md)
|
- [Operations for App-V](appv-operations.md)
|
||||||
|
- [Managing connection groups](appv-managing-connection-groups.md)
|
||||||
[Managing Connection Groups](appv-managing-connection-groups.md)
|
|
||||||
|
@ -1,41 +1,38 @@
|
|||||||
---
|
---
|
||||||
title: How to Create a Custom Configuration File by Using the App-V Management Console (Windows 10)
|
title: How to create a custom configuration file by using the App-V Management Console (Windows 10)
|
||||||
description: How to Create a Custom Configuration File by Using the App-V Management Console
|
description: How to create a custom configuration file by using the App-V Management Console.
|
||||||
author: MaggiePucciEvans
|
author: MaggiePucciEvans
|
||||||
ms.pagetype: mdop, appcompat, virtualization
|
ms.pagetype: mdop, appcompat, virtualization
|
||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.date: 04/19/2017
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
# How to create a custom configuration file by using the App-V Management Console
|
||||||
|
|
||||||
|
>Applies to: Windows 10, version 1607
|
||||||
|
|
||||||
# How to Create a Custom Configuration File by Using the App-V Management Console
|
You can use a dynamic configuration to customize an App-V package for a specific user. However, you must first create the dynamic user configuration (.xml) file or the dynamic deployment configuration file before you can use the files. Creation of the file is an advanced manual operation. For general information about dynamic user configuration files, see [About App-V dynamic configuration](appv-dynamic-configuration.md).
|
||||||
|
|
||||||
**Applies to**
|
You can create a dynamic user configuration file with the App-V Management Console by following the steps in this article.
|
||||||
- Windows 10, version 1607
|
|
||||||
|
|
||||||
You can use a dynamic configuration to customize an App-V package for a specific user. However, you must first create the dynamic user configuration (.xml) file or the dynamic deployment configuration file before you can use the files. Creation of the file is an advanced manual operation. For general information about dynamic user configuration files, see, [About App-V Dynamic Configuration](appv-dynamic-configuration.md).
|
## Create a dynamic user configuration file
|
||||||
|
|
||||||
Use the following procedure to create a Dynamic User Configuration file by using the App-V Management console.
|
|
||||||
|
|
||||||
**To create a Dynamic User Configuration file**
|
|
||||||
|
|
||||||
1. Right-click the name of the package that you want to view and select **Edit active directory access** to view the configuration that is assigned to a given user group. Alternatively, select the package, and click **Edit**.
|
1. Right-click the name of the package that you want to view and select **Edit active directory access** to view the configuration that is assigned to a given user group. Alternatively, select the package, and click **Edit**.
|
||||||
|
|
||||||
2. Using the list of **AD Entities with Access**, select the AD group that you want to customize. Select **Custom** from the drop-down list, if it is not already selected. A link named **Edit** will be displayed.
|
2. Using the list of **AD Entities with Access**, select the AD group that you want to customize. Select **Custom** from the drop-down list. A link named **Edit** will appear.
|
||||||
|
|
||||||
3. Click **Edit**. The Dynamic User Configuration that is assigned to the AD Group will be displayed.
|
3. Select **Edit**. The Dynamic User Configuration assigned to the AD Group will appear.
|
||||||
|
|
||||||
4. Click **Advanced**, and then click **Export Configuration**. Type in a filename and click **Save**. Now you can edit the file to configure a package for a user.
|
4. Select **Advanced**, and then select **Export Configuration**. Enter a file name and select **Save**. Now you can edit the file to configure a package for a user.
|
||||||
|
|
||||||
**Note**
|
>[!NOTE]
|
||||||
To export a configuration while running on Windows Server, you must disable "IE Enhanced Security Configuration". If this is enabled and set to block downloads, you cannot download anything from the App-V Server.
|
>If you want to export a configuration while running on Windows Server, make sure to disable the IE Enhanced Security Configuration setting. If this setting is enabled and set to block downloads, you won't be able to download anything from the App-V Server.
|
||||||
|
|
||||||
## Have a suggestion for App-V?
|
## Have a suggestion for App-V?
|
||||||
|
|
||||||
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
|
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
[Operations for App-V](appv-operations.md)
|
- [Operations for App-V](appv-operations.md)
|
@ -1,50 +1,47 @@
|
|||||||
---
|
---
|
||||||
title: How to Create a Package Accelerator by Using Windows PowerShell (Windows 10)
|
title: How to create a package accelerator by using Windows PowerShell (Windows 10)
|
||||||
description: How to Create a Package Accelerator by Using Windows PowerShell
|
description: How to create a package accelerator with Windows PowerShell.
|
||||||
author: MaggiePucciEvans
|
author: MaggiePucciEvans
|
||||||
ms.pagetype: mdop, appcompat, virtualization
|
ms.pagetype: mdop, appcompat, virtualization
|
||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.date: 04/19/2017
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
# How to create a package accelerator by using Windows PowerShell
|
||||||
|
|
||||||
|
>Applies to: Windows 10, version 1607
|
||||||
|
|
||||||
# How to Create a Package Accelerator by Using Windows PowerShell
|
App-V Package Accelerators automatically sequence large, complex applications. Also, when you apply an App-V Package Accelerator, you don't have to manually install an application to create the virtualized package.
|
||||||
|
|
||||||
**Applies to**
|
## Create a package accelerator
|
||||||
- Windows 10, version 1607
|
|
||||||
|
|
||||||
App-V package accelerators automatically sequence large, complex applications. Additionally, when you apply an App-V package accelerator, you are not always required to manually install an application to create the virtualized package.
|
1. Install the App-V sequencer. For more information about installing the sequencer, see [How to install the sequencer](appv-install-the-sequencer.md).
|
||||||
|
2. To open a Windows PowerShell console, select **Start** and enter **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**.
|
||||||
|
3. Make sure that you have the .appv package to create an accelerator from the installation media or installation files. You can also optionally use a readme file for the accelerator's users to reference.
|
||||||
|
4. Enter the **New-AppvPackageAccelerator** cmdlet.
|
||||||
|
|
||||||
**To create a package accelerator**
|
The following parameters are required to use the package accelerator cmdlet:
|
||||||
|
|
||||||
1. Install the App-V sequencer. For more information about installing the sequencer see [How to Install the Sequencer](appv-install-the-sequencer.md).
|
- *InstalledFilesPath* specifies the application installation path.
|
||||||
|
- *Installer* specifies the path to the application installer media.
|
||||||
|
- *InputPackagePath* specifies the path to the .appv package.
|
||||||
|
- *Path* specifies the output directory for the package.
|
||||||
|
|
||||||
2. To open a Windows PowerShell console, click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**. Use the **New-AppvPackageAccelerator** cmdlet.
|
The following example cmdlet shows how you can create a package accelerator with an .appv package and the installation media:
|
||||||
|
|
||||||
3. To create a package accelerator, make sure that you have the .appv package to create an accelerator from, the installation media or installation files, and optionally a read me file for consumers of the accelerator to use. The following parameters are required to use the package accelerator cmdlet:
|
```PowerShell
|
||||||
|
New-AppvPackageAccelerator -InputPackagePath <path to the .appv file> -Installer <path to the installer executable> -Path <directory of the output path>
|
||||||
|
```
|
||||||
|
|
||||||
- **InstalledFilesPath** - specifies the application installation path.
|
You can also use the following optional parameter with the **New-AppvPackageAccelerator** cmdlet:
|
||||||
|
|
||||||
- **Installer** – specifies the path to the application installer media
|
- *AcceleratorDescriptionFile* specifies the path to user-created package accelerator instructions. The package accelerator instructions are **.txt** or **.rtf** description files that will be included in the package created by the package accelerator.
|
||||||
|
|
||||||
- **InputPackagePath** – specifies the path to the .appv package
|
|
||||||
|
|
||||||
- **Path** – specifies the output directory for the package.
|
|
||||||
|
|
||||||
The following example displays how you can create a package accelerator with an .appv package and the installation media:
|
|
||||||
|
|
||||||
**New-AppvPackageAccelerator -InputPackagePath <path to the .appv file> -Installer <path to the installer executable> -Path <directory of the output path>**
|
|
||||||
|
|
||||||
An additional optional parameter that can be used with the **New-AppvPackageAccelerator** cmdlet is as follows:
|
|
||||||
|
|
||||||
- **AcceleratorDescriptionFile** - specifies the path to user created package accelerator instructions. The package accelerator instructions are **.txt** or **.rtf** description files that will be packaged with the package created using the package accelerator.
|
|
||||||
|
|
||||||
## Have a suggestion for App-V?
|
## Have a suggestion for App-V?
|
||||||
|
|
||||||
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
|
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
[Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
|
- [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md)
|
||||||
|
@ -1,79 +1,77 @@
|
|||||||
---
|
---
|
||||||
title: How to Create a Package Accelerator (Windows 10)
|
title: How to create a package accelerator (Windows 10)
|
||||||
description: How to Create a Package Accelerator
|
description: How to create a package accelerator.
|
||||||
author: MaggiePucciEvans
|
author: MaggiePucciEvans
|
||||||
ms.pagetype: mdop, appcompat, virtualization
|
ms.pagetype: mdop, appcompat, virtualization
|
||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.date: 04/19/2017
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
# How to create a package accelerator
|
||||||
|
|
||||||
|
>Applies to: Windows 10, version 1607
|
||||||
|
|
||||||
# How to Create a Package Accelerator
|
App-V Package Accelerators automatically generate new virtual application packages.
|
||||||
|
|
||||||
**Applies to**
|
>[!NOTE]
|
||||||
- Windows 10, version 1607
|
>You can use Windows PowerShell to create a package accelerator. For more information, see [How to create a package accelerator by using Windows PowerShell](appv-create-a-package-accelerator-with-powershell.md).
|
||||||
|
|
||||||
App-V package accelerators automatically generate new virtual application packages.
|
|
||||||
|
|
||||||
>**Note** You can use Windows PowerShell to create a package accelerator. For more information see [How to Create a Package Accelerator by Using Windows PowerShell](appv-create-a-package-accelerator-with-powershell.md).
|
|
||||||
|
|
||||||
Use the following procedure to create a package accelerator.
|
Use the following procedure to create a package accelerator.
|
||||||
|
|
||||||
>**Important**
|
>[!IMPORTANT]
|
||||||
> - Package Accelerators can contain password and user-specific information. Therefore you must save Package Accelerators and the associated installation media in a secure location, and you should digitally sign the Package Accelerator after you create it so that the publisher can be verified when the App-V Package Accelerator is applied.
|
>
|
||||||
> - Before you begin the following procedure, perform the following:
|
>- Because package accelerators can contain password and user-specific information, you should save package accelerators and the associated installation media in a secure location, and you should also digitally sign the package accelerator after creating it so that you can verify the publisher when applying the App-V Package Accelerator.
|
||||||
- Copy the virtual application package that you will use to create the package accelerator locally to the computer running the sequencer.
|
>- Before you begin creating a package accelerator, do the following:
|
||||||
- Copy all required installation files associated with the virtual application package to the computer running the sequencer.
|
> - Copy the virtual application package that you will use to create the package accelerator locally to the computer running the sequencer.
|
||||||
> - The App-V Sequencer does not grant any license rights to the software application you are using to create the Package Accelerator. You must abide by all end user license terms for the application you are using. It is your responsibility to make sure the software application’s license terms allow you to create a Package Accelerator using App-V Sequencer.
|
> - Copy all required installation files associated with the virtual application package to the computer running the sequencer.
|
||||||
|
>- The App-V Sequencer does not grant any license rights to the software application you are using to create the package accelerator. You must abide by all end user license terms for the application you are using. It is your responsibility to make sure the software application’s license terms allow you to create a package accelerator with the App-V sequencer.
|
||||||
|
|
||||||
## To create a package accelerator
|
## Create a package accelerator
|
||||||
|
|
||||||
1. To start the App-V sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
|
1. To start the App-V sequencer on the computer running the sequencer, select **Start** > **All Programs** > **Microsoft Application Virtualization** > **Microsoft Application Virtualization Sequencer**.
|
||||||
|
|
||||||
2. To start the App-V **Create Package Accelerator** wizard, in the App-V sequencer console, click **Tools** / **Create Accelerator**.
|
2. To start the App-V **Create Package Accelerator** wizard, in the App-V sequencer console, select **Tools** > **Create Accelerator**.
|
||||||
|
|
||||||
3. On the **Select Package** page, to specify an existing virtual application package to use to create the Package Accelerator, click **Browse**, and locate the existing virtual application package (.appv file).
|
3. On the **Select Package** page, select **Browse** to specify an existing virtual application package to use to create the package accelerator, then locate the existing virtual application package (it will appear as an .appv file).
|
||||||
|
|
||||||
**Tip**<br>
|
>[!TIP]
|
||||||
Copy the files associated with the virtual application package you plan to use locally to the computer running the Sequencer.
|
>Copy the files associated with the virtual application package you plan to use locally to the computer running the Sequencer.
|
||||||
|
|
||||||
Click **Next**.
|
Select **Next**.
|
||||||
|
|
||||||
4. On the **Installation Files** page, to specify the folder that contains the installation files that you used to create the original virtual application package, click **Browse**, and then select the directory that contains the installation files.
|
4. Go to the **Installation Files** page and select **Browse**, then select the directory that contains the installation files to specify the folder containing the original virtual package's installation files.
|
||||||
|
|
||||||
**Tip**<br>
|
>[!TIP]
|
||||||
Copy the folder that contains the required installation files to the computer running the Sequencer.
|
>Copy the folder that contains the required installation files to the computer running the Sequencer.
|
||||||
|
|
||||||
5. If the application is already installed on the computer running the sequencer, to specify the installation file, select **Files installed on local system**. To use this option, the application must already be installed in the default installation location.
|
5. If the application is already installed on the computer running the sequencer, then select **Files installed on local system** to specify the installation file. To use this option, the application must already be installed in the default installation location.
|
||||||
|
|
||||||
6. On the **Gathering Information** page, review the files that were not found in the location specified on the **Installation Files** page of this wizard. If the files displayed are not required, select **Remove these files**, and then click **Next**. If the files are required, click **Previous** and copy the required files to the directory specified on the **Installation Files** page.
|
6. On the **Gathering Information** page, review the files that you couldn't find in the location specified by the **Installation Files** page. If the files displayed are not required, select **Remove these files**, then select **Next**. If the files are required, select **Previous** and copy the required files to the directory specified on the **Installation Files** page.
|
||||||
|
|
||||||
**Note**<br>
|
>[!NOTE]
|
||||||
You must either remove the unrequired files, or click **Previous** and locate the required files to advance to the next page of this wizard.
|
>You must either remove the unrequired files or select **Previous** and locate the required files to advance to the next page of this wizard.
|
||||||
|
|
||||||
7. On the **Select Files** page, carefully review the files that were detected, and clear any file that should be removed from the package accelerator. Select only files that are required for the application to run successfully, and then click **Next**.
|
7. On the **Select Files** page, carefully review the detected files. Clear any file the package accelerator doesn't need to run successfully and select only the files that the application requires. When you're done, select **Next**.
|
||||||
|
|
||||||
8. On the **Verify Applications** page, confirm that all installation files that are required to build the package are displayed. When the Package Accelerator is used to create a new package, all installation files displayed in the **Applications** pane are required to create the package.
|
8. Confirm that the **Verify Applications** page displays all installation files required to build the package. The package accelerator requires all installation files displayed in the **Applications** pane in order to create the package.
|
||||||
|
|
||||||
If necessary, to add additional Installer files, click **Add**. To remove unnecessary installation files, select the Installer file, and then click **Delete**. To edit the properties associated with an installer, click **Edit**. The installation files specified in this step will be required when the Package Accelerator is used to create a new virtual application package. After you have confirmed the information displayed, click **Next**.
|
If you need to add additional Installer files, select **Add**. To remove unnecessary installation files, select the **Installer file**, then select **Delete**. To edit the properties associated with an installer, select **Edit**. The package accelerator requires the installation files specified in this step to create a new virtual application package. After you have confirmed the information displayed, select **Next**.
|
||||||
|
|
||||||
9. On the **Select Guidance** page, to specify a file that contains information about how the Package Accelerator, click **Browse**. For example, this file can contain information about how the computer running the Sequencer should be configured, application prerequisite information for target computers, and general notes. You should provide all required information for the Package Accelerator to be successfully applied. The file you select must be in rich text (.rtf) or text file (.txt) format. Click **Next**.
|
9. On the **Select Guidance** page, select **Browse** to specify the file that will provide the package accelerator with application instructions. For example, this file can contain information about how the computer running the Sequencer should be configured, application prerequisite information for target computers, and general notes. You should provide all required information for successful package accelerator application. The file you select must be in rich text (.rtf) or text file (.txt) format. After specifying the file, select **Next**.
|
||||||
|
|
||||||
10. On the **Create Package Accelerator** page, to specify where to save the Package Accelerator, click **Browse** and select the directory.
|
10. On the **Create Package Accelerator** page, select **Browse** and select the directory where you want to save the package accelerator.
|
||||||
|
|
||||||
11. On the **Completion** page, to close the **Create Package Accelerator** wizard, click **Close**.
|
11. On the **Completion** page, select **Close**.
|
||||||
|
|
||||||
**Important**<br>
|
>[!IMPORTANT]
|
||||||
To help ensure that the package accelerator is as secure as possible, and so that the publisher can be verified when the package accelerator is applied, you should always digitally sign the package accelerator.
|
>You should always digitally sign the package accelerator to ensure that it is secure and can be verified by a publisher during application.
|
||||||
|
|
||||||
## Have a suggestion for App-V?
|
## Have a suggestion for App-V?
|
||||||
|
|
||||||
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
|
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
[Operations for App-V](appv-operations.md)
|
- [Operations for App-V](appv-operations.md)
|
||||||
|
- [How to create a virtual application package using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md)
|
||||||
[How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md)
|
|
||||||
|
@ -1,79 +1,76 @@
|
|||||||
---
|
---
|
||||||
title: How to Create a Virtual Application Package Using an App-V Package Accelerator (Windows 10)
|
title: How to create a virtual application package using an App-V Package Accelerator (Windows 10)
|
||||||
description: How to Create a Virtual Application Package Using an App-V Package Accelerator
|
description: How to create a virtual application package using an App-V Package Accelerator.
|
||||||
author: MaggiePucciEvans
|
author: MaggiePucciEvans
|
||||||
ms.pagetype: mdop, appcompat, virtualization
|
ms.pagetype: mdop, appcompat, virtualization
|
||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.date: 04/19/2017
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
# How to create a virtual application package using an App-V Package Accelerator
|
||||||
|
|
||||||
|
>Applies to: Windows 10, version 1607
|
||||||
# How to Create a Virtual Application Package Using an App-V Package Accelerator
|
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10, version 1607
|
|
||||||
|
|
||||||
Use the following procedure to create a virtual application package with the App-V Package Accelerator.
|
Use the following procedure to create a virtual application package with the App-V Package Accelerator.
|
||||||
|
|
||||||
> **Important** The App-V Sequencer does not grant any license rights to the software application that you use to create the Package Accelerator. You must abide by all end user license terms for the application that you use. It is your responsibility to make sure that the software application’s license terms allow you to create a Package Accelerator with the App-V Sequencer.
|
>[!IMPORTANT]
|
||||||
|
>The App-V Sequencer does not grant any license rights to the software application that you use to create the package accelerator. You must abide by all end user license terms for the application that you use. It is your responsibility to make sure that the software application’s license terms allow you to create a package accelerator with the App-V Sequencer.
|
||||||
|
|
||||||
**To create a virtual application package with an App-V Package Accelerator**
|
## Create a virtual application package with an App-V Package Accelerator
|
||||||
|
|
||||||
1. Be sure that the required Package Accelerator has been copied locally to the computer that runs the App-V Sequencer. Also copy all required installation files for the package to a local folder on the computer that runs the Sequencer. This is the folder that you have to specify in step 6 of this procedure.
|
1. Make sure you've copied the required package accelerator locally to the computer running the App-V Sequencer. Also make sure to copy all required installation files for the package to a local folder on the computer running the Sequencer. This is the folder that you have to specify in step 6 of this procedure.
|
||||||
|
|
||||||
2. To start the App-V Sequencer, on the computer that runs the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
|
2. To start the App-V Sequencer on the computer that runs the Sequencer, go to **Start** > **All Programs** > **Microsoft Application Virtualization** > **Microsoft Application Virtualization Sequencer**.
|
||||||
|
|
||||||
3. To start the **Create New Package Wizard**, click **Create a New Virtual Application Package**. To create the package, select the **Create Package using a Package Accelerator** check box, and then click **Next**.
|
3. Select **Create a New Virtual Application Package**. To create the package, select the **Create Package using a Package Accelerator** check box, then select **Next**.
|
||||||
|
|
||||||
4. To specify the package accelerator that will be used to create the new virtual application package, click **Browse** on the **Select Package Accelerator** page. Click **Next**.
|
4. To specify the package accelerator that will be used to create the new virtual application package, select **Browse** on the **Select Package Accelerator** page. Select **Next**.
|
||||||
|
|
||||||
> **Important** If the publisher of the package accelerator cannot be verified and does not contain a valid digital signature, then before you click **Run**, you must confirm that you trust the source of the package accelerator. Confirm your choice in the **Security Warning** dialog box.
|
>[!IMPORTANT]
|
||||||
|
>If the publisher of the package accelerator cannot be verified and does not contain a valid digital signature, then before you select **Run**, you must confirm that you trust the source of the package accelerator. Confirm your choice in the **Security Warning** dialog box.
|
||||||
|
|
||||||
5. On the **Guidance** page, review the publishing guidance information that is displayed in the information pane. This information was added when the Package Accelerator was created and it contains guidance about how to create and publish the package. To export the guidance information to a text (.txt) file, click **Export** and specify the location where the file should be saved, and then click **Next**.
|
5. On the **Guidance** page, review the publishing guidance information that is displayed in the information pane. This information was added when the package accelerator was created and it contains guidance about how to create and publish the package. To export the guidance information to a text (.txt) file, select **Export** and specify the location where the file should be saved, and then select **Next**.
|
||||||
|
|
||||||
6. On the **Select Installation Files** page, click **Make New Folder** to create a local folder that contains all required installation files for the package, and specify where the folder should be saved. You must also specify a name to be assigned to the folder. You must then copy all required installation files to the location that you specified. If the folder that contains the installation files already exists on the computer that runs the Sequencer, click **Browse** to select the folder.
|
6. On the **Select Installation Files** page, select **Make New Folder** to create a local folder that contains all required installation files for the package, and specify where the folder should be saved. You must also specify a name to be assigned to the folder. You must then copy all required installation files to the location that you specified. If the folder that contains the installation files already exists on the computer that runs the Sequencer, select **Browse** to select the folder.
|
||||||
|
|
||||||
Alternatively, if you have already copied the installation files to a directory on this computer, click **Make New Folder**, browse to the folder that contains the installation files, and then click **Next**.
|
Alternatively, if you have already copied the installation files to a directory on this computer, select **Make New Folder**, browse to the folder that contains the installation files, then select **Next**.
|
||||||
|
|
||||||
> **Note** You can specify the following types of supported installation files:
|
>[!NOTE]
|
||||||
|
>You can specify the following types of supported installation files:
|
||||||
> - Windows Installer files (**.msi**)
|
> - Windows Installer files (**.msi**)
|
||||||
> - Cabinet files (.cab)
|
> - Cabinet files (.cab)
|
||||||
> - Compressed files with a .zip file name extension
|
> - Compressed files with a .zip file name extension
|
||||||
> - The actual application files
|
> - The actual application files
|
||||||
> The following file types are not supported: **.msp** and **.exe** files. If you specify an **.exe** file, you must extract the installation files manually.
|
> The following file types are not supported: **.msp** and **.exe** files. If you specify an **.exe** file, you must extract the installation files manually.
|
||||||
|
|
||||||
7. If the package accelerator requires an application to be installed before you apply the Package Accelerator, and if you have already installed the required application, select **I have installed all applications**, and then click **Next** on the **Local Installation** page.
|
7. If the package accelerator requires you to install an application before you apply the package accelerator and you have already installed the required application, select **I have installed all applications**, then select **Next** on the **Local Installation** page.
|
||||||
|
|
||||||
8. On the **Package Name** page, specify a name that will be associated with the package. The name that you specify identifies the package in the App-V Management Console. Click **Next**.
|
8. On the **Package Name** page, specify a name that will be associated with the package. The name you choose will identify the package in the App-V Management Console. Select **Next**.
|
||||||
|
|
||||||
9. On the **Create Package** page, provide comments that will be associated with the package. The comments should contain identifying information about the package that you are creating. To confirm the location where the package is created, review the information that is displayed in **Save Location**. To compress the package, select **Compress Package**. Select the **Compress Package** check box if the package will be streamed across the network, or when the package size exceeds 4 GB.
|
9. On the **Create Package** page, provide comments that will be associated with the package. The comments should contain identifying information about the package that you are creating. To confirm the location where the package is created, review the information displayed in **Save Location**. To compress the package, select **Compress Package**. Select the **Compress Package** check box if the package will be streamed across the network or the package size exceeds 4 GB.
|
||||||
|
|
||||||
10. To create the package, click **Create**. After the package is created, click **Next**.
|
10. To create the package, select **Create**. After the package is created, select **Next**.
|
||||||
|
|
||||||
11. On the **Configure Software** page, to enable the Sequencer to configure the applications that are contained in the package, select **Configure Software**. In this step you can configure any associated tasks that must be completed in order to run the application on the target computers. For example, you can configure any associated license agreements.
|
11. On the **Configure Software** page, to enable the Sequencer to configure the applications contained within the package, select **Configure Software**. **Configure Software** will let you configure any associated tasks required to run the application on the target computers. For example, you can configure any associated license agreements.
|
||||||
|
|
||||||
If you select **Configure Software**, the following items can be configured using the Sequencer as part of this step:
|
The following items can be configured using the Sequencer as part of this step:
|
||||||
|
|
||||||
- **Load Package**. The Sequencer loads the files that are associated with the package. It can take several seconds to an hour to decode the package.
|
- **Load Package** loads files associated with the package. It can take several seconds to an hour to decode the package.
|
||||||
|
- **Run Each Program** optionally runs programs contained within the package. This step can help you complete associated license or configuration tasks that must be completed before deploying and running the package on target computers. To run all the programs at once, select at least one program, and then select **Run All**. To run specific programs, select the program or programs that you want to run, and then select **Run Selected**. Complete the required configuration tasks, then close the applications. It can take several minutes for all programs to run. Select **Next**.
|
||||||
|
- **Save Package** saves the package.
|
||||||
|
- **Primary Feature Block** optimizes the package for streaming by rebuilding the primary feature block.
|
||||||
|
|
||||||
