- **Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on web pages.
- **Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout optimized for your screen size. While in reading view, you can also save web pages or PDF files to your reading list, for later viewing.
- **Cortana.** Enabled by default in Microsoft Edge, Cortana lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage.
- **Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.
- **Backward compatibility.** IE11 supports 9 document modes that include high-fidelity emulations for older versions of IE.
- **Modern web standards.** IE11 supports modern web technologies like HTML5, CSS3, and WebGL, which help to ensure today's modern websites and apps work just as well as your old, legacy websites and apps.** IE11 does not support CSS properties, JavaScript modules and certain APIs.**
- **More secure.** IE11 was designed with security in mind and is more secure than older versions. Using security features like SmartScreen and Enhanced Protected Mode can help IE11 reduce your risk.
- **Faster.** IE11 is significantly faster than previous versions of Internet Explorer, taking advantage of network optimization and hardware-accelerated text, graphics, and JavaScript rendering.
- **Easier migration to Windows 10.** IE11 is the only version of IE that runs on Windows 7, Windows 8.1, and Windows 10. Upgrading to IE11 on Windows 7 can also help your organization support the next generation of software, services, and devices.
- **Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment and includes more than 1,600 Group Policies and preferences for granular control.
- **Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on web pages.
- **Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout optimized for your screen size. While in reading view, you can also save web pages or PDF files to your reading list, for later viewing.
- **Cortana.** Enabled by default in Microsoft Edge, Cortana lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage.
- **Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.
- **Backward compatibility.** IE11 supports 9 document modes that include high-fidelity emulations for older versions of IE.
- **Modern web standards.** IE11 supports modern web technologies like HTML5, CSS3, and WebGL, which help to ensure today's modern websites and apps work just as well as your old, legacy websites and apps.** IE11 does not support some modern CSS properties, JavaScript modules and certain APIs.**
- **More secure.** IE11 was designed with security in mind and is more secure than older versions. Using security features like SmartScreen and Enhanced Protected Mode can help IE11 reduce your risk.
- **Faster.** IE11 is significantly faster than previous versions of Internet Explorer, taking advantage of network optimization and hardware-accelerated text, graphics, and JavaScript rendering.
- **Easier migration to Windows 10.** IE11 is the only version of IE that runs on Windows 7, Windows 8.1, and Windows 10. Upgrading to IE11 on Windows 7 can also help your organization support the next generation of software, services, and devices.
- **Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment and includes more than 1,600 Group Policies and preferences for granular control.
- **Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on web pages.
- **Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout optimized for your screen size. While in reading view, you can also save web pages or PDF files to your reading list, for later viewing.
- **Cortana.** Enabled by default in Microsoft Edge, Cortana lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage.
- **Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.
- **Backward compatibility.** IE11 supports 9 document modes that include high-fidelity emulations for older versions of IE.
- **Modern web standards.** IE11 supports modern web technologies like HTML5, CSS3, and WebGL, which help to ensure today's modern websites and apps work just as well as your old, legacy websites and apps.** IE11 does not support some modern CSS properties, JavaScript modules and certain APIs.**
- **More secure.** IE11 was designed with security in mind and is more secure than older versions. Using security features like SmartScreen and Enhanced Protected Mode can help IE11 reduce your risk.
- **Faster.** IE11 is significantly faster than previous versions of Internet Explorer, taking advantage of network optimization and hardware-accelerated text, graphics, and JavaScript rendering.
- **Easier migration to Windows 10.** IE11 is the only version of IE that runs on Windows 7, Windows 8.1, and Windows 10. Upgrading to IE11 on Windows 7 can also help your organization support the next generation of software, services, and devices.
- **Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment and includes more than 1,600 Group Policies and preferences for granular control.
- **Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on web pages.
- **Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout optimized for your screen size. While in reading view, you can also save web pages or PDF files to your reading list, for later viewing.
- **Cortana.** Enabled by default in Microsoft Edge, Cortana lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage.
- **Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.
- **Backward compatibility.** IE11 supports 9 document modes that include high-fidelity emulations for older versions of IE.
- **Modern web standards.** IE11 supports modern web technologies like HTML5, CSS3, and WebGL, which help to ensure today's modern websites and apps work just as well as your old, legacy websites and apps. **IE11 does not support some modern CSS properties, JavaScript modules and certain APIs.**
- **More secure.** IE11 was designed with security in mind and is more secure than older versions. Using security features like SmartScreen and Enhanced Protected Mode can help IE11 reduce your risk.
- **Faster.** IE11 is significantly faster than previous versions of Internet Explorer, taking advantage of network optimization and hardware-accelerated text, graphics, and JavaScript rendering.
- **Easier migration to Windows 10.** IE11 is the only version of IE that runs on Windows 7, Windows 8.1, and Windows 10. Upgrading to IE11 on Windows 7 can also help your organization support the next generation of software, services, and devices.
- **Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment and includes more than 1,600 Group Policies and preferences for granular control.
From ac9bbb18ccc40b5c9a71c25032ccc136b1f49e4a Mon Sep 17 00:00:00 2001 From: Reece Peacock <49645174+Reeced40@users.noreply.github.com> Date: Fri, 16 Aug 2019 15:47:27 +0200 Subject: [PATCH 040/112] Update hello-deployment-guide.md --- .../hello-for-business/hello-deployment-guide.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md index c42ad2718a..f2fe950a8c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md @@ -51,8 +51,6 @@ The trust model determines how you want users to authenticate to the on-premises * The certificate-trust model is for enterprise that *do* want to issue end-entity certificates to their users and have the benefits of certificate expiration and renewal, similar to how smart cards work today. * The certificate trust model also supports enterprises which are not ready to deploy Windows Server 2016 Domain Controllers. -For additional information about directory sync, including hybrid deployments (Azure Active Directory) see the Hybrid Windows Hello for Business [certificate trust prerequisites](hello-hybrid-cert-trust-prereqs.md#directory-synchronization) and [key trust prerequisites](hello-hybrid-key-trust-prereqs.md#directory-synchronization). - > [!NOTE] > Remote Desktop Protocol (RDP) does not support authentication with Windows Hello for Business key trust deployments. RDP is only supported with certificate trust deployments at this time. See [Remote Desktop with Biometrics](hello-features.md#remote-desktop-with-biometrics) to learn more. @@ -64,7 +62,7 @@ Following are the various deployment guides and models included in this topic: - [On Premises Certificate Trust Deployment](hello-deployment-cert-trust.md) > [!NOTE] -> This article covers all deployment models including on-premises. On-premises deployments, both key and certificate trust, use the Azure MFA server where the credentials are not synchronized to Azure Active Directory. Learn how to [deploy Multifactor Authentication Services (MFA) for key trust](hello-key-trust-validate-deploy-mfa.md) and [for certificate trust](hello-cert-trust-validate-deploy-mfa.md) deployments. +> For Windows Hello for Business hybrid [certificate trust prerequisites](hello-hybrid-cert-trust-prereqs.md#directory-synchronization) and [key trust prerequisites](hello-hybrid-key-trust-prereqs.md#directory-synchronization) deployments, you will need Azure Active Directory Connect to synchronize user accounts in the on-premises Active Directory with Azure Active Directory. For on-premises deployments, both key and certificate trust, use the Azure MFA server where the credentials are not synchronized to Azure Active Directory. Learn how to [deploy Multifactor Authentication Services (MFA) for key trust](hello-key-trust-validate-deploy-mfa.md) and [for certificate trust](hello-cert-trust-validate-deploy-mfa.md) deployments. ## Provisioning From 2e99e37de03617a9f7fbe648d67276eb009dd4c3 Mon Sep 17 00:00:00 2001 From: NagaCSC
[Domain joined provisioning in an On-premises Certificate Trust deployment](#domain-joined-provisioning-in-an-on-premises-certificate-trust-deployment)
+> [!NOTE] +> The flows in this section are not exhaustive for every possible scenario. For example, Federated Key Trust is also a supported configuration. ## Azure AD joined provisioning in a Managed environment From ccde442de86f2bd782505f8bfdf9c6a13c5466fc Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 19 Aug 2019 10:23:04 +0300 Subject: [PATCH 053/112] add note about CSP https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4529 --- .../mdm/federated-authentication-device-enrollment.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/mdm/federated-authentication-device-enrollment.md index dff91fd372..1a6424530a 100644 --- a/windows/client-management/mdm/federated-authentication-device-enrollment.md +++ b/windows/client-management/mdm/federated-authentication-device-enrollment.md @@ -167,6 +167,9 @@ AuthenticationServiceUrl?appru=
| Cmdlet | Use this cmdlet to | Syntax |
|---|---|---|
| Add-ProvisioningPackage | Apply a provisioning package | Add-ProvisioningPackage [-Path] <string> [-ForceInstall] [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>] |
| Add-ProvisioningPackage | Apply a provisioning package | Add-ProvisioningPackage [-Path] <string> [-ForceInstall] [-LogsFolder <string>] [-QuietInstall] [-WprpFile <string>] [<CommonParameters>] |
| Remove-ProvisioningPackage | Remove a provisioning package | Remove-ProvisioningPackage -PackageId <string> [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>] |
Remove-ProvisioningPackage -Path <string> [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>] | ||
Remove-ProvisioningPackage -AllInstalledPackages [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>] | ||
| Get-ProvisioningPackage | Get information about an installed provisioning package | Get-ProvisioningPackage -PackageId <string> [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>] |
Get-ProvisioningPackage -Path <string> [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>] | ||
Get-ProvisioningPackage -AllInstalledPackages [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>] | ||
| Export-ProvisioningPackage | Extract the contents of a provisioning package | Export-ProvisioningPackage -PackageId <string> -OutputFolder <string> [-Overwrite] [-AnswerFileOnly] [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>] |
Export-ProvisioningPackage -Path <string> -OutputFolder <string> [-Overwrite] [-AnswerFileOnly] [-LogsFolder <string>] [-WprpFile <string>] [<CommonParameters>] | Microsoft SQL Server 2016 |
Standard, Enterprise, or Datacenter |
SP1 |
-https://www.microsoft.com/en-us/download/details.aspx?id=5496764-bit |
+https://www.microsoft.com/download/details.aspx?id=5496764-bit |
Microsoft SQL Server 2014 |
Standard, Enterprise, or Datacenter |
@@ -373,7 +373,7 @@ You must install SQL Server with the **SQL\_Latin1\_General\_CP1\_CI\_AS** colla
If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package that can be downloaded from the following locations:
If you have a Microsoft Developer Network (MSDN) subscription, use the [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/subscriptions/downloads/default.aspx#FileId=65215) to download the MDOP ISO package.
If you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home), download it from the [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx).
See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components.| +| App-V server components | App-V offers five server components that work together to allow you to host and publish virtual applications, generate usage reports, and manage your App-V environment. For more details, see [Deploying the App-V Server](appv-deploying-the-appv-server.md).
If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package that can be downloaded from the following locations:
If you have a Microsoft Developer Network (MSDN) subscription, use the [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/subscriptions/downloads/default.aspx#FileId=65215) to download the MDOP ISO package.
If you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/WindowsForBusiness/windows-product-home), download it from the [Volume Licensing Service Center](https://www.microsoft.com/licensing/default.aspx).
See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components.| | App-V client and App-V Remote Desktop Services (RDS) client | The App-V client is the component that runs virtualized applications on user devices, allowing users to interact with icons and file names to start virtualized applications. | The App-V client is automatically installed with Windows 10, version 1607.