- **Run Each Program**. Optionally run the programs that are contained in the package. This step is helpful to complete any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at once, select at least one program, and then click **Run All**. To run specific programs, select the program or programs that you want to run, and then click **Run Selected**. Complete the required configuration tasks, and then close the applications. It can take several minutes for all programs to run. Click **Next**.
|
If you don't want to configure the applications, select **Skip this step**, then select **Next**.
|
||||||
|
|
||||||
- **Save Package**. The Sequencer saves the package.
|
12. On the **Completion** page, after you review the information that is displayed in the **Virtual Application Package Report** pane, select **Close**.
|
||||||
|
|
||||||
- **Primary Feature Block**. The Sequencer optimizes the package for streaming by rebuilding the primary feature block.
|
The package is now available in the Sequencer. To edit the package properties, select **Edit \[Package Name\]**. For more information about how to modify a package, see [How to modify an existing virtual application package](appv-modify-an-existing-virtual-application-package.md).
|
||||||
|
|
||||||
If you do not want to configure the applications, click **Skip this step**, and then click **Next**.
|
|
||||||
|
|
||||||
12. On the **Completion** page, after you review the information that is displayed in the **Virtual Application Package Report** pane, click **Close**.
|
|
||||||
|
|
||||||
The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about how to modify a package, see [How to Modify an Existing Virtual Application Package](appv-modify-an-existing-virtual-application-package.md).
|
|
||||||
|
|
||||||
## Have a suggestion for App-V?
|
## Have a suggestion for App-V?
|
||||||
|
|
||||||
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
|
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
[Operations for App-V](appv-operations.md)
|
- [Operations for App-V](appv-operations.md)
|
||||||
|
@ -6,60 +6,54 @@ ms.pagetype: mdop, appcompat, virtualization
|
|||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.date: 04/19/2017
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Create and apply an App-V project template to a sequenced App-V package
|
# Create and apply an App-V project template to a sequenced App-V package
|
||||||
|
|
||||||
**Applies to**
|
>Applies to: Windows 10, version 1607
|
||||||
- Windows 10, version 1607
|
|
||||||
|
|
||||||
You can use an App-V project template (.appvt) file to save commonly applied settings associated with an existing virtual application package. These settings can then be applied when you create new virtual application packages in your environment. Using a project template can streamline the process of creating virtual application packages. App-V project templates differ from App-V Package Accelerators because App-V Package Accelerators are application-specific, while App-V project templates can be applied to multiple applications. For more info about Package Accelerators, see the [How to create a Package Accelerator](appv-create-a-package-accelerator.md) topic.
|
You can use an App-V Project Template (.appvt) file to save commonly applied settings associated with an existing virtual application package. You can then apply these settings whenever you create new virtual application packages in your environment, streamlining the package creation process. App-V Project Templates differ from App-V Package Accelerators because App-V Package Accelerators are application-specific, while App-V Project Templates can be applied to multiple applications. To learn more about package accelerators, see [How to create a package accelerator](appv-create-a-package-accelerator.md).
|
||||||
|
|
||||||
>[!IMPORTANT]
|
>[!IMPORTANT]
|
||||||
>In Windows 10, version 1703, running the new-appvsequencerpackage or the update-appvsequencepackage cmdlets automatically captures and stores all of your customizations as an App-V project template. If you want to make changes to this package later, your customizations are automatically loaded from this template file. If you have an auto-saved template and you attempt to load another template through the _TemplateFilePath_ parameter, the customization value from the parameter will override the auto-saved template.
|
>In Windows 10, version 1703, running the **New-AppvSequencerPackage** or the **Update-AppvSequencerPackage** cmdlets will automatically capture and store your customizations as an App-V Project Template. If you want to make changes to this package later, you can automatically load your customizations from this template file. If you have an auto-saved template and you attempt to load another template through the *TemplateFilePath* parameter, the customization value from the parameter will override the auto-saved template.
|
||||||
|
|
||||||
|
|
||||||
## Create a project template
|
## Create a project template
|
||||||
|
|
||||||
You must first create and save a project template, including a virtual app package with settings to be used by the template.
|
You must first create and save a project template, including a virtual app package with settings to be used by the template.
|
||||||
|
|
||||||
**To create a project template**
|
1. On the device running the App-V Sequencer, select **Start**, select **All Programs**, select **Microsoft Application Virtualization**, and then select **Microsoft Application Virtualization Sequencer**.
|
||||||
|
|
||||||
1. On the device running the App-V Sequencer, click **Start**, click **All Programs**, click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
|
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>If the virtual app package is currently open in the App-V Sequencer console, skip to Step 3 of this procedure.
|
>If the virtual app package is currently open in the App-V Sequencer console, skip to Step 3 of this procedure.
|
||||||
|
|
||||||
2. On the **File** menu, click **Open**, click **Edit Package**, browse for the virtual app package that includes the settings you want to save with the App-V project template, and then click **Edit** to change any of the settings or info included in the file.
|
2. On the **File** menu, select **Open**, select **Edit Package**, browse for the virtual app package that includes the settings you want to save with the App-V Project Template, and then select **Edit** to change any of the settings or info included in the file.
|
||||||
|
|
||||||
3. On the **File** menu, click **Save As Template**, review the settings associated with the new template, click **OK**, name your new template, and then click **Save**.
|
3. On the **File** menu, select **Save As Template**, review the settings associated with the new template, select **OK**, name your new template, and then select **Save**.
|
||||||
|
|
||||||
The new App-V project template is saved in the folder you specified.
|
The new App-V Project Template is saved in the folder you specified.
|
||||||
|
|
||||||
## Apply a project template
|
## Apply a project template
|
||||||
|
|
||||||
After creating the template, you can apply it to all of your new virtual app packages, automatically including all of the settings.
|
After creating the template, you can apply it to all of your new virtual app packages, automatically including all of the settings.
|
||||||
|
|
||||||
>[!IMPORTANT]
|
>[!IMPORTANT]
|
||||||
>Virtual app packages don't support using both a project template and a Package Accelerator together.
|
>Virtual app packages don't support using both a project template and a package accelerator at the same time.
|
||||||
|
|
||||||
1. On the device running the App-V Sequencer, click **Start**, click **All Programs**, click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
|
1. On the device running the App-V Sequencer, select **Start** > **All Programs** > **Microsoft Application Virtualization** > **Microsoft Application Virtualization Sequencer**.
|
||||||
|
|
||||||
2. On the **File** menu, click **New From Template**, browse to your newly created project template, and then click **Open**.
|
2. On the **File** menu, select **New From Template**, browse to your newly created project template and select **Open**.
|
||||||
|
|
||||||
3. Create your new virtual app package. The settings saved with your template are automatically applied.
|
3. Create your new virtual app package. The settings saved with your template are automatically applied.
|
||||||
|
|
||||||
### Related topics
|
### Related topics
|
||||||
|
|
||||||
- [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
|
- [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
|
||||||
|
|
||||||
- [How to install the App-V Sequencer](appv-install-the-sequencer.md)
|
- [How to install the App-V Sequencer](appv-install-the-sequencer.md)
|
||||||
|
|
||||||
- [Learn about Hyper-V on Windows Server 2016](https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/hyper-v-on-windows-server)
|
- [Learn about Hyper-V on Windows Server 2016](https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/hyper-v-on-windows-server)
|
||||||
|
|
||||||
- [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md)
|
- [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md)
|
||||||
|
|
||||||
- [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md)
|
- [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md)
|
||||||
|
|
||||||
- [Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-sequence-a-new-application.md)
|
- [Manually sequence a new app using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-sequence-a-new-application.md)
|
||||||
|
|
||||||
**Have a suggestion for App-V?**<p>
|
## Have a suggestion for App-V?
|
||||||
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
|
|
||||||
|
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Creating and Managing App-V Virtualized Applications (Windows 10)
|
title: Creating and managing App-V virtualized applications (Windows 10)
|
||||||
description: Creating and Managing App-V Virtualized Applications
|
description: Creating and managing App-V virtualized applications
|
||||||
author: MaggiePucciEvans
|
author: MaggiePucciEvans
|
||||||
ms.pagetype: mdop, appcompat, virtualization
|
ms.pagetype: mdop, appcompat, virtualization
|
||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
@ -8,7 +8,7 @@ ms.sitesec: library
|
|||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.date: 04/18/2018
|
ms.date: 04/18/2018
|
||||||
---
|
---
|
||||||
# Creating and Managing App-V Virtualized Applications
|
# Creating and managing App-V virtualized applications
|
||||||
|
|
||||||
>Applies to: Windows 10, version 1607
|
>Applies to: Windows 10, version 1607
|
||||||
|
|
||||||
|
@ -1,40 +1,37 @@
|
|||||||
---
|
---
|
||||||
title: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console (Windows 10)
|
title: How to customize virtual application extensions for a specific AD group by using the Management Console (Windows 10)
|
||||||
description: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console
|
description: How to customize virtual application extensions for a specific AD group by using the Management Console.
|
||||||
author: MaggiePucciEvans
|
author: MaggiePucciEvans
|
||||||
ms.pagetype: mdop, appcompat, virtualization
|
ms.pagetype: mdop, appcompat, virtualization
|
||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.date: 04/19/2017
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
# How to customize virtual applications extensions for a specific AD group by using the Management Console
|
||||||
|
|
||||||
|
>Applies to: Windows 10, version 1607
|
||||||
# How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console
|
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10, version 1607
|
|
||||||
|
|
||||||
Use the following procedure to customize the virtual application extensions for an Active Directory (AD) group.
|
Use the following procedure to customize the virtual application extensions for an Active Directory (AD) group.
|
||||||
|
|
||||||
**To customize virtual applications extensions for an AD group**
|
## Customize virtual applications extensions for an AD group
|
||||||
|
|
||||||
1. To view the package that you want to configure, open the App-V Management Console. To view the configuration that is assigned to a given user group, select the package, and right-click the package name and select **Edit active directory access**. Alternatively, select the package and click **EDIT** in the **AD ACCESS** pane.
|
1. To view the package that you want to configure, open the App-V Management Console. To view the configuration assigned to a given user group, select the package, then right-click the package name and select **Edit active directory access**. Alternatively, select the package and select **EDIT** in the **AD ACCESS** pane.
|
||||||
|
|
||||||
2. To customize an AD group, you can find the group from the list of **AD Entities with Access**. Then, using the drop-down box in the **Assigned Configuration** pane, select **Custom**, and then click **EDIT**.
|
2. To customize an AD group, you can find the group from the list of **AD Entities with Access**. Then, using the drop-down box in the **Assigned Configuration** pane, select **Custom**, and then select **EDIT**.
|
||||||
|
|
||||||
3. To disable all extensions for a given application, clear **ENABLE**.
|
3. To disable all extensions for a given application, clear **ENABLE**.
|
||||||
|
|
||||||
To add a new shortcut for the selected application, right-click the application in the **SHORTCUTS** pane, and select **Add new shortcut**. To remove a shortcut, right-click the application in the **SHORTCUTS** pane, and select **Remove Shortcut**. To edit an existing shortcut, right-click the application, and select **Edit Shortcut**.
|
To add a new shortcut for the selected application, right-click the application in the **SHORTCUTS** pane, and select **Add new shortcut**. To remove a shortcut, right-click the application in the **SHORTCUTS** pane and select **Remove Shortcut**. To edit an existing shortcut, right-click the application and select **Edit Shortcut**.
|
||||||
|
|
||||||
4. To view any other application extensions, click **Advanced**, and click **Export Configuration**. Type in a filename and click **Save**. You can view all application extensions that are associated with the package using the configuration file.
|
4. To view any other application extensions, select **Advanced**, and select **Export Configuration**. Enter a filename and select **Save**. You can view all application extensions that are associated with the package using the configuration file.
|
||||||
|
|
||||||
5. To edit additional application extensions, modify the configuration file and click **Import and Overwrite this Configuration**. Select the modified file and click **Open**. In the dialog, click **Overwrite** to complete the process.
|
5. To edit additional application extensions, modify the configuration file and select **Import and Overwrite this Configuration**. Select the modified file and select **Open**. In the dialog, select **Overwrite** to complete the process.
|
||||||
|
|
||||||
## Have a suggestion for App-V?
|
## Have a suggestion for App-V?
|
||||||
|
|
||||||
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
|
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
[Operations for App-V](appv-operations.md)
|
- [Operations for App-V](appv-operations.md)
|
||||||
|
@ -8,7 +8,7 @@ ms.pagetype: mobile
|
|||||||
ms.author: elizapo
|
ms.author: elizapo
|
||||||
author: lizap
|
author: lizap
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.date: 04/30/2018
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
# Understand the different apps included in Windows 10
|
# Understand the different apps included in Windows 10
|
||||||
|
|
||||||
@ -97,7 +97,7 @@ System apps are integral to the operating system. Here are the typical system ap
|
|||||||
Here are the typical installed Windows apps in Windows 10 versions 1703, 1709, and 1803.
|
Here are the typical installed Windows apps in Windows 10 versions 1703, 1709, and 1803.
|
||||||
|
|
||||||
| Name | Full name | 1703 | 1709 | 1803 |Uninstall through UI? |
|
| Name | Full name | 1703 | 1709 | 1803 |Uninstall through UI? |
|
||||||
|--------------------|------------------------------------------|:------:|:------:|:------:|----------------------|
|
|--------------------|------------------------------------------|:----:|:----:|:----:|----------------------|
|
||||||
| Remote Desktop | Microsoft.RemoteDesktop | x | x | | Yes |
|
| Remote Desktop | Microsoft.RemoteDesktop | x | x | | Yes |
|
||||||
| PowerBI | Microsoft.Microsoft PowerBIforWindows | x | | | Yes |
|
| PowerBI | Microsoft.Microsoft PowerBIforWindows | x | | | Yes |
|
||||||
| Code Writer | ActiproSoftwareLLC.562882FEEB491 | x | x | x | Yes |
|
| Code Writer | ActiproSoftwareLLC.562882FEEB491 | x | x | x | Yes |
|
||||||
@ -172,3 +172,6 @@ Here are the typical provisioned Windows apps in Windows 10 versions 1703, 1709,
|
|||||||
| | Microsoft.XboxGamingOverlay | | | x | No |
|
| | Microsoft.XboxGamingOverlay | | | x | No |
|
||||||
| | Microsoft.XboxIdentityProvider | x | x | x | No |
|
| | Microsoft.XboxIdentityProvider | x | x | x | No |
|
||||||
| | Microsoft.XboxSpeech ToTextOverlay | x | x | x | No |
|
| | Microsoft.XboxSpeech ToTextOverlay | x | x | x | No |
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it.
|
@ -249,6 +249,7 @@
|
|||||||
#### [Storage](policy-csp-storage.md)
|
#### [Storage](policy-csp-storage.md)
|
||||||
#### [System](policy-csp-system.md)
|
#### [System](policy-csp-system.md)
|
||||||
#### [SystemServices](policy-csp-systemservices.md)
|
#### [SystemServices](policy-csp-systemservices.md)
|
||||||
|
#### [TaskManager](policy-csp-taskmanager.md)
|
||||||
#### [TaskScheduler](policy-csp-taskscheduler.md)
|
#### [TaskScheduler](policy-csp-taskscheduler.md)
|
||||||
#### [TextInput](policy-csp-textinput.md)
|
#### [TextInput](policy-csp-textinput.md)
|
||||||
#### [TimeLanguageSettings](policy-csp-timelanguagesettings.md)
|
#### [TimeLanguageSettings](policy-csp-timelanguagesettings.md)
|
||||||
@ -320,4 +321,5 @@
|
|||||||
#### [WindowsLicensing DDF file](windowslicensing-ddf-file.md)
|
#### [WindowsLicensing DDF file](windowslicensing-ddf-file.md)
|
||||||
### [WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md)
|
### [WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md)
|
||||||
#### [WindowsSecurityAuditing DDF file](windowssecurityauditing-ddf-file.md)
|
#### [WindowsSecurityAuditing DDF file](windowssecurityauditing-ddf-file.md)
|
||||||
|
### [WiredNetwork CSP](wirednetwork-csp.md)
|
||||||
|
#### [WiredNetwork DDF file](wirednetwork-ddf-file.md)
|
||||||
|
@ -30,6 +30,7 @@ Footnotes:
|
|||||||
- 2 - Added in Windows 10, version 1703
|
- 2 - Added in Windows 10, version 1703
|
||||||
- 3 - Added in Windows 10, version 1709
|
- 3 - Added in Windows 10, version 1709
|
||||||
- 4 - Added in Windows 10, version 1803
|
- 4 - Added in Windows 10, version 1803
|
||||||
|
- 5 - Added in Windows 10, next major version
|
||||||
|
|
||||||
<!--StartCSPs-->
|
<!--StartCSPs-->
|
||||||
<hr/>
|
<hr/>
|
||||||
@ -2531,6 +2532,34 @@ Footnotes:
|
|||||||
<!--EndSKU-->
|
<!--EndSKU-->
|
||||||
<!--EndCSP-->
|
<!--EndCSP-->
|
||||||
|
|
||||||
|
<!--StartCSP-->
|
||||||
|
[WiredNetwork CSP](wirednetwork-csp.md)
|
||||||
|
|
||||||
|
<!--StartSKU-->
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<th>Home</th>
|
||||||
|
<th>Pro</th>
|
||||||
|
<th>Business</th>
|
||||||
|
<th>Enterprise</th>
|
||||||
|
<th>Education</th>
|
||||||
|
<th>Mobile</th>
|
||||||
|
<th>Mobile Enterprise</th>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
<!--EndSKU-->
|
||||||
|
<!--EndCSP-->
|
||||||
|
|
||||||
<!--StartCSP-->
|
<!--StartCSP-->
|
||||||
[w7 APPLICATION CSP](w7-application-csp.md)
|
[w7 APPLICATION CSP](w7-application-csp.md)
|
||||||
|
|
||||||
@ -2568,6 +2597,7 @@ Footnotes:
|
|||||||
- 2 - Added in Windows 10, version 1703
|
- 2 - Added in Windows 10, version 1703
|
||||||
- 3 - Added in Windows 10, version 1709
|
- 3 - Added in Windows 10, version 1709
|
||||||
- 4 - Added in Windows 10, version 1803
|
- 4 - Added in Windows 10, version 1803
|
||||||
|
- 5 - Added in Windows 10, next major version
|
||||||
|
|
||||||
## CSP DDF files download
|
## CSP DDF files download
|
||||||
|
|
||||||
@ -2614,6 +2644,7 @@ The following list shows the configuration service providers supported in Window
|
|||||||
- 2 - Added in Windows 10, version 1703
|
- 2 - Added in Windows 10, version 1703
|
||||||
- 3 - Added in Windows 10, version 1709
|
- 3 - Added in Windows 10, version 1709
|
||||||
- 4 - Added in Windows 10, version 1803
|
- 4 - Added in Windows 10, version 1803
|
||||||
|
- 5 - Added in Windows 10, next major version
|
||||||
|
|
||||||
## <a href="" id="surfacehubcspsupport"></a>CSPs supported in Microsoft Surface Hub
|
## <a href="" id="surfacehubcspsupport"></a>CSPs supported in Microsoft Surface Hub
|
||||||
|
|
||||||
|
@ -7,11 +7,14 @@ ms.topic: article
|
|||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.technology: windows
|
ms.technology: windows
|
||||||
author: MariciaAlforque
|
author: MariciaAlforque
|
||||||
ms.date: 08/25/2017
|
ms.date: 07/11/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# DevDetail CSP
|
# DevDetail CSP
|
||||||
|
|
||||||
|
> [!WARNING]
|
||||||
|
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
|
||||||
|
|
||||||
The DevDetail configuration service provider handles the management object which provides device-specific parameters to the OMA DM server. These device parameters are not sent from the client to the server automatically, but can be queried by servers using OMA DM commands.
|
The DevDetail configuration service provider handles the management object which provides device-specific parameters to the OMA DM server. These device parameters are not sent from the client to the server automatically, but can be queried by servers using OMA DM commands.
|
||||||
|
|
||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
@ -140,7 +143,12 @@ The following diagram shows the DevDetail configuration service provider managem
|
|||||||
<a href="" id="ext-microsoft-totalram"></a>**Ext/Microsoft/TotalRAM**
|
<a href="" id="ext-microsoft-totalram"></a>**Ext/Microsoft/TotalRAM**
|
||||||
<p style="margin-left: 20px">Added in Windows 10, version 1511. Integer that specifies the total available memory in MB on the device (may be less than total physical memory).
|
<p style="margin-left: 20px">Added in Windows 10, version 1511. Integer that specifies the total available memory in MB on the device (may be less than total physical memory).
|
||||||
|
|
||||||
<p style="margin-left: 20px">Supported operation is Get.
|
Supported operation is Get.
|
||||||
|
|
||||||
|
<a href="" id="ext-microsoft-smbiosserialnumber"></a>**Ext/Microsoft/SMBIOSSerialNumber**
|
||||||
|
Added in Windows 10, next major version. SMBIOS Serial Number of the device.
|
||||||
|
|
||||||
|
Value type is string. Supported operation is Get.
|
||||||
|
|
||||||
<a href="" id="ext-wlanmacaddress"></a>**Ext/WLANMACAddress**
|
<a href="" id="ext-wlanmacaddress"></a>**Ext/WLANMACAddress**
|
||||||
<p style="margin-left: 20px">The MAC address of the active WLAN connection, as a 12-digit hexadecimal number.
|
<p style="margin-left: 20px">The MAC address of the active WLAN connection, as a 12-digit hexadecimal number.
|
||||||
|
@ -7,16 +7,19 @@ ms.topic: article
|
|||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.technology: windows
|
ms.technology: windows
|
||||||
author: MariciaAlforque
|
author: MariciaAlforque
|
||||||
ms.date: 12/05/2017
|
ms.date: 07/11/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# DevDetail DDF file
|
# DevDetail DDF file
|
||||||
|
|
||||||
|
> [!WARNING]
|
||||||
|
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
|
||||||
|
|
||||||
This topic shows the OMA DM device description framework (DDF) for the **DevDetail** configuration service provider. DDF files are used only with OMA DM provisioning XML.
|
This topic shows the OMA DM device description framework (DDF) for the **DevDetail** configuration service provider. DDF files are used only with OMA DM provisioning XML.
|
||||||
|
|
||||||
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
|
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
|
||||||
|
|
||||||
The XML below is the current version for this CSP.
|
The XML below is for Windows 10, next major version.
|
||||||
|
|
||||||
``` syntax
|
``` syntax
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
@ -42,7 +45,7 @@ The XML below is the current version for this CSP.
|
|||||||
<Permanent />
|
<Permanent />
|
||||||
</Scope>
|
</Scope>
|
||||||
<DFType>
|
<DFType>
|
||||||
<DDFName>urn:oma:mo:oma-dm-devdetail:1.1</DDFName>
|
<DDFName>urn:oma:mo:oma-dm-devdetail:1.2</DDFName>
|
||||||
</DFType>
|
</DFType>
|
||||||
</DFProperties>
|
</DFProperties>
|
||||||
<Node>
|
<Node>
|
||||||
@ -525,6 +528,27 @@ The XML below is the current version for this CSP.
|
|||||||
</DFType>
|
</DFType>
|
||||||
</DFProperties>
|
</DFProperties>
|
||||||
</Node>
|
</Node>
|
||||||
|
<Node>
|
||||||
|
<NodeName>SMBIOSSerialNumber</NodeName>
|
||||||
|
<DFProperties>
|
||||||
|
<AccessType>
|
||||||
|
<Get />
|
||||||
|
</AccessType>
|
||||||
|
<Description>SMBIOS Serial Number of the device.</Description>
|
||||||
|
<DFFormat>
|
||||||
|
<chr />
|
||||||
|
</DFFormat>
|
||||||
|
<Occurrence>
|
||||||
|
<One />
|
||||||
|
</Occurrence>
|
||||||
|
<Scope>
|
||||||
|
<Permanent />
|
||||||
|
</Scope>
|
||||||
|
<DFType>
|
||||||
|
<MIME>text/plain</MIME>
|
||||||
|
</DFType>
|
||||||
|
</DFProperties>
|
||||||
|
</Node>
|
||||||
</Node>
|
</Node>
|
||||||
<Node>
|
<Node>
|
||||||
<NodeName>WLANMACAddress</NodeName>
|
<NodeName>WLANMACAddress</NodeName>
|
||||||
@ -677,18 +701,3 @@ The XML below is the current version for this CSP.
|
|||||||
</Node>
|
</Node>
|
||||||
</MgmtTree>
|
</MgmtTree>
|
||||||
```
|
```
|
||||||
|
|
||||||
## Related topics
|
|
||||||
|
|
||||||
|
|
||||||
[DevDetail configuration service provider](devdetail-csp.md)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Before Width: | Height: | Size: 28 KiB After Width: | Height: | Size: 32 KiB |
Before Width: | Height: | Size: 11 KiB After Width: | Height: | Size: 12 KiB |
After Width: | Height: | Size: 5.8 KiB |
@ -1623,6 +1623,33 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
|
|||||||
|
|
||||||
## Change history in MDM documentation
|
## Change history in MDM documentation
|
||||||
|
|
||||||
|
### July 2018
|
||||||
|
|
||||||
|
<table class="mx-tdBreakAll">
|
||||||
|
<colgroup>
|
||||||
|
<col width="25%" />
|
||||||
|
<col width="75%" />
|
||||||
|
</colgroup>
|
||||||
|
<thead>
|
||||||
|
<tr class="header">
|
||||||
|
<th>New or updated topic</th>
|
||||||
|
<th>Description</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
|
||||||
|
<td style="vertical-align:top"><p>Added the following new policies in Windows 10, next major version:</p>
|
||||||
|
<ul>
|
||||||
|
<li>ApplicationManagement/LaunchAppAfterLogOn</li>
|
||||||
|
<li>ApplicationManagement/ScheduleForceRestartForUpdateFailures </li>
|
||||||
|
<li>TaskManager/AllowEndTask</li>
|
||||||
|
<li>WindowsLogon/DontDisplayNetworkSelectionUI</li>
|
||||||
|
</ul>
|
||||||
|
</td></tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
|
||||||
### June 2018
|
### June 2018
|
||||||
|
|
||||||
<table class="mx-tdBreakAll">
|
<table class="mx-tdBreakAll">
|
||||||
@ -1638,6 +1665,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
|
|||||||
</thead>
|
</thead>
|
||||||
<tbody>
|
<tbody>
|
||||||
<tr>
|
<tr>
|
||||||
|
<td style="vertical-align:top">[Wifi CSP](wifi-csp.md)</td>
|
||||||
|
<td style="vertical-align:top"><p>Added a new node WifiCost.</p>
|
||||||
|
</td></tr>
|
||||||
|
<tr>
|
||||||
<td style="vertical-align:top">[Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md)</td>
|
<td style="vertical-align:top">[Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md)</td>
|
||||||
<td style="vertical-align:top"><p>Recent changes:</p>
|
<td style="vertical-align:top"><p>Recent changes:</p>
|
||||||
<ul>
|
<ul>
|
||||||
@ -1659,6 +1690,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
|
|||||||
<li>Start/ImportEdgeAssets - added a table of SKU support information.</li>
|
<li>Start/ImportEdgeAssets - added a table of SKU support information.</li>
|
||||||
</ul>
|
</ul>
|
||||||
</td></tr>
|
</td></tr>
|
||||||
|
<tr>
|
||||||
|
<td style="vertical-align:top">[WiredNetwork CSP](wirednetwork-csp.md)</td>
|
||||||
|
<td style="vertical-align:top">New CSP added in Windows 10, next major version.
|
||||||
|
</td></tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
|
@ -389,6 +389,29 @@ The following diagram shows the Policy configuration service provider in tree fo
|
|||||||
</dd>
|
</dd>
|
||||||
</dl>
|
</dl>
|
||||||
|
|
||||||
|
### BITS policies
|
||||||
|
|
||||||
|
<dl>
|
||||||
|
<dd>
|
||||||
|
<a href="./policy-csp-bits.md#bits-bandwidththrottlingendtime" id="bits-bandwidththrottlingendtime">BITS/BandwidthThrottlingEndTime</a>
|
||||||
|
</dd>
|
||||||
|
<dd>
|
||||||
|
<a href="./policy-csp-bits.md#bits-bandwidththrottlingstarttime" id="bits-bandwidththrottlingstarttime">BITS/BandwidthThrottlingStartTime</a>
|
||||||
|
</dd>
|
||||||
|
<dd>
|
||||||
|
<a href="./policy-csp-bits.md#bits-bandwidththrottlingtransferrate" id="bits-bandwidththrottlingtransferrate">BITS/BandwidthThrottlingTransferRate</a>
|
||||||
|
</dd>
|
||||||
|
<dd>
|
||||||
|
<a href="./policy-csp-bits.md#bits-costednetworkbehaviorbackgroundpriority" id="bits-costednetworkbehaviorbackgroundpriority">BITS/CostedNetworkBehaviorBackgroundPriority</a>
|
||||||
|
</dd>
|
||||||
|
<dd>
|
||||||
|
<a href="./policy-csp-bits.md#bits-costednetworkbehaviorforegroundpriority" id="bits-costednetworkbehaviorforegroundpriority">BITS/CostedNetworkBehaviorForegroundPriority</a>
|
||||||
|
</dd>
|
||||||
|
<dd>
|
||||||
|
<a href="./policy-csp-bits.md#bits-jobinactivitytimeout" id="bits-jobinactivitytimeout">BITS/JobInactivityTimeout</a>
|
||||||
|
</dd>
|
||||||
|
</dl>
|
||||||
|
|
||||||
### Bluetooth policies
|
### Bluetooth policies
|
||||||
|
|
||||||
<dl>
|
<dl>
|
||||||
@ -3044,6 +3067,14 @@ The following diagram shows the Policy configuration service provider in tree fo
|
|||||||
</dd>
|
</dd>
|
||||||
</dl>
|
</dl>
|
||||||
|
|
||||||
|
### TaskManager policies
|
||||||
|
|
||||||
|
<dl>
|
||||||
|
<dd>
|
||||||
|
<a href="./policy-csp-taskmanager.md#taskmanager-allowendtask" id="taskmanager-allowendtask">TaskManager/AllowEndTask</a>
|
||||||
|
</dd>
|
||||||
|
</dl>
|
||||||
|
|
||||||
### TaskScheduler policies
|
### TaskScheduler policies
|
||||||
|
|
||||||
<dl>
|
<dl>
|
||||||
@ -3983,6 +4014,12 @@ The following diagram shows the Policy configuration service provider in tree fo
|
|||||||
- [Autoplay/DisallowAutoplayForNonVolumeDevices](./policy-csp-autoplay.md#autoplay-disallowautoplayfornonvolumedevices)
|
- [Autoplay/DisallowAutoplayForNonVolumeDevices](./policy-csp-autoplay.md#autoplay-disallowautoplayfornonvolumedevices)
|
||||||
- [Autoplay/SetDefaultAutoRunBehavior](./policy-csp-autoplay.md#autoplay-setdefaultautorunbehavior)
|
- [Autoplay/SetDefaultAutoRunBehavior](./policy-csp-autoplay.md#autoplay-setdefaultautorunbehavior)
|
||||||
- [Autoplay/TurnOffAutoPlay](./policy-csp-autoplay.md#autoplay-turnoffautoplay)
|
- [Autoplay/TurnOffAutoPlay](./policy-csp-autoplay.md#autoplay-turnoffautoplay)
|
||||||
|
- [BITS/BandwidthThrottlingEndTime](./policy-csp-bits.md#bits-bandwidththrottlingendtime)
|
||||||
|
- [BITS/BandwidthThrottlingStartTime](./policy-csp-bits.md#bits-bandwidththrottlingstarttime)
|
||||||
|
- [BITS/BandwidthThrottlingTransferRate](./policy-csp-bits.md#bits-bandwidththrottlingtransferrate)
|
||||||
|
- [BITS/CostedNetworkBehaviorBackgroundPriority](./policy-csp-bits.md#bits-costednetworkbehaviorbackgroundpriority)
|
||||||
|
- [BITS/CostedNetworkBehaviorForegroundPriority](./policy-csp-bits.md#bits-costednetworkbehaviorforegroundpriority)
|
||||||
|
- [BITS/JobInactivityTimeout](./policy-csp-bits.md#bits-jobinactivitytimeout)
|
||||||
- [Browser/AllowAddressBarDropdown](./policy-csp-browser.md#browser-allowaddressbardropdown)
|
- [Browser/AllowAddressBarDropdown](./policy-csp-browser.md#browser-allowaddressbardropdown)
|
||||||
- [Browser/AllowAutofill](./policy-csp-browser.md#browser-allowautofill)
|
- [Browser/AllowAutofill](./policy-csp-browser.md#browser-allowautofill)
|
||||||
- [Browser/AllowCookies](./policy-csp-browser.md#browser-allowcookies)
|
- [Browser/AllowCookies](./policy-csp-browser.md#browser-allowcookies)
|
||||||
|
@ -6,7 +6,7 @@ ms.topic: article
|
|||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.technology: windows
|
ms.technology: windows
|
||||||
author: MariciaAlforque
|
author: MariciaAlforque
|
||||||
ms.date: 07/03/2018
|
ms.date: 07/11/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Policy CSP - ApplicationManagement
|
# Policy CSP - ApplicationManagement
|
||||||
@ -590,6 +590,17 @@ The following list shows the supported values:
|
|||||||
<!--Description-->
|
<!--Description-->
|
||||||
List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are launched after logon. This policy allows the IT admin to specify a list of applications that users can run after logging on to the device.
|
List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are launched after logon. This policy allows the IT admin to specify a list of applications that users can run after logging on to the device.
|
||||||
|
|
||||||
|
For this policy to work, the Windows apps need to declare in their manifest that they will use the start up task. Example of the declaration here:
|
||||||
|
|
||||||
|
``` syntax
|
||||||
|
<desktop:Extension Category="windows.startupTask">
|
||||||
|
<desktop:StartupTask TaskId="CoffeeStartupTask" Enabled="true" DisplayName="ms-resource:Description" />
|
||||||
|
</desktop:Extension>
|
||||||
|
```
|
||||||
|
|
||||||
|
> [!Note]
|
||||||
|
> This policy only works on modern apps.
|
||||||
|
|
||||||
<!--/Description-->
|
<!--/Description-->
|
||||||
<!--SupportedValues-->
|
<!--SupportedValues-->
|
||||||
|
|
||||||
|
504
windows/client-management/mdm/policy-csp-bits.md