To learn how to enable the client, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md). | | App-V sequencer | Use the App-V sequencer to convert Win32 applications into virtual packages for deployment to user devices. Devices must run the App-V client to allow users to interact with virtual applications. | Installed with the [Windows Assessment and Deployment kit (ADK) for Windows 10, version 1607](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). | For more information about these components, see [High Level Architecture for App-V](appv-high-level-architecture.md). -If you're new to App-V, it's a good idea to read the documentation thoroughly. Before deploying App-V in a production environment, you can ensure installation goes smoothly by validating your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. To get started, see the [Microsoft Training Overview](https://www.microsoft.com/en-us/learning/default.aspx). +If you're new to App-V, it's a good idea to read the documentation thoroughly. Before deploying App-V in a production environment, you can ensure installation goes smoothly by validating your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. To get started, see the [Microsoft Training Overview](https://www.microsoft.com/learning/default.aspx). ## Getting started with App-V diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md index 40047a8bd9..155f59650e 100644 --- a/windows/application-management/app-v/appv-performance-guidance.md +++ b/windows/application-management/app-v/appv-performance-guidance.md @@ -31,7 +31,7 @@ You should read and understand the following information before reading this doc - [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md) -- [App-V Sequencing Guide](https://www.microsoft.com/en-us/download/details.aspx?id=27760) +- [App-V Sequencing Guide](https://www.microsoft.com/download/details.aspx?id=27760) **Note** Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk * review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document. diff --git a/windows/application-management/app-v/appv-reporting.md b/windows/application-management/app-v/appv-reporting.md index 99a25f7fda..214bb3c9bd 100644 --- a/windows/application-management/app-v/appv-reporting.md +++ b/windows/application-management/app-v/appv-reporting.md @@ -30,7 +30,7 @@ The following list displays the end–to-end high-level workflow for reporting i To confirm SQL Server Reporting Services is running, enter
[Windows 10 deployment considerations](planning/windows-10-deployment-considerations.md)
[Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information) -
[Windows 10 Specifications & Systems Requirements](https://www.microsoft.com/en-us/windows/windows-10-specifications) +
[Windows 10 Specifications & Systems Requirements](https://www.microsoft.com/windows/windows-10-specifications)
[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
[Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md) diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md index 7f2c14085a..b4ff72ee14 100644 --- a/windows/deployment/mbr-to-gpt.md +++ b/windows/deployment/mbr-to-gpt.md @@ -452,5 +452,5 @@ To fix this issue, mount the Windows PE image (WIM), copy the missing file from ## Related topics [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) -
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) diff --git a/windows/deployment/planning/windows-10-enterprise-faq-itpro.md b/windows/deployment/planning/windows-10-enterprise-faq-itpro.md index 2900db198c..8716d1b086 100644 --- a/windows/deployment/planning/windows-10-enterprise-faq-itpro.md +++ b/windows/deployment/planning/windows-10-enterprise-faq-itpro.md @@ -23,7 +23,7 @@ Get answers to common questions around compatibility, installation, and support ### Where can I download Windows 10 Enterprise? -If you have Windows volume licenses with Software Assurance, or if you have purchased licenses for Windows 10 Enterprise volume licenses, you can download 32-bit and 64-bit versions of Windows 10 Enterprise from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). If you do not have current Software Assurance for Windows and would like to purchase volume licenses for Windows 10 Enterprise, contact your preferred Microsoft Reseller or see [How to purchase through Volume Licensing](https://www.microsoft.com/en-us/Licensing/how-to-buy/how-to-buy.aspx). +If you have Windows volume licenses with Software Assurance, or if you have purchased licenses for Windows 10 Enterprise volume licenses, you can download 32-bit and 64-bit versions of Windows 10 Enterprise from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). If you do not have current Software Assurance for Windows and would like to purchase volume licenses for Windows 10 Enterprise, contact your preferred Microsoft Reseller or see [How to purchase through Volume Licensing](https://www.microsoft.com/Licensing/how-to-buy/how-to-buy.aspx). ### What are the system requirements? @@ -35,7 +35,7 @@ Most computers that are compatible with Windows 8.1 will be compatible with Wind ### Can I evaluate Windows 10 Enterprise? -Yes, a 90-day evaluation of Windows 10 Enterprise is available through the [TechNet Evaluation Center](https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise). The evaluation is available in Chinese (Simplified), Chinese (Traditional), French, German, Italian, Japanese, Korean, Portuguese (Brazil), and Spanish (Spain, International Sort). We highly recommend that organizations make use of the Windows 10 Enterprise 90-day Evaluation to try out deployment and management scenarios, test compatibility with hardware and applications, and to get hands on experience with Windows 10 Enterprise features. +Yes, a 90-day evaluation of Windows 10 Enterprise is available through the [TechNet Evaluation Center](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise). The evaluation is available in Chinese (Simplified), Chinese (Traditional), French, German, Italian, Japanese, Korean, Portuguese (Brazil), and Spanish (Spain, International Sort). We highly recommend that organizations make use of the Windows 10 Enterprise 90-day Evaluation to try out deployment and management scenarios, test compatibility with hardware and applications, and to get hands on experience with Windows 10 Enterprise features. ## Drivers and compatibility @@ -56,7 +56,7 @@ Many existing Win32 and Win64 applications already run reliably on Windows 10 wi ### Is there an easy way to assess if my organization’s devices are ready to upgrade to Windows 10? -[Windows Analytics Upgrade Readiness](https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics) (formerly known as Upgrade Analytics) provides powerful insights and recommendations about the computers, applications, and drivers in your organization, at no extra cost and without additional infrastructure requirements. This new service guides you through your upgrade and feature update projects using a workflow based on Microsoft recommended practices. Up-to-date inventory data allows you to balance cost and risk in your upgrade projects. You can find additional product information at [Windows Analytics](https://www.microsoft.com/en-us/WindowsForBusiness/Windows-Analytics). +[Windows Analytics Upgrade Readiness](https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics) (formerly known as Upgrade Analytics) provides powerful insights and recommendations about the computers, applications, and drivers in your organization, at no extra cost and without additional infrastructure requirements. This new service guides you through your upgrade and feature update projects using a workflow based on Microsoft recommended practices. Up-to-date inventory data allows you to balance cost and risk in your upgrade projects. You can find additional product information at [Windows Analytics](https://www.microsoft.com/WindowsForBusiness/Windows-Analytics). ## Administration and deployment diff --git a/windows/deployment/s-mode.md b/windows/deployment/s-mode.md index 530c47ce6f..deb025fd32 100644 --- a/windows/deployment/s-mode.md +++ b/windows/deployment/s-mode.md @@ -51,7 +51,7 @@ The [MSIX Packaging Tool](https://docs.microsoft.com/windows/application-managem ## Related links -- [Consumer applications for S mode](https://www.microsoft.com/en-us/windows/s-mode) -- [S mode devices](https://www.microsoft.com/en-us/windows/view-all-devices) +- [Consumer applications for S mode](https://www.microsoft.com/windows/s-mode) +- [S mode devices](https://www.microsoft.com/windows/view-all-devices) - [Windows Defender Application Control deployment guide](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide) -- [Windows Defender Advanced Threat Protection](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp) +- [Windows Defender Advanced Threat Protection](https://www.microsoft.com/WindowsForBusiness/windows-atp) diff --git a/windows/deployment/update/update-compliance-wd-av-status.md b/windows/deployment/update/update-compliance-wd-av-status.md index 35deef9366..74250033ff 100644 --- a/windows/deployment/update/update-compliance-wd-av-status.md +++ b/windows/deployment/update/update-compliance-wd-av-status.md @@ -20,7 +20,7 @@ ms.topic: article The Windows Defender AV Status section deals with data concerning signature and threat status for devices that use Windows Defender Antivirus. The section tile in the [Overview Blade](update-compliance-using.md#overview-blade) provides the percentage of devices with insufficient protection – this percentage only considers devices using Windows Defender Antivirus. >[!NOTE] ->Update Compliance's Windows Defender Antivirus status is compatible with E3, B, F1, VL Professional and below licenses. Devices with an E5 license are not shown here; devices with an E5 license can be monitored using the [Windows Defender ATP portal](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection). If you'd like to learn more about Windows 10 licensing, see the [Windows 10 product licensing options](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx). +>Update Compliance's Windows Defender Antivirus status is compatible with E3, B, F1, VL Professional and below licenses. Devices with an E5 license are not shown here; devices with an E5 license can be monitored using the [Windows Defender ATP portal](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection). If you'd like to learn more about Windows 10 licensing, see the [Windows 10 product licensing options](https://www.microsoft.com/Licensing/product-licensing/windows10.aspx). # Windows Defender AV Status sections The **Protection Status** blade gives a count for devices that have either out-of-date signatures or real-time protection turned off. Below, it gives a more detailed breakdown of the two issues. Selecting any of these statuses will navigate you to a Log Search view containing the query. diff --git a/windows/deployment/update/waas-mobile-updates.md b/windows/deployment/update/waas-mobile-updates.md index 78594a2262..73652f10a9 100644 --- a/windows/deployment/update/waas-mobile-updates.md +++ b/windows/deployment/update/waas-mobile-updates.md @@ -18,7 +18,7 @@ ms.topic: article **Applies to** - Windows 10 Mobile -- [Windows 10 IoT Mobile](https://www.microsoft.com/en-us/WindowsForBusiness/windows-iot) +- [Windows 10 IoT Mobile](https://www.microsoft.com/WindowsForBusiness/windows-iot) > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) diff --git a/windows/deployment/update/waas-morenews.md b/windows/deployment/update/waas-morenews.md index b1122abef6..bf740f50c0 100644 --- a/windows/deployment/update/waas-morenews.md +++ b/windows/deployment/update/waas-morenews.md @@ -37,7 +37,7 @@ Here's more news about [Windows as a service](windows-as-a-service.md):
-Simplified updates
+Simplified updates
Windows 10 end user readiness
diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md
index 0216aec2c1..0214e53ad8 100644
--- a/windows/deployment/upgrade/log-files.md
+++ b/windows/deployment/upgrade/log-files.md
@@ -166,6 +166,6 @@ Therefore, Windows Setup failed because it was not able to migrate the corrupt f
[Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx)
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) -
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index 305917b360..01850db7f6 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -234,6 +234,6 @@ If you downloaded the SetupDiag.exe program to your computer, then copied it to [Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx)
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) -
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md index 34e22a7ab7..15c4156866 100644 --- a/windows/deployment/upgrade/resolution-procedures.md +++ b/windows/deployment/upgrade/resolution-procedures.md @@ -504,7 +504,7 @@ This error has more than one possible cause. Attempt [quick fixes](quick-fixes.m
See Windows 10 specifications for information.
See Windows 10 specifications for information.
-Download and run the media creation tool. See Download windows 10. +Download and run the media creation tool. See Download windows 10.
Attempt to upgrade using .ISO or USB.
Note: Windows 10 Enterprise isn’t available in the media creation tool. For more information, go to the Volume Licensing Service Center.
Review logs for [compatibility information](https://blogs.technet.microsoft.com/askcore/2016/01/21/using-the-windows-10-compatibility-reports-to-understand-upgrade-issues/).
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) -
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md index af24d3c075..3a7f854132 100644 --- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md +++ b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md @@ -58,7 +58,7 @@ See the following topics in this article: [Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx)
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) -
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821)
diff --git a/windows/deployment/upgrade/submit-errors.md b/windows/deployment/upgrade/submit-errors.md index 6f6bde4fba..64716a73e7 100644 --- a/windows/deployment/upgrade/submit-errors.md +++ b/windows/deployment/upgrade/submit-errors.md @@ -29,7 +29,7 @@ This topic describes how to submit problems with a Windows 10 upgrade to Microso ## About the Feedback Hub -The Feedback Hub app lets you tell Microsoft about any problems you run in to while using Windows 10 and send suggestions to help us improve your Windows experience. Previously, you could only use the Feedback Hub if you were in the Windows Insider Program. Now anyone can use this tool. You can download the Feedback Hub app from the Microsoft Store [here](https://www.microsoft.com/en-us/store/p/feedback-hub/9nblggh4r32n?SilentAuth=1&wa=wsignin1.0). +The Feedback Hub app lets you tell Microsoft about any problems you run in to while using Windows 10 and send suggestions to help us improve your Windows experience. Previously, you could only use the Feedback Hub if you were in the Windows Insider Program. Now anyone can use this tool. You can download the Feedback Hub app from the Microsoft Store [here](https://www.microsoft.com/store/p/feedback-hub/9nblggh4r32n?SilentAuth=1&wa=wsignin1.0). The Feedback Hub requires Windows 10 or Windows 10 mobile. If you are having problems upgrading from an older version of Windows to Windows 10, you can use the Feedback Hub to submit this information, but you must collect the log files from the legacy operating system and then attach these files to your feedback using a device that is running Windows 10. If you are upgrading to Windows 10 from a previous verion of Windows 10, the Feedback Hub will collect log files automatically. diff --git a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md index b252ff670a..c9509188a3 100644 --- a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md +++ b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md @@ -92,6 +92,6 @@ WIM = Windows image (Microsoft) [Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx)
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) -
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/upgrade/upgrade-error-codes.md b/windows/deployment/upgrade/upgrade-error-codes.md index f06c6fb87b..0dd0d042c6 100644 --- a/windows/deployment/upgrade/upgrade-error-codes.md +++ b/windows/deployment/upgrade/upgrade-error-codes.md @@ -154,6 +154,6 @@ For example: An extend code of **0x4000D**, represents a problem during phase 4 [Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx)
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) -
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/upgrade/upgrade-readiness-requirements.md b/windows/deployment/upgrade/upgrade-readiness-requirements.md index 3078890be7..582f5bb732 100644 --- a/windows/deployment/upgrade/upgrade-readiness-requirements.md +++ b/windows/deployment/upgrade/upgrade-readiness-requirements.md @@ -31,7 +31,7 @@ If you need to update user computers to Windows 7 SP1 or Windows 8.1, use Window > [!NOTE] > Upgrade Readiness is designed to best support in-place upgrades. In-place upgrades do not support migrations from BIOS to UEFI or from 32-bit to 64-bit architecture. If you need to migrate computers in these scenarios, use the wipe-and-reload method. Upgrade Readiness insights are still valuable in this scenario, however, you can ignore in-place upgrade specific guidance. -See [Windows 10 Specifications](https://www.microsoft.com/en-US/windows/windows-10-specifications) for additional information about computer system requirements. +See [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications) for additional information about computer system requirements. ### Windows 10 diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md index 72345c3d54..d683bd63b3 100644 --- a/windows/deployment/upgrade/windows-10-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md @@ -138,7 +138,7 @@ Downgrading from Enterprise - Upgrade edition: **Enterprise** - Valid downgrade paths: **Pro, Pro for Workstations, Pro Education, Education** -You can move directly from Enterprise to any valid destination edition. In this example, downgrading to Pro for Workstations, Pro Education, or Education requires an additional activation key to supersede the firmware-embedded Pro key. In all cases, you must comply with [Microsoft License Terms](https://www.microsoft.com/useterms). If you are a volume license customer, refer to the [Microsoft Volume Licensing Reference Guide](https://www.microsoft.com/en-us/download/details.aspx?id=11091). +You can move directly from Enterprise to any valid destination edition. In this example, downgrading to Pro for Workstations, Pro Education, or Education requires an additional activation key to supersede the firmware-embedded Pro key. In all cases, you must comply with [Microsoft License Terms](https://www.microsoft.com/useterms). If you are a volume license customer, refer to the [Microsoft Volume Licensing Reference Guide](https://www.microsoft.com/download/details.aspx?id=11091). ### Supported Windows 10 downgrade paths diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md index f0f918ef4a..77f1ae38b0 100644 --- a/windows/deployment/upgrade/windows-error-reporting.md +++ b/windows/deployment/upgrade/windows-error-reporting.md @@ -68,6 +68,6 @@ The event will also contain links to log files that can be used to perform a det [Windows 10 FAQ for IT professionals](https://technet.microsoft.com/windows/dn798755.aspx) [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx) -[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications) [Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) [Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md index 1ed8638bcc..7ba4d88b2d 100644 --- a/windows/deployment/vda-subscription-activation.md +++ b/windows/deployment/vda-subscription-activation.md @@ -29,13 +29,13 @@ Deployment instructions are provided for the following scenarios: - VMs must be running Windows 10 Pro, version 1703 (also known as the Creator's Update) or later. - VMs must be Active Directory-joined or Azure Active Directory (AAD)-joined. - VMs must be generation 1. -- VMs must hosted by a [Qualified Multitenant Hoster](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) (QMTH). +- VMs must hosted by a [Qualified Multitenant Hoster](https://www.microsoft.com/CloudandHosting/licensing_sca.aspx) (QMTH). ## Activation ### Scenario 1 - The VM is running Windows 10, version 1803 or later. -- The VM is hosted in Azure or another [Qualified Multitenant Hoster](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) (QMTH). +- The VM is hosted in Azure or another [Qualified Multitenant Hoster](https://www.microsoft.com/CloudandHosting/licensing_sca.aspx) (QMTH). When a user with VDA rights signs in to the VM using their AAD credentials, the VM is automatically stepped-up to Enterprise and activated. There is no need to perform Windows 10 Pro activation. This eliminates the need to maintain KMS or MAK in the qualifying cloud infrastructure. @@ -45,7 +45,7 @@ Deployment instructions are provided for the following scenarios: [Inherited Activation](https://docs.microsoft.com/windows/deployment/windows-10-subscription-activation#inherited-activation) is enabled. All VMs created by a user with a Windows 10 E3 or E5 license are automatically activated independent of whether a user signs in with a local account or using an Azure Active Directory account. ### Scenario 3 -- The VM is running Windows 10, version 1703 or 1709, or the hoster is not an authorized [QMTH](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx) partner. +- The VM is running Windows 10, version 1703 or 1709, or the hoster is not an authorized [QMTH](https://www.microsoft.com/CloudandHosting/licensing_sca.aspx) partner. In this scenario, the underlying Windows 10 Pro license must be activated prior to Subscription Activation of Windows 10 Enterprise. Activation is accomplished using a Windows 10 Pro Generic Volume License Key (GVLK) and a Volume License KMS activation server provided by the hoster. Alternatively, a KMS activation server on your corporate network can be used if you have configured a private connection, such as [ExpressRoute](https://azure.microsoft.com/services/expressroute/) or [VPN Gateway](https://azure.microsoft.com/services/vpn-gateway/). diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md index 6b45127282..e241930c1e 100644 --- a/windows/deployment/windows-10-enterprise-e3-overview.md +++ b/windows/deployment/windows-10-enterprise-e3-overview.md @@ -43,9 +43,9 @@ When you purchase Windows 10 Enterprise E3 via a partner, you get the followin How does the Windows 10 Enterprise E3 in CSP program compare with Microsoft Volume Licensing Agreements and Software Assurance? -- [Microsoft Volume Licensing](https://www.microsoft.com/en-us/licensing/default.aspx) programs are broader in scope, providing organizations with access to licensing for all Microsoft products. +- [Microsoft Volume Licensing](https://www.microsoft.com/licensing/default.aspx) programs are broader in scope, providing organizations with access to licensing for all Microsoft products. -- [Software Assurance](https://www.microsoft.com/en-us/Licensing/licensing-programs/software-assurance-default.aspx) provides organizations with the following categories of benefits: +- [Software Assurance](https://www.microsoft.com/Licensing/licensing-programs/software-assurance-default.aspx) provides organizations with the following categories of benefits: - **Deployment and management**. These benefits include planning services, Microsoft Desktop Optimization (MDOP), Windows Virtual Desktop Access Rights, Windows-To-Go Rights, Windows Roaming Use Rights, Windows Thin PC, Windows RT Companion VDA Rights, and other benefits. diff --git a/windows/deployment/windows-10-media.md b/windows/deployment/windows-10-media.md index 66d5049d31..e46fc7ed24 100644 --- a/windows/deployment/windows-10-media.md +++ b/windows/deployment/windows-10-media.md @@ -77,7 +77,7 @@ Features on demand is a method for adding features to your Windows 10 image that ## Related topics -[Microsoft Volume Licensing Service Center (VLSC) User Guide](https://www.microsoft.com/en-us/download/details.aspx?id=10585) +[Microsoft Volume Licensing Service Center (VLSC) User Guide](https://www.microsoft.com/download/details.aspx?id=10585)
[Volume Activation for Windows 10](https://docs.microsoft.com/windows/deployment/volume-activation/volume-activation-windows-10)
[Plan for volume activation](https://docs.microsoft.com/windows/deployment/volume-activation/plan-for-volume-activation-client)
[VLSC downloads FAQ](https://www.microsoft.com/Licensing/servicecenter/Help/FAQDetails.aspx?id=150) diff --git a/windows/deployment/windows-10-poc-mdt.md b/windows/deployment/windows-10-poc-mdt.md index ddb22cbbbb..87eea0e845 100644 --- a/windows/deployment/windows-10-poc-mdt.md +++ b/windows/deployment/windows-10-poc-mdt.md @@ -75,7 +75,7 @@ MDT performs deployments by using the Lite Touch Installation (LTI), Zero Touch Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 0 Stop-Process -Name Explorer ``` -2. Download and install the 64-bit version of [Microsoft Deployment Toolkit (MDT)](https://www.microsoft.com/en-us/download/details.aspx?id=54259) on SRV1 using the default options. As of the writing of this guide, the latest version of MDT was 8443. +2. Download and install the 64-bit version of [Microsoft Deployment Toolkit (MDT)](https://www.microsoft.com/download/details.aspx?id=54259) on SRV1 using the default options. As of the writing of this guide, the latest version of MDT was 8443. 3. Download and install the latest [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) on SRV1 using the default installation settings. The current version is the ADK for Windows 10, version 1703. Installation might require several minutes to acquire all components. @@ -638,7 +638,7 @@ Deployment logs are available on the client computer in the following locations: You can review WDS events in Event Viewer at: **Applications and Services Logs > Microsoft > Windows > Deployment-Services-Diagnostics**. By default, only the **Admin** and **Operational** logs are enabled. To enable other logs, right-click the log and then click **Enable Log**. -Tools for viewing log files, and to assist with troubleshooting are available in the [System Center 2012 R2 Configuration Manager Toolkit](https://www.microsoft.com/en-us/download/details.aspx?id=50012) +Tools for viewing log files, and to assist with troubleshooting are available in the [System Center 2012 R2 Configuration Manager Toolkit](https://www.microsoft.com/download/details.aspx?id=50012) Also see [Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) for detailed troubleshooting information. diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md index d9a32a74be..929b097d58 100644 --- a/windows/deployment/windows-10-poc-sc-config-mgr.md +++ b/windows/deployment/windows-10-poc-sc-config-mgr.md @@ -72,7 +72,7 @@ Topics and procedures in this guide are summarized in the following table. An es >If the request to add features fails, retry the installation by typing the command again. -2. Download [SQL Server 2014 SP2](https://www.microsoft.com/en-us/evalcenter/evaluate-sql-server-2014-sp2) from the Microsoft Evaluation Center as an .ISO file on the Hyper-V host computer. Save the file to the **C:\VHD** directory. +2. Download [SQL Server 2014 SP2](https://www.microsoft.com/evalcenter/evaluate-sql-server-2014-sp2) from the Microsoft Evaluation Center as an .ISO file on the Hyper-V host computer. Save the file to the **C:\VHD** directory. 3. When you have downloaded the file **SQLServer2014SP2-FullSlipstream-x64-ENU.iso** and placed it in the C:\VHD directory, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host: ``` @@ -126,7 +126,7 @@ Topics and procedures in this guide are summarized in the following table. An es Stop-Process -Name Explorer ``` -2. Download [System Center Configuration Manager and Endpoint Protection](https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection) on SRV1 (download the executable file anywhere on SRV1), double-click the file, enter **C:\configmgr** for **Unzip to folder**, and click **Unzip**. The C:\configmgr directory will be automatically created. Click **OK** and then close the **WinZip Self-Extractor** dialog box when finished. +2. Download [System Center Configuration Manager and Endpoint Protection](https://www.microsoft.com/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection) on SRV1 (download the executable file anywhere on SRV1), double-click the file, enter **C:\configmgr** for **Unzip to folder**, and click **Unzip**. The C:\configmgr directory will be automatically created. Click **OK** and then close the **WinZip Self-Extractor** dialog box when finished. 