Normal file
@ -0,0 +1,504 @@
|
|||||||
|
---
|
||||||
|
title: Policy CSP - BITS
|
||||||
|
description: Policy CSP - BITS
|
||||||
|
ms.author: maricia
|
||||||
|
ms.topic: article
|
||||||
|
ms.prod: w10
|
||||||
|
ms.technology: windows
|
||||||
|
author: MariciaAlforque
|
||||||
|
ms.date: 06/29/2018
|
||||||
|
---
|
||||||
|
|
||||||
|
# Policy CSP - BITS
|
||||||
|
|
||||||
|
> [!WARNING]
|
||||||
|
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
|
||||||
|
|
||||||
|
The following bandwidth policies are used together to define the bandwidth-throttling schedule and transfer rate.
|
||||||
|
|
||||||
|
- BITS/BandwidthThrottlingEndTime
|
||||||
|
- BITS/BandwidthThrottlingStartTime
|
||||||
|
- BITS/BandwidthThrottlingTransferRate
|
||||||
|
|
||||||
|
If BITS/BandwidthThrottlingStartTime or BITS/BandwidthThrottlingEndTime are NOT defined, but BITS/BandwidthThrottlingTransferRate IS defined, then default values will be used for StartTime and EndTime (8am and 5pm respectively). The time policies are based on the 24-hour clock.
|
||||||
|
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<!--Policies-->
|
||||||
|
## BITS policies
|
||||||
|
|
||||||
|
<dl>
|
||||||
|
<dd>
|
||||||
|
<a href="#bits-bandwidththrottlingendtime">BITS/BandwidthThrottlingEndTime</a>
|
||||||
|
</dd>
|
||||||
|
<dd>
|
||||||
|
<a href="#bits-bandwidththrottlingstarttime">BITS/BandwidthThrottlingStartTime</a>
|
||||||
|
</dd>
|
||||||
|
<dd>
|
||||||
|
<a href="#bits-bandwidththrottlingtransferrate">BITS/BandwidthThrottlingTransferRate</a>
|
||||||
|
</dd>
|
||||||
|
<dd>
|
||||||
|
<a href="#bits-costednetworkbehaviorbackgroundpriority">BITS/CostedNetworkBehaviorBackgroundPriority</a>
|
||||||
|
</dd>
|
||||||
|
<dd>
|
||||||
|
<a href="#bits-costednetworkbehaviorforegroundpriority">BITS/CostedNetworkBehaviorForegroundPriority</a>
|
||||||
|
</dd>
|
||||||
|
<dd>
|
||||||
|
<a href="#bits-jobinactivitytimeout">BITS/JobInactivityTimeout</a>
|
||||||
|
</dd>
|
||||||
|
</dl>
|
||||||
|
|
||||||
|
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<!--Policy-->
|
||||||
|
<a href="" id="bits-bandwidththrottlingendtime"></a>**BITS/BandwidthThrottlingEndTime**
|
||||||
|
|
||||||
|
<!--SupportedSKUs-->
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<th>Home</th>
|
||||||
|
<th>Pro</th>
|
||||||
|
<th>Business</th>
|
||||||
|
<th>Enterprise</th>
|
||||||
|
<th>Education</th>
|
||||||
|
<th>Mobile</th>
|
||||||
|
<th>Mobile Enterprise</th>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td></td>
|
||||||
|
<td></td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
<!--/SupportedSKUs-->
|
||||||
|
<!--Scope-->
|
||||||
|
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
||||||
|
|
||||||
|
> [!div class = "checklist"]
|
||||||
|
> * Device
|
||||||
|
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<!--/Scope-->
|
||||||
|
<!--Description-->
|
||||||
|
This policy specifies the bandwidth throttling **end time** that Background Intelligent Transfer Service (BITS) uses for background transfers. This policy setting does not affect foreground transfers. This policy is based on the 24-hour clock.
|
||||||
|
|
||||||
|
Value type is integer. Default value is 17 (5 pm).
|
||||||
|
|
||||||
|
Supported value range: 0 - 23
|
||||||
|
|
||||||
|
You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A.M. to 5:00 P.M., and use all available unused bandwidth the rest of the day's hours.
|
||||||
|
|
||||||
|
Using the three policies together (BandwidthThrottlingStartTime, BandwidthThrottlingEndTime, BandwidthThrottlingTransferRate), BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0.
|
||||||
|
|
||||||
|
If you disable or do not configure this policy setting, BITS uses all available unused bandwidth.
|
||||||
|
|
||||||
|
Note: You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect Peercaching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
|
||||||
|
|
||||||
|
Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).
|
||||||
|
|
||||||
|
<!--/Description-->
|
||||||
|
<!--ADMXMapped-->
|
||||||
|
ADMX Info:
|
||||||
|
- GP English name: *Limit the maximum network bandwidth for BITS background transfers*
|
||||||
|
- GP name: *BITS_MaxBandwidth*
|
||||||
|
- GP element: *BITS_BandwidthLimitSchedTo*
|
||||||
|
- GP path: *Network/Background Intelligent Transfer Service (BITS)*
|
||||||
|
- GP ADMX file name: *Bits.admx*
|
||||||
|
|
||||||
|
<!--/ADMXMapped-->
|
||||||
|
<!--SupportedValues-->
|
||||||
|
|
||||||
|
<!--/SupportedValues-->
|
||||||
|
<!--Example-->
|
||||||
|
|
||||||
|
<!--/Example-->
|
||||||
|
<!--Validation-->
|
||||||
|
|
||||||
|
<!--/Validation-->
|
||||||
|
<!--/Policy-->
|
||||||
|
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<!--Policy-->
|
||||||
|
<a href="" id="bits-bandwidththrottlingstarttime"></a>**BITS/BandwidthThrottlingStartTime**
|
||||||
|
|
||||||
|
<!--SupportedSKUs-->
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<th>Home</th>
|
||||||
|
<th>Pro</th>
|
||||||
|
<th>Business</th>
|
||||||
|
<th>Enterprise</th>
|
||||||
|
<th>Education</th>
|
||||||
|
<th>Mobile</th>
|
||||||
|
<th>Mobile Enterprise</th>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td></td>
|
||||||
|
<td></td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
<!--/SupportedSKUs-->
|
||||||
|
<!--Scope-->
|
||||||
|
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
||||||
|
|
||||||
|
> [!div class = "checklist"]
|
||||||
|
> * Device
|
||||||
|
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<!--/Scope-->
|
||||||
|
<!--Description-->
|
||||||
|
This policy specifies the bandwidth throttling **start time** that Background Intelligent Transfer Service (BITS) uses for background transfers. This policy setting does not affect foreground transfers. This policy is based on the 24-hour clock.
|
||||||
|
|
||||||
|
Value type is integer. Default value is 8 (8 am).
|
||||||
|
|
||||||
|
Supported value range: 0 - 23
|
||||||
|
|
||||||
|
You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A.M. to 5:00 P.M., and use all available unused bandwidth the rest of the day's hours.
|
||||||
|
|
||||||
|
Using the three policies together (BandwidthThrottlingStartTime, BandwidthThrottlingEndTime, BandwidthThrottlingTransferRate), BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0.
|
||||||
|
|
||||||
|
If you disable or do not configure this policy setting, BITS uses all available unused bandwidth.
|
||||||
|
|
||||||
|
Note: You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect Peercaching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
|
||||||
|
|
||||||
|
Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).
|
||||||
|
|
||||||
|
<!--/Description-->
|
||||||
|
<!--ADMXMapped-->
|
||||||
|
ADMX Info:
|
||||||
|
- GP English name: *Limit the maximum network bandwidth for BITS background transfers*
|
||||||
|
- GP name: *BITS_MaxBandwidth*
|
||||||
|
- GP element: *BITS_BandwidthLimitSchedFrom*
|
||||||
|
- GP path: *Network/Background Intelligent Transfer Service (BITS)*
|
||||||
|
- GP ADMX file name: *Bits.admx*
|
||||||
|
|
||||||
|
<!--/ADMXMapped-->
|
||||||
|
<!--SupportedValues-->
|
||||||
|
|
||||||
|
<!--/SupportedValues-->
|
||||||
|
<!--Example-->
|
||||||
|
|
||||||
|
<!--/Example-->
|
||||||
|
<!--Validation-->
|
||||||
|
|
||||||
|
<!--/Validation-->
|
||||||
|
<!--/Policy-->
|
||||||
|
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<!--Policy-->
|
||||||
|
<a href="" id="bits-bandwidththrottlingtransferrate"></a>**BITS/BandwidthThrottlingTransferRate**
|
||||||
|
|
||||||
|
<!--SupportedSKUs-->
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<th>Home</th>
|
||||||
|
<th>Pro</th>
|
||||||
|
<th>Business</th>
|
||||||
|
<th>Enterprise</th>
|
||||||
|
<th>Education</th>
|
||||||
|
<th>Mobile</th>
|
||||||
|
<th>Mobile Enterprise</th>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td></td>
|
||||||
|
<td></td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
<!--/SupportedSKUs-->
|
||||||
|
<!--Scope-->
|
||||||
|
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
||||||
|
|
||||||
|
> [!div class = "checklist"]
|
||||||
|
> * Device
|
||||||
|
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<!--/Scope-->
|
||||||
|
<!--Description-->
|
||||||
|
This policy specifies the bandwidth throttling **transfer rate** in kilobits per second (Kbps) that Background Intelligent Transfer Service (BITS) uses for background transfers. This policy setting does not affect foreground transfers.
|
||||||
|
|
||||||
|
Value type is integer. Default value is 1000.
|
||||||
|
|
||||||
|
Supported value range: 0 - 4294967200
|
||||||
|
|
||||||
|
You can specify a limit to use during a specific time interval and at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8:00 A.M. to 5:00 P.M., and use all available unused bandwidth the rest of the day's hours.
|
||||||
|
|
||||||
|
Using the three policies together (BandwidthThrottlingStartTime, BandwidthThrottlingEndTime, BandwidthThrottlingTransferRate), BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0.
|
||||||
|
|
||||||
|
If you disable or do not configure this policy setting, BITS uses all available unused bandwidth.
|
||||||
|
|
||||||
|
Note: You should base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect Peercaching transfers between peer computers (it does affect transfers from the origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose.
|
||||||
|
|
||||||
|
Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).
|
||||||
|
|
||||||
|
<!--/Description-->
|
||||||
|
<!--ADMXMapped-->
|
||||||
|
ADMX Info:
|
||||||
|
- GP English name: *Limit the maximum network bandwidth for BITS background transfers*
|
||||||
|
- GP name: *BITS_MaxBandwidth*
|
||||||
|
- GP element: *BITS_MaxTransferRateText*
|
||||||
|
- GP path: *Network/Background Intelligent Transfer Service (BITS)*
|
||||||
|
- GP ADMX file name: *Bits.admx*
|
||||||
|
|
||||||
|
<!--/ADMXMapped-->
|
||||||
|
<!--SupportedValues-->
|
||||||
|
|
||||||
|
<!--/SupportedValues-->
|
||||||
|
<!--Example-->
|
||||||
|
|
||||||
|
<!--/Example-->
|
||||||
|
<!--Validation-->
|
||||||
|
|
||||||
|
<!--/Validation-->
|
||||||
|
<!--/Policy-->
|
||||||
|
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<!--Policy-->
|
||||||
|
<a href="" id="bits-costednetworkbehaviorbackgroundpriority"></a>**BITS/CostedNetworkBehaviorBackgroundPriority**
|
||||||
|
|
||||||
|
<!--SupportedSKUs-->
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<th>Home</th>
|
||||||
|
<th>Pro</th>
|
||||||
|
<th>Business</th>
|
||||||
|
<th>Enterprise</th>
|
||||||
|
<th>Education</th>
|
||||||
|
<th>Mobile</th>
|
||||||
|
<th>Mobile Enterprise</th>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td></td>
|
||||||
|
<td></td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
<!--/SupportedSKUs-->
|
||||||
|
<!--Scope-->
|
||||||
|
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
||||||
|
|
||||||
|
> [!div class = "checklist"]
|
||||||
|
> * Device
|
||||||
|
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<!--/Scope-->
|
||||||
|
<!--Description-->
|
||||||
|
This policy setting defines the default behavior that the Background Intelligent Transfer Service (BITS) uses for background transfers when the system is connected to a costed network (3G, etc.). Download behavior policies further limit the network usage of background transfers.
|
||||||
|
|
||||||
|
If you enable this policy setting, you can define a default download policy for each BITS job priority. This setting does not override a download policy explicitly configured by the application that created the BITS job, but does apply to jobs that are created by specifying only a priority.
|
||||||
|
|
||||||
|
For example, you can specify that background jobs are by default to transfer only when on uncosted network connections, but foreground jobs should proceed only when not roaming. The values that can be assigned are:
|
||||||
|
- 1 - Always transfer
|
||||||
|
- 2 - Transfer unless roaming
|
||||||
|
- 3 - Transfer unless surcharge applies (when not roaming or overcap)
|
||||||
|
- 4 - Transfer unless nearing limit (when not roaming or nearing cap)
|
||||||
|
- 5 - Transfer only if unconstrained
|
||||||
|
|
||||||
|
<!--/Description-->
|
||||||
|
<!--ADMXMapped-->
|
||||||
|
ADMX Info:
|
||||||
|
- GP English name: *Set default download behavior for BITS jobs on costed networks*
|
||||||
|
- GP name: *BITS_SetTransferPolicyOnCostedNetwork*
|
||||||
|
- GP element: *BITS_TransferPolicyNormalPriorityValue*
|
||||||
|
- GP path: *Network/Background Intelligent Transfer Service (BITS)*
|
||||||
|
- GP ADMX file name: *Bits.admx*
|
||||||
|
|
||||||
|
<!--/ADMXMapped-->
|
||||||
|
<!--SupportedValues-->
|
||||||
|
|
||||||
|
<!--/SupportedValues-->
|
||||||
|
<!--Example-->
|
||||||
|
|
||||||
|
<!--/Example-->
|
||||||
|
<!--Validation-->
|
||||||
|
|
||||||
|
<!--/Validation-->
|
||||||
|
<!--/Policy-->
|
||||||
|
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<!--Policy-->
|
||||||
|
<a href="" id="bits-costednetworkbehaviorforegroundpriority"></a>**BITS/CostedNetworkBehaviorForegroundPriority**
|
||||||
|
|
||||||
|
<!--SupportedSKUs-->
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<th>Home</th>
|
||||||
|
<th>Pro</th>
|
||||||
|
<th>Business</th>
|
||||||
|
<th>Enterprise</th>
|
||||||
|
<th>Education</th>
|
||||||
|
<th>Mobile</th>
|
||||||
|
<th>Mobile Enterprise</th>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td></td>
|
||||||
|
<td></td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
<!--/SupportedSKUs-->
|
||||||
|
<!--Scope-->
|
||||||
|
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
||||||
|
|
||||||
|
> [!div class = "checklist"]
|
||||||
|
> * Device
|
||||||
|
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<!--/Scope-->
|
||||||
|
<!--Description-->
|
||||||
|
This policy setting defines the default behavior that the foreground Intelligent Transfer Service (BITS) uses for foreground transfers when the system is connected to a costed network (3G, etc.). Download behavior policies further limit the network usage of foreground transfers.
|
||||||
|
|
||||||
|
If you enable this policy setting, you can define a default download policy for each BITS job priority. This setting does not override a download policy explicitly configured by the application that created the BITS job, but does apply to jobs that are created by specifying only a priority.
|
||||||
|
|
||||||
|
For example, you can specify that foreground jobs are by default to transfer only when on uncosted network connections, but foreground jobs should proceed only when not roaming. The values that can be assigned are:
|
||||||
|
- 1 - Always transfer
|
||||||
|
- 2 - Transfer unless roaming
|
||||||
|
- 3 - Transfer unless surcharge applies (when not roaming or overcap)
|
||||||
|
- 4 - Transfer unless nearing limit (when not roaming or nearing cap)
|
||||||
|
- 5 - Transfer only if unconstrained
|
||||||
|
|
||||||
|
<!--/Description-->
|
||||||
|
<!--ADMXMapped-->
|
||||||
|
ADMX Info:
|
||||||
|
- GP English name: *Set default download behavior for BITS jobs on costed networks*
|
||||||
|
- GP name: *BITS_SetTransferPolicyOnCostedNetwork*
|
||||||
|
- GP element: *BITS_TransferPolicyForegroundPriorityValue*
|
||||||
|
- GP path: *Network/Background Intelligent Transfer Service (BITS)*
|
||||||
|
- GP ADMX file name: *Bits.admx*
|
||||||
|
|
||||||
|
<!--/ADMXMapped-->
|
||||||
|
<!--SupportedValues-->
|
||||||
|
|
||||||
|
<!--/SupportedValues-->
|
||||||
|
<!--Example-->
|
||||||
|
|
||||||
|
<!--/Example-->
|
||||||
|
<!--Validation-->
|
||||||
|
|
||||||
|
<!--/Validation-->
|
||||||
|
<!--/Policy-->
|
||||||
|
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<!--Policy-->
|
||||||
|
<a href="" id="bits-jobinactivitytimeout"></a>**BITS/JobInactivityTimeout**
|
||||||
|
|
||||||
|
<!--SupportedSKUs-->
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<th>Home</th>
|
||||||
|
<th>Pro</th>
|
||||||
|
<th>Business</th>
|
||||||
|
<th>Enterprise</th>
|
||||||
|
<th>Education</th>
|
||||||
|
<th>Mobile</th>
|
||||||
|
<th>Mobile Enterprise</th>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td></td>
|
||||||
|
<td></td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
<!--/SupportedSKUs-->
|
||||||
|
<!--Scope-->
|
||||||
|
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
||||||
|
|
||||||
|
> [!div class = "checklist"]
|
||||||
|
> * Device
|
||||||
|
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<!--/Scope-->
|
||||||
|
<!--Description-->
|
||||||
|
This policy setting specifies the number of days a pending BITS job can remain inactive before the job is considered abandoned. By default BITS will wait 90 days before considering an inactive job abandoned. After a job is determined to be abandoned, the job is deleted from BITS and any downloaded files for the job are deleted from the disk.
|
||||||
|
|
||||||
|
> [!Note]
|
||||||
|
> Any property changes to the job or any successful download action will reset this timeout.
|
||||||
|
|
||||||
|
Value type is integer. Default is 90 days.
|
||||||
|
|
||||||
|
Supported values range: 0 - 999
|
||||||
|
|
||||||
|
Consider increasing the timeout value if computers tend to stay offline for a long period of time and still have pending jobs.
|
||||||
|
Consider decreasing this value if you are concerned about orphaned jobs occupying disk space.
|
||||||
|
|
||||||
|
If you disable or do not configure this policy setting, the default value of 90 (days) will be used for the inactive job timeout.
|
||||||
|
|
||||||
|
<!--/Description-->
|
||||||
|
<!--ADMXMapped-->
|
||||||
|
ADMX Info:
|
||||||
|
- GP English name: *Timeout for inactive BITS jobs*
|
||||||
|
- GP name: *BITS_Job_Timeout*
|
||||||
|
- GP element: *BITS_Job_Timeout_Time*
|
||||||
|
- GP path: *Network/Background Intelligent Transfer Service (BITS)*
|
||||||
|
- GP ADMX file name: *Bits.admx*
|
||||||
|
|
||||||
|
<!--/ADMXMapped-->
|
||||||
|
<!--SupportedValues-->
|
||||||
|
Value type is integer. Default is 90 days.
|
||||||
|
|
||||||
|
Supported values range: 0 - 999
|
||||||
|
|
||||||
|
|
||||||
|
<!--/SupportedValues-->
|
||||||
|
<!--Example-->
|
||||||
|
|
||||||
|
<!--/Example-->
|
||||||
|
<!--Validation-->
|
||||||
|
|
||||||
|
<!--/Validation-->
|
||||||
|
<!--/Policy-->
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
Footnote:
|
||||||
|
|
||||||
|
- 1 - Added in Windows 10, version 1607.
|
||||||
|
- 2 - Added in Windows 10, version 1703.
|
||||||
|
- 3 - Added in Windows 10, version 1709.
|
||||||
|
- 4 - Added in Windows 10, version 1803.
|
||||||
|
- 5 - Added in the next major release of Windows 10.
|
||||||
|
|
||||||
|
<!--/Policies-->
|
||||||
|
|
99
windows/client-management/mdm/policy-csp-taskmanager.md
Normal file
@ -0,0 +1,99 @@
|
|||||||
|
---
|
||||||
|
title: Policy CSP - TaskManager
|
||||||
|
description: Policy CSP - TaskManager
|
||||||
|
ms.author: maricia
|
||||||
|
ms.topic: article
|
||||||
|
ms.prod: w10
|
||||||
|
ms.technology: windows
|
||||||
|
author: MariciaAlforque
|
||||||
|
ms.date: 07/05/2018
|
||||||
|
---
|
||||||
|
|
||||||
|
# Policy CSP - TaskManager
|
||||||
|
|
||||||
|
> [!WARNING]
|
||||||
|
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
|
||||||
|
|
||||||
|
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<!--Policies-->
|
||||||
|
## TaskManager policies
|
||||||
|
|
||||||
|
<dl>
|
||||||
|
<dd>
|
||||||
|
<a href="#taskmanager-allowendtask">TaskManager/AllowEndTask</a>
|
||||||
|
</dd>
|
||||||
|
</dl>
|
||||||
|
|
||||||
|
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<!--Policy-->
|
||||||
|
<a href="" id="taskmanager-allowendtask"></a>**TaskManager/AllowEndTask**
|
||||||
|
|
||||||
|
<!--SupportedSKUs-->
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<th>Home</th>
|
||||||
|
<th>Pro</th>
|
||||||
|
<th>Business</th>
|
||||||
|
<th>Enterprise</th>
|
||||||
|
<th>Education</th>
|
||||||
|
<th>Mobile</th>
|
||||||
|
<th>Mobile Enterprise</th>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
|
||||||
|
<td></td>
|
||||||
|
<td></td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
<!--/SupportedSKUs-->
|
||||||
|
<!--Scope-->
|
||||||
|
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
||||||
|
|
||||||
|
> [!div class = "checklist"]
|
||||||
|
> * Device
|
||||||
|
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<!--/Scope-->
|
||||||
|
<!--Description-->
|
||||||
|
This setting determines whether non-administrators can use Task Manager to end tasks.
|
||||||
|
|
||||||
|
Value type is integer. Supported values:
|
||||||
|
- 0 - Disabled. EndTask functionality is blocked in TaskManager.
|
||||||
|
- 1 - Enabled (default). Users can perform EndTask in TaskManager.
|
||||||
|
|
||||||
|
<!--/Description-->
|
||||||
|
<!--SupportedValues-->
|
||||||
|
|
||||||
|
<!--/SupportedValues-->
|
||||||
|
<!--Example-->
|
||||||
|
|
||||||
|
<!--/Example-->
|
||||||
|
<!--Validation-->
|
||||||
|
**Validation procedure:**
|
||||||
|
When this policy is set to 1 - users CAN execute 'End task' on processes in TaskManager
|
||||||
|
When the policy is set to 0 - users CANNOT execute 'End task' on processes in TaskManager
|
||||||
|
|
||||||
|
<!--/Validation-->
|
||||||
|
<!--/Policy-->
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
Footnote:
|
||||||
|
|
||||||
|
- 1 - Added in Windows 10, version 1607.
|
||||||
|
- 2 - Added in Windows 10, version 1703.
|
||||||
|
- 3 - Added in Windows 10, version 1709.
|
||||||
|
- 4 - Added in Windows 10, version 1803.
|
||||||
|
- 5 - Added in the next major release of Windows 10.
|
||||||
|
|
||||||
|
<!--/Policies-->
|
||||||
|
|
@ -6,7 +6,7 @@ ms.topic: article
|
|||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.technology: windows
|
ms.technology: windows
|
||||||
author: MariciaAlforque
|
author: MariciaAlforque
|
||||||
ms.date: 05/14/2018
|
ms.date: 07/12/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Policy CSP - WindowsLogon
|
# Policy CSP - WindowsLogon
|
||||||
@ -143,6 +143,31 @@ If you enable this policy setting, the PC's network connectivity state cannot be
|
|||||||
|
|
||||||
If you disable or don't configure this policy setting, any user can disconnect the PC from the network or can connect the PC to other available networks without signing into Windows.
|
If you disable or don't configure this policy setting, any user can disconnect the PC from the network or can connect the PC to other available networks without signing into Windows.
|
||||||
|
|
||||||
|
Here is an example to enable this policy:
|
||||||
|
|
||||||
|
``` syntax
|
||||||
|
<SyncML xmlns="SYNCML:SYNCML1.2">
|
||||||
|
<SyncBody>
|
||||||
|
<Atomic>
|
||||||
|
<CmdID>300</CmdID>
|
||||||
|
<Replace>
|
||||||
|
<CmdID>301</CmdID>
|
||||||
|
<Item>
|
||||||
|
<Target>
|
||||||
|
<LocURI>./Device/Vendor/MSFT/Policy/Config/WindowsLogon/DontDisplayNetworkSelectionUI</LocURI>
|
||||||
|
</Target>
|
||||||
|
<Meta>
|
||||||
|
<Format xmlns="syncml:metinf">chr</Format>
|
||||||
|
</Meta>
|
||||||
|
<Data><![CDATA[<enabled/>]]></Data>
|
||||||
|
</Item>
|
||||||
|
</Replace>
|
||||||
|
</Atomic>
|
||||||
|
<Final/>
|
||||||
|
</SyncBody>
|
||||||
|
</SyncML>
|
||||||
|
```
|
||||||
|
|
||||||
<!--/Description-->
|
<!--/Description-->
|
||||||
> [!TIP]
|
> [!TIP]
|
||||||
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
|
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
|
||||||
|
@ -232,6 +232,24 @@ Specifies the name of the H-SLP root certificate as a string, in the format *nam
|
|||||||
<a href="" id="rootcertificate3-data"></a>**RootCertificate3/Data**
|
<a href="" id="rootcertificate3-data"></a>**RootCertificate3/Data**
|
||||||
The base 64 encoded blob of the H-SLP root certificate.
|
The base 64 encoded blob of the H-SLP root certificate.
|
||||||
|
|
||||||
|
<a href="" id="rootcertificate-name"></a>**RootCertificate4/Name**
|
||||||
|
Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
|
||||||
|
|
||||||
|
<a href="" id="rootcertificate-data"></a>**RootCertificate4/Data**
|
||||||
|
The base 64 encoded blob of the H-SLP root certificate.
|
||||||
|
|
||||||
|
<a href="" id="rootcertificate2-name"></a>**RootCertificate5/Name**
|
||||||
|
Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
|
||||||
|
|
||||||
|
<a href="" id="rootcertificate2-data"></a>**RootCertificate5/Data**
|
||||||
|
The base 64 encoded blob of the H-SLP root certificate.
|
||||||
|
|
||||||
|
<a href="" id="rootcertificate3-name"></a>**RootCertificate6/Name**
|
||||||
|
Specifies the name of the H-SLP root certificate as a string, in the format *name*.cer.
|
||||||
|
|
||||||
|
<a href="" id="rootcertificate3-data"></a>**RootCertificate6/Data**
|
||||||
|
The base 64 encoded blob of the H-SLP root certificate.
|
||||||
|
|
||||||
<a href="" id="v2upl1"></a>**V2UPL1**
|
<a href="" id="v2upl1"></a>**V2UPL1**
|
||||||
Required for V2 UPL for CDMA. Specifies the account settings for user plane location and IS-801 for CDMA. Only one account is supported at a given time.
|
Required for V2 UPL for CDMA. Specifies the account settings for user plane location and IS-801 for CDMA. Only one account is supported at a given time.
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@ ms.topic: article
|
|||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.technology: windows
|
ms.technology: windows
|
||||||
author: MariciaAlforque
|
author: MariciaAlforque
|
||||||
ms.date: 04/16/2018
|
ms.date: 06/28/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# WiFi CSP
|
# WiFi CSP
|
||||||
@ -59,8 +59,6 @@ If it exists in the blob, the **keyType** and **protected** elements must come b
|
|||||||
|
|
||||||
> **Note** If you need to specify other advanced conditions, such as specifying criteria for certificates that can be used by the Wi-Fi profile, you can do so by specifying this through the EapHostConfig portion of the WlanXML. For more information, see [EAP configuration](http://go.microsoft.com/fwlink/p/?LinkId=618963).
|
> **Note** If you need to specify other advanced conditions, such as specifying criteria for certificates that can be used by the Wi-Fi profile, you can do so by specifying this through the EapHostConfig portion of the WlanXML. For more information, see [EAP configuration](http://go.microsoft.com/fwlink/p/?LinkId=618963).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
The supported operations are Add, Get, Delete, and Replace.
|
The supported operations are Add, Get, Delete, and Replace.
|
||||||
|
|
||||||
<a href="" id="proxy"></a>**Proxy**
|
<a href="" id="proxy"></a>**Proxy**
|
||||||
@ -96,6 +94,17 @@ Added in Windows 10, version 1607. Optional. When set to true it enables Web Pr
|
|||||||
|
|
||||||
Value type is bool.
|
Value type is bool.
|
||||||
|
|
||||||
|
<a href="" id="wificost"></a>**WiFiCost**
|
||||||
|
Added in Windows 10, next major version. Optional. This policy sets the cost of WLAN connection for the Wi-Fi profile. Default behaviour: Unrestricted.
|
||||||
|
|
||||||
|
Supported values:
|
||||||
|
|
||||||
|
- 1 - Unrestricted - unlimited connection
|
||||||
|
- 2 - Fixed - capacity constraints up to a certain data limit
|
||||||
|
- 3 - Variable - paid on per byte basic
|
||||||
|
|
||||||
|
Supported operations are Add, Get, Replace and Delete. Value type is integer.
|
||||||
|
|
||||||
## Examples
|
## Examples
|
||||||
|
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@ ms.topic: article
|
|||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.technology: windows
|
ms.technology: windows
|
||||||
author: MariciaAlforque
|
author: MariciaAlforque
|
||||||
ms.date: 06/26/2017
|
ms.date: 06/28/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# WiFi DDF file
|
# WiFi DDF file
|
||||||
@ -15,7 +15,190 @@ ms.date: 06/26/2017
|
|||||||
|
|
||||||
This topic shows the OMA DM device description framework (DDF) for the **WiFi** configuration service provider. DDF files are used only with OMA DM provisioning XML.
|
This topic shows the OMA DM device description framework (DDF) for the **WiFi** configuration service provider. DDF files are used only with OMA DM provisioning XML.
|
||||||
|
|
||||||
Content under development and will be published soon.
|
The XML below is for Windows 10, next major version.
|
||||||
|
|
||||||
|
``` syntax
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
|
||||||
|
"http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
|
||||||
|
[
|
||||||
|
<?oma-dm-ddf-ver supported-versions="1.2"?>
|
||||||
|
]>
|
||||||
|
<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
|
||||||
|
<VerDTD>1.2</VerDTD>
|
||||||
|
<Node>
|
||||||
|
<NodeName>WiFi</NodeName>
|
||||||
|
<Path>./Vendor/MSFT</Path>
|
||||||
|
<DFProperties>
|
||||||
|
<AccessType>
|
||||||
|
<Get />
|
||||||
|
</AccessType>
|
||||||
|
<DFFormat>
|
||||||
|
<node />
|
||||||
|
</DFFormat>
|
||||||
|
<Occurrence>
|
||||||
|
<One />
|
||||||
|
</Occurrence>
|
||||||
|
<Scope>
|
||||||
|
<Permanent />
|
||||||
|
</Scope>
|
||||||
|
<DFType>
|
||||||
|
<MIME>com.microsoft/1.1/MDM/WiFi</MIME>
|
||||||
|
</DFType>
|
||||||
|
</DFProperties>
|
||||||
|
<Node>
|
||||||
|
<NodeName>Profile</NodeName>
|
||||||
|
<DFProperties>
|
||||||
|
<AccessType>
|
||||||
|
<Get />
|
||||||
|
</AccessType>
|
||||||
|
<DFFormat>
|
||||||
|
<node />
|
||||||
|
</DFFormat>
|
||||||
|
<Occurrence>
|
||||||
|
<One />
|
||||||
|
</Occurrence>
|
||||||
|
<Scope>
|
||||||
|
<Permanent />
|
||||||
|
</Scope>
|
||||||
|
<DFType>
|
||||||
|
<DDFName></DDFName>
|
||||||
|
</DFType>
|
||||||
|
</DFProperties>
|
||||||
|
<Node>
|
||||||
|
<NodeName></NodeName>
|
||||||
|
<DFProperties>
|
||||||
|
<AccessType>
|
||||||
|
<Add />
|
||||||
|
<Delete />
|
||||||
|
<Get />
|
||||||
|
<Replace />
|
||||||
|
</AccessType>
|
||||||
|
<Description>The Profile name of the Wi-Fi network. This is added when WlanXML node is added and deleted when Wlanxml is deleted.</Description>
|
||||||
|
<DFFormat>
|
||||||
|
<node />
|
||||||
|
</DFFormat>
|
||||||
|
<Occurrence>
|
||||||
|
<ZeroOrMore />
|
||||||
|
</Occurrence>
|
||||||
|
<Scope>
|
||||||
|
<Dynamic />
|
||||||
|
</Scope>
|
||||||
|
<DFTitle>SSID</DFTitle>
|
||||||
|
<DFType>
|
||||||
|
<DDFName></DDFName>
|
||||||
|
</DFType>
|
||||||
|
</DFProperties>
|
||||||
|
<Node>
|
||||||
|
<NodeName>WlanXml</NodeName>
|
||||||
|
<DFProperties>
|
||||||
|
<AccessType>
|
||||||
|
<Add />
|
||||||
|
<Delete />
|
||||||
|
<Get />
|
||||||
|
<Replace />
|
||||||
|
</AccessType>
|
||||||
|
<Description>
|
||||||
|
XML describing the network configuration and follows Windows WLAN_profile schema.
|
||||||
|
Link to schema: http://msdn.microsoft.com/en-us/library/windows/desktop/ms707341(v=vs.85).aspx
|
||||||
|
</Description>
|
||||||
|
<DFFormat>
|
||||||
|
<chr />
|
||||||
|
</DFFormat>
|
||||||
|
<Occurrence>
|
||||||
|
<One />
|
||||||
|
</Occurrence>
|
||||||
|
<Scope>
|
||||||
|
<Dynamic />
|
||||||
|
</Scope>
|
||||||
|
<DFType>
|
||||||
|
<MIME>text/plain</MIME>
|
||||||
|
</DFType>
|
||||||
|
</DFProperties>
|
||||||
|
</Node>
|
||||||
|
<Node>
|
||||||
|
<NodeName>Proxy</NodeName>
|
||||||
|
<DFProperties>
|
||||||
|
<AccessType>
|
||||||
|
<Add />
|
||||||
|
<Delete />
|
||||||
|
<Get />
|
||||||
|
<Replace />
|
||||||
|
</AccessType>
|
||||||
|
<Description>Optional node. The format is url:port. Configuration of the network proxy (if any).</Description>
|
||||||
|
<DFFormat>
|
||||||
|
<chr />
|
||||||
|
</DFFormat>
|
||||||
|
<Occurrence>
|
||||||
|
<One />
|
||||||
|
</Occurrence>
|
||||||
|
<Scope>
|
||||||
|
<Dynamic />
|
||||||
|
</Scope>
|
||||||
|
<CaseSense>
|
||||||
|
<CIS />
|
||||||
|
</CaseSense>
|
||||||
|
<DFType>
|
||||||
|
<MIME>text/plain</MIME>
|
||||||
|
</DFType>
|
||||||
|
</DFProperties>
|
||||||
|
</Node>
|
||||||
|
<Node>
|
||||||
|
<NodeName>ProxyPacUrl</NodeName>
|
||||||
|
<DFProperties>
|
||||||
|
<AccessType>
|
||||||
|
<Get />
|
||||||
|
<Add />
|
||||||
|
<Delete />
|
||||||
|
<Replace />
|
||||||
|
</AccessType>
|
||||||
|
<Description>Optional node. URL to the PAC file location.</Description>
|
||||||
|
<DFFormat>
|
||||||
|
<chr />
|
||||||
|
</DFFormat>
|
||||||
|
<Occurrence>
|
||||||
|
<ZeroOrOne />
|
||||||
|
</Occurrence>
|
||||||
|
<Scope>
|
||||||
|
<Dynamic />
|
||||||
|
</Scope>
|
||||||
|
<CaseSense>
|
||||||
|
<CIS />
|
||||||
|
</CaseSense>
|
||||||
|
<DFType>
|
||||||
|
<MIME>text/plain</MIME>
|
||||||
|
</DFType>
|
||||||
|
</DFProperties>
|
||||||
|
</Node>
|
||||||
|
<Node>
|
||||||
|
<NodeName>ProxyWPAD</NodeName>
|
||||||
|
<DFProperties>
|
||||||
|
<AccessType>
|
||||||
|
<Get />
|
||||||
|
<Add />
|
||||||
|
<Delete />
|
||||||
|
<Replace />
|
||||||
|
</AccessType>
|
||||||
|
<Description>Optional node: The presence of the field enables WPAD for proxy lookup.</Description>
|
||||||
|
<DFFormat>
|
||||||
|
<bool />
|
||||||
|
</DFFormat>
|
||||||
|
<Occurrence>
|
||||||
|
<ZeroOrOne />
|
||||||
|
</Occurrence>
|
||||||
|
<Scope>
|
||||||
|
<Dynamic />
|
||||||
|
</Scope>
|
||||||
|
<DFType>
|
||||||
|
<MIME>text/plain</MIME>
|
||||||
|
</DFType>
|
||||||
|
</DFProperties>
|
||||||
|
</Node>
|
||||||
|
</Node>
|
||||||
|
</Node>
|
||||||
|
</Node>
|
||||||
|
</MgmtTree>
|
||||||
|
```
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
|
34
windows/client-management/mdm/wirednetwork-csp.md
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
---
|
||||||
|
title: WiredNetwork CSP
|
||||||
|
description: The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that do not have GP to enable them to access corporate Internet over ethernet.
|
||||||
|
ms.author: maricia
|
||||||
|
ms.topic: article
|
||||||
|
ms.prod: w10
|
||||||
|
ms.technology: windows
|
||||||
|
author: MariciaAlforque
|
||||||
|
ms.date: 06/27/2018
|
||||||
|
---
|
||||||
|
|
||||||
|
# WiredNetwork CSP
|
||||||
|
|
||||||
|
> [!WARNING]
|
||||||
|
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
|
||||||
|
|
||||||
|
The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that do not have GP to enable them to access corporate Internet over ethernet. This CSP was added in Windows 10, next major version.
|
||||||
|
|
||||||
|
The following diagram shows the WiredNetwork configuration service provider in tree format.
|
||||||
|
|
||||||
|