3. Before starting the installation, verify that WMI is working on SRV1. See the following examples. Verify that **Running** is displayed under **Status** and **True** is displayed next to **TcpTestSucceeded**: diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md index b12b80110d..7a4fb81ed7 100644 --- a/windows/deployment/windows-10-poc.md +++ b/windows/deployment/windows-10-poc.md @@ -224,9 +224,9 @@ Starting with Windows 8, the host computer’s microprocessor must support secon ### Download VHD and ISO files -When you have completed installation of Hyper-V on the host computer, begin configuration of Hyper-V by downloading VHD and ISO files to the Hyper-V host. These files will be used to create the VMs used in the lab. Before you can download VHD and ISO files, you will need to register and sign in to the [TechNet Evaluation Center](https://www.microsoft.com/en-us/evalcenter/) using your Microsoft account. +When you have completed installation of Hyper-V on the host computer, begin configuration of Hyper-V by downloading VHD and ISO files to the Hyper-V host. These files will be used to create the VMs used in the lab. Before you can download VHD and ISO files, you will need to register and sign in to the [TechNet Evaluation Center](https://www.microsoft.com/evalcenter/) using your Microsoft account. -1. Create a directory on your Hyper-V host named **C:\VHD** and download a single [Windows Server 2012 R2 VHD](https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2012-r2) from the TechNet Evaluation Center to the **C:\VHD** directory. +1. Create a directory on your Hyper-V host named **C:\VHD** and download a single [Windows Server 2012 R2 VHD](https://www.microsoft.com/evalcenter/evaluate-windows-server-2012-r2) from the TechNet Evaluation Center to the **C:\VHD** directory. **Important**: This guide assumes that VHDs are stored in the **C:\VHD** directory on the Hyper-V host. If you use a different directory to store VHDs, you must adjust steps in this guide appropriately. @@ -238,7 +238,7 @@ When you have completed installation of Hyper-V on the host computer, begin conf 2. Download the file to the **C:\VHD** directory. When the download is complete, rename the VHD file that you downloaded to **2012R2-poc-1.vhd**. This is done to make the filename simple to recognize and type. 3. Copy the VHD to a second file also in the **C:\VHD** directory and name this VHD **2012R2-poc-2.vhd**. -4. Download the [Windows 10 Enterprise ISO](https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise) from the TechNet Evaluation Center to the **C:\VHD** directory on your Hyper-V host. +4. Download the [Windows 10 Enterprise ISO](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) from the TechNet Evaluation Center to the **C:\VHD** directory on your Hyper-V host. >During registration, you must specify the type, version, and language of installation media to download. In this example, a Windows 10 Enterprise, 64 bit, English ISO is chosen. You can choose a different version if desired. **Note: The evaluation version of Windows 10 does not support in-place upgrade**. diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index 198a7e9aa2..11ef79b654 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -105,8 +105,8 @@ If devices are running Windows 7 or Windows 8.1, see [New Windows 10 upgrade ben With Windows 10 Enterprise or Windows 10 Education, businesses and institutions can benefit from enterprise-level security and control. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Education or Windows 10 Enterprise to their users. Now, with Windows 10 Enterprise E3 or A3 and E5 or A5 being available as a true online service, it is available in select channels thus allowing all organizations to take advantage of enterprise-grade Windows 10 features. To compare Windows 10 editions and review pricing, see the following: -- [Compare Windows 10 editions](https://www.microsoft.com/en-us/windowsforbusiness/compare) -- [Enterprise Mobility + Security Pricing Options](https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security-pricing) +- [Compare Windows 10 editions](https://www.microsoft.com/windowsforbusiness/compare) +- [Enterprise Mobility + Security Pricing Options](https://www.microsoft.com/cloud-platform/enterprise-mobility-security-pricing) You can benefit by moving to Windows as an online service in the following ways: @@ -215,12 +215,12 @@ See [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md). ## Virtual Desktop Access (VDA) -Subscriptions to Windows 10 Enterprise are also available for virtualized clients. Windows 10 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [qualified multitenant hoster](https://www.microsoft.com/en-us/CloudandHosting/licensing_sca.aspx). +Subscriptions to Windows 10 Enterprise are also available for virtualized clients. Windows 10 Enterprise E3 and E5 are available for Virtual Desktop Access (VDA) in Windows Azure or in another [qualified multitenant hoster](https://www.microsoft.com/CloudandHosting/licensing_sca.aspx). Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscriptions for VDA. Active Directory-joined and Azure Active Directory-joined clients are supported. See [Enable VDA for Subscription Activation](vda-subscription-activation.md). ## Related topics [Connect domain-joined devices to Azure AD for Windows 10 experiences](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-devices-group-policy/)
-[Compare Windows 10 editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare)
-[Windows for business](https://www.microsoft.com/en-us/windowsforbusiness/default.aspx)
+[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)
+[Windows for business](https://www.microsoft.com/windowsforbusiness/default.aspx)
diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md index a8090d1812..6d2dc8e363 100644 --- a/windows/deployment/windows-autopilot/add-devices.md +++ b/windows/deployment/windows-autopilot/add-devices.md @@ -26,7 +26,7 @@ Before deploying a device using Windows Autopilot, the device must be registered ## OEM registration -When you purchase devices directly from an OEM, that OEM can automatically register the devices with the Windows Autopilot deployment service. For the list of OEMs that currently support this, see the "Participant device manufacturers" section of the [Windows Autopilot information page](https://www.microsoft.com/en-us/windowsforbusiness/windows-autopilot). +When you purchase devices directly from an OEM, that OEM can automatically register the devices with the Windows Autopilot deployment service. For the list of OEMs that currently support this, see the "Participant device manufacturers" section of the [Windows Autopilot information page](https://www.microsoft.com/windowsforbusiness/windows-autopilot). Before an OEM can register devices on behalf of an organization, the organization must grant the OEM permission to do so. This process is initiated by the OEM, with approval granted by an Azure AD global administrator from the organization. See the "Customer Consent" section of the [Customer consent page](https://docs.microsoft.com/windows/deployment/windows-autopilot/registration-auth#oem-authorization). diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md index f514184445..0e14ae0b89 100644 --- a/windows/deployment/windows-autopilot/existing-devices.md +++ b/windows/deployment/windows-autopilot/existing-devices.md @@ -55,7 +55,7 @@ See the following examples. ### Create the JSON file >[!TIP] ->To run the following commands on a computer running Windows Server 2012/2012 R2 or Windows 7/8.1, you must first download and install the [Windows Management Framework](https://www.microsoft.com/en-us/download/details.aspx?id=54616). +>To run the following commands on a computer running Windows Server 2012/2012 R2 or Windows 7/8.1, you must first download and install the [Windows Management Framework](https://www.microsoft.com/download/details.aspx?id=54616). 1. On an Internet connected Windows PC or Server open an elevated Windows PowerShell command window 2. Enter the following lines to install the necessary modules diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md index 4fcd4811c2..9aa928f3f9 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md @@ -84,16 +84,16 @@ If the Microsoft Store is not accessible, the AutoPilot process will still conti Windows Autopilot depends on specific capabilities available in Windows 10 and Azure Active Directory. It also requires an MDM service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs: To provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality, one of the following is required: -- [Microsoft 365 Business subscriptions](https://www.microsoft.com/en-us/microsoft-365/business) -- [Microsoft 365 F1 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise/firstline) -- [Microsoft 365 Academic A1, A3, or A5 subscriptions](https://www.microsoft.com/en-us/education/buy-license/microsoft365/default.aspx) -- [Microsoft 365 Enterprise E3 or E5 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune). -- [Enterprise Mobility + Security E3 or E5 subscriptions](https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security), which include all needed Azure AD and Intune features. +- [Microsoft 365 Business subscriptions](https://www.microsoft.com/microsoft-365/business) +- [Microsoft 365 F1 subscriptions](https://www.microsoft.com/microsoft-365/enterprise/firstline) +- [Microsoft 365 Academic A1, A3, or A5 subscriptions](https://www.microsoft.com/education/buy-license/microsoft365/default.aspx) +- [Microsoft 365 Enterprise E3 or E5 subscriptions](https://www.microsoft.com/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune). +- [Enterprise Mobility + Security E3 or E5 subscriptions](https://www.microsoft.com/cloud-platform/enterprise-mobility-security), which include all needed Azure AD and Intune features. - [Intune for Education subscriptions](https://docs.microsoft.com/intune-education/what-is-intune-for-education), which include all needed Azure AD and Intune features. -- [Azure Active Directory Premium P1 or P2](https://azure.microsoft.com/services/active-directory/) and [Microsoft Intune subscriptions](https://www.microsoft.com/en-us/cloud-platform/microsoft-intune) (or an alternative MDM service). +- [Azure Active Directory Premium P1 or P2](https://azure.microsoft.com/services/active-directory/) and [Microsoft Intune subscriptions](https://www.microsoft.com/cloud-platform/microsoft-intune) (or an alternative MDM service). Additionally, the following are also recommended (but not required): -- [Office 365 ProPlus](https://www.microsoft.com/en-us/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services). +- [Office 365 ProPlus](https://www.microsoft.com/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services). - [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation), to automatically step up devices from Windows 10 Pro to Windows 10 Enterprise. ## Configuration requirements diff --git a/windows/privacy/diagnostic-data-viewer-overview.md b/windows/privacy/diagnostic-data-viewer-overview.md index 6f5daf90d1..7ebad52ee8 100644 --- a/windows/privacy/diagnostic-data-viewer-overview.md +++ b/windows/privacy/diagnostic-data-viewer-overview.md @@ -42,7 +42,7 @@ Before you can use this tool for viewing Windows diagnostic data, you must turn  ### Download the Diagnostic Data Viewer -Download the app from the [Microsoft Store Diagnostic Data Viewer](https://www.microsoft.com/en-us/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page. +Download the app from the [Microsoft Store Diagnostic Data Viewer](https://www.microsoft.com/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page. >[!Important] >It's possible that your Windows device doesn't have the Microsoft Store available (for example, Windows Server). If this is the case, see [Diagnostic Data Viewer for PowerShell](https://go.microsoft.com/fwlink/?linkid=2023830). diff --git a/windows/privacy/gdpr-it-guidance.md b/windows/privacy/gdpr-it-guidance.md index 524f34b78a..f142ad0677 100644 --- a/windows/privacy/gdpr-it-guidance.md +++ b/windows/privacy/gdpr-it-guidance.md @@ -74,7 +74,7 @@ For example, when an organization is using Microsoft Windows Defender Advanced T #### Processor scenario -In the controller scenario described above, Microsoft is a *processor* because Microsoft provides data processing services to that controller (in the given example, an organization that subscribed to Windows Defender ATP and enabled it for the user’s device). As processor, Microsoft only processes data on behalf of the enterprise customer and does not have the right to process data beyond their instructions as specified in a written contract, such as the [Microsoft Product Terms and the Microsoft Online Services Terms (OST)](https://www.microsoft.com/en-us/licensing/product-licensing/products.aspx). +In the controller scenario described above, Microsoft is a *processor* because Microsoft provides data processing services to that controller (in the given example, an organization that subscribed to Windows Defender ATP and enabled it for the user’s device). As processor, Microsoft only processes data on behalf of the enterprise customer and does not have the right to process data beyond their instructions as specified in a written contract, such as the [Microsoft Product Terms and the Microsoft Online Services Terms (OST)](https://www.microsoft.com/licensing/product-licensing/products.aspx). ## GDPR relationship between a Windows 10 user and Microsoft @@ -120,11 +120,11 @@ Diagnostic data is categorized into the levels "Security", "Basic", "Enhanced", Most Windows 10 services are controller services in terms of the GDPR – for both Windows functional data and Windows diagnostic data. But there are a few Windows services where Microsoft is a processor for functional data under the GDPR, such as [Windows Analytics](https://www.microsoft.com/windowsforbusiness/windows-analytics) and [Windows Defender Advanced Threat Protection (ATP)](https://www.microsoft.com/windowsforbusiness/windows-atp). >[!NOTE] ->Both Windows Analytics and Windows Defender ATP are subscription services for organizations. Some functionality requires a certain license (please see [Compare Windows 10 editions](https://www.microsoft.com/en-us/windowsforbusiness/compare)). +>Both Windows Analytics and Windows Defender ATP are subscription services for organizations. Some functionality requires a certain license (please see [Compare Windows 10 editions](https://www.microsoft.com/windowsforbusiness/compare)). #### Windows Analytics -[Windows Analytics](https://www.microsoft.com/en-us/windowsforbusiness/windows-analytics) is a service that provides rich, actionable information for helping organizations to gain deep insights into the operational efficiency and health of the Windows devices in their environment. It uses Windows diagnostic data from devices enrolled by the IT organization of an enterprise into the Windows Analytics service. +[Windows Analytics](https://www.microsoft.com/windowsforbusiness/windows-analytics) is a service that provides rich, actionable information for helping organizations to gain deep insights into the operational efficiency and health of the Windows devices in their environment. It uses Windows diagnostic data from devices enrolled by the IT organization of an enterprise into the Windows Analytics service. Windows [transmits Windows diagnostic data](enhanced-diagnostic-data-windows-analytics-events-and-fields.md) to Microsoft datacenters, where that data is analyzed and stored. With Windows Analytics, the IT organization can then view the analyzed data to detect and fix issues or to improve their processes for upgrading to Windows 10. @@ -137,7 +137,7 @@ As a result, in terms of the GDPR, the organization that has subscribed to Windo #### Windows Defender ATP -[Windows Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp) is cloud-based service that collects and analyzes usage data from an organization’s devices to detect security threats. Some of the data can contain personal data as defined by the GDPR. Enrolled devices transmit usage data to Microsoft datacenters, where that data is analyzed, processed, and stored. The security operations center (SOC) of the organization can view the analyzed data using the [Windows Defender ATP portal](https://securitycenter.windows.com/). +[Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp) is cloud-based service that collects and analyzes usage data from an organization’s devices to detect security threats. Some of the data can contain personal data as defined by the GDPR. Enrolled devices transmit usage data to Microsoft datacenters, where that data is analyzed, processed, and stored. The security operations center (SOC) of the organization can view the analyzed data using the [Windows Defender ATP portal](https://securitycenter.windows.com/). As a result, in terms of the GDPR, the organization that has subscribed to Windows Defender ATP is acting as the controller, while Microsoft is the processor for Windows Defender ATP. @@ -285,7 +285,7 @@ To make it easier to deploy settings that restrict connections from Windows 10 a ### Microsoft Trust Center and Service Trust Portal -Please visit our [GDPR section of the Microsoft Trust Center](https://www.microsoft.com/en-us/trustcenter/privacy/gdpr) to obtain additional resources and to learn more about how Microsoft can help you fulfill specific GDPR requirements. There you can find lots of useful information about the GDPR, including how Microsoft is helping customers to successfully master the GDPR, a FAQ list, and a list of [resources for GDPR compliance](https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/resources). Also, please check out the [Compliance Manager](https://aka.ms/compliancemanager) of the Microsoft [Service Trust Portal (STP)](https://aka.ms/stp) and [Get Started: Support for GDPR Accountability](https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted). +Please visit our [GDPR section of the Microsoft Trust Center](https://www.microsoft.com/trustcenter/privacy/gdpr) to obtain additional resources and to learn more about how Microsoft can help you fulfill specific GDPR requirements. There you can find lots of useful information about the GDPR, including how Microsoft is helping customers to successfully master the GDPR, a FAQ list, and a list of [resources for GDPR compliance](https://www.microsoft.com/TrustCenter/Privacy/gdpr/resources). Also, please check out the [Compliance Manager](https://aka.ms/compliancemanager) of the Microsoft [Service Trust Portal (STP)](https://aka.ms/stp) and [Get Started: Support for GDPR Accountability](https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted). ### Additional resources diff --git a/windows/privacy/gdpr-win10-whitepaper.md b/windows/privacy/gdpr-win10-whitepaper.md index 3ad1a4a14e..259561932e 100644 --- a/windows/privacy/gdpr-win10-whitepaper.md +++ b/windows/privacy/gdpr-win10-whitepaper.md @@ -30,7 +30,7 @@ Microsoft and our customers are now on a journey to achieve the privacy goals of We have outlined our commitment to the GDPR and how we are supporting our customers within the [Get GDPR compliant with the Microsoft Cloud](https://blogs.microsoft.com/on-the-issues/2017/02/15/get-gdpr-compliant-with-the-microsoft-cloud/#hv52B68OZTwhUj2c.99) blog post by our Chief Privacy Officer [Brendon Lynch](https://blogs.microsoft.com/on-the-issues/author/brendonlynch/) and the [Earning your trust with contractual commitments to the General Data Protection Regulation](https://blogs.microsoft.com/on-the-issues/2017/04/17/earning-trust-contractual-commitments-general-data-protection-regulation/#6QbqoGWXCLavGM63.99)” blog post by [Rich Sauer](https://blogs.microsoft.com/on-the-issues/author/rsauer/) - Microsoft Corporate Vice President & Deputy General Counsel. -Although your journey to GDPR-compliance may seem challenging, we're here to help you. For specific information about the GDPR, our commitments and how to begin your journey, please visit the [GDPR section of the Microsoft Trust Center](https://www.microsoft.com/en-us/trustcenter/privacy/gdpr). +Although your journey to GDPR-compliance may seem challenging, we're here to help you. For specific information about the GDPR, our commitments and how to begin your journey, please visit the [GDPR section of the Microsoft Trust Center](https://www.microsoft.com/trustcenter/privacy/gdpr). ## GDPR and its implications The GDPR is a complex regulation that may require significant changes in how you gather, use and manage personal data. Microsoft has a long history of helping our customers comply with complex regulations, and when it comes to preparing for the GDPR, we are your partner on this journey. @@ -82,7 +82,7 @@ Given how much is involved to become GDPR-compliant, we strongly recommend that  -For each of the steps, we've outlined example tools, resources, and features in various Microsoft solutions, which can be used to help you address the requirements of that step. While this article isn't a comprehensive “how to,” we've included links for you to find out more details, and more information is available in the [GDPR section of the Microsoft Trust Center](https://www.microsoft.com/en-us/trustcenter/privacy/gdpr). +For each of the steps, we've outlined example tools, resources, and features in various Microsoft solutions, which can be used to help you address the requirements of that step. While this article isn't a comprehensive “how to,” we've included links for you to find out more details, and more information is available in the [GDPR section of the Microsoft Trust Center](https://www.microsoft.com/trustcenter/privacy/gdpr). ## Windows 10 security and privacy As you work to comply with the GDPR, understanding the role of your desktop and laptop client machines in creating, accessing, processing, storing and managing data that may qualify as personal and potentially sensitive data under the GDPR is important. Windows 10 provides capabilities that will help you comply with the GDPR requirements to implement appropriate technical and organizational security measures to protect personal data. @@ -252,7 +252,7 @@ There are numerous ways one can use the Windows Hello Companion Device Framework - Wear a fitness band that has already authenticated the wearer. Upon approaching PC, and by performing a special gesture (like clapping), the PC unlocks. #### Protection against attacks by isolating user credentials -As noted in the [Windows 10 Credential Theft Mitigation Guide](https://www.microsoft.com/en-us/download/confirmation.aspx?id=54095), “_the tools and techniques criminals use to carry out credential theft and reuse attacks improve, malicious attackers are finding it easier to achieve their goals. Credential theft often relies on operational practices or user credential exposure, so effective mitigations require a holistic approach that addresses people, processes, and technology. In addition, these attacks rely on the attacker stealing credentials after compromising a system to expand or persist access, so organizations must contain breaches rapidly by implementing strategies that prevent attackers from moving freely and undetected in a compromised network._” +As noted in the [Windows 10 Credential Theft Mitigation Guide](https://www.microsoft.com/download/confirmation.aspx?id=54095), “_the tools and techniques criminals use to carry out credential theft and reuse attacks improve, malicious attackers are finding it easier to achieve their goals. Credential theft often relies on operational practices or user credential exposure, so effective mitigations require a holistic approach that addresses people, processes, and technology. In addition, these attacks rely on the attacker stealing credentials after compromising a system to expand or persist access, so organizations must contain breaches rapidly by implementing strategies that prevent attackers from moving freely and undetected in a compromised network._” An important design consideration for Windows 10 was mitigating credential theft — in particular, derived credentials. Windows Defender Credential Guard provides significantly improved security against derived credential theft and reuse by implementing a significant architectural change in Windows designed to help eliminate hardware-based isolation attacks rather than simply trying to defend against them. diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index e2fa73f5c7..5c956bd525 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -26,7 +26,7 @@ You can configure diagnostic data at the Security/Basic level, turn off Windows Note, there is some traffic which is required (i.e. "whitelisted") for the operation of Windows and the Microsoft InTune based management. This traffic includes CRL and OCSP network traffic which will show up in network traces. CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of them, but there are many others, such as DigiCert, Thawte, Google, Symantec, and VeriSign. Additional whitelisted traffic specifically for MDM managed devices includes Windows Notification Service related traffic as well as some specific Microsoft InTune and Windows Update related traffic. -For more information on Microsoft InTune please see [Transform IT service delivery for your modern workplace](https://www.microsoft.com/en-us/enterprise-mobility-security/microsoft-intune?rtc=1) and [Microsoft Intune documentation](https://docs.microsoft.com/intune/). +For more information on Microsoft InTune please see [Transform IT service delivery for your modern workplace](https://www.microsoft.com/enterprise-mobility-security/microsoft-intune?rtc=1) and [Microsoft Intune documentation](https://docs.microsoft.com/intune/). For detailed information about managing network connections to Microsoft services using Registries, Group Policies, or UI see [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services). diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md index c23f167615..662c89648d 100644 --- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md +++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md @@ -319,7 +319,7 @@ This example configures Wi-Fi as a trusted signal (Windows 10, version 1803) ### How to configure Multifactor Unlock policy settings -You need a Windows 10, version 1709 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business Group Policy settings, which includes multi-factor unlock. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=45520). Install the Remote Server Administration Tools for Windows 10 on a computer running Windows 10, version 1709. +You need a Windows 10, version 1709 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business Group Policy settings, which includes multi-factor unlock. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). Install the Remote Server Administration Tools for Windows 10 on a computer running Windows 10, version 1709. Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10, version 1703 to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information. diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md index 00344d3bd5..c9b80af1e6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md @@ -24,7 +24,7 @@ ms.reviewer: - Certificate trust -You need a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=45520). +You need a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). Install the Remote Server Administration Tools for Windows 10 on a computer running Windows 10, version 1703. Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10, version 1703 to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md index f65eaf8b20..80325188e6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md @@ -26,7 +26,7 @@ ms.reviewer: ## Policy Configuration -You need a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=45520). +You need a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). Install the Remote Server Administration Tools for Windows 10 on a computer running Windows 10, version 1703. Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10 Creators Edition (1703) to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index c38ab35a87..122053e414 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -26,7 +26,7 @@ ms.reviewer: ## Policy Configuration -You need a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=45520). +You need a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). Install the Remote Server Administration Tools for Windows 10 on a computer running Windows 10, version 1703. Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10 Creators Edition (1703) to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information. diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md index 1b30d94278..b7c09bf09e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md @@ -24,7 +24,7 @@ ms.reviewer: - Key trust -You need a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=45520). +You need a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). Install the Remote Server Administration Tools for Windows 10 on a computer running Windows 10, version 1703. Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10, version 1703 to their respective language folder on a Windows Server or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows) for more information. diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index 07989c7579..e5194ab324 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -105,7 +105,7 @@ Windows Hello for Business with a key does not support RDP. RDP does not support ## Learn more -[Implementing Windows Hello for Business at Microsoft](https://www.microsoft.com/en-us/itshowcase/implementing-windows-hello-for-business-at-microsoft) +[Implementing Windows Hello for Business at Microsoft](https://www.microsoft.com/itshowcase/implementing-windows-hello-for-business-at-microsoft) [Introduction to Windows Hello](https://go.microsoft.com/fwlink/p/?LinkId=786649), video presentation on Microsoft Virtual Academy diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md index 59a2e070cb..121c58873e 100644 --- a/windows/security/identity-protection/remote-credential-guard.md +++ b/windows/security/identity-protection/remote-credential-guard.md @@ -79,7 +79,7 @@ For helpdesk support scenarios in which personnel require administrative access Therefore, we recommend instead that you use the Restricted Admin mode option. For helpdesk support scenarios, RDP connections should only be initiated using the /RestrictedAdmin switch. This helps ensure that credentials and other user resources are not exposed to compromised remote hosts. For more information, see [Mitigating Pass-the-Hash and Other Credential Theft v2](https://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating-Pass-the-Hash-Attacks-and-Other-Credential-Theft-Version-2.pdf). -To further harden security, we also recommend that you implement Local Administrator Password Solution (LAPS), a Group Policy client-side extension (CSE) introduced in Windows 8.1 that automates local administrator password management. LAPS mitigates the risk of lateral escalation and other cyberattacks facilitated when customers use the same administrative local account and password combination on all their computers. You can download and install LAPS [here](https://www.microsoft.com/en-us/download/details.aspx?id=46899). +To further harden security, we also recommend that you implement Local Administrator Password Solution (LAPS), a Group Policy client-side extension (CSE) introduced in Windows 8.1 that automates local administrator password management. LAPS mitigates the risk of lateral escalation and other cyberattacks