|
||||||
|
|
||||||
|
<a href="" id="wirednetwork"></a>**./Device/Vendor/MSFT/WiredNetwork**
|
||||||
|
Root node.
|
||||||
|
|
||||||
|
<a href="" id="lanxml"></a>**LanXML**
|
||||||
|
Optional. XML describing the wired network configuration and follows the LAN_profile schemas https://msdn.microsoft.com/en-us/library/windows/desktop/aa816366(v=vs.85).aspx.
|
||||||
|
|
||||||
|
Supported operations are Add, Get, Replace, and Delete. Value type is string.
|
||||||
|
|
||||||
|
<a href="" id="enableblockperiod"></a>**EnableBlockPeriod**
|
||||||
|
Optional. Enable block period (minutes), used to specify the duration for which automatic authentication attempts will be blocked from occurring after a failed authentication attempt.
|
||||||
|
|
||||||
|
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
|
167
windows/client-management/mdm/wirednetwork-ddf-file.md
Normal file
@ -0,0 +1,167 @@
|
|||||||
|
---
|
||||||
|
title: WiredNetwork DDF file
|
||||||
|
description: This topic shows the OMA DM device description framework (DDF) for the WiredNetwork configuration service provider.
|
||||||
|
ms.author: maricia
|
||||||
|
ms.topic: article
|
||||||
|
ms.prod: w10
|
||||||
|
ms.technology: windows
|
||||||
|
author: MariciaAlforque
|
||||||
|
ms.date: 06/28/2018
|
||||||
|
---
|
||||||
|
|
||||||
|
# WiredNetwork DDF file
|
||||||
|
|
||||||
|
|
||||||
|
This topic shows the OMA DM device description framework (DDF) for the WiredNetwork configuration service provider. This CSP was added in Windows 10, version 1511.
|
||||||
|
|
||||||
|
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
|
||||||
|
|
||||||
|
The XML below is the current version for this CSP.
|
||||||
|
|
||||||
|
``` syntax
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
|
||||||
|
"http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
|
||||||
|
[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
|
||||||
|
<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
|
||||||
|
<VerDTD>1.2</VerDTD>
|
||||||
|
<Node>
|
||||||
|
<NodeName>WiredNetwork</NodeName>
|
||||||
|
<Path>./User/Vendor/MSFT</Path>
|
||||||
|
<DFProperties>
|
||||||
|
<AccessType>
|
||||||
|
<Get />
|
||||||
|
</AccessType>
|
||||||
|
<DFFormat>
|
||||||
|
<node />
|
||||||
|
</DFFormat>
|
||||||
|
<Occurrence>
|
||||||
|
<One />
|
||||||
|
</Occurrence>
|
||||||
|
<Scope>
|
||||||
|
<Permanent />
|
||||||
|
</Scope>
|
||||||
|
<DFType>
|
||||||
|
<DDFName></DDFName>
|
||||||
|
</DFType>
|
||||||
|
</DFProperties>
|
||||||
|
<Node>
|
||||||
|
<NodeName>LanXML</NodeName>
|
||||||
|
<DFProperties>
|
||||||
|
<AccessType>
|
||||||
|
<Get />
|
||||||
|
<Add />
|
||||||
|
<Delete />
|
||||||
|
<Replace />
|
||||||
|
</AccessType>
|
||||||
|
<Description>XML describing the wired network configuration and follows the LAN_profile schemas https://msdn.microsoft.com/en-us/library/windows/desktop/aa816366(v=vs.85).aspx</Description>
|
||||||
|
<DFFormat>
|
||||||
|
<chr />
|
||||||
|
</DFFormat>
|
||||||
|
<Occurrence>
|
||||||
|
<ZeroOrOne />
|
||||||
|
</Occurrence>
|
||||||
|
<Scope>
|
||||||
|
<Dynamic />
|
||||||
|
</Scope>
|
||||||
|
<DFType>
|
||||||
|
<MIME>text/plain</MIME>
|
||||||
|
</DFType>
|
||||||
|
</DFProperties>
|
||||||
|
</Node>
|
||||||
|
<Node>
|
||||||
|
<NodeName>EnableBlockPeriod</NodeName>
|
||||||
|
<DFProperties>
|
||||||
|
<AccessType>
|
||||||
|
<Get />
|
||||||
|
<Add />
|
||||||
|
<Delete />
|
||||||
|
<Replace />
|
||||||
|
</AccessType>
|
||||||
|
<Description> Enable block period (minutes), used to specify the duration for which automatic authentication attempts will be blocked from occurring after a failed authentication attempt.</Description>
|
||||||
|
<DFFormat>
|
||||||
|
<int />
|
||||||
|
</DFFormat>
|
||||||
|
<Occurrence>
|
||||||
|
<ZeroOrOne />
|
||||||
|
</Occurrence>
|
||||||
|
<Scope>
|
||||||
|
<Dynamic />
|
||||||
|
</Scope>
|
||||||
|
<DFType>
|
||||||
|
<MIME>text/plain</MIME>
|
||||||
|
</DFType>
|
||||||
|
</DFProperties>
|
||||||
|
</Node>
|
||||||
|
</Node>
|
||||||
|
<Node>
|
||||||
|
<NodeName>WiredNetwork</NodeName>
|
||||||
|
<Path>./Device/Vendor/MSFT</Path>
|
||||||
|
<DFProperties>
|
||||||
|
<AccessType>
|
||||||
|
<Get />
|
||||||
|
</AccessType>
|
||||||
|
<DFFormat>
|
||||||
|
<node />
|
||||||
|
</DFFormat>
|
||||||
|
<Occurrence>
|
||||||
|
<One />
|
||||||
|
</Occurrence>
|
||||||
|
<Scope>
|
||||||
|
<Permanent />
|
||||||
|
</Scope>
|
||||||
|
<DFType>
|
||||||
|
<DDFName></DDFName>
|
||||||
|
</DFType>
|
||||||
|
</DFProperties>
|
||||||
|
<Node>
|
||||||
|
<NodeName>LanXML</NodeName>
|
||||||
|
<DFProperties>
|
||||||
|
<AccessType>
|
||||||
|
<Get />
|
||||||
|
<Add />
|
||||||
|
<Delete />
|
||||||
|
<Replace />
|
||||||
|
</AccessType>
|
||||||
|
<Description>XML describing the wired network configuration and follows the LAN_profile schemas https://msdn.microsoft.com/en-us/library/windows/desktop/aa816366(v=vs.85).aspx</Description>
|
||||||
|
<DFFormat>
|
||||||
|
<chr />
|
||||||
|
</DFFormat>
|
||||||
|
<Occurrence>
|
||||||
|
<ZeroOrOne />
|
||||||
|
</Occurrence>
|
||||||
|
<Scope>
|
||||||
|
<Dynamic />
|
||||||
|
</Scope>
|
||||||
|
<DFType>
|
||||||
|
<MIME>text/plain</MIME>
|
||||||
|
</DFType>
|
||||||
|
</DFProperties>
|
||||||
|
</Node>
|
||||||
|
<Node>
|
||||||
|
<NodeName>EnableBlockPeriod</NodeName>
|
||||||
|
<DFProperties>
|
||||||
|
<AccessType>
|
||||||
|
<Get />
|
||||||
|
<Add />
|
||||||
|
<Delete />
|
||||||
|
<Replace />
|
||||||
|
</AccessType>
|
||||||
|
<Description> Enable block period (minutes), used to specify the duration for which automatic authentication attempts will be blocked from occurring after a failed authentication attempt.</Description>
|
||||||
|
<DFFormat>
|
||||||
|
<int />
|
||||||
|
</DFFormat>
|
||||||
|
<Occurrence>
|
||||||
|
<ZeroOrOne />
|
||||||
|
</Occurrence>
|
||||||
|
<Scope>
|
||||||
|
<Dynamic />
|
||||||
|
</Scope>
|
||||||
|
<DFType>
|
||||||
|
<MIME>text/plain</MIME>
|
||||||
|
</DFType>
|
||||||
|
</DFProperties>
|
||||||
|
</Node>
|
||||||
|
</Node>
|
||||||
|
</MgmtTree>
|
||||||
|
```
|
@ -220,6 +220,10 @@
|
|||||||
### [Optimize Windows 10 update delivery](update/waas-optimize-windows-10-updates.md)
|
### [Optimize Windows 10 update delivery](update/waas-optimize-windows-10-updates.md)
|
||||||
#### [Configure Delivery Optimization for Windows 10 updates](update/waas-delivery-optimization.md)
|
#### [Configure Delivery Optimization for Windows 10 updates](update/waas-delivery-optimization.md)
|
||||||
#### [Configure BranchCache for Windows 10 updates](update/waas-branchcache.md)
|
#### [Configure BranchCache for Windows 10 updates](update/waas-branchcache.md)
|
||||||
|
### [Best practices for feature updates on mission-critical devices](update/feature-update-mission-critical.md)
|
||||||
|
#### [Deploy feature updates during maintenance windows](update/feature-update-maintenance-window.md)
|
||||||
|
#### [Deploy feature updates for user-initiated installations](update/feature-update-user-install.md)
|
||||||
|
#### [Conclusion](update/feature-update-conclusion.md)
|
||||||
### [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](update/waas-mobile-updates.md)
|
### [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](update/waas-mobile-updates.md)
|
||||||
### [Deploy updates using Windows Update for Business](update/waas-manage-updates-wufb.md)
|
### [Deploy updates using Windows Update for Business](update/waas-manage-updates-wufb.md)
|
||||||
#### [Configure Windows Update for Business](update/waas-configure-wufb.md)
|
#### [Configure Windows Update for Business](update/waas-configure-wufb.md)
|
||||||
|
20
windows/deployment/update/feature-update-conclusion.md
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
title: Best practices for feature updates - conclusion
|
||||||
|
description: Final thoughts about how to deploy feature updates
|
||||||
|
ms.prod: w10
|
||||||
|
ms.mktglfcycl: manage
|
||||||
|
ms.sitesec: library
|
||||||
|
author: lizap
|
||||||
|
ms.localizationpriority: medium
|
||||||
|
ms.author: elizapo
|
||||||
|
ms.date: 07/09/2018
|
||||||
|
---
|
||||||
|
|
||||||
|
# Conclusion
|
||||||
|
|
||||||
|
**Applies to**: Windows 10
|
||||||
|
|
||||||
|
Mission critical devices that need to be online 24x7 pose unique challenges for the IT Pro looking to stay current with the latest Windows 10 feature update. Because these devices are online continually, providing mission critical services, with only a small window of time available to apply feature updates, specific procedures are required to effectively keep these devices current, with as little downtime as possible.
|
||||||
|
|
||||||
|
Whether you have defined servicing windows at your disposal where feature updates can be installed automatically, or you require user initiated installs by a technician, this whitepaper provides guidelines for either approach. Improvements are continually being made to Windows 10 setup to reduce device offline time for feature updates. This whitepaper will be updated as enhancements become available to improve the overall servicing approach and experience.
|
||||||
|
|
257
windows/deployment/update/feature-update-maintenance-window.md
Normal file
@ -0,0 +1,257 @@
|
|||||||
|
---
|
||||||
|
title: Best practices - deploy feature updates during maintenance windows
|
||||||
|
description: Learn how to deploy feature updates during a maintenance window
|
||||||
|
ms.prod: w10
|
||||||
|
ms.mktglfcycl: manage
|
||||||
|
ms.sitesec: library
|
||||||
|
author: mcureton
|
||||||
|
ms.localizationpriority: medium
|
||||||
|
ms.author: mikecure
|
||||||
|
ms.date: 07/09/2018
|
||||||
|
---
|
||||||
|
|
||||||
|
# Deploy feature updates during maintenance windows
|
||||||
|
|
||||||
|
**Applies to**: Windows 10
|
||||||
|
|
||||||
|
Use the following information to deploy feature updates during a maintenance window.
|
||||||
|
|
||||||
|
## Get ready to deploy feature updates
|
||||||
|
|
||||||
|
### Step 1: Configure maintenance windows
|
||||||
|
|
||||||
|
1. In the Configuration Manager console, choose **Assets and Compliance> Device Collections**.
|
||||||
|
2. In the **Device Collections** list, select the collection for which you intended to deploy the feature update(s).
|
||||||
|
3. On the **Home** tab, in the **Properties** group, choose **Properties**.
|
||||||
|
4. In the **Maintenance Windows** tab of the <collection name> Properties dialog box, choose the New icon.
|
||||||
|
5. Complete the <new> Schedule dialog.
|
||||||
|
6. Select from the Apply this schedule to drop-down list.
|
||||||
|
7. Choose **OK** and then close the **\<collection name\> Properties** dialog box.
|
||||||
|
|
||||||
|
### Step 2: Review computer restart device settings
|
||||||
|
|
||||||
|
If you’re not suppressing computer restarts and the feature update will be installed when no users are present, consider deploying a custom client settings policy to your feature update target collection to shorten the settings below or consider the total duration of these settings when defining your maintenance window duration.
|
||||||
|
|
||||||
|
For example, by default, 90 minutes will be honored before the system is rebooted after the feature update install. If users will not be impacted by the user logoff or restart, there is no need to wait a full 90 minutes before rebooting the computer. If a delay and notification is needed, ensure that the maintenance window takes this into account along with the total time needed to install the feature update.
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
> The following settings must be shorter in duration than the shortest maintenance window applied to the computer.
|
||||||
|
>- **Display a temporary notification to the user that indicates the interval before the user is logged off or the computer restarts (minutes).**
|
||||||
|
>- **Display a dialog box that the user cannot close, which displays the countdown interval before the user is logged off or the computer restarts (minutes).**
|
||||||
|
|
||||||
|
### Step 3: Enable Peer Cache
|
||||||
|
|
||||||
|
Use **Peer Cache** to help manage deployment of content to clients in remote locations. Peer Cache is a built-in Configuration Manager solution that enables clients to share content with other clients directly from their local cache.
|
||||||
|
|
||||||
|
[Enable Configuration Manager client in full OS to share content](https://docs.microsoft.com/sccm/core/clients/deploy/about-client-settings#enable-configuration-manager-client-in-full-os-to-share-content) if you have clients in remote locations that would benefit from downloading feature update content from a peer instead of downloading it from a distribution point (or Microsoft Update).
|
||||||
|
|
||||||
|
### Step 4: Override the default Windows setup priority (Windows 10, version 1709 and later)
|
||||||
|
|
||||||
|
If you’re deploying **Feature update to Windows 10, version 1709** or later, by default, portions of setup are configured to run at a lower priority. This can result in a longer total install time for the feature update. When deploying within a maintenance window, we recommend that you override this default behavior to benefit from faster total install times. To override the default priority, create a file called SetupConfig.ini on each machine to be upgraded in the below location containing the single section noted.
|
||||||
|
|
||||||
|
%systemdrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini
|
||||||
|
|
||||||
|
```
|
||||||
|
[SetupConfig]
|
||||||
|
Priority=Normal
|
||||||
|
```
|
||||||
|
|
||||||
|
You can use the new [Run Scripts](https://docs.microsoft.com/sccm/apps/deploy-use/create-deploy-scripts) feature to run a PowerShell script like the sample below to create the SetupConfig.ini on target devices.
|
||||||
|
|
||||||
|
```
|
||||||
|
#Parameters
|
||||||
|
Param(
|
||||||
|
[string] $PriorityValue = "Normal"
|
||||||
|
)
|
||||||
|
|
||||||
|
#Variable for ini file path
|
||||||
|
$iniFilePath = "$env:SystemDrive\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini"
|
||||||
|
|
||||||
|
#Variables for SetupConfig
|
||||||
|
$iniSetupConfigSlogan = "[SetupConfig]"
|
||||||
|
$iniSetupConfigKeyValuePair =@{"Priority"=$PriorityValue;}
|
||||||
|
|
||||||
|
#Init SetupConfig content
|
||||||
|
$iniSetupConfigContent = @"
|
||||||
|
$iniSetupConfigSlogan
|
||||||
|
"@
|
||||||
|
|
||||||
|
#Build SetupConfig content with settings
|
||||||
|
foreach ($k in $iniSetupConfigKeyValuePair.Keys)
|
||||||
|
{
|
||||||
|
$val = $iniSetupConfigKeyValuePair[$k]
|
||||||
|
|
||||||
|
$iniSetupConfigContent = $iniSetupConfigContent.Insert($iniSetupConfigContent.Length, "`r`n$k=$val")
|
||||||
|
}
|
||||||
|
|
||||||
|
#Write content to file
|
||||||
|
New-Item $iniFilePath -ItemType File -Value $iniSetupConfigContent -Force
|
||||||
|
|
||||||
|
Disclaimer
|
||||||
|
Sample scripts are not supported under any Microsoft standard support program or service. The sample scripts is
|
||||||
|
provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without
|
||||||
|
limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk
|
||||||
|
arising out of the use or performance of the sample script and documentation remains with you. In no event shall
|
||||||
|
Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable
|
||||||
|
for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption,
|
||||||
|
loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample script
|
||||||
|
or documentation, even if Microsoft has been advised of the possibility of such damages.
|
||||||
|
```
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>If you elect not to override the default setup priority, you will need to increase the [maximum run time](https://docs.microsoft.com/sccm/sum/get-started/manage-settings-for-software-updates#BKMK_SetMaxRunTime) value for Feature Update to Windows 10, version 1709 or higher from the default of 60 minutes. A value of 240 minutes may be required. Remember to ensure that your maintenance window duration is larger than your defined maximum run time value.
|
||||||
|
|
||||||
|
## Manually deploy feature updates
|
||||||
|
|
||||||
|
The following sections provide the steps to manually deploy a feature update.
|
||||||
|
|
||||||
|
### Step 1: Specify search criteria for feature updates
|
||||||
|
There are potentially a thousand or more feature updates displayed in the Configuration Manager console. The first step in the workflow for manually deploying feature updates is to identify the feature updates that you want to deploy.
|
||||||
|
|
||||||
|
1. In the Configuration Manager console, click **Software Library**.
|
||||||
|
2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. The synchronized feature updates are displayed.
|
||||||
|
3. In the search pane, filter to identify the feature updates that you need by using one or both of the following steps:
|
||||||
|
- In the search text box, type a search string that will filter the feature updates. For example, type the version number for a specific feature update, or enter a string that would appear in the title of the feature update.
|
||||||
|
- Click **Add Criteria**, select the criteria that you want to use to filter software updates, click **Add**, and then provide the values for the criteria. For example, Title contains 1803, Required is greater than or equal to 1, and Language equals English.
|
||||||
|
|
||||||
|
4. Save the search for future use.
|
||||||
|
|
||||||
|
### Step 2: Download the content for the feature update(s)
|
||||||
|
Before you deploy the feature updates, you can download the content as a separate step. Do this so you can verify that the content is available on the distribution points before you deploy the feature updates. This will help you to avoid any unexpected issues with the content delivery. Use the following procedure to download the content for feature updates before creating the deployment.
|
||||||
|
|
||||||
|
1. In the Configuration Manager console, navigate to **Software Library > Windows 10 Servicing**.
|
||||||
|
2. Choose the feature update(s) to download by using your saved search criteria. Select one or more of the feature updates returned, right click, and select Download.
|
||||||
|
|
||||||
|
The **Download Software Updates Wizard** opens.
|
||||||
|
3. On the **Deployment Package** page, configure the following settings:
|
||||||
|
**Create a new deployment package**: Select this setting to create a new deployment package for the software updates that are in the deployment. Configure the following settings:
|
||||||
|
- **Name**: Specifies the name of the deployment package. The package must have a unique name that briefly describes the package content. It is limited to 50 characters.
|
||||||
|
- **Description**: Specifies the description of the deployment package. The package description provides information about the package contents and is limited to 127 characters.
|
||||||
|
- **Package source**: Specifies the location of the feature update source files. Type a network path for the source location, for example, \\server\sharename\path, or click **Browse** to find the network location. You must create the shared folder for the deployment package source files before you proceed to the next page.
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>The deployment package source location that you specify cannot be used by another software deployment package.
|
||||||
|
|
||||||
|
>[!IMPORTANT]
|
||||||
|
>The SMS Provider computer account and the user that is running the wizard to download the feature updates must both have Write NTFS permissions on the download location. You should carefully restrict access to the download location to reduce the risk of attackers tampering with the feature update source files.
|
||||||
|
|
||||||
|
>[!IMPORTANT]
|
||||||
|
>You can change the package source location in the deployment package properties after Configuration Manager creates the deployment package. But if you do so, you must first copy the content from the original package source to the new package source location.
|
||||||
|
|
||||||
|
Click **Next**.
|
||||||
|
4. On the **Distribution Points** page, specify the distribution points or distribution point groups that will host the feature update files, and then click **Next**. For more information about distribution points, see [Distribution point configurations](https://docs.microsoft.com/sccm/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_configs).
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>The Distribution Points page is available only when you create a new software update deployment package.
|
||||||
|
5. On the **Distribution Settings** page, specify the following settings:
|
||||||
|
|
||||||
|
- **Distribution priority**: Use this setting to specify the distribution priority for the deployment package. The distribution priority applies when the deployment package is sent to distribution points at child sites. Deployment packages are sent in priority order: High, Medium, or Low. Packages with identical priorities are sent in the order in which they were created. If there is no backlog, the package will process immediately regardless of its priority. By default, packages are sent using Medium priority.
|
||||||
|
- **Enable for on-demand distribution**: Use this setting to enable on-demand content distribution to preferred distribution points. When this setting is enabled, the management point creates a trigger for the distribution manager to distribute the content to all preferred distribution points when a client requests the content for the package and the content is not available on any preferred distribution points. For more information about preferred distribution points and on-demand content, see [Content source location scenarios](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/content-source-location-scenarios).
|
||||||
|
- **Prestaged distribution point settings**: Use this setting to specify how you want to distribute content to prestaged distribution points. Choose one of the following options:
|
||||||
|
- **Automatically download content when packages are assigned to distribution points**: Use this setting to ignore the prestage settings and distribute content to the distribution point.
|
||||||
|
- **Download only content changes to the distribution point**: Use this setting to prestage the initial content to the distribution point, and then distribute content changes to the distribution point.
|
||||||
|
- **Manually copy the content in this package to the distribution point**: Use this setting to always prestage content on the distribution point. This is the default setting.
|
||||||
|
|
||||||
|
For more information about prestaging content to distribution points, see [Use Prestaged content](https://docs.microsoft.com/sccm/core/servers/deploy/configure/deploy-and-manage-content#bkmk_prestage).
|
||||||
|
Click **Next**.
|
||||||
|
6. On the **Download Location** page, specify location that Configuration Manager will use to download the software update source files. As needed, use the following options:
|
||||||
|
|
||||||
|
- **Download software updates from the Internet**: Select this setting to download the software updates from the location on the Internet. This is the default setting.
|
||||||
|
- **Download software updates from a location on the local network**: Select this setting to download software updates from a local folder or shared network folder. Use this setting when the computer running the wizard does not have Internet access.
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>When you use this setting, download the software updates from any computer with Internet access, and then copy the software updates to a location on the local network that is accessible from the computer running the wizard.
|
||||||
|
|
||||||
|
Click **Next**.
|
||||||
|
7. On the **Language Selection** page, specify the languages for which the selected feature updates are to be downloaded, and then click **Next**. Ensure that your language selection matches the language(s) of the feature updates selected for download. For example, if you selected English and German based feature updates for download, select those same languages on the language selection page.
|
||||||
|
8. On the **Summary** page, verify the settings that you selected in the wizard, and then click Next to download the software updates.
|
||||||
|
9. On the **Completion** page, verify that the software updates were successfully downloaded, and then click Close.
|
||||||
|
|
||||||
|
#### To monitor content status
|
||||||
|
1. To monitor the content status for the feature updates, click **Monitoring** in the Configuration Manager console.
|
||||||
|
2. In the Monitoring workspace, expand **Distribution Status**, and then click **Content Status**.
|
||||||
|
3. Select the feature update package that you previously identified to download the feature updates.
|
||||||
|
4. On the **Home** tab, in the Content group, click **View Status**.
|
||||||
|
|
||||||
|
### Step 3: Deploy the feature update(s)
|
||||||
|
After you determine which feature updates you intend to deploy, you can manually deploy the feature update(s). Use the following procedure to manually deploy the feature update(s).
|
||||||
|
|
||||||
|
1. In the Configuration Manager console, click **Software Library**.
|
||||||
|
2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**.
|
||||||
|
3. Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Deploy**.
|
||||||
|
|
||||||
|
The **Deploy Software Updates Wizard** opens.
|
||||||
|
4. On the General page, configure the following settings:
|
||||||
|
- **Name**: Specify the name for the deployment. The deployment must have a unique name that describes the purpose of the deployment and differentiates it from other deployments in the Configuration Manager site. By default, Configuration Manager automatically provides a name for the deployment in the following format: **Microsoft Software Updates - \<date\>\<time\>**
|
||||||
|
- **Description**: Specify a description for the deployment. The description provides an overview of the deployment and any other relevant information that helps to identify and differentiate the deployment among others in Configuration Manager site. The description field is optional, has a limit of 256 characters, and has a blank value by default.
|
||||||
|
- **Software Update/Software Update Group**: Verify that the displayed software update group, or software update, is correct.
|
||||||
|
- **Select Deployment Template**: Specify whether to apply a previously saved deployment template. You can configure a deployment template to contain multiple common software update deployment properties and then apply the template when you deploy subsequent software updates to ensure consistency across similar deployments and to save time.
|
||||||
|
- **Collection**: Specify the collection for the deployment, as applicable. Members of the collection receive the feature updates that are defined in the deployment.
|
||||||
|
5. On the Deployment Settings page, configure the following settings:
|
||||||
|
|
||||||
|
- **Type of deployment**: Specify the deployment type for the software update deployment. Select **Required** to create a mandatory software update deployment in which the feature updates are automatically installed on clients before a configured installation deadline.
|
||||||
|
|
||||||
|
>[!IMPORTANT]
|
||||||
|
> After you create the software update deployment, you cannot later change the type of deployment.
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>A software update group deployed as Required will be downloaded in background and honor BITS settings, if configured.
|
||||||
|
|
||||||
|
- **Use Wake-on-LAN to wake up clients for required deployments**: Specify whether to enable Wake On LAN at the deadline to send wake-up packets to computers that require one or more software updates in the deployment. Any computers that are in sleep mode at the installation deadline time will be awakened so the software update installation can initiate. Clients that are in sleep mode that do not require any software updates in the deployment are not started. By default, this setting is not enabled and is available only when Type of deployment is set to Required.
|
||||||
|
|
||||||
|
>[!WARNING]
|
||||||
|
>Before you can use this option, computers and networks must be configured for Wake On LAN.
|
||||||
|
|
||||||
|
- **Detail level**: Specify the level of detail for the state messages that are reported by client computers.
|
||||||
|
6. On the Scheduling page, configure the following settings:
|
||||||
|
|
||||||
|
- **Schedule evaluation**: Specify whether the available time and installation deadline times are evaluated according to UTC or the local time of the computer running the Configuration Manager console.
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>When you select local time, and then select **As soon as possible** for the **Software available time** or **Installation deadline**, the current time on the computer running the Configuration Manager console is used to evaluate when updates are available or when they are installed on a client. If the client is in a different time zone, these actions will occur when the client's time reaches the evaluation time.
|
||||||
|
|
||||||
|
- **Software available time**: Select **As soon as possible** to specify when the software updates will be available to clients:
|
||||||
|
- **As soon as possible**: Select this setting to make the software updates in the deployment available to clients as soon as possible. When the deployment is created, the client policy is updated, the clients are made aware of the deployment at their next client policy polling cycle, and then the software updates are available for installation.
|
||||||
|
- **Installation deadline**: Select **Specific time** to specify the installation deadline for the software updates in the deployment.
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>You can configure the installation deadline setting only when **Type of deployment** is set to **Required** on the Deployment Settings page.
|
||||||
|
|
||||||
|
- **Specific time**: Select this setting to automatically install the software updates in the deployment at a specific date and time. Set the date and time value to correspond with your defined maintenance window for the target collection. Allow sufficient time for clients to download the content in advance of the deadline. Adjust accordingly if clients in your environment will need additional download time. E.g., slow or unreliable network links.
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>The actual installation deadline time is the specific time that you configure plus a random amount of time up to 2 hours. This reduces the potential impact of all client computers in the destination collection installing the software updates in the deployment at the same time. Configure the Computer Agent client setting, Disable deadline randomization to disable the installation randomization delay for the required software updates to allow a greater chance for the installation to start and complete within your defined maintenance window. For more information, see [Computer Agent](https://docs.microsoft.com/sccm/core/clients/deploy/about-client-settings#computer-agent).
|
||||||
|
7. On the User Experience page, configure the following settings:
|
||||||
|
- **User notifications**: Specify whether to display notification of the software updates in Software Center on the client computer at the configured **Software available time** and whether to display user notifications on the client computers. When **Type of deployment** is set to **Available** on the Deployment Settings page, you cannot select **Hide in Software Center and all notifications**.
|
||||||
|
- **Deadline behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify the behavior that is to occur when the deadline is reached for the software update deployment. Specify whether to install the software updates in the deployment. Also specify whether to perform a system restart after software update installation regardless of a configured maintenance window. For more information about maintenance windows, see [How to use maintenance windows](https://docs.microsoft.com/sccm/core/clients/manage/collections/use-maintenance-windows).
|
||||||
|
- **Device restart behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify whether to suppress a system restart on servers and workstations after software updates are installed and a system restart is required to complete the installation.
|
||||||
|
|
||||||
|
>[!IMPORTANT]
|
||||||
|
>Suppressing system restarts can be useful in server environments or for cases in which you do not want the computers that are installing the software updates to restart by default. However, doing so can leave computers in an insecure state, whereas allowing a forced restart helps to ensure immediate completion of the software update installation.
|
||||||
|
- **Write filter handling for Windows Embedded devices**: When you deploy software updates to Windows Embedded devices that are write filter enabled, you can specify to install the software update on the temporary overlay and either commit changes later or commit the changes at the installation deadline or during a maintenance window. When you commit changes at the installation deadline or during a maintenance window, a restart is required and the changes persist on the device.
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>When you deploy a software update to a Windows Embedded device, make sure that the device is a member of a collection that has a configured maintenance window.
|
||||||
|
- **Software updates deployment re-evaluation behavior upon restart**: Starting in Configuration Manager version 1606, select this setting to configure software updates deployments to have clients run a software updates compliance scan immediately after a client installs software updates and restarts. This enables the client to check for additional software updates that become applicable after the client restarts, and to then install them (and become compliant) during the same maintenance window.
|
||||||
|
8. On the Alerts page, configure how Configuration Manager and System Center Operations Manager will generate alerts for this deployment. You can configure alerts only when **Type of deployment** is set to **Required** on the Deployment Settings page.
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>You can review recent software updates alerts from the Software Updates node in the Software Library workspace.
|
||||||
|
9. On the Download Settings page, configure the following settings:
|
||||||
|
- Specify whether the client will download and install the software updates when a client is connected to a slow network or is using a fallback content location.
|
||||||
|
- Specify whether to have the client download and install the software updates from a fallback distribution point when the content for the software updates is not available on a preferred distribution point.
|
||||||
|
- **Allow clients to share content with other clients on the same subnet**: Specify whether to enable the use of BranchCache for content downloads. For more information about BranchCache, see [Fundamental concepts for content management](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/fundamental-concepts-for-content-management#branchcache).
|
||||||
|
- **If software updates are not available on distribution point in current, neighbor or site groups, download content from Microsoft Updates**: Select this setting to have clients that are connected to the intranet download software updates from Microsoft Update if software updates are not available on distribution points. Internet-based clients can always go to Microsoft Update for software updates content.
|
||||||
|
- Specify whether to allow clients to download after an installation deadline when they use metered Internet connections. Internet providers sometimes charge by the amount of data that you send and receive when you are on a metered Internet connection.
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source location scenarios](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/content-source-location-scenarios).
|
||||||
|
10. On the Summary page, review the settings. To save the settings to a deployment template, click **Save As Template**, enter a name and select the settings that you want to include in the template, and then click **Save**. To change a configured setting, click the associated wizard page and change the setting.
|
||||||
|
11. Click **Next** to deploy the feature update(s).
|
||||||
|
|
||||||
|
### Step 4: Monitor the deployment status
|
||||||
|
After you deploy the feature update(s), you can monitor the deployment status. Use the following procedure to monitor the deployment status:
|
||||||
|
|
||||||
|
1. In the Configuration Manager console, navigate to **Monitoring > Overview > Deployments**.
|
||||||
|
2. Click the software update group or software update for which you want to monitor the deployment status.
|
||||||
|
3. On the **Home** tab, in the **Deployment** group, click **View Status**.
|
39
windows/deployment/update/feature-update-mission-critical.md
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
---
|
||||||
|
title: Best practices and recommendations for deploying Windows 10 Feature updates to mission critical devices
|
||||||
|
description: Learn how to deploy feature updates to your mission critical devices
|
||||||
|
ms.prod: w10
|
||||||
|
ms.mktglfcycl: manage
|
||||||
|
ms.sitesec: library
|
||||||
|
author: mcureton
|
||||||
|
ms.localizationpriority: medium
|
||||||
|
ms.author: mikecure
|
||||||
|
ms.date: 07/10/2018
|
||||||
|
---
|
||||||
|
|
||||||
|
# Best practices and recommendations for deploying Windows 10 Feature updates to mission critical devices
|
||||||
|
|
||||||
|
**Applies to**: Windows 10
|
||||||
|
|
||||||
|
Managing an environment with devices that provide mission critical services 24 hours a day, 7 days a week, can present challenges in keeping these devices current with Windows 10 feature updates. The processes that you use to keep regular devices current with Windows 10 feature updates, often aren’t the most effective to service mission critical devices. This whitepaper will focus on the recommended approach of using the System Center Configuration Manager (current branch) software updates feature to deploy Windows 10 semi-annual feature updates.
|
||||||
|
|
||||||
|
For simplicity, we will outline the steps to deploy a feature update manually. If you prefer an automated approach, please see [Using Windows 10 servicing plans to deploy Windows 10 feature updates](waas-manage-updates-configuration-manager.md#use-windows-10-servicing-plans-to-deploy-windows-10-feature-updates).
|
||||||
|
|
||||||
|
Devices and shared workstations that are online and available 24 hours a day, 7 days a week, can be serviced via one of two primary methods:
|
||||||
|
|
||||||
|
- **Service during maintenance windows** – Devices that have established maintenance windows will need to have feature updates scheduled to fit within these windows.
|
||||||
|
- **Service only when manually initiated** – Devices that need physical verification of the availability to update will need to have updates manually initiated by a technician.
|
||||||
|
|
||||||
|
You can use Configuration Manager to deploy feature updates to Windows 10 devices in two ways. The first option is to use the software updates feature. The second option is to use a task sequence to deploy feature updates. There are times when deploying a Windows 10 feature update requires the use of a task sequence—for example:
|
||||||
|
|
||||||
|
- **LTSC feature updates.** With the LTSC servicing branch, feature updates are never provided to the Windows clients themselves. Instead, feature updates must be installed like a traditional in-place upgrade.
|
||||||
|
- **Additional required tasks.** When deploying a feature update requires additional steps (e.g., suspending disk encryption, updating applications), you can use task sequences to orchestrate the additional steps. Software updates do not have the ability to add steps to their deployments.
|
||||||
|
- **Language pack installs.** When deploying a feature update requires the installation of additional language packs, you can use task sequences to orchestrate the installation. Software updates do not have the ability to natively install language packs.
|
||||||
|
|
||||||
|
If you need to leverage a task sequence to deploy feature updates, please see [Using a task sequence to deploy Windows 10 updates](waas-manage-updates-configuration-manager.md#use-a-task-sequence-to-deploy-windows-10-updates) for more information. If you find that your requirement for a task sequence is based solely on the need to run additional tasks preformed pre-install or pre-commit, please see the new [run custom actions](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-enable-custom-actions) functionality first introduced with Windows 10, version 1803. You may be able to leverage this functionality with the software updates deployment method.
|
||||||
|
|
||||||
|
Use the following information:
|
||||||
|
|
||||||
|
|
||||||
|
- [Deploy feature updates during maintenance windows](feature-update-maintenance-window.md)
|
||||||
|
- [Deploy feature updates for user-initiated installations](feature-update-user-install.md)
|
||||||
|
- [Conclusion](feature-update-conclusion.md)
|
235
windows/deployment/update/feature-update-user-install.md
Normal file
@ -0,0 +1,235 @@
|
|||||||
|
---
|
||||||
|
title: Best practices - deploy feature updates for user-initiated installations
|
||||||
|
description: Learn how to manually deploy feature updates
|
||||||
|
ms.prod: w10
|
||||||
|
ms.mktglfcycl: manage
|
||||||
|
ms.sitesec: library
|
||||||
|
author: mcureton
|
||||||
|
ms.localizationpriority: medium
|
||||||
|
ms.author: mikecure
|
||||||
|
ms.date: 07/10/2018
|
||||||
|
---
|
||||||
|
|
||||||
|
# Deploy feature updates for user-initiated installations (during a fixed service window)
|
||||||
|
|
||||||
|
**Applies to**: Windows 10
|
||||||
|
|
||||||
|
Use the following steps to deploy a feature update for a user-initiated installation.
|
||||||
|
|
||||||
|
## Get ready to deploy feature updates
|
||||||
|
|
||||||
|
### Step 1: Enable Peer Cache
|
||||||
|
Use **Peer Cache** to help manage deployment of content to clients in remote locations. Peer Cache is a built-in Configuration Manager solution that enables clients to share content with other clients directly from their local cache.
|
||||||
|
|
||||||
|
[Enable Configuration Manager client in full OS to share content](https://docs.microsoft.com/sccm/core/clients/deploy/about-client-settings#enable-configuration-manager-client-in-full-os-to-share-content) if you have clients in remote locations that would benefit from downloading feature update content from a peer instead of downloading it from a distribution point (or Microsoft Update).
|
||||||
|
|
||||||
|
### Step 2: Override the default Windows setup priority (Windows 10, version 1709 and later)
|
||||||
|
|
||||||
|
If you’re deploying **Feature update to Windows 10, version 1709** or later, by default, portions of setup are configured to run at a lower priority. This can result in a longer total install time for the feature update. When deploying within a maintenance window, we recommend that you override this default behavior to benefit from faster total install times. To override the default priority, create a file called SetupConfig.ini on each machine to be upgraded in the below location containing the single section noted.
|
||||||
|
|
||||||
|
%systemdrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini
|
||||||
|
|
||||||
|
```
|
||||||
|
[SetupConfig]
|
||||||
|
Priority=Normal
|
||||||
|
```
|
||||||
|
|
||||||
|
You can use the new [Run Scripts](https://docs.microsoft.com/sccm/apps/deploy-use/create-deploy-scripts) feature to run a PowerShell script like the sample below to create the SetupConfig.ini on target devices.
|
||||||
|
|
||||||
|
```
|
||||||
|
#Parameters
|
||||||
|
Param(
|
||||||
|
[string] $PriorityValue = "Normal"
|
||||||
|
)
|
||||||
|
|
||||||
|
#Variable for ini file path
|
||||||
|
$iniFilePath = "$env:SystemDrive\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini"
|
||||||
|
|
||||||
|
#Variables for SetupConfig
|
||||||
|
$iniSetupConfigSlogan = "[SetupConfig]"
|
||||||
|
$iniSetupConfigKeyValuePair =@{"Priority"=$PriorityValue;}
|
||||||
|
|
||||||
|
#Init SetupConfig content
|
||||||
|
$iniSetupConfigContent = @"
|
||||||
|
$iniSetupConfigSlogan
|
||||||
|
"@
|
||||||
|
|
||||||
|
#Build SetupConfig content with settings
|
||||||
|
foreach ($k in $iniSetupConfigKeyValuePair.Keys)
|
||||||
|
{
|
||||||
|
$val = $iniSetupConfigKeyValuePair[$k]
|
||||||
|
|
||||||
|
$iniSetupConfigContent = $iniSetupConfigContent.Insert($iniSetupConfigContent.Length, "`r`n$k=$val")
|
||||||
|
}
|
||||||
|
|
||||||
|
#Write content to file
|
||||||
|
New-Item $iniFilePath -ItemType File -Value $iniSetupConfigContent -Force
|
||||||
|
|
||||||
|
Disclaimer
|
||||||
|
Sample scripts are not supported under any Microsoft standard support program or service. The sample scripts is
|
||||||
|
provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without
|
||||||
|
limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk
|
||||||
|
arising out of the use or performance of the sample script and documentation remains with you. In no event shall
|
||||||
|
Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable
|
||||||
|
for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption,
|
||||||
|
loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample script
|
||||||
|
or documentation, even if Microsoft has been advised of the possibility of such damages.
|
||||||
|
```
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>If you elect not to override the default setup priority, you will need to increase the [maximum run time](https://docs.microsoft.com/sccm/sum/get-started/manage-settings-for-software-updates#BKMK_SetMaxRunTime) value for Feature Update to Windows 10, version 1709 or higher from the default of 60 minutes. A value of 240 minutes may be required. Remember to ensure that your maintenance window duration is larger than your defined maximum run time value.
|
||||||
|
|
||||||
|
## Manually deploy feature updates in a user-initiated installation
|
||||||
|
|
||||||
|
The following sections provide the steps to manually deploy a feature update.
|
||||||
|
|
||||||
|
### Step 1: Specify search criteria for feature updates
|
||||||
|
There are potentially a thousand or more feature updates displayed in the Configuration Manager console. The first step in the workflow for manually deploying a feature update is to identify the feature updates that you want to deploy.
|
||||||
|
|
||||||
|
1. In the Configuration Manager console, click **Software Library**.
|
||||||
|
2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. The synchronized feature updates are displayed.
|
||||||
|
3. In the search pane, filter to identify the feature updates that you need by using one or both of the following steps:
|
||||||
|
- In the **search** text box, type a search string that will filter the feature updates. For example, type the version number for a specific feature update, or enter a string that would appear in the title of the feature update.
|
||||||
|
- Click **Add Criteria**, select the criteria that you want to use to filter software updates, click **Add**, and then provide the values for the criteria. For example, Title contains 1803, **Required** is greater than or equal to 1, and **Language** equals English.
|
||||||
|
|
||||||
|
4. Save the search for future use.
|
||||||
|
|
||||||
|
### Step 2: Download the content for the feature update(s)
|
||||||
|
Before you deploy the feature updates, you can download the content as a separate step. Do this so you can verify that the content is available on the distribution points before you deploy the feature updates. This will help you to avoid any unexpected issues with the content delivery. Use the following procedure to download the content for feature updates before creating the deployment.
|
||||||
|
|
||||||
|
1. In the Configuration Manager console, navigate to **Software Library > Windows 10 Servicing**.
|
||||||
|
2. Choose the feature update(s) to download by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Download**.
|
||||||
|
|
||||||
|
The **Download Software Updates Wizard** opens.
|
||||||
|
3. On the **Deployment Package** page, configure the following settings:
|
||||||
|
**Create a new deployment package**: Select this setting to create a new deployment package for the software updates that are in the deployment. Configure the following settings:
|
||||||
|
- **Name**: Specifies the name of the deployment package. The package must have a unique name that briefly describes the package content. It is limited to 50 characters.
|
||||||
|
- **Description**: Specifies the description of the deployment package. The package description provides information about the package contents and is limited to 127 characters.
|
||||||
|
- **Package source**: Specifies the location of the feature update source files. Type a network path for the source location, for example, \\\server\sharename\path, or click **Browse** to find the network location. You must create the shared folder for the deployment package source files before you proceed to the next page.
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>The deployment package source location that you specify cannot be used by another software deployment package.
|
||||||
|
|
||||||
|
>[!IMPORTANT]
|
||||||
|
>The SMS Provider computer account and the user that is running the wizard to download the feature updates must both have Write NTFS permissions on the download location. You should carefully restrict access to the download location to reduce the risk of attackers tampering with the feature update source files.
|
||||||
|
|
||||||
|
>[!IMPORTANT]
|
||||||
|
>You can change the package source location in the deployment package properties after Configuration Manager creates the deployment package. But if you do so, you must first copy the content from the original package source to the new package source location.
|
||||||
|
|
||||||
|
Click **Next**.
|
||||||
|
4. On the **Distribution Points** page, specify the distribution points or distribution point groups that will host the feature update files, and then click **Next**. For more information about distribution points, see [Distribution point configurations](https://docs.microsoft.com/sccm/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_configs).
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>The Distribution Points page is available only when you create a new software update deployment package.
|
||||||
|
5. On the **Distribution Settings** page, specify the following settings:
|
||||||
|
|
||||||
|
- **Distribution priority**: Use this setting to specify the distribution priority for the deployment package. The distribution priority applies when the deployment package is sent to distribution points at child sites. Deployment packages are sent in priority order: **High**, **Medium**, or **Low**. Packages with identical priorities are sent in the order in which they were created. If there is no backlog, the package will process immediately regardless of its priority. By default, packages are sent using Medium priority.
|
||||||
|
- **Enable for on-demand distribution**: Use this setting to enable on-demand content distribution to preferred distribution points. When this setting is enabled, the management point creates a trigger for the distribution manager to distribute the content to all preferred distribution points when a client requests the content for the package and the content is not available on any preferred distribution points. For more information about preferred distribution points and on-demand content, see [Content source location scenarios](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/content-source-location-scenarios).
|
||||||
|
- **Prestaged distribution point settings**: Use this setting to specify how you want to distribute content to prestaged distribution points. Choose one of the following options:
|
||||||
|
- **Automatically download content when packages are assigned to distribution points**: Use this setting to ignore the prestage settings and distribute content to the distribution point.
|
||||||
|
- **Download only content changes to the distribution point**: Use this setting to prestage the initial content to the distribution point, and then distribute content changes to the distribution point.
|
||||||
|
- **Manually copy the content in this package to the distribution point**: Use this setting to always prestage content on the distribution point. This is the default setting.
|
||||||
|
|
||||||
|
For more information about prestaging content to distribution points, see [Use Prestaged content](https://docs.microsoft.com/sccm/core/servers/deploy/configure/deploy-and-manage-content#bkmk_prestage).
|
||||||
|
Click **Next**.
|
||||||
|
6. On the **Download Location** page, specify location that Configuration Manager will use to download the software update source files. As needed, use the following options:
|
||||||
|
|
||||||
|
- **Download software updates from the Internet**: Select this setting to download the software updates from the location on the Internet. This is the default setting.
|
||||||
|
- **Download software updates from a location on the local network**: Select this setting to download software updates from a local folder or shared network folder. Use this setting when the computer running the wizard does not have Internet access.
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>When you use this setting, download the software updates from any computer with Internet access, and then copy the software updates to a location on the local network that is accessible from the computer running the wizard.
|
||||||
|
|
||||||
|
Click **Next**.
|
||||||
|
7. On the **Language Selection** page, specify the languages for which the selected feature updates are to be downloaded, and then click **Next**. Ensure that your language selection matches the language(s) of the feature updates selected for download. For example, if you selected English and German based feature updates for download, select those same languages on the language selection page.
|
||||||
|
8. On the **Summary** page, verify the settings that you selected in the wizard, and then click Next to download the software updates.
|
||||||
|
9. On the **Completion** page, verify that the software updates were successfully downloaded, and then click **Close**.
|
||||||
|
|
||||||
|
#### To monitor content status
|
||||||
|
1. To monitor the content status for the feature updates, click **Monitoring** in the Configuration Manager console.
|
||||||
|
2. In the Monitoring workspace, expand **Distribution Status**, and then click **Content Status**.
|
||||||
|
3. Select the feature update package that you previously identified to download the feature updates.
|
||||||
|
4. On the **Home** tab, in the Content group, click **View Status**.
|
||||||
|
|
||||||
|
### Step 3: Deploy the feature update(s)
|
||||||
|
After you determine which feature updates you intend to deploy, you can manually deploy the feature update(s). Use the following procedure to manually deploy the feature update(s).
|
||||||
|
|
||||||
|
1. In the Configuration Manager console, click **Software Library**.
|
||||||
|
2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**.
|
||||||
|
3. Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Deploy**.
|
||||||
|
|
||||||
|
The **Deploy Software Updates Wizard** opens.
|
||||||
|
4. On the General page, configure the following settings:
|
||||||
|
- **Name**: Specify the name for the deployment. The deployment must have a unique name that describes the purpose of the deployment and differentiates it from other deployments in the Configuration Manager site. By default, Configuration Manager automatically provides a name for the deployment in the following format: **Microsoft Software Updates - \<date\>\<time\>**
|
||||||
|
- **Description**: Specify a description for the deployment. The description provides an overview of the deployment and any other relevant information that helps to identify and differentiate the deployment among others in Configuration Manager site. The description field is optional, has a limit of 256 characters, and has a blank value by default.
|
||||||
|
- **Software Update/Software Update Group**: Verify that the displayed software update group, or software update, is correct.
|
||||||
|
- **Select Deployment Template**: Specify whether to apply a previously saved deployment template. You can configure a deployment template to contain multiple common software update deployment properties and then apply the template when you deploy subsequent software updates to ensure consistency across similar deployments and to save time.
|
||||||
|
- **Collection**: Specify the collection for the deployment, as applicable. Members of the collection receive the feature updates that are defined in the deployment.
|
||||||
|
5. On the Deployment Settings page, configure the following settings:
|
||||||
|
|
||||||
|
- **Type of deployment**: Specify the deployment type for the software update deployment. Select **Required** to create a mandatory software update deployment in which the feature updates are automatically installed on clients before a configured installation deadline.
|
||||||
|
|
||||||
|
>[!IMPORTANT]
|
||||||
|
> After you create the software update deployment, you cannot later change the type of deployment.
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>A software update group deployed as **Required** will be downloaded in background and honor BITS settings, if configured.
|
||||||
|
|
||||||
|
- **Use Wake-on-LAN to wake up clients for required deployments**: Specify whether to enable Wake On LAN at the deadline to send wake-up packets to computers that require one or more software updates in the deployment. Any computers that are in sleep mode at the installation deadline time will be awakened so the software update installation can initiate. Clients that are in sleep mode that do not require any software updates in the deployment are not started. By default, this setting is not enabled and is available only when **Type of deployment** is set to **Required**.
|
||||||
|
|
||||||
|
>[!WARNING]
|
||||||
|
>Before you can use this option, computers and networks must be configured for Wake On LAN.
|
||||||
|
|
||||||
|
- **Detail level**: Specify the level of detail for the state messages that are reported by client computers.
|
||||||
|
6. On the Scheduling page, configure the following settings:
|
||||||
|
|
||||||
|
- **Schedule evaluation**: Specify whether the available time and installation deadline times are evaluated according to UTC or the local time of the computer running the Configuration Manager console.
|
||||||
|
|
||||||
|
- **Software available time**: Select **Specific time** to specify when the software updates will be available to clients:
|
||||||
|
- **Specific time**: Select this setting to make the feature update in the deployment available to clients at a specific date and time. Specify a date and time that corresponds with the start of your fixed servicing window. When the deployment is created, the client policy is updated and clients are made aware of the deployment at their next client policy polling cycle. However, the feature update in the deployment is not available for installation until after the specified date and time are reached and the required content has been downloaded.
|
||||||
|
|
||||||
|
- **Installation deadline**: Select **Specific time** to specify the installation deadline for the software updates in the deployment.
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>You can configure the installation deadline setting only when **Type of deployment** is set to **Required** on the Deployment Settings page.
|
||||||
|
|
||||||
|
- **Specific time**: Select this setting to automatically install the software updates in the deployment at a specific date and time. However, for the purposes of the fixed servicing window, set the installation deadline date and time to a future value, well beyond the fixed servicing window.
|
||||||
|
|
||||||
|
Required deployments for software updates can benefit from functionality called advanced download. When the software available time is reached, clients will start downloading the content based on a randomized time. The feature update will not be displayed in Software Center for installation until the content is fully downloaded. This ensures that the feature update installation will start immediately when initiated.
|
||||||
|
|
||||||
|
7. On the User Experience page, configure the following settings:
|
||||||
|
- **User notifications**: Specify **Display in Software Center and show all notifications**.
|
||||||
|
- **Deadline behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify the behavior that is to occur when the deadline is reached for the software update deployment. Specify whether to install the software updates in the deployment. Also specify whether to perform a system restart after software update installation regardless of a configured maintenance window.
|
||||||
|
>[!NOTE]
|
||||||
|
>Remember that the installation deadline date and time will be well into the future to allow plenty of time for the user-initiated install during a fixed servicing window.
|
||||||
|
- **Device restart behavior**: Available only when **Type of deployment** is set to **Required** on the Deployment Settings page. Specify whether to suppress a system restart on servers and workstations after software updates are installed and a system restart is required to complete the installation.
|
||||||
|
|
||||||
|
>[!IMPORTANT]
|
||||||
|
>Suppressing system restarts can be useful in server environments or for cases in which you do not want the computers that are installing the software updates to restart by default. However, doing so can leave computers in an insecure state, whereas allowing a forced restart helps to ensure immediate completion of the software update installation.
|
||||||
|
- **Write filter handling for Windows Embedded devices**: When you deploy software updates to Windows Embedded devices that are write filter enabled, you can specify to install the software update on the temporary overlay and either commit changes later or commit the changes at the installation deadline or during a maintenance window. When you commit changes at the installation deadline or during a maintenance window, a restart is required and the changes persist on the device.
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>When you deploy a software update to a Windows Embedded device, make sure that the device is a member of a collection that has a configured maintenance window.
|
||||||
|
- **Software updates deployment re-evaluation behavior upon restart**: Starting in Configuration Manager version 1606, select this setting to configure software updates deployments to have clients run a software updates compliance scan immediately after a client installs software updates and restarts. This enables the client to check for additional software updates that become applicable after the client restarts, and to then install them (and become compliant) during the same maintenance window.
|
||||||
|
8. On the Alerts page, configure how Configuration Manager and System Center Operations Manager will generate alerts for this deployment. You can configure alerts only when **Type of deployment** is set to **Required** on the Deployment Settings page.
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>You can review recent software updates alerts from the **Software Updates** node in the **Software Library** workspace.
|
||||||
|
9. On the Download Settings page, configure the following settings:
|
||||||
|
- Specify whether the client will download and install the software updates when a client is connected to a slow network or is using a fallback content location.
|
||||||
|
- Specify whether to have the client download and install the software updates from a fallback distribution point when the content for the software updates is not available on a preferred distribution point.
|
||||||
|
- **Allow clients to share content with other clients on the same subnet**: Specify whether to enable the use of BranchCache for content downloads. For more information about BranchCache, see [Fundamental concepts for content management](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/fundamental-concepts-for-content-management#branchcache).
|
||||||
|
- **If software updates are not available on distribution point in current, neighbor or site groups, download content from Microsoft Updates**: Select this setting to have clients that are connected to the intranet download software updates from Microsoft Update if software updates are not available on distribution points. Internet-based clients can always go to Microsoft Update for software updates content.
|
||||||
|
- Specify whether to allow clients to download after an installation deadline when they use metered Internet connections. Internet providers sometimes charge by the amount of data that you send and receive when you are on a metered Internet connection.
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source location scenarios](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/content-source-location-scenarios).
|
||||||
|
10. On the Summary page, review the settings. To save the settings to a deployment template, click **Save As Template**, enter a name and select the settings that you want to include in the template, and then click **Save**. To change a configured setting, click the associated wizard page and change the setting.
|
||||||
|
11. Click **Next** to deploy the feature update(s).
|
||||||
|
|
||||||
|
### Step 4: Monitor the deployment status
|
||||||
|
After you deploy the feature update(s), you can monitor the deployment status. Use the following procedure to monitor the deployment status:
|
||||||
|
|
||||||
|
1. In the Configuration Manager console, navigate to **Monitoring > Overview > Deployments**.
|
||||||
|
2. Click the software update group or software update for which you want to monitor the deployment status.
|
||||||
|
3. On the **Home** tab, in the **Deployment** group, click **View Status**.
|
@ -4,10 +4,10 @@ description: Deployment rings in Windows 10 are similar to the deployment groups
|
|||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: manage
|
ms.mktglfcycl: manage
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
author: DaniHalfin
|
author: jaimeo
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.author: daniha
|
ms.author: jaimeo
|
||||||
ms.date: 07/27/2017
|
ms.date: 07/11/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Build deployment rings for Windows 10 updates
|
# Build deployment rings for Windows 10 updates
|
||||||
@ -38,9 +38,7 @@ Table 1 provides an example of the deployment rings you might use.
|
|||||||
| Critical | Semi-annual channel | 180 days | 30 days | Devices that are critical and will only receive updates once they've been vetted for a period of time by the majority of the organization |
|
| Critical | Semi-annual channel | 180 days | 30 days | Devices that are critical and will only receive updates once they've been vetted for a period of time by the majority of the organization |
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>In this example, there are no rings made up of the long-term servicing channel (LTSC). The LTSC servicing channel does not receive feature updates.
|
>In this example, there are no rings made up of the long-term servicing channel (LTSC). The LTSC does not receive feature updates.
|
||||||
>
|
|
||||||
>Windows Insider PCs must be enrolled manually on each device and serviced based on the Windows Insider level chosen in the **Settings** app on that particular PC. Feature update servicing for Windows Insider devices is done completely through Windows Update; no servicing tools can manage Windows Insider feature updates.
|
|
||||||
|
|
||||||
|
|
||||||
As Table 1 shows, each combination of servicing channel and deployment group is tied to a specific deployment ring. As you can see, the associated groups of devices are combined with a servicing channel to specify which deployment ring those devices and their users fall into. The naming convention used to identify the rings is completely customizable as long as the name clearly identifies the sequence. Deployment rings represent a sequential deployment timeline, regardless of the servicing channel they contain. Deployment rings will likely rarely change for an organization, but they should be periodically assessed to ensure that the deployment cadence still makes sense.
|
As Table 1 shows, each combination of servicing channel and deployment group is tied to a specific deployment ring. As you can see, the associated groups of devices are combined with a servicing channel to specify which deployment ring those devices and their users fall into. The naming convention used to identify the rings is completely customizable as long as the name clearly identifies the sequence. Deployment rings represent a sequential deployment timeline, regardless of the servicing channel they contain. Deployment rings will likely rarely change for an organization, but they should be periodically assessed to ensure that the deployment cadence still makes sense.
|
||||||
@ -66,6 +64,7 @@ As Table 1 shows, each combination of servicing channel and deployment group is
|
|||||||
- [Configure Windows Update for Business](waas-configure-wufb.md)
|
- [Configure Windows Update for Business](waas-configure-wufb.md)
|
||||||
- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
|
- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
|
||||||
- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
|
- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
|
||||||
|
- [Manage software updates in Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure)
|
||||||
- [Walkthrough: use Intune to configure Windows Update for Business](waas-wufb-intune.md)
|
- [Walkthrough: use Intune to configure Windows Update for Business](waas-wufb-intune.md)
|
||||||
- [Manage device restarts after updates](waas-restart.md)
|
- [Manage device restarts after updates](waas-restart.md)
|
||||||
|
|
||||||
|
@ -8,7 +8,7 @@ ms.sitesec: library
|
|||||||
ms.pagetype: deploy
|
ms.pagetype: deploy
|
||||||
author: jaimeo
|
author: jaimeo
|
||||||
ms.author: jaimeo
|
ms.author: jaimeo
|
||||||
ms.date: 07/02/2018
|
ms.date: 07/11/2018
|
||||||
ms.localizationpriority: high
|
ms.localizationpriority: high
|
||||||
---
|
---
|
||||||
|
|
||||||
@ -229,3 +229,6 @@ System Center Configuration Manager (SCCM) considers a device ready to upgrade i
|
|||||||
Currently, you can choose the criteria you wish to use:
|
Currently, you can choose the criteria you wish to use:
|
||||||
- To use the SCCM criteria, create the collection of devices ready to upgrade within the SCCM console (using the analytics connector).
|
- To use the SCCM criteria, create the collection of devices ready to upgrade within the SCCM console (using the analytics connector).
|
||||||
- To use the Upgrade Readiness criteria, export the list of ready-to-upgrade devices from the corresponding Upgrade Readiness report, and then build the SCCM collection from that spreadsheet.
|
- To use the Upgrade Readiness criteria, export the list of ready-to-upgrade devices from the corresponding Upgrade Readiness report, and then build the SCCM collection from that spreadsheet.
|
||||||
|
|
||||||
|
### How does Upgrade Readiness collect the inventory of devices and applications?
|
||||||
|
For details about this process and some tips, see [How does Upgrade Readiness in WA collects application inventory for your OMS workspace?](https://techcommunity.microsoft.com/t5/Windows-Analytics-Blog/How-does-Upgrade-Readiness-in-WA-collects-application-inventory/ba-p/213586) on the Windows Analytics blog.
|
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: deploy
|
ms.pagetype: deploy
|
||||||
author: greg-lindsay
|
author: greg-lindsay
|
||||||
ms.date: 05/30/2018
|
ms.date: 07/10/2018
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: high
|
||||||
---
|
---
|
||||||
|
|
||||||
# SetupDiag
|
# SetupDiag
|
||||||
@ -45,6 +45,7 @@ See the [Release notes](#release-notes) section at the bottom of this topic for
|
|||||||
| /LogsPath:\<Path to logs\> | <ul><li>This optional parameter is required only when **/Mode:Offline** is specified. This tells SetupDiag.exe where to find the log files. These log files can be in a flat folder format, or containing multiple subdirectories. SetupDiag will recursively search all child directories. This parameter should be omitted when the **/Mode:Online** is specified.</ul> |
|
| /LogsPath:\<Path to logs\> | <ul><li>This optional parameter is required only when **/Mode:Offline** is specified. This tells SetupDiag.exe where to find the log files. These log files can be in a flat folder format, or containing multiple subdirectories. SetupDiag will recursively search all child directories. This parameter should be omitted when the **/Mode:Online** is specified.</ul> |
|
||||||
| /ZipLogs:\<True \| False\> | <ul><li>This optional parameter tells SetupDiag.exe to create a zip file continuing its results and all the log files it parsed. The zip file is created in the same directory where SetupDiag.exe is run.<li>Default: If not specified, a value of 'true' is used.</ul> |
|
| /ZipLogs:\<True \| False\> | <ul><li>This optional parameter tells SetupDiag.exe to create a zip file continuing its results and all the log files it parsed. The zip file is created in the same directory where SetupDiag.exe is run.<li>Default: If not specified, a value of 'true' is used.</ul> |
|
||||||
| /Verbose | <ul><li>This optional parameter will output much more data to the log file produced by SetupDiag.exe. By default SetupDiag will only produce a log file entry for serious errors. Using **/Verbose** will cause SetupDiag to always produce a log file with debugging details, which can be useful when reporting a problem with SetupDiag.</ul> |
|
| /Verbose | <ul><li>This optional parameter will output much more data to the log file produced by SetupDiag.exe. By default SetupDiag will only produce a log file entry for serious errors. Using **/Verbose** will cause SetupDiag to always produce a log file with debugging details, which can be useful when reporting a problem with SetupDiag.</ul> |
|
||||||
|
| /Format:\<xml \| json\> | <ul><li>This optional parameter can be used to output log files in xml or JSON format. If this parameter is not specified, text format is used by default.</ul> |
|
||||||
|
|
||||||
### Examples:
|
### Examples:
|
||||||
|
|
||||||
@ -346,10 +347,23 @@ Each rule name and its associated unique rule identifier are listed with a descr
|
|||||||
- Matches DPX expander failures in the down-level phase of update from WU. Will output the package name, function, expression and error code.
|
- Matches DPX expander failures in the down-level phase of update from WU. Will output the package name, function, expression and error code.
|
||||||
41. FindFatalPluginFailure – E48E3F1C-26F6-4AFB-859B-BF637DA49636
|
41. FindFatalPluginFailure – E48E3F1C-26F6-4AFB-859B-BF637DA49636
|
||||||
- Matches any plug in failure that setupplatform decides is fatal to setup. Will output the plugin name, operation and error code.
|
- Matches any plug in failure that setupplatform decides is fatal to setup. Will output the plugin name, operation and error code.
|
||||||
|
42. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC
|
||||||
|
- Indicates critical failure in the AdvancedInstaller while running an installer package, includes the .exe being called, the phase, mode, component and error codes.
|
||||||
|
43. MigrationAbortedDueToPluginFailure - D07A24F6-5B25-474E-B516-A730085940C9
|
||||||
|
- Indicates a critical failure in a migration plugin that causes setup to abort the migration. Will provide the setup operation, plug in name, plug in action and error code.
|
||||||
|
44. DISMAddPackageFailed - 6196FF5B-E69E-4117-9EC6-9C1EAB20A3B9
|
||||||
|
- Indicates a critical failure during a DISM add package operation. Will specify the Package Name, DISM error and add package error code.
|
||||||
|
|
||||||
## Release notes
|
## Release notes
|
||||||
|
|
||||||
|
07/10/2018 - SetupDiag v1.30 is released with 44 rules, as a standalone tool available from the Download Center.
|
||||||
|
- Bug fix for an over-matched plug-in rule. The rule will now correctly match only critical (setup failure) plug-in issues.
|
||||||
|
- New feature: Ability to output logs in JSON and XML format.
|
||||||
|
- Use "/Format:xml" or "/Format:json" command line parameters to specify the new output format. See [sample logs](#sample-logs) at the bottom of this topic.
|
||||||
|
- If the “/Format:xml” or “/Format:json” parameter is omitted, the log output format will default to text.
|
||||||
|
- New Feature: Where possible, specific instructions are now provided in rule output to repair the identified error. For example, instructions are provided to remediate known blocking issues such as uninstalling an incompatible app or freeing up space on the system drive.
|
||||||
|
- 3 new rules added: AdvancedInstallerFailed, MigrationAbortedDueToPluginFailure, DISMAddPackageFailed.
|
||||||
|
|
||||||
05/30/2018 - SetupDiag v1.20 is released with 41 rules, as a standalone tool available from the Download Center.
|
05/30/2018 - SetupDiag v1.20 is released with 41 rules, as a standalone tool available from the Download Center.
|
||||||
- Fixed a bug in device install failure detection in online mode.
|
- Fixed a bug in device install failure detection in online mode.
|
||||||
- Changed SetupDiag to work without an instance of setupact.log. Previously, SetupDiag required at least one setupact.log to operate. This change enables the tool to analyze update failures that occur prior to calling SetupHost.
|
- Changed SetupDiag to work without an instance of setupact.log. Previously, SetupDiag required at least one setupact.log to operate. This change enables the tool to analyze update failures that occur prior to calling SetupHost.
|
||||||
@ -364,6 +378,84 @@ Each rule name and its associated unique rule identifier are listed with a descr
|
|||||||
|
|
||||||
03/30/2018 - SetupDiag v1.00 is released with 26 rules, as a standalone tool available from the Download Center.
|
03/30/2018 - SetupDiag v1.00 is released with 26 rules, as a standalone tool available from the Download Center.
|
||||||
|
|
||||||
|
## Sample logs
|
||||||
|
|
||||||
|
### Text log sample
|
||||||
|
|
||||||
|
```
|
||||||
|
Matching Profile found: OptionalComponentOpenPackageFailed - 22952520-EC89-4FBD-94E0-B67DF88347F6
|
||||||
|
System Information:
|
||||||
|
Machine Name = Offline
|
||||||
|
Manufacturer = MSI
|
||||||
|
Model = MS-7998
|
||||||
|
HostOSArchitecture = x64
|
||||||
|
FirmwareType = PCAT
|
||||||
|
BiosReleaseDate = 20160727000000.000000+000
|
||||||
|
BiosVendor = BIOS Date: 07/27/16 10:01:46 Ver: V1.70
|
||||||
|
BiosVersion = 1.70
|
||||||
|
HostOSVersion = 10.0.15063
|
||||||
|
HostOSBuildString = 15063.0.amd64fre.rs2_release.170317-1834
|
||||||
|
TargetOSBuildString = 10.0.16299.15 (rs3_release.170928-1534)
|
||||||
|
HostOSLanguageId = 2057
|
||||||
|
HostOSEdition = Core
|
||||||
|
RegisteredAV = Windows Defender,
|
||||||
|
FilterDrivers = WdFilter,wcifs,WIMMount,luafv,Wof,FileInfo,
|
||||||
|
UpgradeStartTime = 3/21/2018 9:47:16 PM
|
||||||
|
UpgradeEndTime = 3/21/2018 10:02:40 PM
|
||||||
|
UpgradeElapsedTime = 00:15:24
|
||||||
|
ReportId = dd4db176-4e3f-4451-aef6-22cf46de8bde
|
||||||
|
|
||||||
|
Error: SetupDiag reports Optional Component installation failed to open OC Package. Package Name: Foundation, Error: 0x8007001F
|
||||||
|
Recommend you check the "Windows Modules Installer" service (Trusted Installer) is started on the system and set to automatic start, reboot and try the update again. Optionally, you can check the status of optional components on the system (search for Windows Features), uninstall any unneeded optional components, reboot and try the update again.
|
||||||
|
Error: SetupDiag reports down-level failure, Operation: Finalize, Error: 0x8007001F - 0x50015
|
||||||
|
Refer to https://docs.microsoft.com/en-us/windows/deployment/upgrade/upgrade-error-codes for error information.
|
||||||
|
```
|
||||||
|
|
||||||
|
### XML log sample
|
||||||
|
|
||||||
|
```
|
||||||
|
<?xml version="1.0" encoding="utf-16"?>
|
||||||
|
<SetupDiag xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="https://docs.microsoft.com/en-us/windows/deployment/upgrade/setupdiag">
|
||||||
|
<Version>1.3.0.0</Version>
|
||||||
|
<ProfileName>DiskSpaceBlockInDownLevel</ProfileName>
|
||||||
|
<ProfileGuid>6080AFAC-892E-4903-94EA-7A17E69E549E</ProfileGuid>
|
||||||
|
<SystemInfo>
|
||||||
|
<MachineName>Offline</MachineName>
|
||||||
|
<Manufacturer>Microsoft Corporation</Manufacturer>
|
||||||
|
<Model>Virtual Machine</Model>
|
||||||
|
<HostOSArchitecture>x64</HostOSArchitecture>
|
||||||
|
<FirmwareType>UEFI</FirmwareType>
|
||||||
|
<BiosReleaseDate>20171012000000.000000+000</BiosReleaseDate>
|
||||||
|
<BiosVendor>Hyper-V UEFI Release v2.5</BiosVendor>
|
||||||
|
<BiosVersion>Hyper-V UEFI Release v2.5</BiosVersion>
|
||||||
|
<HostOSVersion>10.0.14393</HostOSVersion>
|
||||||
|
<HostOSBuildString>14393.1794.amd64fre.rs1_release.171008-1615</HostOSBuildString>
|
||||||
|
<TargetOSBuildString>10.0.16299.15 (rs3_release.170928-1534)</TargetOSBuildString>
|
||||||
|
<HostOSLanguageId>1033</HostOSLanguageId>
|
||||||
|
<HostOSEdition>Core</HostOSEdition>
|
||||||
|
<RegisteredAV />
|
||||||
|
<FilterDrivers />
|
||||||
|
<UpgradeStartTime>2017-12-21T12:56:22</UpgradeStartTime>
|
||||||
|
<UpgradeElapsedTime />
|
||||||
|
<UpgradeEndTime>2017-12-21T13:22:46</UpgradeEndTime>
|
||||||
|
<RollbackStartTime>0001-01-01T00:00:00</RollbackStartTime>
|
||||||
|
<RollbackEndTime>0001-01-01T00:00:00</RollbackEndTime>
|
||||||
|
<RollbackElapsedTime />
|
||||||
|
<CommercialId>Offline</CommercialId>
|
||||||
|
<SetupReportId>06600fcd-acc0-40e4-b7f8-bb984dc8d05a</SetupReportId>
|
||||||
|
<ReportId>06600fcd-acc0-40e4-b7f8-bb984dc8d05a</ReportId>
|
||||||
|
</SystemInfo>
|
||||||
|
<FailureData>Warning: Found Disk Space Hard Block.</FailureData>
|
||||||
|
<Remediation>You must free up at least "6603" MB of space on the System Drive, and try again.</Remediation>
|
||||||
|
</SetupDiag>
|
||||||
|
```
|
||||||
|
|
||||||
|
### JSON log sample
|
||||||
|
|
||||||
|
```
|
||||||
|
{"Version":"1.3.0.0","ProfileName":"DiskSpaceBlockInDownLevel","ProfileGuid":"6080AFAC-892E-4903-94EA-7A17E69E549E","SystemInfo":{"BiosReleaseDate":"20171012000000.000000+000","BiosVendor":"Hyper-V UEFI Release v2.5","BiosVersion":"Hyper-V UEFI Release v2.5","CV":null,"CommercialId":"Offline","FilterDrivers":"","FirmwareType":"UEFI","HostOSArchitecture":"x64","HostOSBuildString":"14393.1794.amd64fre.rs1_release.171008-1615","HostOSEdition":"Core","HostOSLanguageId":"1033","HostOSVersion":"10.0.14393","MachineName":"Offline","Manufacturer":"Microsoft Corporation","Model":"Virtual Machine","RegisteredAV":"","ReportId":"06600fcd-acc0-40e4-b7f8-bb984dc8d05a","RollbackElapsedTime":"PT0S","RollbackEndTime":"\/Date(-62135568000000-0800)\/","RollbackStartTime":"\/Date(-62135568000000-0800)\/","SDMode":1,"SetupReportId":"06600fcd-acc0-40e4-b7f8-bb984dc8d05a","TargetOSArchitecture":null,"TargetOSBuildString":"10.0.16299.15 (rs3_release.170928-1534)","UpgradeElapsedTime":"PT26M24S","UpgradeEndTime":"\/Date(1513891366000-0800)\/","UpgradeStartTime":"\/Date(1513889782000-0800)\/"},"FailureData":["Warning: Found Disk Space Hard Block."],"DeviceDriverInfo":null,"Remediation":["You must free up at least \"6603\" MB of space on the System Drive, and try again."]}
|
||||||
|
```
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
[Resolve Windows 10 upgrade errors: Technical information for IT Pros](https://docs.microsoft.com/en-us/windows/deployment/upgrade/resolve-windows-10-upgrade-errors)
|
[Resolve Windows 10 upgrade errors: Technical information for IT Pros](https://docs.microsoft.com/en-us/windows/deployment/upgrade/resolve-windows-10-upgrade-errors)
|
@ -109,7 +109,7 @@ This setting determines whether a device shows notifications about Windows diagn
|
|||||||
>| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\DataCollection |
|
>| **Registry key** | HKLM\Software\Policies\Microsoft\Windows\DataCollection |
|
||||||
>| **Value** | DisableTelemetryOptInChangeNotification |
|
>| **Value** | DisableTelemetryOptInChangeNotification |
|
||||||
>| **Type** | REG_DWORD |
|
>| **Type** | REG_DWORD |
|
||||||
>| **Setting** | "00000001" |
|
>| **Setting** | "00000000" |
|
||||||
|
|
||||||
#### MDM
|
#### MDM
|
||||||
|
|
||||||
|
@ -1,5 +1,7 @@
|
|||||||
# [Security](index.yml)
|
# [Security](index.yml)
|
||||||
## [Identity and access management](identity-protection/index.md)
|
## [Identity and access management](identity-protection/index.md)
|
||||||
## [Threat protection](threat-protection/index.md)
|
|
||||||
## [Information protection](information-protection/index.md)
|
## [Information protection](information-protection/index.md)
|
||||||
## [Hardware-based protection](hardware-protection/index.md)
|
## [Hardware-based protection](hardware-protection/index.md)
|
||||||
|
## [Threat protection](threat-protection/index.md)
|
||||||
|
|
||||||
|
|
||||||
|
@ -28,7 +28,7 @@ With TPM 1.2 and Windows 10, version 1507 or 1511, you can also take the followi
|
|||||||
|
|
||||||
- [Turn on or turn off the TPM](#turn-on-or-turn-off)
|
- [Turn on or turn off the TPM](#turn-on-or-turn-off)
|
||||||
|
|
||||||
For information about the TPM cmdlets, see [TPM Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj603116.aspx).
|
For information about the TPM cmdlets, see [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/trustedplatformmodule/?view=win10-ps).
|
||||||
|
|
||||||
## About TPM initialization and ownership
|
## About TPM initialization and ownership
|
||||||
|
|
||||||
@ -165,7 +165,7 @@ This capability was fully removed from TPM.msc in later versions of Windows.
|
|||||||
|
|
||||||
## Use the TPM cmdlets
|
## Use the TPM cmdlets
|
||||||
|
|
||||||
You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj603116.aspx).
|
You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/trustedplatformmodule/?view=win10-ps).
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
|
@ -14,7 +14,7 @@ metadata:
|
|||||||
|
|
||||||
keywords: protect, company, data, Windows, device, app, management, Microsoft365, e5, e3
|
keywords: protect, company, data, Windows, device, app, management, Microsoft365, e5, e3
|
||||||
|
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: high
|
||||||
|
|
||||||
author: brianlic-msft
|
author: brianlic-msft
|
||||||
|
|
||||||
@ -22,7 +22,7 @@ metadata:
|
|||||||
|
|
||||||
manager: brianlic
|
manager: brianlic
|
||||||
|
|
||||||
ms.date: 02/06/2018
|
ms.date: 07/12/2018
|
||||||
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|
||||||
@ -78,199 +78,17 @@ sections:
|
|||||||
|
|
||||||
title: Information protection
|
title: Information protection
|
||||||
|
|
||||||
- title: Security features built in to Windows 10
|
- title: Windows Defender Advanced Threat Protection
|
||||||
|
|
||||||
items:
|
items:
|
||||||
|
|
||||||
- type: paragraph
|
|
||||||
|
|
||||||
text: 'Windows 10 enables critical security features to protect your device right from the start.'
|
|
||||||
|
|
||||||
- type: list
|
|
||||||
|
|
||||||
style: cards
|
|
||||||
|
|
||||||
className: cardsM
|
|
||||||
|
|
||||||
columns: 3
|
|
||||||
|
|
||||||
items:
|
|
||||||
|
|
||||||
- href: \windows\security\hardware-protection\how-hardware-based-containers-help-protect-windows
|
|
||||||
|
|
||||||
html: <p>Protect the boot process and maintain system integrity</p>
|
|
||||||
|
|
||||||
image:
|
|
||||||
|
|
||||||
src: https://docs.microsoft.com/media/common/i_identity-protection.svg
|
|
||||||
|
|
||||||
title: Windows Defender System Guard
|
|
||||||
|
|
||||||
- href: \windows\security\threat-protection\windows-defender-antivirus\windows-defender-antivirus-in-windows-10
|
|
||||||
|
|
||||||
html: <p>Protect against malware management using next-generation antivirus technologies</p>
|
|
||||||
|
|
||||||
image:
|
|
||||||
|
|
||||||
src: https://docs.microsoft.com/media/common/i_threat-protection.svg
|
|
||||||
|
|
||||||
title: Windows Defender Antivirus
|
|
||||||
|
|
||||||
- href: \windows\security\information-protection\bitlocker\bitlocker-overview
|
|
||||||
|
|
||||||
html: <p>Prevent data theft from lost or stolen devices</p>
|
|
||||||
|
|
||||||
image:
|
|
||||||
|
|
||||||
src: https://docs.microsoft.com/media/common/i_information-protection.svg
|
|
||||||
|
|
||||||
title: BitLocker
|
|
||||||
|
|
||||||
- title: Security features in Microsoft 365 E3
|
|
||||||
|
|
||||||
items:
|
|
||||||
|
|
||||||
- type: paragraph
|
|
||||||
|
|
||||||
text: 'Windows 10 Enterprise provides the foundation for Microsoft 365 E3 and a secure modern workplace.'
|
|
||||||
|
|
||||||
- type: list
|
|
||||||
|
|
||||||
style: cards
|
|
||||||
|
|
||||||
className: cardsM
|
|
||||||
|
|
||||||
columns: 3
|
|
||||||
|
|
||||||
items:
|
|
||||||
|
|
||||||
- href: \windows\security\identity-protection\hello-for-business\hello-overview
|
|
||||||
|
|
||||||
html: <p>Give users a more personal and secure way to access their devices</p>
|
|
||||||
|
|
||||||
image:
|
|
||||||
|
|
||||||
src: https://docs.microsoft.com/media/common/i_identity-protection.svg
|
|
||||||
|
|
||||||
title: Windows Hello for Business
|
|
||||||
|
|
||||||
- href: \windows\security\threat-protection\windows-defender-application-control\windows-defender-application-control
|
|
||||||
|
|
||||||
html: <p>Lock down applications that run on a device</p>
|
|
||||||
|
|
||||||
image:
|
|
||||||
|
|
||||||
src: https://docs.microsoft.com/media/common/i_threat-protection.svg
|
|
||||||
|
|
||||||
title: Windows Defender Application Control
|
|
||||||
|
|
||||||
- href: \windows\security\information-protection\windows-information-protection\protect-enterprise-data-using-wip
|
|
||||||
|
|
||||||
html: <p>Prevent accidental data leaks from enterprise devices</p>
|
|
||||||
|
|
||||||
image:
|
|
||||||
|
|
||||||
src: https://docs.microsoft.com/media/common/i_information-protection.svg
|
|
||||||
|
|
||||||
title: Windows Information Protection
|
|
||||||
|
|
||||||
- title: Security features in Microsoft 365 E5
|
|
||||||
|
|
||||||
items:
|
|
||||||
|
|
||||||
- type: paragraph
|
|
||||||
|
|
||||||
text: 'Get all of the protection from Microsoft 365 E3 security, plus these cloud-based security features to help you defend against even the most advanced threats.'
|
|
||||||
|
|
||||||
- type: list
|
|
||||||
|
|
||||||
style: cards
|
|
||||||
|
|
||||||
className: cardsM
|
|
||||||
|
|
||||||
columns: 3
|
|
||||||
|
|
||||||
items:
|
|
||||||
|
|
||||||
- href: https://docs.microsoft.com/azure/active-directory/active-directory-identityprotection
|
|
||||||
|
|
||||||
html: <p>Identity Protection and Privileged Identity Management</p>
|
|
||||||
|
|
||||||
image:
|
|
||||||
|
|
||||||
src: https://docs.microsoft.com/media/common/i_identity-protection.svg
|
|
||||||
|
|
||||||
title: Azure Active Directory P2
|
|
||||||
|
|
||||||
- href: \windows\security\threat-protection\Windows-defender-atp\windows-defender-advanced-threat-protection
|
|
||||||
|
|
||||||
html: <p>Detect, investigate, and respond to advanced cyberattacks</p>
|
|
||||||
|
|
||||||
image:
|
|
||||||
|
|
||||||
src: https://docs.microsoft.com/media/common/i_threat-protection.svg
|
|
||||||
|
|
||||||
title: Windows Defender Advanced Threat Protection
|
|
||||||
|
|
||||||
- href: https://www.microsoft.com/cloud-platform/azure-information-protection
|
|
||||||
|
|
||||||
html: <p>Protect documents and email automatically</p>
|
|
||||||
|
|
||||||
image:
|
|
||||||
|
|
||||||
src: https://docs.microsoft.com/media/common/i_information-protection.svg
|
|
||||||
|
|
||||||
title: Azure Information Protection P2
|
|
||||||
|
|
||||||
- title: Videos
|
|
||||||
|
|
||||||
items:
|
|
||||||
|
|
||||||
- type: markdown
|
- type: markdown
|
||||||
|
text: "
|
||||||
text: ">[](https://www.youtube.com/watch?v=IvZySDNfNpo)"
|
Prevent, detect, investigate, and respond to advanced threats. The following capabilities are available across multiple products that make up the Windows Defender ATP platform.
|
||||||
|
<br> <br>
|
||||||
- type: markdown
|
<table border='0'><tr><td><b>Attack surface reduction</b></td><td><b>Next generation protection</b></td><td><b>Endpoint detection and response</b></td><td><b>Auto investigation and remediation</b></td><td><b>Security posture</b></td></tr>
|
||||||
|
<tr><td>[Hardware based isolation](https://docs.microsoft.com/en-us/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows)<br><br>[Application control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)<br><br>[Exploit protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard)<br><br>[Network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard)<br><br>[Device restrictions](https://docs.microsoft.com/en-us/intune/device-restrictions-configure)<br><br>[Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard)<br><br>[Network firewall](https://docs.microsoft.com/en-us/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security)<br><br>[Attack surface reduction controls](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)</td>
|
||||||
text: ">[](https://www.youtube.com/watch?v=JDGMNFwyUg8)"
|
<td>[Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)<br><br>[Machine learning](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus)<br><br>[Automated sandbox service](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus)</td>
|
||||||
|
<td>[Alerts queue](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection)<br><br>[Historical endpoint data](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection#machine-timeline)<br><br>[Realtime and historical threat hunting](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection)<br><br>[API and SIEM integration](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection)<br><br>[Response orchestration](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection)<br><br>[Forensic collection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection#collect-investigation-package-from-machines)<br><br>[Threat intelligence](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection)<br><br>[Advanced detonation and analysis service](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection#deep-analysis)</td>
|
||||||
- title: Additional security features in Windows 10
|
<td>[Automated investigation and remediation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection)<br><br>[Threat remediation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection#how-threats-are-remediated)<br><br>[Manage automated investigations](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection#manage-automated-investigations)<br><br>[Analyze automated investigation](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection#analyze-automated-investigations)</td>
|
||||||
|
<td>[Asset inventory](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection)<br><br>[Operating system baseline compliance](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection)<br><br>[Recommended improvement actions](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection)<br><br>[Secure score](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection)<br><br>[Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection)<br><br>[Reporting and trends](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection)</td>
|
||||||
items:
|
</tr>
|
||||||
|
</table>"
|
||||||
- type: paragraph
|
|
||||||
|
|
||||||
text: 'These additional security features are also built in to Windows 10 Enterprise.'
|
|
||||||
|
|
||||||
- type: list
|
|
||||||
|
|
||||||
style: unordered
|
|
||||||
|
|
||||||
items:
|
|
||||||
|
|
||||||
- html: <a href="/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security">Windows Defender Firewall</a>
|
|
||||||
- html: <a href="/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard">Windows Defender Exploit Guard</a>
|
|
||||||
- html: <a href="/windows/security/identity-protection/credential-guard/credential-guard">Windows Defender Credential Guard</a>
|
|
||||||
- html: <a href="/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control">Windows Defender Application Control</a>
|
|
||||||
- html: <a href="/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview">Windows Defender Application Guard</a>
|
|
||||||
- html: <a href="/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview">Windows Defender SmartScreen</a>
|
|
||||||
- html: <a href="/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center">Windows Defender Security Center</a>
|
|
||||||
|
|
||||||
- title: Security Resources
|
|
||||||
|
|
||||||
items:
|
|
||||||
|
|
||||||
- type: list
|
|
||||||
|
|
||||||
style: unordered
|
|
||||||
|
|
||||||
items:
|
|
||||||
|
|
||||||
- html: <a href="https://www.microsoft.com/wdsi">Windows Defender Security Intelligence</a>
|
|
||||||
- html: <a href="https://cloudblogs.microsoft.com/microsoftsecure/">Microsoft Secure blog</a>
|
|
||||||
- html: <a href="https://portal.msrc.microsoft.com/">Security Update blog</a>
|
|
||||||
- html: <a href="https://technet.microsoft.com/security/dn440717.aspx(d=robot)">Microsoft Security Response Center (MSRC)</a>
|
|
||||||
- html: <a href="https://blogs.technet.microsoft.com/msrc/">MSRC Blog</a>
|
|
||||||
- html: <a href="https://www.microsoft.com/wdsi/threats/ransomware">Ransomware FAQ</a>
|
|
||||||
|
|
||||||
|
|
@ -8,7 +8,7 @@ ms.sitesec: library
|
|||||||
ms.pagetype: security
|
ms.pagetype: security
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
author: brianlic-msft
|
author: brianlic-msft
|
||||||
ms.date: 05/03/2018
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# BitLocker To Go FAQ
|
# BitLocker To Go FAQ
|
||||||
@ -20,3 +20,5 @@ ms.date: 05/03/2018
|
|||||||
|
|
||||||
BitLocker To Go is BitLocker Drive Encryption on removable data drives. This includes the encryption of USB flash drives, SD cards, external hard disk drives, and other drives formatted by using the NTFS, FAT16, FAT32, or exFAT file systems.
|
BitLocker To Go is BitLocker Drive Encryption on removable data drives. This includes the encryption of USB flash drives, SD cards, external hard disk drives, and other drives formatted by using the NTFS, FAT16, FAT32, or exFAT file systems.
|
||||||
|
|
||||||
|
As with BitLocker, drives that are encrypted using BitLocker To Go can be opened with a password or smart card on another computer by using **BitLocker Drive Encryption** in Control Panel.
|
||||||
|
|
||||||
|
@ -8,7 +8,7 @@ ms.sitesec: library
|
|||||||
ms.pagetype: security
|
ms.pagetype: security
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
author: brianlic-msft
|
author: brianlic-msft
|
||||||
ms.date: 05/03/2018
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Using BitLocker with other programs FAQ
|
# Using BitLocker with other programs FAQ
|
||||||
@ -89,11 +89,11 @@ Yes. However, shadow copies made prior to enabling BitLocker will be automatical
|
|||||||
|
|
||||||
BitLocker should work like any specific physical machine within its hardware limitations as long as the environment (physical or virtual) meets Windows Operating System requirements to run.
|
BitLocker should work like any specific physical machine within its hardware limitations as long as the environment (physical or virtual) meets Windows Operating System requirements to run.
|
||||||
- With TPM - Yes it is supported
|
- With TPM - Yes it is supported
|
||||||
- Without TPM - Yes it is supported (with password ) protector
|
- Without TPM - Yes it is supported (with password protector)
|
||||||
|
|
||||||
BitLocker is also supported on data volume VHDs, such as those used by clusters, if you are running Windows 10, Windows 8.1, Windows 8, Windows Server 2012, or Windows Server 2012 R2.
|
BitLocker is also supported on data volume VHDs, such as those used by clusters, if you are running Windows 10, Windows 8.1, Windows 8, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012.
|
||||||
|
|
||||||
## Can I use BitLocker with virtual machines (VMs)?
|
## Can I use BitLocker with virtual machines (VMs)?
|
||||||
|
|
||||||
Yes. Password protectors and virtual TPMs can be used with BitLocker to protect virtual machines. VMs can be domain joined, Azure AD-joined, or workplace-joined (in **Settings** under **Accounts** > **Access work or school** > **Connect** to receive policy. You can enable encryption either while creating the VM or by using other existing management tools such as the BitLocker CSP, or even by using a startup script or logon script delivered by Group Policy. Windows Server 2016 also supports [Shielded VMs and guarded fabric](https://docs.microsoft.com/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-and-shielded-vms-top-node) to protect VMs from malicious administrators.
|
Yes. Password protectors and virtual TPMs can be used with BitLocker to protect virtual machines. VMs can be domain joined, Azure AD-joined, or workplace-joined (via **Settings** > **Accounts** > **Access work or school** > **Connect**) to receive policy. You can enable encryption either while creating the VM or by using other existing management tools such as the BitLocker CSP, or even by using a startup script or logon script delivered by Group Policy. Windows Server 2016 also supports [Shielded VMs and guarded fabric](https://docs.microsoft.com/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-and-shielded-vms-top-node) to protect VMs from malicious administrators.
|
||||||
|
|
||||||
|
@ -41,10 +41,7 @@ The recovery process included in this topic only works for desktop devices. WIP
|
|||||||
>[!Important]
|
>[!Important]
|
||||||
>Because the private keys in your DRA .pfx files can be used to decrypt any WIP file, you must protect them accordingly. We highly recommend storing these files offline, keeping copies on a smart card with strong protection for normal use and master copies in a secured physical location.
|
>Because the private keys in your DRA .pfx files can be used to decrypt any WIP file, you must protect them accordingly. We highly recommend storing these files offline, keeping copies on a smart card with strong protection for normal use and master copies in a secured physical location.
|
||||||
|
|
||||||
4. Add your EFS DRA certificate to your WIP policy using a deployment tool, such as Microsoft Intune or System Center Configuration Manager.
|
4. Add your EFS DRA certificate to your WIP policy using a deployment tool, such as [Microsoft Intune](create-wip-policy-using-intune.md) or [System Center Configuration Manager](create-wip-policy-using-sccm.md).
|
||||||
|
|
||||||
>[!Note]
|
|
||||||
>To add your EFS DRA certificate to your policy by using Microsoft Intune, see the [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) topic. To add your EFS DRA certificate to your policy by using System Center Configuration Manager, see the [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) topic.
|
|
||||||
|
|
||||||
## Verify your data recovery certificate is correctly set up on a WIP client computer
|
## Verify your data recovery certificate is correctly set up on a WIP client computer
|
||||||
|
|
||||||
|
@ -8,7 +8,7 @@ ms.pagetype: security
|
|||||||
author: justinha
|
author: justinha
|
||||||
ms.author: justinha
|
ms.author: justinha
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.date: 05/30/2018
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune
|
# Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune
|
||||||
@ -379,7 +379,7 @@ Starting with Windows 10, version 1703, Intune automatically determines your cor
|
|||||||
|
|
||||||
1. From the **App policy** blade, click the name of your policy, and then click **Required settings**.
|
1. From the **App policy** blade, click the name of your policy, and then click **Required settings**.
|
||||||
|
|
||||||
2. If the auto-defined identity isn’t correct, you can change the info in the **Corporate identity** field. If you need to add additional domains, for example your email domains, you can do it in the **Advanced settings** area.
|
2. If the auto-defined identity isn’t correct, you can change the info in the **Corporate identity** field. If you need to add domains, for example your email domains, you can do it in the **Advanced settings** area.
|
||||||
|
|
||||||