facilitated when customers use the same administrative local account and password combination on all their computers. You can download and install LAPS [here](https://www.microsoft.com/download/details.aspx?id=46899). For further information on LAPS, see [Microsoft Security Advisory 3062591](https://technet.microsoft.com/library/security/3062591.aspx). diff --git a/windows/security/information-protection/secure-the-windows-10-boot-process.md b/windows/security/information-protection/secure-the-windows-10-boot-process.md index 2090fe9ea8..72cb85f143 100644 --- a/windows/security/information-protection/secure-the-windows-10-boot-process.md +++ b/windows/security/information-protection/secure-the-windows-10-boot-process.md @@ -96,7 +96,7 @@ Because Secure Boot has protected the bootloader and Trusted Boot has protected Early Launch Anti-Malware (ELAM) can load a Microsoft or non-Microsoft anti-malware driver before all non-Microsoft boot drivers and applications, thus continuing the chain of trust established by Secure Boot and Trusted Boot. Because the operating system hasn’t started yet, and because Windows needs to boot as quickly as possible, ELAM has a simple task: examine every boot driver and determine whether it is on the list of trusted drivers. If it’s not trusted, Windows won’t load it. -An ELAM driver isn’t a full-featured anti-malware solution; that loads later in the boot process. Windows Defender (included with Windows 10) supports ELAM, as does [Microsoft System Center 2012 Endpoint Protection](https://www.microsoft.com/en-us/server-cloud/system-center/endpoint-protection-2012.aspx) and several non-Microsoft anti-malware apps. +An ELAM driver isn’t a full-featured anti-malware solution; that loads later in the boot process. Windows Defender (included with Windows 10) supports ELAM, as does [Microsoft System Center 2012 Endpoint Protection](https://www.microsoft.com/server-cloud/system-center/endpoint-protection-2012.aspx) and several non-Microsoft anti-malware apps. ## Measured Boot If a PC in your organization does become infected with a rootkit, you need to know about it. Enterprise anti-malware apps can report malware infections to the IT department, but that doesn’t work with rootkits that hide their presence. In other words, you can’t trust the client to tell you whether it’s healthy. diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index c3f0286d24..e62328236e 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -88,7 +88,7 @@ Some things that you can check on the device are: ## Related topics - [Trusted Platform Module](trusted-platform-module-top-node.md) (list of topics) -- [Details on the TPM standard](https://www.microsoft.com/en-us/research/project/the-trusted-platform-module-tpm/) (has links to features using TPM) +- [Details on the TPM standard](https://www.microsoft.com/research/project/the-trusted-platform-module-tpm/) (has links to features using TPM) - [TPM Base Services Portal](https://docs.microsoft.com/windows/desktop/TBS/tpm-base-services-portal) - [TPM Base Services API](https://docs.microsoft.com/windows/desktop/api/_tbs/) - [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/trustedplatformmodule) diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md index 246227f7c4..3854d9221b 100644 --- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -35,7 +35,7 @@ Windows Information Protection (WIP), previously known as enterprise data protec ## Video: Protect enterprise data from being accidentally copied to the wrong place -> [!Video https://www.microsoft.com/en-us/videoplayer/embed/RE2IGhh] +> [!Video https://www.microsoft.com/videoplayer/embed/RE2IGhh] ## Prerequisites You’ll need this software to run WIP in your enterprise: diff --git a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md index 99b2a8e507..9059c18b53 100644 --- a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md +++ b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md @@ -21,7 +21,7 @@ ms.localizationpriority: medium - Windows 10 ->Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare). +>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare). To help protect your company from attacks which may originate from untrusted or attacker controlled font files, we’ve created the Blocking Untrusted Fonts feature. Using this feature, you can turn on a global setting that stops your employees from loading untrusted fonts processed using the Graphics Device Interface (GDI) onto your network. Untrusted fonts are any font installed outside of the `%windir%/Fonts` directory. Blocking untrusted fonts helps prevent both remote (web-based or email-based) and local EOP attacks that can happen during the font file-parsing process. diff --git a/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md b/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md index 31ef30f618..fef7da884b 100644 --- a/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md +++ b/windows/security/threat-protection/intelligence/coordinated-malware-eradication.md @@ -36,4 +36,4 @@ Organizations participating in the CME effort work together to help eradicate se Any organization that is involved in cybersecurity and antimalware or interested in fighting cybercrime can participate in CME campaigns by enrolling in the [Virus Information Alliance (VIA) program](virus-information-alliance-criteria.md). It ensures that everyone agrees to use the information and tools available for campaigns for their intended purpose (that is, the eradication of malware). -If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/en-us/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/en-us/wdsi/alliances/collaboration-inquiry). +If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry). diff --git a/windows/security/threat-protection/intelligence/developer-resources.md b/windows/security/threat-protection/intelligence/developer-resources.md index a7e660c5da..35aec2bd9c 100644 --- a/windows/security/threat-protection/intelligence/developer-resources.md +++ b/windows/security/threat-protection/intelligence/developer-resources.md @@ -24,9 +24,9 @@ If you believe that your application or program has been incorrectly detected by Check out the following resources for information on how to submit and view submissions: -- [Submit files](https://www.microsoft.com/en-us/wdsi/filesubmission) +- [Submit files](https://www.microsoft.com/wdsi/filesubmission) -- [View your submissions](https://www.microsoft.com/en-us/wdsi/submissionhistory) +- [View your submissions](https://www.microsoft.com/wdsi/submissionhistory) ## Additional resources diff --git a/windows/security/threat-protection/intelligence/fileless-threats.md b/windows/security/threat-protection/intelligence/fileless-threats.md index 62bcff1173..bc3ecd48d1 100644 --- a/windows/security/threat-protection/intelligence/fileless-threats.md +++ b/windows/security/threat-protection/intelligence/fileless-threats.md @@ -96,6 +96,6 @@ Having described the broad categories, we can now dig into the details and provi ## Defeating fileless malware -At Microsoft, we actively monitor the security landscape to identify new threat trends and develop solutions that continuously enhance Windows security and mitigate classes of threats. We instrument durable protections that are effective against a wide range of threats. Through AntiMalware Scan Interface (AMSI), behavior monitoring, memory scanning, and boot sector protection, Microsoft Defender Advanced Threat Protection [(Microsoft Defender ATP)](https://www.microsoft.com/en-us/windowsforbusiness?ocid=docs-fileless) can inspect fileless threats even with heavy obfuscation. Machine learning technologies in the cloud allow us to scale these protections against new and emerging threats. +At Microsoft, we actively monitor the security landscape to identify new threat trends and develop solutions that continuously enhance Windows security and mitigate classes of threats. We instrument durable protections that are effective against a wide range of threats. Through AntiMalware Scan Interface (AMSI), behavior monitoring, memory scanning, and boot sector protection, Microsoft Defender Advanced Threat Protection [(Microsoft Defender ATP)](https://www.microsoft.com/windowsforbusiness?ocid=docs-fileless) can inspect fileless threats even with heavy obfuscation. Machine learning technologies in the cloud allow us to scale these protections against new and emerging threats. To learn more, read: [Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/27/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av/) diff --git a/windows/security/threat-protection/intelligence/macro-malware.md b/windows/security/threat-protection/intelligence/macro-malware.md index d4c3119d19..ec97b244a7 100644 --- a/windows/security/threat-protection/intelligence/macro-malware.md +++ b/windows/security/threat-protection/intelligence/macro-malware.md @@ -31,7 +31,7 @@ We've seen macro malware download threats from the following families: * [Ransom:Win32/Teerac](Ransom:Win32/Teerac) * [TrojanDownloader:Win32/Chanitor](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Chanitor.A) * [TrojanSpy:Win32/Ursnif](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=TrojanSpy:Win32/Ursnif) -* [Win32/Fynloski](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Fynloski) +* [Win32/Fynloski](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Win32/Fynloski) * [Worm:Win32/Gamarue](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Win32/Gamarue) ## How to protect against macro malware diff --git a/windows/security/threat-protection/intelligence/prevent-malware-infection.md b/windows/security/threat-protection/intelligence/prevent-malware-infection.md index 59d35b2c35..63ef1862ba 100644 --- a/windows/security/threat-protection/intelligence/prevent-malware-infection.md +++ b/windows/security/threat-protection/intelligence/prevent-malware-infection.md @@ -53,7 +53,7 @@ Using pirated content is not only illegal, it can also expose your device to mal Users do not openly discuss visits to these sites, so any untoward experience are more likely to stay unreported. -To stay safe, download movies, music, and apps from official publisher websites or stores. Consider running a streamlined OS such as [Windows 10 Pro SKU S Mode](https://www.microsoft.com/en-us/windows/s-mode?ocid=cx-wdsi-articles), which ensures that only vetted apps from the Windows Store are installed. +To stay safe, download movies, music, and apps from official publisher websites or stores. Consider running a streamlined OS such as [Windows 10 Pro SKU S Mode](https://www.microsoft.com/windows/s-mode?ocid=cx-wdsi-articles), which ensures that only vetted apps from the Windows Store are installed. ## Don't attach unfamiliar removable drives diff --git a/windows/security/threat-protection/intelligence/rootkits-malware.md b/windows/security/threat-protection/intelligence/rootkits-malware.md index 3dc3456226..ffe4254e2b 100644 --- a/windows/security/threat-protection/intelligence/rootkits-malware.md +++ b/windows/security/threat-protection/intelligence/rootkits-malware.md @@ -31,7 +31,7 @@ Many modern malware families use rootkits to try and avoid detection and removal * [Cutwail](https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fCutwail) -* [Datrahere](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win64/Detrahere) (Zacinlo) +* [Datrahere](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win64/Detrahere) (Zacinlo) * [Rustock](https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2fRustock) diff --git a/windows/security/threat-protection/intelligence/safety-scanner-download.md b/windows/security/threat-protection/intelligence/safety-scanner-download.md index d3bd25dce2..f00d63e08f 100644 --- a/windows/security/threat-protection/intelligence/safety-scanner-download.md +++ b/windows/security/threat-protection/intelligence/safety-scanner-download.md @@ -24,12 +24,12 @@ Microsoft Safety Scanner is a scan tool designed to find and remove malware from - [Download Microsoft Safety Scanner (64-bit)](https://go.microsoft.com/fwlink/?LinkId=212732) > [!NOTE] -> The security intelligence update version of the Microsoft Safety Scanner matches the version described [in this web page](https://www.microsoft.com/en-us/wdsi/definitions). +> The security intelligence update version of the Microsoft Safety Scanner matches the version described [in this web page](https://www.microsoft.com/wdsi/definitions). Safety Scanner only scans when manually triggered and is available for use 10 days after being downloaded. We recommend that you always download the latest version of this tool before each scan. > [!NOTE] -> This tool does not replace your antimalware product. For real-time protection with automatic updates, use [Windows Defender Antivirus on Windows 10 and Windows 8](https://www.microsoft.com/windows/comprehensive-security) or [Microsoft Security Essentials on Windows 7](https://support.microsoft.com/help/14210/security-essentials-download). These antimalware products also provide powerful malware removal capabilities. If you are having difficulties removing malware with these products, you can refer to our help on [removing difficult threats](https://www.microsoft.com/en-us/wdsi/help/troubleshooting-infection). +> This tool does not replace your antimalware product. For real-time protection with automatic updates, use [Windows Defender Antivirus on Windows 10 and Windows 8](https://www.microsoft.com/windows/comprehensive-security) or [Microsoft Security Essentials on Windows 7](https://support.microsoft.com/help/14210/security-essentials-download). These antimalware products also provide powerful malware removal capabilities. If you are having difficulties removing malware with these products, you can refer to our help on [removing difficult threats](https://www.microsoft.com/wdsi/help/troubleshooting-infection). > [!NOTE] > Safety scanner is a portable executable and does not appear in the Windows Start menu or as an icon on the desktop. Note where you saved this download. diff --git a/windows/security/threat-protection/intelligence/submission-guide.md b/windows/security/threat-protection/intelligence/submission-guide.md index 545a2d7f62..05e5ab7db4 100644 --- a/windows/security/threat-protection/intelligence/submission-guide.md +++ b/windows/security/threat-protection/intelligence/submission-guide.md @@ -52,7 +52,7 @@ We encourage all software vendors and developers to read about [how Microsoft id ## How do I track or view past sample submissions? -You can track your submissions through the [submission history page](https://www.microsoft.com/en-us/wdsi/submissionhistory). Your submission will only appear on this page if you were signed in when you submitted it. +You can track your submissions through the [submission history page](https://www.microsoft.com/wdsi/submissionhistory). Your submission will only appear on this page if you were signed in when you submitted it. If you’re not signed in when you submit a sample, you will be redirected to a tracking page. Bookmark this page if you want to come back and check on the status of your submission. @@ -66,7 +66,7 @@ Each submission is shown to be in one of the following status types: * Closed—a final determination has been given by an analyst -If you are signed in, you can see the status of any files you submit to us on the [submission history page](https://www.microsoft.com/en-us/wdsi/submissionhistory). +If you are signed in, you can see the status of any files you submit to us on the [submission history page](https://www.microsoft.com/wdsi/submissionhistory). ## How does Microsoft prioritize submissions diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md