|

|
||||||
|
|
||||||
@ -487,7 +487,7 @@ After you've decided where your protected apps can access enterprise data on you
|
|||||||
|
|
||||||
- **Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile.** Determines whether to encrypt enterprise data using a key that's protected by an employee's PIN code on a locked device. Apps won't be able to read corporate data when the device is locked. The options are:
|
- **Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile.** Determines whether to encrypt enterprise data using a key that's protected by an employee's PIN code on a locked device. Apps won't be able to read corporate data when the device is locked. The options are:
|
||||||
|
|
||||||
- **On (recommended).** Turns on the feature and provides the additional protection.
|
- **On.** Turns on the feature and provides the additional protection.
|
||||||
|
|
||||||
- **Off, or not configured.** Doesn't enable this feature.
|
- **Off, or not configured.** Doesn't enable this feature.
|
||||||
|
|
||||||
@ -497,7 +497,7 @@ After you've decided where your protected apps can access enterprise data on you
|
|||||||
|
|
||||||
- **Off.** Stop local encryption keys from being revoked from a device during unenrollment. For example if you’re migrating between Mobile Device Management (MDM) solutions.
|
- **Off.** Stop local encryption keys from being revoked from a device during unenrollment. For example if you’re migrating between Mobile Device Management (MDM) solutions.
|
||||||
|
|
||||||
- **Show the Windows Information Protection icon overlay.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explorer views. The options are:
|
- **Show the enterprise data protection icon.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explorer views. The options are:
|
||||||
|
|
||||||
- **On.** Allows the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Additionally, for unenlightened but protected apps, the icon overlay also appears on the app tile and with Managed text on the app name in the **Start** menu.
|
- **On.** Allows the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Additionally, for unenlightened but protected apps, the icon overlay also appears on the app tile and with Managed text on the app name in the **Start** menu.
|
||||||
|
|
||||||
@ -509,6 +509,12 @@ After you've decided where your protected apps can access enterprise data on you
|
|||||||
|
|
||||||
- **Off, or not configured.** Stops using Azure Rights Management encryption with WIP.
|
- **Off, or not configured.** Stops using Azure Rights Management encryption with WIP.
|
||||||
|
|
||||||
|
- **Allow Windows Search Indexer to search encrypted files.** Determines whether to allow the Windows Search Indexer to index items that are encrypted, such as WIP protected files.
|
||||||
|
|
||||||
|
- **On.** Starts Windows Search Indexer to index encrypted files.
|
||||||
|
|
||||||
|
- **Off, or not configured.** Stops Windows Search Indexer from indexing encrypted files.
|
||||||
|
|
||||||
## Choose to set up Azure Rights Management with WIP
|
## Choose to set up Azure Rights Management with WIP
|
||||||
WIP can integrate with Microsoft Azure Rights Management to enable secure sharing of files by using removable drives such as USB drives. For more info about Azure Rights Management, see [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management). To integrate Azure Rights Management with WIP, you must already have Azure Rights Management set up.
|
WIP can integrate with Microsoft Azure Rights Management to enable secure sharing of files by using removable drives such as USB drives. For more info about Azure Rights Management, see [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management). To integrate Azure Rights Management with WIP, you must already have Azure Rights Management set up.
|
||||||
|
|
||||||
|
Before Width: | Height: | Size: 3.7 KiB After Width: | Height: | Size: 4.6 KiB |
Before Width: | Height: | Size: 11 KiB After Width: | Height: | Size: 14 KiB |
Before Width: | Height: | Size: 47 KiB After Width: | Height: | Size: 33 KiB |
Before Width: | Height: | Size: 37 KiB After Width: | Height: | Size: 25 KiB |
BIN
windows/security/threat-protection/images/wdatp-pillars2.png
Normal file
After Width: | Height: | Size: 140 KiB |
@ -10,19 +10,27 @@ ms.date: 02/05/2018
|
|||||||
---
|
---
|
||||||
|
|
||||||
# Threat Protection
|
# Threat Protection
|
||||||
|
Windows Defender Advanced Threat Protection (ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Windows Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents and improves security posture.
|
||||||
|
|
||||||
|

|
||||||
|
|
||||||
|
The following capabilities are available across multiple products that make up the Windows Defender ATP platform.
|
||||||
|
|
||||||
|
**Attack surface reduction**<br>
|
||||||
|
The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations.
|
||||||
|
|
||||||
|
**Next generation protection**<br>
|
||||||
|
To further reinforce the security perimeter of your network, Windows Defender ATP uses next generation protection designed to catch all types of emerging threats.
|
||||||
|
|
||||||
|
**Endpoint protection and response**<br>
|
||||||
|
Endpoint protection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars.
|
||||||
|
|
||||||
|
**Auto investigation and remediation**<br>
|
||||||
|
In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
|
||||||
|
|
||||||
|
**Security posture**<br>
|
||||||
|
Windows Defender ATP provides a security posture capability to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security state of your network.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Learn more about how to help protect against threats in Windows 10 and Windows 10 Mobile.
|
|
||||||
|
|
||||||
| Section | Description |
|
|
||||||
|-|-|
|
|
||||||
|[Windows Defender Security Center](windows-defender-security-center/windows-defender-security-center.md)|Learn about the easy-to-use app that brings together common Windows security features.|
|
|
||||||
|[Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md)|Provides info about Windows Defender Advanced Threat Protection (Windows Defender ATP), an out-of-the-box Windows enterprise security service that enables enterprise cybersecurity teams to detect and respond to advanced threats on their networks.|
|
|
||||||
|[Windows Defender Antivirus in Windows 10](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)|Provides info about Windows Defender Antivirus, a built-in antimalware solution that helps provide security and antimalware management for desktops, portable computers, and servers. Includes a list of system requirements and new features.|
|
|
||||||
|[Windows Defender Application Guard](windows-defender-application-guard/wd-app-guard-overview.md)|Provides info about Windows Defender Application Guard, the hardware-based virtualization solution that helps to isolate a device and operating system from an untrusted browser session.|
|
|
||||||
|[Windows Defender Application Control](windows-defender-application-control/windows-defender-application-control.md)|Explains how Windows Defender Application Control restricts the applications that users are allowed to run and the code that runs in the System Core (kernel).|
|
|
||||||
|[Enable HVCI](windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)|Explains how to enable HVCI to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code.|
|
|
||||||
|[Windows Defender SmartScreen](windows-defender-smartscreen/windows-defender-smartscreen-overview.md) |Learn more about Windows Defender SmartScreen.|
|
|
||||||
|[Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md) |Learn more about mitigating threats in Windows 10.|
|
|
||||||
|[Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) |Use Group Policy to override individual **Process Mitigation Options** settings and help to enforce specific app-related security policies.|
|
|
||||||
|[Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-intrusion-detection.md) |Learn about an approach to collect events from devices in your organization. This article talks about events in both normal operations and when an intrusion is suspected. |
|
|
||||||
|[Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md) |Provides info about how to help protect your company from attacks which may originate from untrusted or attacker controlled font files. |
|
|
||||||
|
@ -11,7 +11,7 @@ ms.pagetype: security
|
|||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
author: andreabichsel
|
author: andreabichsel
|
||||||
ms.author: v-anbic
|
ms.author: v-anbic
|
||||||
ms.date: 04/30/2018
|
ms.date: 07/10/2018
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
@ -68,9 +68,7 @@ See [How to create and deploy antimalware policies: Scan settings]( https://docs
|
|||||||
|
|
||||||
**Use Microsoft Intune to configure scanning options**
|
**Use Microsoft Intune to configure scanning options**
|
||||||
|
|
||||||
|
See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10#windows-defender-antivirus) for more details.
|
||||||
|
|
||||||
See [Help secure Windows PCs with Endpoint Protection for Microsoft Intune: Scan options](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune#specify-scan-options-settings) and [Windows Defender policy settings in Windows 10](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune#windows-defender-1) for more details.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -11,7 +11,7 @@ ms.pagetype: security
|
|||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
author: andreabichsel
|
author: andreabichsel
|
||||||
ms.author: v-anbic
|
ms.author: v-anbic
|
||||||
ms.date: 04/30/2018
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Configure and validate exclusions based on file extension and folder location
|
# Configure and validate exclusions based on file extension and folder location
|
||||||
@ -186,8 +186,7 @@ See [How to create and deploy antimalware policies: Exclusion settings](https://
|
|||||||
|
|
||||||
**Use Microsoft Intune to configure file name, folder, or file extension exclusions:**
|
**Use Microsoft Intune to configure file name, folder, or file extension exclusions:**
|
||||||
|
|
||||||
|
See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10#windows-defender-antivirus) for more details.
|
||||||
See [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune) and [Windows Defender policy settings in Windows 10](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune#windows-defender-1) for more details.
|
|
||||||
|
|
||||||
|
|
||||||
**Use the Windows Defender Security Center app to configure file name, folder, or file extension exclusions:**
|
**Use the Windows Defender Security Center app to configure file name, folder, or file extension exclusions:**
|
||||||
|
@ -11,7 +11,7 @@ ms.pagetype: security
|
|||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
author: andreabichsel
|
author: andreabichsel
|
||||||
ms.author: v-anbic
|
ms.author: v-anbic
|
||||||
ms.date: 04/30/2018
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Configure exclusions for files opened by processes
|
# Configure exclusions for files opened by processes
|
||||||
@ -142,8 +142,7 @@ See [How to create and deploy antimalware policies: Exclusion settings](https://
|
|||||||
|
|
||||||
**Use Microsoft Intune to exclude files that have been opened by specified processes from scans:**
|
**Use Microsoft Intune to exclude files that have been opened by specified processes from scans:**
|
||||||
|
|
||||||
|
See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10#windows-defender-antivirus) for more details.
|
||||||
See [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune) and [Windows Defender policy settings in Windows 10](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune#windows-defender-1) for more details.
|
|
||||||
|
|
||||||
|
|
||||||
**Use the Windows Defender Security Center app to exclude files that have been opened by specified processes from scans:**
|
**Use the Windows Defender Security Center app to exclude files that have been opened by specified processes from scans:**
|
||||||
@ -173,7 +172,7 @@ Environment variables | The defined variable will be populated as a path when th
|
|||||||
<a id="review"></a>
|
<a id="review"></a>
|
||||||
## Review the list of exclusions
|
## Review the list of exclusions
|
||||||
|
|
||||||
You can retrieve the items in the exclusion list with PowerShell, [System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings), [Intune](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune), or the [Windows Defender Security Center app](windows-defender-security-center-antivirus.md#exclusions).
|
You can retrieve the items in the exclusion list with PowerShell, [System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings), [Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure), or the [Windows Defender Security Center app](windows-defender-security-center-antivirus.md#exclusions).
|
||||||
|
|
||||||
If you use PowerShell, you can retrieve the list in two ways:
|
If you use PowerShell, you can retrieve the list in two ways:
|
||||||
|
|
||||||
|
@ -11,7 +11,7 @@ ms.pagetype: security
|
|||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
author: andreabichsel
|
author: andreabichsel
|
||||||
ms.author: v-anbic
|
ms.author: v-anbic
|
||||||
ms.date: 04/30/2018
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
||||||
@ -35,7 +35,7 @@ ms.date: 04/30/2018
|
|||||||
|
|
||||||
When Windows Defender Antivirus runs a scan, it will attempt to remediate or remove threats that it finds. You can configure how Windows Defender AV should react to certain threats, whether it should create a restore point before remediating, and when it should remove remediated threats.
|
When Windows Defender Antivirus runs a scan, it will attempt to remediate or remove threats that it finds. You can configure how Windows Defender AV should react to certain threats, whether it should create a restore point before remediating, and when it should remove remediated threats.
|
||||||
|
|
||||||
This topic describes how to configure these settings with Group Policy, but you can also use [System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#threat-overrides-settings) and [Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune#choose-default-actions-settings).
|
This topic describes how to configure these settings with Group Policy, but you can also use [System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#threat-overrides-settings) and [Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure).
|
||||||
|
|
||||||
You can also use the [`Set-MpPreference` PowerShell cmdlet](https://technet.microsoft.com/itpro/powershell/windows/defender/set-mppreference) or [`MSFT_MpPreference` WMI class](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx) to configure these settings.
|
You can also use the [`Set-MpPreference` PowerShell cmdlet](https://technet.microsoft.com/itpro/powershell/windows/defender/set-mppreference) or [`MSFT_MpPreference` WMI class](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx) to configure these settings.
|
||||||
|
|
||||||
|
@ -11,7 +11,7 @@ ms.pagetype: security
|
|||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
author: andreabichsel
|
author: andreabichsel
|
||||||
ms.author: v-anbic
|
ms.author: v-anbic
|
||||||
ms.date: 11/20/2017
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Detect and block Potentially Unwanted Applications
|
# Detect and block Potentially Unwanted Applications
|
||||||
@ -107,8 +107,7 @@ See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use
|
|||||||
|
|
||||||
**Use Intune to configure the PUA protection feature**
|
**Use Intune to configure the PUA protection feature**
|
||||||
|
|
||||||
See [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune) and [Windows Defender policy settings in Windows 10](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune#windows-defender-1) for more details.
|
See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10#windows-defender-antivirus) for more details.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
@ -11,7 +11,7 @@ ms.pagetype: security
|
|||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
author: andreabichsel
|
author: andreabichsel
|
||||||
ms.author: v-anbic
|
ms.author: v-anbic
|
||||||
ms.date: 04/30/2018
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Enable cloud-delivered protection in Windows Defender AV
|
# Enable cloud-delivered protection in Windows Defender AV
|
||||||
@ -108,24 +108,21 @@ See the following for more information and allowed parameters:
|
|||||||
|
|
||||||
**Use Intune to enable cloud-delivered protection**
|
**Use Intune to enable cloud-delivered protection**
|
||||||
|
|
||||||
1. Open the [Microsoft Intune administration console](https://manage.microsoft.com/), and navigate to the associated policy you want to configure.
|
1. Sign in to the [Azure portal](https://portal.azure.com).
|
||||||
2. Under the **Endpoint Protection** setting, scroll down to the **Endpoint Protection Service** section set the **Submit files automatically when further analysis is required** setting to either of the following:
|
2. Select **All services > Intune**.
|
||||||
1. **Send samples automatically**
|
3. In the **Intune** pane, select **Device configuration > Profiles**, and then select the **Device restrictions** profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure).
|
||||||
1. **Send all samples automatically**
|
4. Select **Properties**, select **Settings: Configure**, and then select **Windows Defender Antivirus**.
|
||||||
|
5. On the **Cloud-delivered protection** switch, select **Enable**.
|
||||||
|
6. In the **Prompt users before sample submission** dropdown, select **Send all data without prompting**.
|
||||||
|
7. In the **Submit samples consent** dropdown, select one of the following:
|
||||||
|
1. **Send safe samples automatically**
|
||||||
|
2. **Send all samples automatically**
|
||||||
|
|
||||||
> [!WARNING]
|
> [!WARNING]
|
||||||
> Setting to **Always Prompt** will lower the protection state of the device. Setting to **Never send** means the [Block at First Sight](configure-block-at-first-sight-windows-defender-antivirus.md) feature will not function.
|
> Setting to **Always Prompt** will lower the protection state of the device. Setting to **Never send** means the [Block at First Sight](configure-block-at-first-sight-windows-defender-antivirus.md) feature will not function.
|
||||||
5. Scroll down to the **Microsoft Active Protection Service** section and set the following settings:
|
8. Click **OK** to exit the **Windows Defender Antivirus** settings pane, click **OK** to exit the **Device restrictions** pane, and then click **Save** to save the changes to your **Device restrictions** profile.
|
||||||
|
|
||||||
Setting | Set to
|
For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/en-us/intune/device-profiles)
|
||||||
--|--
|
|
||||||
Join Microsoft Active Protection Service | Yes
|
|
||||||
Membership level | Advanced
|
|
||||||
Receive dynamic definitions based on Microsoft Active Protection Service reports | Yes
|
|
||||||
|
|
||||||
3. Save and [deploy the policy as usual](https://docs.microsoft.com/en-us/intune/deploy-use/common-windows-pc-management-tasks-with-the-microsoft-intune-computer-client).
|
|
||||||
|
|
||||||
See [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune) for more details.
|
|
||||||
|
|
||||||
**Enable cloud-delivered protection on individual clients with the Windows Defender Security Center app**
|
**Enable cloud-delivered protection on individual clients with the Windows Defender Security Center app**
|
||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
|
@ -11,7 +11,7 @@ ms.pagetype: security
|
|||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
author: andreabichsel
|
author: andreabichsel
|
||||||
ms.author: v-anbic
|
ms.author: v-anbic
|
||||||
ms.date: 04/30/2018
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Report on Windows Defender Antivirus protection
|
# Report on Windows Defender Antivirus protection
|
||||||
@ -28,7 +28,7 @@ There are a number of ways you can review protection status and alerts, dependin
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
You can use System Center Configuration Manager to [monitor Windows Defender AV protection](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/monitor-endpoint-protection) or [create email alerts](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-configure-alerts), or you can also monitor protection using the [Microsoft Intune console](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune#monitor-endpoint-protection).
|
You can use System Center Configuration Manager to [monitor Windows Defender AV protection](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/monitor-endpoint-protection) or [create email alerts](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-configure-alerts), or you can also monitor protection using [Microsoft Intune](https://docs.microsoft.com/en-us/intune/introduction-intune).
|
||||||
|
|
||||||
Microsoft Operations Management Suite has an [Update Compliance add-in](/windows/deployment/update/update-compliance-get-started) that reports on key Windows Defender AV issues, including protection updates and real-time protection settings.
|
Microsoft Operations Management Suite has an [Update Compliance add-in](/windows/deployment/update/update-compliance-get-started) that reports on key Windows Defender AV issues, including protection updates and real-time protection settings.
|
||||||
|
|
||||||
|
@ -11,7 +11,7 @@ ms.pagetype: security
|
|||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
author: andreabichsel
|
author: andreabichsel
|
||||||
ms.author: v-anbic
|
ms.author: v-anbic
|
||||||
ms.date: 08/26/2017
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Review Windows Defender AV scan results
|
# Review Windows Defender AV scan results
|
||||||
@ -83,7 +83,9 @@ Use the [**Get** method of the **MSFT_MpThreat** and **MSFT_MpThreatDetection**]
|
|||||||
|
|
||||||
**Use Microsoft Intune to review Windows Defender AV scan results:**
|
**Use Microsoft Intune to review Windows Defender AV scan results:**
|
||||||
|
|
||||||
See [Help secure Windows PCs with Endpoint Protection for Microsoft Intune: Monitor Endpoint Protection](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune#monitor-endpoint-protection).
|
1. In Intune, go to **Devices > All Devices** and select the device you want to scan.
|
||||||
|
|
||||||
|
2. Click the scan results in **Device actions status**.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -11,7 +11,7 @@ ms.pagetype: security
|
|||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
author: andreabichsel
|
author: andreabichsel
|
||||||
ms.author: v-anbic
|
ms.author: v-anbic
|
||||||
ms.date: 08/26/2017
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
||||||
@ -98,8 +98,9 @@ See the following for more information and allowed parameters:
|
|||||||
|
|
||||||
**Use Microsoft Intune to run a scan:**
|
**Use Microsoft Intune to run a scan:**
|
||||||
|
|
||||||
|
1. In Intune, go to **Devices > All Devices** and select the device you want to scan.
|
||||||
|
|
||||||
See [Help secure Windows PCs with Endpoint Protection for Microsoft Intune: Run a malware scan](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune#run-a-malware-scan-or-update-malware-definitions-on-a-computer) and [Windows Defender policy settings in Windows 10](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune#windows-defender-1) for more details.
|
2. Select **...More** and then select **Quick Scan** or **Full Scan**.
|
||||||
|
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
@ -11,7 +11,7 @@ ms.pagetype: security
|
|||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
author: andreabichsel
|
author: andreabichsel
|
||||||
ms.author: v-anbic
|
ms.author: v-anbic
|
||||||
ms.date: 04/30/2018
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
||||||
@ -43,7 +43,7 @@ In addition to always-on real-time protection and [on-demand](run-scan-windows-d
|
|||||||
|
|
||||||
You can configure the type of scan, when the scan should occur, and if the scan should occur after a [protection update](manage-protection-updates-windows-defender-antivirus.md) or if the endpoint is being used. You can also specify when special scans to complete remediation should occur.
|
You can configure the type of scan, when the scan should occur, and if the scan should occur after a [protection update](manage-protection-updates-windows-defender-antivirus.md) or if the endpoint is being used. You can also specify when special scans to complete remediation should occur.
|
||||||
|
|
||||||
This topic describes how to configure scheduled scans with Group Policy, PowerShell cmdlets, and WMI. You can also configure schedules scans with [System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#scheduled-scans-settings) or [Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intunespecify-scan-schedule-settings).
|
This topic describes how to configure scheduled scans with Group Policy, PowerShell cmdlets, and WMI. You can also configure schedules scans with [System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#scheduled-scans-settings) or [Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure).
|
||||||
|
|
||||||
To configure the Group Policy settings described in this topic:
|
To configure the Group Policy settings described in this topic:
|
||||||
|
|
||||||
|
@ -6,7 +6,7 @@ ms.prod: w10
|
|||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
author: jsuther1974
|
author: jsuther1974
|
||||||
ms.date: 06/14/2018
|
ms.date: 07/10/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Microsoft recommended block rules
|
# Microsoft recommended block rules
|
||||||
@ -78,7 +78,7 @@ For October 2017, we are announcing an update to system.management.automation.dl
|
|||||||
|
|
||||||
Microsoft recommends that you block the following Microsoft-signed applications and PowerShell files by merging the following policy into your existing policy to add these deny rules using the Merge-CIPolicy cmdlet:
|
Microsoft recommends that you block the following Microsoft-signed applications and PowerShell files by merging the following policy into your existing policy to add these deny rules using the Merge-CIPolicy cmdlet:
|
||||||
|
|
||||||
```
|
```xml
|
||||||
<?xml version="1.0" encoding="utf-8" ?>
|
<?xml version="1.0" encoding="utf-8" ?>
|
||||||
<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
|
<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
|
||||||
<VersionEx>10.0.0.0</VersionEx>
|
<VersionEx>10.0.0.0</VersionEx>
|
||||||
@ -655,6 +655,32 @@ Microsoft recommends that you block the following Microsoft-signed applications
|
|||||||
<Deny ID="ID_DENY_D_554" FriendlyName="PowerShellShell 554" Hash="CBD19FDB6338DB02299A3F3FFBBEBF216B18013B3377D1D31E51491C0C5F074C"/>
|
<Deny ID="ID_DENY_D_554" FriendlyName="PowerShellShell 554" Hash="CBD19FDB6338DB02299A3F3FFBBEBF216B18013B3377D1D31E51491C0C5F074C"/>
|
||||||
<Deny ID="ID_DENY_D_555" FriendlyName="PowerShellShell 555" Hash="3A316A0A470744EB7D18339B76E786564D1E96130766A9895B2222C4066CE820"/>
|
<Deny ID="ID_DENY_D_555" FriendlyName="PowerShellShell 555" Hash="3A316A0A470744EB7D18339B76E786564D1E96130766A9895B2222C4066CE820"/>
|
||||||
<Deny ID="ID_DENY_D_556" FriendlyName="PowerShellShell 556" Hash="68A4A1E8F4E1B903408ECD24608659B390B9E7154EB380D94ADE7FEB5EA470E7"/>
|
<Deny ID="ID_DENY_D_556" FriendlyName="PowerShellShell 556" Hash="68A4A1E8F4E1B903408ECD24608659B390B9E7154EB380D94ADE7FEB5EA470E7"/>
|
||||||
|
<Deny ID="ID_DENY_D_557" FriendlyName="PowerShellShell 556" Hash="45F948AF27F4E698A8546027717901B5F70368EE"/>
|
||||||
|
<Deny ID="ID_DENY_D_558" FriendlyName="PowerShellShell 556" Hash="2D63C337961C6CF2660C5DB906D9070CA38BCE828584874680EC4F5097B82E30"/>
|
||||||
|
<Deny ID="ID_DENY_D_559" FriendlyName="PowerShellShell 556" Hash="DA4CD4B0158B774CE55721718F77ED91E3A42EB3"/>
|
||||||
|
<Deny ID="ID_DENY_D_560" FriendlyName="PowerShellShell 556" Hash="7D181BB7A4A0755FF687CCE34949FC6BD6FBC377E6D4883698E8B45DCCBEA140"/>
|
||||||
|
<Deny ID="ID_DENY_D_561" FriendlyName="PowerShellShell 556" Hash="C67D7B12BBFFD5FBD15FBD892955EA48E6F4B408"/>
|
||||||
|
<Deny ID="ID_DENY_D_562" FriendlyName="PowerShellShell 556" Hash="1DCAD0BBCC036B85875CC0BAF1B65027933624C1A29BE336C79BCDB00FD5467A"/>
|
||||||
|
<Deny ID="ID_DENY_D_563" FriendlyName="PowerShellShell 556" Hash="7D8CAB8D9663926E29CB810B42C5152E8A1E947E"/>
|
||||||
|
<Deny ID="ID_DENY_D_564" FriendlyName="PowerShellShell 556" Hash="2E0203370E6E5437CE2CE1C20895919F806B4E5FEBCBE31F16CB06FC5934F010"/>
|
||||||
|
<Deny ID="ID_DENY_D_565" FriendlyName="PowerShellShell 556" Hash="20E7156E348912C20D35BD4BE2D52C996BF5535E"/>
|
||||||
|
<Deny ID="ID_DENY_D_566" FriendlyName="PowerShellShell 556" Hash="EB26078544BDAA34733AA660A1A2ADE98523DAFD9D58B3995919C0E524F2FFC3"/>
|
||||||
|
<Deny ID="ID_DENY_D_567" FriendlyName="PowerShellShell 556" Hash="B9DD16FC0D02EA34613B086307C9DBEAC30546AF"/>
|
||||||
|
<Deny ID="ID_DENY_D_568" FriendlyName="PowerShellShell 556" Hash="DE5B012C4DC3FE3DD432AF9339C36EFB8D54E8864493EA2BA151F0ADBF3E338C"/>
|
||||||
|
<Deny ID="ID_DENY_D_569" FriendlyName="PowerShellShell 556" Hash="6397AB5D664CDB84A867BC7E22ED0789060C6276"/>
|
||||||
|
<Deny ID="ID_DENY_D_570" FriendlyName="PowerShellShell 556" Hash="B660F6CA0788DA18375602537095C378990E8229B11B57B092AC8A550E9C61E8"/>
|
||||||
|
<Deny ID="ID_DENY_D_571" FriendlyName="PowerShellShell 556" Hash="3BF717645AC3986AAD0B4EA9D196B18D05199DA9"/>
|
||||||
|
<Deny ID="ID_DENY_D_572" FriendlyName="PowerShellShell 556" Hash="364C227F9E57C72F9BFA652B8C1DE738AB4747D0DB68A7B899CA3EE51D802439"/>
|
||||||
|
<Deny ID="ID_DENY_D_573" FriendlyName="PowerShellShell 556" Hash="3A1B06680F119C03C60D12BAC682853ABE430D21"/>
|
||||||
|
<Deny ID="ID_DENY_D_574" FriendlyName="PowerShellShell 556" Hash="850759BCE4B66997CF84E84683A2C1980D4B498821A8AB9C3568EB298B824AE3"/>
|
||||||
|
<Deny ID="ID_DENY_D_575" FriendlyName="PowerShellShell 556" Hash="654C54AA3F2C74FBEB55B961FB1924A7B2737E61"/>
|
||||||
|
<Deny ID="ID_DENY_D_576" FriendlyName="PowerShellShell 556" Hash="B7EA81960C6EECFD2FF385890F158F5B1CB3D1E100C7157AB161B3D23DCA0389"/>
|
||||||
|
<Deny ID="ID_DENY_D_577" FriendlyName="PowerShellShell 556" Hash="496F793112B6BCF4B6EA16E8B2F8C3F5C1FEEB52"/>
|
||||||
|
<Deny ID="ID_DENY_D_578" FriendlyName="PowerShellShell 556" Hash="E430485B577774825CEF53E5125B618A2608F7BE3657BB28383E9A34FCA162FA"/>
|
||||||
|
<Deny ID="ID_DENY_D_579" FriendlyName="PowerShellShell 556" Hash="6EA8CEEA0D2879989854E8C86CECA26EF79F7B19"/>
|
||||||
|
<Deny ID="ID_DENY_D_580" FriendlyName="PowerShellShell 556" Hash="8838FE3D8E2505F3D3D8B98C64739115838A0B443BBBBFB487342F1EE7801360"/>
|
||||||
|
<Deny ID="ID_DENY_D_581" FriendlyName="PowerShellShell 556" Hash="28C5E53DE197E872F7E4772BF40F728F56FE3ACC"/>
|
||||||
|
<Deny ID="ID_DENY_D_582" FriendlyName="PowerShellShell 556" Hash="3493DAEC6EC03E56ECC4A15432C750735F75F9CB38D8779C7783B4DA956BF037"/>
|
||||||
|
|
||||||
<!-- pubprn.vbs
|
<!-- pubprn.vbs
|
||||||
-->
|
-->
|
||||||
@ -1339,6 +1365,33 @@ Microsoft recommends that you block the following Microsoft-signed applications
|
|||||||
<FileRuleRef RuleID="ID_DENY_D_554"/>
|
<FileRuleRef RuleID="ID_DENY_D_554"/>
|
||||||
<FileRuleRef RuleID="ID_DENY_D_555"/>
|
<FileRuleRef RuleID="ID_DENY_D_555"/>
|
||||||
<FileRuleRef RuleID="ID_DENY_D_556"/>
|
<FileRuleRef RuleID="ID_DENY_D_556"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_557"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_558"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_559"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_560"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_561"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_562"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_563"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_564"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_565"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_566"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_567"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_568"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_569"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_570"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_571"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_572"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_573"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_574"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_575"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_576"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_577"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_578"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_579"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_580"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_581"/>
|
||||||
|
<FileRuleRef RuleID="ID_DENY_D_582"/>
|
||||||
|
|
||||||
</FileRulesRef>
|
</FileRulesRef>
|
||||||
</ProductSigners>
|
</ProductSigners>
|
||||||
</SigningScenario>
|
</SigningScenario>
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md)
|
# [Windows Defender Security Center](windows-defender-security-center-atp.md)
|
||||||
##Get started
|
##Get started
|
||||||
### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md)
|
### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md)
|
||||||
### [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md)
|
### [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md)
|
||||||
@ -21,7 +21,7 @@
|
|||||||
### [Run simulated attacks on machines](attack-simulations-windows-defender-advanced-threat-protection.md)
|
### [Run simulated attacks on machines](attack-simulations-windows-defender-advanced-threat-protection.md)
|
||||||
### [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
|
### [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
|
||||||
### [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
|
### [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
|
||||||
## [Understand the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md)
|
## [Understand the portal](use-windows-defender-advanced-threat-protection.md)
|
||||||
### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
|
### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
|
||||||
### [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
|
### [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
|
||||||
### [View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
|
### [View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
|
||||||
@ -165,7 +165,7 @@
|
|||||||
### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
|
### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
|
||||||
### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
|
### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
|
||||||
### [Check service health](service-status-windows-defender-advanced-threat-protection.md)
|
### [Check service health](service-status-windows-defender-advanced-threat-protection.md)
|
||||||
## [Configure Windows Defender ATP Settings](preferences-setup-windows-defender-advanced-threat-protection.md)
|
## [Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md)
|
||||||
|
|
||||||
###General
|
###General
|
||||||
#### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
|
#### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
|
||||||
@ -193,9 +193,9 @@
|
|||||||
#### [Onboarding machines](onboard-configure-windows-defender-advanced-threat-protection.md)
|
#### [Onboarding machines](onboard-configure-windows-defender-advanced-threat-protection.md)
|
||||||
#### [Offboarding machines](offboard-machines-windows-defender-advanced-threat-protection.md)
|
#### [Offboarding machines](offboard-machines-windows-defender-advanced-threat-protection.md)
|
||||||
|
|
||||||
## [Configure Windows Defender ATP time zone settings](time-settings-windows-defender-advanced-threat-protection.md)
|
## [Configure Windows Defender Security Center zone settings](time-settings-windows-defender-advanced-threat-protection.md)
|
||||||
|
|
||||||
## [Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md)
|
## [Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md)
|
||||||
## [Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md)
|
## [Troubleshoot Windows Defender ATP service issues](troubleshoot-windows-defender-advanced-threat-protection.md)
|
||||||
### [Review events and errors on machines with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)
|
### [Review events and errors on machines with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)
|
||||||
## [Windows Defender Antivirus compatibility with Windows Defender ATP](defender-compatibility-windows-defender-advanced-threat-protection.md)
|
|
||||||
|
@ -71,7 +71,7 @@ When you complete the integration steps on both portals, you'll be able to see r
|
|||||||
## Office 365 Threat Intelligence connection
|
## Office 365 Threat Intelligence connection
|
||||||
This feature is only available if you have an active Office 365 E5 or the Threat Intelligence add-on. For more information, see the Office 365 Enterprise E5 product page.
|
This feature is only available if you have an active Office 365 E5 or the Threat Intelligence add-on. For more information, see the Office 365 Enterprise E5 product page.
|
||||||
|
|
||||||
When you enable this feature, you'll be able to incorporate data from Office 365 Advanced Threat Protection into the Windows Defender ATP portal to conduct a holistic security investigation across Office 365 mailboxes and Windows machines.
|
When you enable this feature, you'll be able to incorporate data from Office 365 Advanced Threat Protection into Windows Defender Security Center to conduct a holistic security investigation across Office 365 mailboxes and Windows machines.
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>You'll need to have the appropriate license to enable this feature.
|
>You'll need to have the appropriate license to enable this feature.
|
||||||
|
@ -134,7 +134,7 @@ These steps guide you on modifying and overwriting an existing query.
|
|||||||
|
|
||||||
The result set has several capabilities to provide you with effective investigation, including:
|
The result set has several capabilities to provide you with effective investigation, including:
|
||||||
|
|
||||||
- Columns that return entity-related objects, such as Machine name, Machine ID, File name, SHA1, User, IP, and URL, are linked to their entity pages in the Windows Defender ATP portal.
|
- Columns that return entity-related objects, such as Machine name, Machine ID, File name, SHA1, User, IP, and URL, are linked to their entity pages in Windows Defender Security Center.
|
||||||
- You can right-click on a cell in the result set and add a filter to your written query. The current filtering options are **include**, **exclude** or **advanced filter**, which provides additional filtering options on the cell value. These cell values are part of the row set.
|
- You can right-click on a cell in the result set and add a filter to your written query. The current filtering options are **include**, **exclude** or **advanced filter**, which provides additional filtering options on the cell value. These cell values are part of the row set.
|
||||||
|
|
||||||