index c1d189ea17..20f21ad29a 100644 --- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md +++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md @@ -18,7 +18,7 @@ search.appverid: met150 # Top scoring in industry tests -Microsoft Defender Advanced Threat Protection ([Microsoft Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports)) technologies consistently achieve high scores in independent tests, demonstrating the strength of its enterprise threat protection capabilities. Microsoft aims to be transparent about these test scores. This page summarizes the results and provides analysis. +Microsoft Defender Advanced Threat Protection ([Microsoft Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports)) technologies consistently achieve high scores in independent tests, demonstrating the strength of its enterprise threat protection capabilities. Microsoft aims to be transparent about these test scores. This page summarizes the results and provides analysis. ## Next generation protection @@ -113,6 +113,6 @@ MITRE tested the ability of products to detect techniques commonly used by the t It is important to remember that Microsoft sees a wider and broader set of threats beyond what’s tested in the evaluations highlighted above. For example, in an average month, we identify over 100 million new threats. Even if an independent tester can acquire and test 1% of those threats, that is a million tests across 20 or 30 products. In other words, the vastness of the malware landscape makes it extremely difficult to evaluate the quality of protection against real world threats. -The capabilities within [Microsoft Defender ATP](https://www.microsoft.com/en-us/windowsforbusiness?ocid=cx-docs-avreports) provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses?ocid=cx-docs-avreports) that are not factored into industry antivirus tests, and address some of the latest and most sophisticated threats. Isolating AV from the rest of Microsoft Defender ATP creates a partial picture of how our security stack operates in the real world. For example, attack surface reduction and endpoint detection & response capabilities can help prevent malware from getting onto devices in the first place. We have proven that [Microsoft Defender ATP components catch samples](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports) that Windows Defender Antivirus missed in these industry tests, which is more representative of how effectively our security suite protects customers in the real world. +The capabilities within [Microsoft Defender ATP](https://www.microsoft.com/windowsforbusiness?ocid=cx-docs-avreports) provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses?ocid=cx-docs-avreports) that are not factored into industry antivirus tests, and address some of the latest and most sophisticated threats. Isolating AV from the rest of Microsoft Defender ATP creates a partial picture of how our security stack operates in the real world. For example, attack surface reduction and endpoint detection & response capabilities can help prevent malware from getting onto devices in the first place. We have proven that [Microsoft Defender ATP components catch samples](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports) that Windows Defender Antivirus missed in these industry tests, which is more representative of how effectively our security suite protects customers in the real world. -Using independent tests, customers can view one aspect of their security suite but can't assess the complete protection of all the security features. Microsoft is highly engaged in working with several independent testers to evolve security testing to focus on the end-to-end security stack. In the meantime, customers can evaluate Microsoft Defender Advanced Threat Protection in their own networks by signing up for a [90-day trial of Microsoft Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports), or [enabling Preview features on existing tenants](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection?ocid=cx-docs-avreports). +Using independent tests, customers can view one aspect of their security suite but can't assess the complete protection of all the security features. Microsoft is highly engaged in working with several independent testers to evolve security testing to focus on the end-to-end security stack. In the meantime, customers can evaluate Microsoft Defender Advanced Threat Protection in their own networks by signing up for a [90-day trial of Microsoft Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports), or [enabling Preview features on existing tenants](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection?ocid=cx-docs-avreports). diff --git a/windows/security/threat-protection/intelligence/understanding-malware.md b/windows/security/threat-protection/intelligence/understanding-malware.md index 220e69b806..2486a1e427 100644 --- a/windows/security/threat-protection/intelligence/understanding-malware.md +++ b/windows/security/threat-protection/intelligence/understanding-malware.md @@ -21,7 +21,7 @@ Malware is a term used to describe malicious applications and code that can caus Cybercriminals that distribute malware are often motivated by money and will use infected computers to launch attacks, obtain banking credentials, collect information that can be sold, sell access to computing resources, or extort payment from victims. -As criminals become more sophisticated with their attacks, Microsoft is here to help. Windows 10 is the most secure version of Windows yet and includes many features to help protect you whether you're at home, at work, or on the go. With Microsoft Defender Advanced Threat Protection ([Microsoft Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp)), businesses can stay protected with next-generation protection and other security capabilities. +As criminals become more sophisticated with their attacks, Microsoft is here to help. Windows 10 is the most secure version of Windows yet and includes many features to help protect you whether you're at home, at work, or on the go. With Microsoft Defender Advanced Threat Protection ([Microsoft Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp)), businesses can stay protected with next-generation protection and other security capabilities. For good general tips, check out the [prevent malware infection](prevent-malware-infection.md) topic. diff --git a/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md b/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md index 82c6baab29..cfda4379ca 100644 --- a/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md +++ b/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md @@ -50,4 +50,4 @@ To be eligible for VIA your organization must: 3. Be willing to sign and adhere to the VIA membership agreement. -If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/en-us/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/en-us/wdsi/alliances/collaboration-inquiry). +If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry). diff --git a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md index 38ad06123a..adfe6b2035 100644 --- a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md +++ b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md @@ -54,4 +54,4 @@ Your organization must meet the following eligibility requirements to qualify fo ### Apply now -If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/en-us/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/en-us/wdsi/alliances/collaboration-inquiry). +If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry). diff --git a/windows/security/threat-protection/intelligence/worms-malware.md b/windows/security/threat-protection/intelligence/worms-malware.md index 6c51864314..6b392dcc81 100644 --- a/windows/security/threat-protection/intelligence/worms-malware.md +++ b/windows/security/threat-protection/intelligence/worms-malware.md @@ -34,7 +34,7 @@ Jenxcus (also known as Dunihi), Gamarue (also known as Androm), and Bondat have Both Bondat and Gamarue have clever ways of obscuring themselves to evade detection. By hiding what they are doing, they try to avoid detection by security software. -* [**WannaCrypt**](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:Win32/WannaCrypt) also deserves a mention here. Unlike older worms that often spread just because they could, modern worms often spread to drop a payload (e.g. ransomware). +* [**WannaCrypt**](https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=Ransom:Win32/WannaCrypt) also deserves a mention here. Unlike older worms that often spread just because they could, modern worms often spread to drop a payload (e.g. ransomware). This image shows how a worm can quickly spread through a shared USB drive. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md index 38d679e8fa..22fe7612b1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md @@ -22,7 +22,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedfeats-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedfeats-abovefoldlink) Depending on the Microsoft security products that you use, some advanced features might be available for you to integrate Microsoft Defender ATP with. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md index 9544001b7c..11138ccab3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) The AlertEvents table in the Advanced hunting schema contains information about alerts on Microsoft Defender Security Center. Use this reference to construct queries that return information from the table. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index fbe2aa1d4c..918e31047d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -24,7 +24,7 @@ ms.date: 04/24/2018 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-bestpractices-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-bestpractices-abovefoldlink) ## Performance best practices The following best practices serve as a guideline of query performance best practices and for you to get faster results and be able to run complex queries. @@ -93,4 +93,4 @@ ProcessCreationEvents | where CanonicalCommandLine contains "stop" and CanonicalCommandLine contains "MpsSvc" ``` ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-bestpractices-belowfoldlink) \ No newline at end of file +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-bestpractices-belowfoldlink) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md index 9180ed1db4..2f8d8b5394 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) The FileCreationEvents table in the Advanced hunting schema contains information about file creation, modification, and other file system events. Use this reference to construct queries that return information from the table. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md index d7e0521472..aabe8804ca 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) The ImageLoadEvents table in the Advanced hunting schema contains information about DLL loading events. Use this reference to construct queries that return information from the table. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md index 1e8a0cfcc7..90d2fe815e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) The LogonEvents table in the Advanced hunting schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from the table. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md index fa58a67cdd..5ac8eced92 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) The MachineInfo table in the Advanced hunting schema contains information about machines in the organization, including OS version, active users, and computer name. Use this reference to construct queries that return information from the table. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md index 3ec3dfd8f2..cb1ff3f42a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) The MachineNetworkInfo table in the Advanced hunting schema contains information about networking configuration of machines, including network adapters, IP and MAC addresses, and connected networks or domains. Use this reference to construct queries that return information from the table. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md index 01c38628be..34eb98af98 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) The MiscEvents table in the Advanced hunting schema contains information about multiple event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md index fb18d453d7..29cce6edf3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) The NetworkCommunicationEvents table in the Advanced hunting schema contains information about network connections and related events. Use this reference to construct queries that return information from the table. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md index d6ef50a878..ff4bcab4b7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) The ProcessCreationEvents table in the Advanced hunting schema contains information about process creation and related events. Use this reference to construct queries that return information from the table. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md index 40810a2f12..a0d1dd41a1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) ## Advanced hunting table reference diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md index 75b7b12ee6..dcf2cf5422 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md @@ -24,7 +24,7 @@ ms.date: 07/24/2019 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) The RegistryEvents table in the Advanced hunting schema contains information about the creation and modification of registry entries. Use this reference to construct queries that return information from the table. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md index 4ca2aebb87..7c51f049ba 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md @@ -20,7 +20,7 @@ ms.date: 08/15/2018 # Query data using Advanced hunting in Microsoft Defender ATP ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) To get you started in querying your data, you can use the Basic or Advanced query examples, which have some preloaded queries to help you understand the basic query syntax. @@ -146,7 +146,7 @@ The filter selections will resolve as an additional query term and the results w Check out the [Advanced hunting repository](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries). Contribute and use example queries shared by our customers. ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-belowfoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-belowfoldlink) ## Related topic - [Advanced hunting reference](advanced-hunting-reference.