|

|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Windows Defender ATP alert API fields
|
title: Windows Defender ATP alert API fields
|
||||||
description: Understand how the alert API fields map to the values in the Windows Defender ATP portal.
|
description: Understand how the alert API fields map to the values in Windows Defender Security Center
|
||||||
keywords: alerts, alert fields, fields, api, fields, pull alerts, rest api, request, response
|
keywords: alerts, alert fields, fields, api, fields, pull alerts, rest api, request, response
|
||||||
search.product: eADQiWindows 10XVcnh
|
search.product: eADQiWindows 10XVcnh
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
@ -28,7 +28,7 @@ ms.date: 10/16/2017
|
|||||||
|
|
||||||
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-apiportalmapping-abovefoldlink)
|
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-apiportalmapping-abovefoldlink)
|
||||||
|
|
||||||
Understand what data fields are exposed as part of the alerts API and how they map to the Windows Defender ATP portal.
|
Understand what data fields are exposed as part of the alerts API and how they map to Windows Defender Security Center.
|
||||||
|
|
||||||
|
|
||||||
## Alert API fields and portal mapping
|
## Alert API fields and portal mapping
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
title: Assign user access to the Windows Defender ATP portal
|
title: Assign user access to Windows Defender Security Center
|
||||||
description: Assign read and write or read only access to the Windows Defender Advanced Threat Protection portal.
|
description: Assign read and write or read only access to the Windows Defender Advanced Threat Protection portal.
|
||||||
keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles
|
keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles
|
||||||
search.product: eADQiWindows 10XVcnh
|
search.product: eADQiWindows 10XVcnh
|
||||||
@ -13,7 +13,7 @@ ms.localizationpriority: medium
|
|||||||
ms.date: 04/24/2018
|
ms.date: 04/24/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Assign user access to the Windows Defender ATP portal
|
# Assign user access to Windows Defender Security Center
|
||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
|
||||||
- Windows 10 Enterprise
|
- Windows 10 Enterprise
|
||||||
|
@ -30,7 +30,7 @@ There are several spaces you can explore to learn about specific information:
|
|||||||
|
|
||||||
|
|
||||||
There are several ways you can access the Community Center:
|
There are several ways you can access the Community Center:
|
||||||
- In the Windows Defender ATP portal navigation pane, select **Community center**. A new browser tab opens and takes you to the Windows Defender ATP Tech Community page.
|
- In the Windows Defender Security Center navigation pane, select **Community center**. A new browser tab opens and takes you to the Windows Defender ATP Tech Community page.
|
||||||
- Access the community through the [Windows Defender Advanced Threat Protection Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced) page
|
- Access the community through the [Windows Defender Advanced Threat Protection Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced) page
|
||||||
|
|
||||||
|
|
||||||
|
@ -88,13 +88,13 @@ You need to make sure that all your devices are enrolled in Intune. You can use
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
There are steps you'll need to take in the Windows Defender ATP portal, the Intune portal, and Azure AD portal.
|
There are steps you'll need to take in Windows Defender Security Center, the Intune portal, and Azure AD portal.
|
||||||
|
|
||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> You'll need a Microsoft Intune environment, with Intune managed and Azure AD joined Windows 10 devices.
|
> You'll need a Microsoft Intune environment, with Intune managed and Azure AD joined Windows 10 devices.
|
||||||
|
|
||||||
Take the following steps to enable conditional access:
|
Take the following steps to enable conditional access:
|
||||||
- Step 1: Turn on the Microsoft Intune connection from the Windows Defender ATP portal
|
- Step 1: Turn on the Microsoft Intune connection from Windows Defender Security Center
|
||||||
- Step 2: Turn on the Windows Defender ATP integration in Intune
|
- Step 2: Turn on the Windows Defender ATP integration in Intune
|
||||||
- Step 3: Create the compliance policy in Intune
|
- Step 3: Create the compliance policy in Intune
|
||||||
- Step 4: Assign the policy
|
- Step 4: Assign the policy
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Configure HP ArcSight to pull Windows Defender ATP alerts
|
title: Configure HP ArcSight to pull Windows Defender ATP alerts
|
||||||
description: Configure HP ArcSight to receive and pull alerts from the Windows Defender ATP portal.
|
description: Configure HP ArcSight to receive and pull alerts from Windows Defender Security Center
|
||||||
keywords: configure hp arcsight, security information and events management tools, arcsight
|
keywords: configure hp arcsight, security information and events management tools, arcsight
|
||||||
search.product: eADQiWindows 10XVcnh
|
search.product: eADQiWindows 10XVcnh
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
|
@ -34,7 +34,7 @@ ms.date: 04/24/2018
|
|||||||
> To use Group Policy (GP) updates to deploy the package, you must be on Windows Server 2008 R2 or later.
|
> To use Group Policy (GP) updates to deploy the package, you must be on Windows Server 2008 R2 or later.
|
||||||
|
|
||||||
## Onboard machines using Group Policy
|
## Onboard machines using Group Policy
|
||||||
1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
|
1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Windows Defender Security Center](https://securitycenter.windows.com/):
|
||||||
|
|
||||||
a. In the navigation pane, select **Settings** > **Onboarding**.
|
a. In the navigation pane, select **Settings** > **Onboarding**.
|
||||||
|
|
||||||
@ -64,7 +64,7 @@ ms.date: 04/24/2018
|
|||||||
> After onboarding the machine, you can choose to run a detection test to verify that the machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md).
|
> After onboarding the machine, you can choose to run a detection test to verify that the machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md).
|
||||||
|
|
||||||
## Additional Windows Defender ATP configuration settings
|
## Additional Windows Defender ATP configuration settings
|
||||||
For each machine, you can state whether samples can be collected from the machine when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
|
For each machine, you can state whether samples can be collected from the machine when a request is made through Windows Defender Security Center to submit a file for deep analysis.
|
||||||
|
|
||||||
You can use Group Policy (GP) to configure settings, such as settings for the sample sharing used in the deep analysis feature.
|
You can use Group Policy (GP) to configure settings, such as settings for the sample sharing used in the deep analysis feature.
|
||||||
|
|
||||||
@ -120,7 +120,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
|
|||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
|
> Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
|
||||||
|
|
||||||
1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
|
1. Get the offboarding package from [Windows Defender Security Center](https://securitycenter.windows.com/):
|
||||||
|
|
||||||
a. In the navigation pane, select **Settings** > **Offboarding**.
|
a. In the navigation pane, select **Settings** > **Offboarding**.
|
||||||
|
|
||||||
@ -154,7 +154,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
|
|||||||
With Group Policy there isn’t an option to monitor deployment of policies on the machines. Monitoring can be done directly on the portal, or by using the different deployment tools.
|
With Group Policy there isn’t an option to monitor deployment of policies on the machines. Monitoring can be done directly on the portal, or by using the different deployment tools.
|
||||||
|
|
||||||
## Monitor machines using the portal
|
## Monitor machines using the portal
|
||||||
1. Go to the [Windows Defender ATP portal](https://securitycenter.windows.com/).
|
1. Go to [Windows Defender Security Center](https://securitycenter.windows.com/).
|
||||||
2. Click **Machines list**.
|
2. Click **Machines list**.
|
||||||
3. Verify that machines are appearing.
|
3. Verify that machines are appearing.
|
||||||
|
|
||||||
|
@ -54,7 +54,7 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre
|
|||||||
- **Onboard Configuration Package**: Browse and select the **WindowsDefenderATP.onboarding** file you downloaded. This file enables a setting so devices can report to the Windows Defender ATP service.
|
- **Onboard Configuration Package**: Browse and select the **WindowsDefenderATP.onboarding** file you downloaded. This file enables a setting so devices can report to the Windows Defender ATP service.
|
||||||
- **Sample sharing for all files**: Allows samples to be collected, and shared with Windows Defender ATP. For example, if you see a suspicious file, you can submit it to Windows Defender ATP for deep analysis.
|
- **Sample sharing for all files**: Allows samples to be collected, and shared with Windows Defender ATP. For example, if you see a suspicious file, you can submit it to Windows Defender ATP for deep analysis.
|
||||||
- **Expedite telemetry reporting frequency**: For devices that are at high risk, enable this setting so it reports telemetry to the Windows Defender ATP service more frequently.
|
- **Expedite telemetry reporting frequency**: For devices that are at high risk, enable this setting so it reports telemetry to the Windows Defender ATP service more frequently.
|
||||||
- **Offboard Configuration Package**: If you want to remove Windows Defender ATP monitoring, you can download an offboarding package from the Windows Defender ATP portal, and add it. Otherwise, skip this property.
|
- **Offboard Configuration Package**: If you want to remove Windows Defender ATP monitoring, you can download an offboarding package from Windows Defender Security Center, and add it. Otherwise, skip this property.
|
||||||
|
|
||||||
7. Select **OK**, and **Create** to save your changes, which creates the profile.
|
7. Select **OK**, and **Create** to save your changes, which creates the profile.
|
||||||
|
|
||||||
@ -62,7 +62,7 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre
|
|||||||
|
|
||||||
### Onboard and monitor machines using the classic Intune console
|
### Onboard and monitor machines using the classic Intune console
|
||||||
|
|
||||||
1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
|
1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Windows Defender Security Center](https://securitycenter.windows.com/):
|
||||||
|
|
||||||
a. In the navigation pane, select **Settings** > **Onboarding**.
|
a. In the navigation pane, select **Settings** > **Onboarding**.
|
||||||
|
|
||||||
@ -145,7 +145,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
|
|||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
|
> Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
|
||||||
|
|
||||||
1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
|
1. Get the offboarding package from [Windows Defender Security Center](https://securitycenter.windows.com/):
|
||||||
|
|
||||||
a. In the navigation pane, select **Settings** > **Offboarding**.
|
a. In the navigation pane, select **Settings** > **Offboarding**.
|
||||||
|
|
||||||
|
@ -24,7 +24,7 @@ ms.date: 04/24/2018
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products’ sensor data.
|
Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Windows Defender Security Center and better protect your organization's network. This experience leverages on a third-party security products’ sensor data.
|
||||||
|
|
||||||
You'll need to know the exact Linux distros and macOS X versions that are compatible with Windows Defender ATP for the integration to work.
|
You'll need to know the exact Linux distros and macOS X versions that are compatible with Windows Defender ATP for the integration to work.
|
||||||
|
|
||||||
|
@ -47,7 +47,7 @@ You can use existing System Center Configuration Manager functionality to create
|
|||||||
### Onboard machines using System Center Configuration Manager
|
### Onboard machines using System Center Configuration Manager
|
||||||
|
|
||||||
|
|
||||||
1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
|
1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Windows Defender Security Center](https://securitycenter.windows.com/):
|
||||||
|
|
||||||
a. In the navigation pane, select **Settings** > **Onboarding**.
|
a. In the navigation pane, select **Settings** > **Onboarding**.
|
||||||
|
|
||||||
@ -70,7 +70,7 @@ You can use existing System Center Configuration Manager functionality to create
|
|||||||
> After onboarding the machine, you can choose to run a detection test to verify that an machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md).
|
> After onboarding the machine, you can choose to run a detection test to verify that an machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP machine](run-detection-test-windows-defender-advanced-threat-protection.md).
|
||||||
|
|
||||||
### Configure sample collection settings
|
### Configure sample collection settings
|
||||||
For each machine, you can set a configuration value to state whether samples can be collected from the machine when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
|
For each machine, you can set a configuration value to state whether samples can be collected from the machine when a request is made through Windows Defender Security Center to submit a file for deep analysis.
|
||||||
|
|
||||||
You can set a compliance rule for configuration item in System Center Configuration Manager to change the sample share setting on a machine.
|
You can set a compliance rule for configuration item in System Center Configuration Manager to change the sample share setting on a machine.
|
||||||
This rule should be a *remediating* compliance rule configuration item that sets the value of a registry key on targeted machines to make sure they’re complaint.
|
This rule should be a *remediating* compliance rule configuration item that sets the value of a registry key on targeted machines to make sure they’re complaint.
|
||||||
@ -125,7 +125,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
|
|||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
|
> Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
|
||||||
|
|
||||||
1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
|
1. Get the offboarding package from [Windows Defender Security Center](https://securitycenter.windows.com/):
|
||||||
|
|
||||||
a. In the navigation pane, select **Settings** > **Offboarding**.
|
a. In the navigation pane, select **Settings** > **Offboarding**.
|
||||||
|
|
||||||
|
@ -34,7 +34,7 @@ You can also manually onboard individual machines to Windows Defender ATP. You m
|
|||||||
> The script has been optimized to be used on a limited number of machines (1-10 machines). To deploy to scale, use other deployment options. For more information on using other deployment options, see [Onboard Window 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
|
> The script has been optimized to be used on a limited number of machines (1-10 machines). To deploy to scale, use other deployment options. For more information on using other deployment options, see [Onboard Window 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
|
||||||
|
|
||||||
## Onboard machines
|
## Onboard machines
|
||||||
1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
|
1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Windows Defender Security Center](https://securitycenter.windows.com/):
|
||||||
|
|
||||||
a. In the navigation pane, select **Settings** > **Onboarding**.
|
a. In the navigation pane, select **Settings** > **Onboarding**.
|
||||||
|
|
||||||
@ -66,7 +66,7 @@ For information on how you can manually validate that the machine is compliant a
|
|||||||
> After onboarding the machine, you can choose to run a detection test to verify that an machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
|
> After onboarding the machine, you can choose to run a detection test to verify that an machine is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
|
||||||
|
|
||||||
## Configure sample collection settings
|
## Configure sample collection settings
|
||||||
For each machine, you can set a configuration value to state whether samples can be collected from the machine when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
|
For each machine, you can set a configuration value to state whether samples can be collected from the machine when a request is made through Windows Defender Security Center to submit a file for deep analysis.
|
||||||
|
|
||||||
You can manually configure the sample sharing setting on the machine by using *regedit* or creating and running a *.reg* file.
|
You can manually configure the sample sharing setting on the machine by using *regedit* or creating and running a *.reg* file.
|
||||||
|
|
||||||
@ -92,7 +92,7 @@ For security reasons, the package used to Offboard machines will expire 30 days
|
|||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
|
> Onboarding and offboarding policies must not be deployed on the same machine at the same time, otherwise this will cause unpredictable collisions.
|
||||||
|
|
||||||
1. Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
|
1. Get the offboarding package from [Windows Defender Security Center](https://securitycenter.windows.com/):
|
||||||
|
|
||||||
a. In the navigation pane, select **Settings** > **Offboarding**.
|
a. In the navigation pane, select **Settings** > **Offboarding**.
|
||||||
|
|
||||||
@ -126,7 +126,7 @@ You can follow the different verification steps in the [Troubleshoot onboarding
|
|||||||
Monitoring can also be done directly on the portal, or by using the different deployment tools.
|
Monitoring can also be done directly on the portal, or by using the different deployment tools.
|
||||||
|
|
||||||
### Monitor machines using the portal
|
### Monitor machines using the portal
|
||||||
1. Go to the Windows Defender ATP portal.
|
1. Go to Windows Defender Security Center.
|
||||||
|
|
||||||
2. Click **Machines list**.
|
2. Click **Machines list**.
|
||||||
|
|
||||||
|
@ -38,7 +38,7 @@ You can onboard VDI machines using a single entry or multiple entries for each m
|
|||||||
>[!WARNING]
|
>[!WARNING]
|
||||||
> For environments where there are low resource configurations, the VDI boot proceedure might slow the Windows Defender ATP sensor onboarding.
|
> For environments where there are low resource configurations, the VDI boot proceedure might slow the Windows Defender ATP sensor onboarding.
|
||||||
|
|
||||||
1. Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
|
1. Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Windows Defender Security Center](https://securitycenter.windows.com/):
|
||||||
|
|
||||||
a. In the navigation pane, select **Settings** > **Onboarding**.
|
a. In the navigation pane, select **Settings** > **Onboarding**.
|
||||||
|
|
||||||
@ -78,8 +78,8 @@ You can onboard VDI machines using a single entry or multiple entries for each m
|
|||||||
|
|
||||||
d. Logon to machine with another user.
|
d. Logon to machine with another user.
|
||||||
|
|
||||||
e. **For single entry for each machine**: Check only one entry in the Windows Defender ATP portal.<br>
|
e. **For single entry for each machine**: Check only one entry in Windows Defender Security Center.<br>
|
||||||
**For multiple entries for each machine**: Check multiple entries in the Windows Defender ATP portal.
|
**For multiple entries for each machine**: Check multiple entries in Windows Defender Security Center.
|
||||||
|
|
||||||
7. Click **Machines list** on the Navigation pane.
|
7. Click **Machines list** on the Navigation pane.
|
||||||
|
|
||||||
|
@ -10,7 +10,7 @@ ms.pagetype: security
|
|||||||
ms.author: macapara
|
ms.author: macapara
|
||||||
author: mjcaparas
|
author: mjcaparas
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.date: 04/24/2018
|
ms.date: 07/12/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Onboard Windows 10 machines
|
# Onboard Windows 10 machines
|
||||||
@ -27,7 +27,7 @@ ms.date: 04/24/2018
|
|||||||
|
|
||||||
Machines in your organization must be configured so that the Windows Defender ATP service can get sensor data from them. There are various methods and deployment tools that you can use to configure the machines in your organization.
|
Machines in your organization must be configured so that the Windows Defender ATP service can get sensor data from them. There are various methods and deployment tools that you can use to configure the machines in your organization.
|
||||||
|
|
||||||
Windows Defender ATP supports the following deployment tools and methods:
|
The following deployment tools and methods are supported:
|
||||||
|
|
||||||
- Group Policy
|
- Group Policy
|
||||||
- System Center Configuration Manager
|
- System Center Configuration Manager
|
||||||
|
@ -91,9 +91,9 @@ If a proxy or firewall is blocking all traffic by default and allowing only spec
|
|||||||
Service location | Microsoft.com DNS record
|
Service location | Microsoft.com DNS record
|
||||||
:---|:---
|
:---|:---
|
||||||
Common URLs for all locations | ```*.blob.core.windows.net``` <br>```crl.microsoft.com```<br> ```ctldl.windowsupdate.com``` <br>```events.data.microsoft.com```
|
Common URLs for all locations | ```*.blob.core.windows.net``` <br>```crl.microsoft.com```<br> ```ctldl.windowsupdate.com``` <br>```events.data.microsoft.com```
|
||||||
US | ```us.vortex-win.data.microsoft.com```<br> ```us-v20.events.data.microsoft.com```<br>```winatp-gw-cus.microsoft.com``` <br>```winatp-gw-eus.microsoft.com```
|
European Union | ```eu.vortex-win.data.microsoft.com```<br>```eu-v20.events.data.microsoft.com```<br>```winatp-gw-neu.microsoft.com```<br>```winatp-gw-weu.microsoft.com```
|
||||||
Europe | ```eu.vortex-win.data.microsoft.com```<br>```eu-v20.events.data.microsoft.com```<br>```winatp-gw-neu.microsoft.com```<br>```winatp-gw-weu.microsoft.com```
|
United Kingdom | ```uk.vortex-win.data.microsoft.com``` <br>```uk-v20.events.data.microsoft.com```<br>```winatp-gw-uks.microsoft.com```<br>```winatp-gw-ukw.microsoft.com```
|
||||||
UK | ```uk.vortex-win.data.microsoft.com``` <br>```uk-v20.events.data.microsoft.com```<br>```winatp-gw-uks.microsoft.com```<br>```winatp-gw-ukw.microsoft.com```
|
United States | ```us.vortex-win.data.microsoft.com```<br> ```us-v20.events.data.microsoft.com```<br>```winatp-gw-cus.microsoft.com``` <br>```winatp-gw-eus.microsoft.com```
|
||||||
|
|
||||||
|
|
||||||
If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the above listed URLs.
|
If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the above listed URLs.
|
||||||
|
@ -27,7 +27,7 @@ ms.date: 05/08/2018
|
|||||||
|
|
||||||
Windows Defender ATP extends support to also include the Windows Server operating system, providing advanced attack detection and investigation capabilities, seamlessly through the Windows Defender Security Center console.
|
Windows Defender ATP extends support to also include the Windows Server operating system, providing advanced attack detection and investigation capabilities, seamlessly through the Windows Defender Security Center console.
|
||||||
|
|
||||||
Windows Defender ATP supports the onboarding of the following servers:
|
The service supports the onboarding of the following servers:
|
||||||
- Windows Server 2012 R2
|
- Windows Server 2012 R2
|
||||||
- Windows Server 2016
|
- Windows Server 2016
|
||||||
- Windows Server, version 1803
|
- Windows Server, version 1803
|
||||||
|
@ -57,6 +57,6 @@ Topic | Description
|
|||||||
[Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)| Learn about enabling the SIEM integration feature in the **Settings** page in the portal so that you can use and generate the required information to configure supported SIEM tools.
|
[Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)| Learn about enabling the SIEM integration feature in the **Settings** page in the portal so that you can use and generate the required information to configure supported SIEM tools.
|
||||||
[Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)| Learn about installing the REST API Modular Input app and other configuration settings to enable Splunk to pull Windows Defender ATP alerts.
|
[Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)| Learn about installing the REST API Modular Input app and other configuration settings to enable Splunk to pull Windows Defender ATP alerts.
|
||||||
[Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)| Learn about installing the HP ArcSight REST FlexConnector package and the files you need to configure ArcSight to pull Windows Defender ATP alerts.
|
[Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)| Learn about installing the HP ArcSight REST FlexConnector package and the files you need to configure ArcSight to pull Windows Defender ATP alerts.
|
||||||
[Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) | Understand what data fields are exposed as part of the alerts API and how they map to the Windows Defender ATP portal.
|
[Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) | Understand what data fields are exposed as part of the alerts API and how they map to Windows Defender Security Center.
|
||||||
[Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) | Use the Client credentials OAuth 2.0 flow to pull alerts from Windows Defender ATP using REST API.
|
[Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) | Use the Client credentials OAuth 2.0 flow to pull alerts from Windows Defender ATP using REST API.
|
||||||
[Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) | Address issues you might encounter when using the SIEM integration feature.
|
[Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) | Address issues you might encounter when using the SIEM integration feature.
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Configure Splunk to pull Windows Defender ATP alerts
|
title: Configure Splunk to pull Windows Defender ATP alerts
|
||||||
description: Configure Splunk to receive and pull alerts from the Windows Defender ATP portal.
|
description: Configure Splunk to receive and pull alerts from Windows Defender Security Center.
|
||||||
keywords: configure splunk, security information and events management tools, splunk
|
keywords: configure splunk, security information and events management tools, splunk
|
||||||
search.product: eADQiWindows 10XVcnh
|
search.product: eADQiWindows 10XVcnh
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
|
@ -135,7 +135,7 @@ Content-Type: application/json;
|
|||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
The following values correspond to the alert sections surfaced on the Windows Defender ATP portal:
|
The following values correspond to the alert sections surfaced on Windows Defender Security Center:
|
||||||

|

|
||||||
|
|
||||||
Highlighted section | JSON key name
|
Highlighted section | JSON key name
|
||||||
|
@ -27,7 +27,7 @@ ms.date: 04/24/2018
|
|||||||
|
|
||||||
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablecustomti-abovefoldlink)
|
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablecustomti-abovefoldlink)
|
||||||
|
|
||||||
Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application through the Windows Defender ATP portal.
|
Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application through Windows Defender Security Center.
|
||||||
|
|
||||||
1. In the navigation pane, select **Settings** > **Threat intel**.
|
1. In the navigation pane, select **Settings** > **Threat intel**.
|
||||||
|
|
||||||
|
@ -27,7 +27,7 @@ ms.date: 04/24/2018
|
|||||||
|
|
||||||
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablesiem-abovefoldlink)
|
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablesiem-abovefoldlink)
|
||||||
|
|
||||||
Enable security information and event management (SIEM) integration so you can pull alerts from the Windows Defender ATP portal using your SIEM solution or by connecting directly to the alerts REST API.
|
Enable security information and event management (SIEM) integration so you can pull alerts from Windows Defender Security Center using your SIEM solution or by connecting directly to the alerts REST API.
|
||||||
|
|
||||||
1. In the navigation pane, select **Settings** > **SIEM**.
|
1. In the navigation pane, select **Settings** > **SIEM**.
|
||||||
|
|
||||||
@ -55,7 +55,7 @@ Enable security information and event management (SIEM) integration so you can p
|
|||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> You'll need to generate a new Refresh token every 90 days.
|
> You'll need to generate a new Refresh token every 90 days.
|
||||||
|
|
||||||
You can now proceed with configuring your SIEM solution or connecting to the alerts REST API through programmatic access. You'll need to use the tokens when configuring your SIEM solution to allow it to receive alerts from the Windows Defender ATP portal.
|
You can now proceed with configuring your SIEM solution or connecting to the alerts REST API through programmatic access. You'll need to use the tokens when configuring your SIEM solution to allow it to receive alerts from Windows Defender Security Center.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -139,7 +139,7 @@ This step will guide you in simulating an event in connection to a malicious IP
|
|||||||
## Step 4: Explore the custom alert in the portal
|
## Step 4: Explore the custom alert in the portal
|
||||||
This step will guide you in exploring the custom alert in the portal.
|
This step will guide you in exploring the custom alert in the portal.
|
||||||
|
|
||||||
1. Open the [Windows Defender ATP portal](http://securitycenter.windows.com/) on a browser.
|
1. Open [Windows Defender Security Center](http://securitycenter.windows.com/) on a browser.
|
||||||
|
|
||||||
2. Log in with your Windows Defender ATP credentials.
|
2. Log in with your Windows Defender ATP credentials.
|
||||||
|
|
||||||
|
@ -37,7 +37,7 @@ An inactive machine is not necessarily flagged due to an issue. The following ac
|
|||||||
If the machine has not been in use for more than 7 days for any reason, it will remain in an ‘Inactive’ status in the portal.
|
If the machine has not been in use for more than 7 days for any reason, it will remain in an ‘Inactive’ status in the portal.
|
||||||
|
|
||||||
**Machine was reinstalled or renamed**</br>
|
**Machine was reinstalled or renamed**</br>
|
||||||
A reinstalled or renamed machine will generate a new machine entity in Windows Defender ATP portal. The previous machine entity will remain with an ‘Inactive’ status in the portal. If you reinstalled a machine and deployed the Windows Defender ATP package, search for the new machine name to verify that the machine is reporting normally.
|
A reinstalled or renamed machine will generate a new machine entity in Windows Defender Security Center. The previous machine entity will remain with an ‘Inactive’ status in the portal. If you reinstalled a machine and deployed the Windows Defender ATP package, search for the new machine name to verify that the machine is reporting normally.
|
||||||
|
|
||||||
**Machine was offboarded**</br>
|
**Machine was offboarded**</br>
|
||||||
If the machine was offboarded it will still appear in machines list. After 7 days, the machine health state should change to inactive.
|
If the machine was offboarded it will still appear in machines list. After 7 days, the machine health state should change to inactive.
|
||||||
|
After Width: | Height: | Size: 81 KiB |
Before Width: | Height: | Size: 63 KiB After Width: | Height: | Size: 64 KiB |
After Width: | Height: | Size: 149 KiB |
After Width: | Height: | Size: 140 KiB |
@ -50,9 +50,9 @@ To gain access into which licenses are provisioned to your company, and to check
|
|||||||
|
|
||||||

|

|
||||||
|
|
||||||
## Access the Windows Defender ATP portal for the first time
|
## Access Windows Defender Security Center for the first time
|
||||||
|
|
||||||
When accessing the [Windows Defender ATP portal](https://SecurityCenter.Windows.com) for the first time there will be a setup wizard that will guide you through some initial steps. At the end of the setup wizard there will be a dedicated cloud instance of Windows Defender ATP created.
|
When accessing [Windows Defender Security Center](https://SecurityCenter.Windows.com) for the first time there will be a setup wizard that will guide you through some initial steps. At the end of the setup wizard there will be a dedicated cloud instance of Windows Defender ATP created.
|
||||||
|
|
||||||
1. Each time you access the portal you will need to validate that you are authorized to access the product. This **Set up your permissions** step will only be available if you are not currently authorized to access the product.
|
1. Each time you access the portal you will need to validate that you are authorized to access the product. This **Set up your permissions** step will only be available if you are not currently authorized to access the product.
|
||||||
|
|
||||||
@ -64,7 +64,7 @@ When accessing the [Windows Defender ATP portal](https://SecurityCenter.Windows.
|
|||||||
|
|
||||||

|

|
||||||
|
|
||||||
You will need to set up your preferences for the Windows Defender ATP portal.
|
You will need to set up your preferences for Windows Defender Security Center.
|
||||||
|
|
||||||
3. When onboarding the service for the first time, you can choose to store your data in the Microsoft Azure datacenters in the European Union, the United Kingdom, or the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not transfer the data from the specified geolocation.
|
3. When onboarding the service for the first time, you can choose to store your data in the Microsoft Azure datacenters in the European Union, the United Kingdom, or the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not transfer the data from the specified geolocation.
|
||||||
|
|
||||||
@ -108,11 +108,11 @@ When accessing the [Windows Defender ATP portal](https://SecurityCenter.Windows.
|
|||||||
8. You will receive a warning notifying you that you won't be able to change some of your preferences once you click **Continue**.
|
8. You will receive a warning notifying you that you won't be able to change some of your preferences once you click **Continue**.
|
||||||
|
|
||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> Some of these options can be changed at a later time in the Windows Defender ATP portal.
|
> Some of these options can be changed at a later time in Windows Defender Security Center.
|
||||||
|
|
||||||

|

|
||||||
|
|
||||||
9. A dedicated cloud instance of the Windows Defender ATP portal is being created at this time. This step will take an average of 5 minutes to complete.
|
9. A dedicated cloud instance of Windows Defender Security Center portal is being created at this time. This step will take an average of 5 minutes to complete.
|
||||||
|
|
||||||

|

|
||||||
|
|
||||||
|
@ -57,7 +57,7 @@ Whenever a change or comment is made to an alert, it is recorded in the **Commen
|
|||||||
Added comments instantly appear on the pane.
|
Added comments instantly appear on the pane.
|
||||||
|
|
||||||
## Suppress alerts
|
## Suppress alerts
|
||||||
There might be scenarios where you need to suppress alerts from appearing in the Windows Defender ATP portal. Windows Defender ATP lets you create suppression rules for specific alerts that are known to be innocuous such as known tools or processes in your organization.
|
There might be scenarios where you need to suppress alerts from appearing in Windows Defender Security Center. Windows Defender ATP lets you create suppression rules for specific alerts that are known to be innocuous such as known tools or processes in your organization.
|
||||||
|
|
||||||
Suppression rules can be created from an existing alert. They can be disabled and reenabled if needed.
|
Suppression rules can be created from an existing alert. They can be disabled and reenabled if needed.
|
||||||
|
|
||||||
|
@ -9,8 +9,8 @@ ms.sitesec: library
|
|||||||
ms.pagetype: security
|
ms.pagetype: security
|
||||||
ms.author: macapara
|
ms.author: macapara
|
||||||
author: mjcaparas
|
author: mjcaparas
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: high
|
||||||
ms.date: 06/15/2018
|
ms.date: 07/01/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Minimum requirements for Windows Defender ATP
|
# Minimum requirements for Windows Defender ATP
|
||||||
@ -23,17 +23,11 @@ ms.date: 06/15/2018
|
|||||||
- Windows 10 Pro Education
|
- Windows 10 Pro Education
|
||||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
There are some minimum requirements for onboarding machines to the service.
|
There are some minimum requirements for onboarding machines to the service.
|
||||||
|
|
||||||
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-minreqs-abovefoldlink)
|
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-minreqs-abovefoldlink)
|
||||||
|
|
||||||
## Minimum requirements
|
## Licensing requirements
|
||||||
You must be on Windows 10, version 1607 at a minimum.
|
|
||||||
For more information, see [Windows 10 Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/buy).
|
|
||||||
|
|
||||||
### Licensing requirements
|
|
||||||
Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
|
Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
|
||||||
|
|
||||||
- Windows 10 Enterprise E5
|
- Windows 10 Enterprise E5
|
||||||
@ -42,105 +36,7 @@ Windows Defender Advanced Threat Protection requires one of the following Micros
|
|||||||
|
|
||||||
For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2).
|
For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2).
|
||||||
|
|
||||||
### Browser requirements
|
|
||||||
Internet Explorer and Microsoft Edge are supported. Any HTML5 compliant browsers are also supported.
|
|
||||||
|
|
||||||
### Network and data storage and configuration requirements
|
|
||||||
When you run the onboarding wizard for the first time, you must choose where your Windows Defender Advanced Threat Protection-related information is stored: in the European Union, the United Kingdom, or the United States datacenter.
|
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
> - You cannot change your data storage location after the first-time setup.
|
|
||||||
> - Review the [Windows Defender ATP data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) for more information on where and how Microsoft stores your data.
|
|
||||||
|
|
||||||
### Hardware and software requirements
|
|
||||||
|
|
||||||
The Windows Defender ATP agent only supports the following editions of Windows 10:
|
|
||||||
|
|
||||||
- Windows 10 Enterprise
|
|
||||||
- Windows 10 Education
|
|
||||||
- Windows 10 Pro
|
|
||||||
- Windows 10 Pro Education
|
|
||||||
|
|
||||||
Machines on your network must be running one of these editions.
|
|
||||||
|
|
||||||
The hardware requirements for Windows Defender ATP on machines is the same as those for the supported editions.
|
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
> Machines that are running mobile versions of Windows are not supported.
|
|
||||||
|
|
||||||
#### Internet connectivity
|
|
||||||
Internet connectivity on machines is required either directly or through proxy.
|
|
||||||
|
|
||||||
The Windows Defender ATP sensor can utilize a daily average bandwidth of 5MB to communicate with the Windows Defender ATP cloud service and report cyber data.
|
|
||||||
|
|
||||||
For more information on additional proxy configuration settings see, [Configure machine proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) .
|
|
||||||
|
|
||||||
Before you onboard machines, the diagnostic data service must be enabled. The service is enabled by default in Windows 10.
|
|
||||||
|
|
||||||
<span id="telemetry-and-diagnostics-settings" />
|
|
||||||
### Diagnostic data settings
|
|
||||||
You must ensure that the diagnostic data service is enabled on all the machines in your organization.
|
|
||||||
By default, this service is enabled, but it's good practice to check to ensure that you'll get sensor data from them.
|
|
||||||
|
|
||||||
**Use the command line to check the Windows 10 diagnostic data service startup type**:
|
|
||||||
|
|
||||||
1. Open an elevated command-line prompt on the machine:
|
|
||||||
|
|
||||||
a. Go to **Start** and type **cmd**.
|
|
||||||
|
|
||||||
b. Right-click **Command prompt** and select **Run as administrator**.
|
|
||||||
|
|
||||||
2. Enter the following command, and press **Enter**:
|
|
||||||
|
|
||||||
```text
|
|
||||||
sc qc diagtrack
|
|
||||||
```
|
|
||||||
|
|
||||||
If the service is enabled, then the result should look like the following screenshot:
|
|
||||||
|
|
||||||

|
|
||||||
|
|
||||||
If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the service to automatically start.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
**Use the command line to set the Windows 10 diagnostic data service to automatically start:**
|
|
||||||
|
|
||||||
1. Open an elevated command-line prompt on the endpoint:
|
|
||||||
|
|
||||||
a. Go to **Start** and type **cmd**.
|
|
||||||
|
|
||||||
b. Right-click **Command prompt** and select **Run as administrator**.
|
|
||||||
|
|
||||||
2. Enter the following command, and press **Enter**:
|
|
||||||
|
|
||||||
```text
|
|
||||||
sc config diagtrack start=auto
|
|
||||||
```
|
|
||||||
|
|
||||||
3. A success message is displayed. Verify the change by entering the following command, and press **Enter**:
|
|
||||||
|
|
||||||
```text
|
|
||||||
sc qc diagtrack
|
|
||||||
```
|
|
||||||
|
|
||||||
## Windows Defender Antivirus signature updates are configured
|
|
||||||
The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them.
|
|
||||||
|
|
||||||
You must configure the signature updates on the Windows Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
|
|
||||||
|
|
||||||
When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy.
|
|
||||||
|
|
||||||
Depending on the server version you're onboarding, you might need to configure a Group Policy setting to run on passive mode. For more information, see [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md).
|
|
||||||
|
|
||||||
For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
|
|
||||||
|
|
||||||
## Windows Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled
|
|
||||||
If you're running Windows Defender Antivirus as the primary antimalware product on your machines, the Windows Defender ATP agent will successfully onboard.
|
|
||||||
|
|
||||||
If you're running a third-party antimalware client and use Mobile Device Management solutions or System Center Configuration Manager (current branch) version 1606, you'll need to ensure that the Windows Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy).
|
|
||||||
|
|
||||||
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=technet-wd-atp-minreq-belowfoldlink1)
|
|
||||||
|
|
||||||
## Related topic
|
## Related topic
|
||||||
- [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md)
|
- [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md)
|
||||||
|
- [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md)
|
||||||
|