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md index 652e76f78d..fe3c249332 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-alertsq-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-alertsq-abovefoldlink) The **Alerts queue** shows a list of alerts that were flagged from machines in your network. By default, the queue displays alerts seen in the last 30 days in a grouped view, with the most recent alerts showing at the top of the list, helping you see the most recent alerts first. diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md index 9706e81443..4ce6242c06 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md @@ -24,7 +24,7 @@ ms.date: 10/16/2017 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-apiportalmapping-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-apiportalmapping-abovefoldlink) Understand what data fields are exposed as part of the alerts API and how they map to Microsoft Defender Security Center. diff --git a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md index 3fd9f905d0..84db47e022 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md +++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md @@ -22,7 +22,7 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Microsoft Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). diff --git a/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md b/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md index f7afee3646..0924219800 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md +++ b/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md @@ -25,7 +25,7 @@ ms.date: 11/28/2018 - Office 365 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) Microsoft Defender ATP supports two ways to manage permissions: diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md b/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md index ad94b7494d..f39d0ddd2f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md @@ -24,7 +24,7 @@ ms.date: 11/20/2018 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-attacksimulations-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-attacksimulations-abovefoldlink) >[!TIP] >- Learn about the latest enhancements in Microsoft Defender ATP: [What's new in Microsoft Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/). @@ -58,7 +58,7 @@ Read the walkthrough document provided with each attack scenario. Each document > Simulation files or scripts mimic attack activity but are actually benign and will not harm or compromise the test machine. > > -> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-attacksimulations-belowfoldlink) +> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-attacksimulations-belowfoldlink) ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index 7e77ed48e3..89c574f14d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -19,7 +19,7 @@ ms.topic: conceptual # Overview of Automated investigations ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automated-investigations-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automated-investigations-abovefoldlink) The Microsoft Defender ATP service has a wide breadth of visibility on multiple machines. With this kind of optics, the service generates a multitude of alerts. The volume of alerts generated can be challenging for a typical security operations team to individually address. diff --git a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md index 861f47388c..6cad0006a9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md @@ -23,7 +23,7 @@ ms.topic: article - Azure Active Directory - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-basicaccess-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-basicaccess-abovefoldlink) Refer to the instructions below to use basic permissions management. diff --git a/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md b/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md index 8057947dc2..6fcd846c60 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md +++ b/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-checksensor-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-checksensor-abovefoldlink) The sensor health tile is found on the Security Operations dashboard. This tile provides information on the individual machine’s ability to provide sensor data and communicate with the Microsoft Defender ATP service. It reports how many machines require attention and helps you identify problematic machines and take action to correct known issues. diff --git a/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md b/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md index 396e2730fb..eb36f604f9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md +++ b/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md @@ -24,7 +24,7 @@ ms.topic: article ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-abovefoldlink) Conditional Access is a capability that helps you better protect your users and enterprise information by making sure that only secure devices have access to applications. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md b/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md index 22c9359f44..9d45aa37d5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md @@ -27,7 +27,7 @@ ms.date: 12/20/2018 ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configurearcsight-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configurearcsight-abovefoldlink) You'll need to install and configure some files and tools to use HP ArcSight so that it can pull Microsoft Defender ATP alerts. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md b/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md index 3c3fa5ffff..97cc98af49 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md @@ -104,4 +104,4 @@ Take the following steps to enable Conditional Access: For more information, see [Enable Microsoft Defender ATP with Conditional Access in Intune](https://docs.microsoft.com/intune/advanced-threat-protection). ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-belowfoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-belowfoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md index a381b9ef5a..e0e025ebc9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md @@ -23,7 +23,7 @@ ms.topic: article - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-emailconfig-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-emailconfig-abovefoldlink) You can configure Microsoft Defender ATP to send email notifications to specified recipients for new alerts. This feature enables you to identify a group of individuals who will immediately be informed and can act on alerts based on their severity. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md index 5e84c75371..ca40875aab 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md @@ -29,7 +29,7 @@ ms.date: 04/24/2018 ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsgp-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsgp-abovefoldlink) > [!NOTE] diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md index 88aa16e2cf..9710f0d825 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md @@ -25,7 +25,7 @@ ms.date: 12/06/2018 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsmdm-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsmdm-abovefoldlink) You can use mobile device management (MDM) solutions to configure machines. Microsoft Defender ATP supports MDMs by providing OMA-URIs to create policies to manage machines. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md index 8be4bddd06..b5ebde69de 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md @@ -24,7 +24,7 @@ ms.topic: article - Linux - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-nonwindows-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-nonwindows-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md index f1e4b4412d..fa0a83ba9a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md @@ -28,7 +28,7 @@ ms.date: 12/11/2018 ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointssccm-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointssccm-abovefoldlink) ## Onboard Windows 10 machines using System Center Configuration Manager (current branch) version 1606 diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md index d326a4194b..6c658e6d81 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md @@ -27,7 +27,7 @@ ms.topic: article ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink) You can also manually onboard individual machines to Microsoft Defender ATP. You might want to do this first when testing the service before you commit to onboarding all machines in your network. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md index 9bcaf00305..19a1f29ebd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md @@ -25,7 +25,7 @@ ms.date: 04/24/2018 ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configvdi-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configvdi-abovefoldlink) ## Onboard non-persistent virtual desktop infrastructure (VDI) machines diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md index 3387e07476..f7fccc3f2b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md @@ -45,4 +45,4 @@ Topic | Description [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md) | Learn how to use the configuration package to configure VDI machines. ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpoints-belowfoldlink) \ No newline at end of file +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpoints-belowfoldlink) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md index 785daef982..7f76395800 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md @@ -22,7 +22,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) [Attack surface reduction (ASR) rules](../windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md) identify and prevent actions that are typically taken by malware during exploitation. These rules control when and how potentially malicious code can run. For example, you can prevent JavaScript or VBScript from launching a downloaded executable, block Win32 API calls from Office macros, or block processes that run from USB drives. @@ -45,7 +45,7 @@ Selecting **Go to attack surface management** takes you to **Monitoring & report For more information about optimizing ASR rule deployment in Microsoft 365 security center, read [Monitor and manage ASR rule deployment and detections](https://docs.microsoft.com/office365/securitycompliance/monitor-devices#monitor-and-manage-asr-rule-deployment-and-detections) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink) # Related topics - [Ensure your machines are configured properly](configure-machines.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md index 4640790859..931aeaa4a4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md @@ -22,7 +22,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) Each onboarded machine adds an additional endpoint detection and response (EDR) sensor and increases visibility over breach activity in your network. Onboarding also ensures that a machine can be checked for vulnerable components as well security configuration issues and can receive critical remediation actions during attacks. @@ -69,7 +69,7 @@ From the overview, create a configuration profile specifically for the deploymen >[!TIP] >To learn more about Intune profiles, read about [assigning user and device profiles](https://docs.microsoft.com/intune/device-profile-assign). ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink) # Related topics - [Ensure your machines are configured properly](configure-machines.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md index 5c04c5d86d..90713b48a1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md @@ -22,7 +22,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) Security baselines ensure that security features are configured according to guidance from both security experts and expert Windows system administrators. When deployed, the Microsoft Defender ATP security baseline sets Microsoft Defender ATP security controls to provide optimal protection. @@ -95,7 +95,7 @@ Machine configuration management monitors baseline compliance only of Windows 10 >[!TIP] >Security baselines on Intune provide a convenient way to comprehensively secure and protect your machines. [Learn more about security baselines on Intune](https://docs.microsoft.com/intune/security-baselines). ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink) # Related topics - [Ensure your machines are configured properly](configure-machines.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md index 11f16e8b9f..3c6d45957a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md @@ -22,7 +22,7 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) With properly configured machines, you can boost overall resilience against threats and enhance your capability to detect and respond to attacks. Security configuration management helps ensure that your machines: @@ -76,4 +76,4 @@ Topic | Description [Increase compliance to the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md) | Track baseline compliance and noncompliance. Deploy the security baseline to more Intune-managed machines. [Optimize ASR rule deployment and detections](configure-machines-asr.md) | Review rule deployment and tweak detections using impact analysis tools in Microsoft 365 security center. ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink) \ No newline at end of file +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md index 406b15ff97..7738dedb9f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md @@ -26,7 +26,7 @@ ms.date: 09/03/2018 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mssp-support-abovefoldlink) +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-mssp-support-abovefoldlink) [!include[Prerelease information](prerelease.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md index 71cc754e25..3f4c09e497 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md @@ -25,7 +25,7 @@ ms.topic: article ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink) The Microsoft Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender ATP service. @@ -129,7 +129,7 @@ Microsoft Defender ATP is built on Azure cloud, deployed in the following region - \+\
All versions of Windows 10 starting with version 1709 | [!include[Check mark yes](images/svg/check-yes.svg)]
Windows 8.1; Windows 8; Windows 7
Cannot be installed on Windows 10, version 1709 and later Installation requirements | [Windows Security in Windows 10](../windows-defender-security-center/windows-defender-security-center.md)
(no additional installation required)
Windows Defender Exploit Guard is built into Windows - it doesn't require a separate tool or package for management, configuration, or deployment. | Available only as an additional download and must be installed onto a management device User interface | Modern interface integrated with the [Windows Security app](../windows-defender-security-center/windows-defender-security-center.md) | Older, complex interface that requires considerable ramp-up training -Supportability | [!include[Check mark yes](images/svg/check-yes.svg)]
[Dedicated submission-based support channel](https://www.microsoft.com/en-us/wdsi/filesubmission)[[1](#fn1)]
[Part of the Windows 10 support lifecycle](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) | [!include[Check mark no](images/svg/check-no.svg)]
Ends after July 31, 2018 +Supportability | [!include[Check mark yes](images/svg/check-yes.svg)]
[Dedicated submission-based support channel](https://www.microsoft.com/wdsi/filesubmission)[[1](#fn1)]
[Part of the Windows 10 support lifecycle](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) | [!include[Check mark no](images/svg/check-no.svg)]
Ends after July 31, 2018 Updates | [!include[Check mark yes](images/svg/check-yes.svg)]
Ongoing updates and development of new features, released twice yearly as part of the [Windows 10 semi-annual update channel](https://blogs.technet.microsoft.com/windowsitpro/2017/07/27/waas-simplified-and-aligned/) | [!include[Check mark no](images/svg/check-no.svg)]
No planned updates or development Exploit protection | [!include[Check mark yes](images/svg/check-yes.svg)]
All EMET mitigations plus new, specific mitigations ([see table](#mitigation-comparison))
[Can convert and import existing EMET configurations](import-export-exploit-protection-emet-xml.md) | [!include[Check mark yes](images/svg/check-yes.svg)]
Limited set of mitigations Attack surface reduction[[2](#fn2)] | [!include[Check mark yes](images/svg/check-yes.svg)]
[Helps block known infection vectors](attack-surface-reduction-exploit-guard.md)
[Can configure individual rules](enable-attack-surface-reduction.md) | [!include[Check mark yes](images/svg/check-yes.svg)]
Limited ruleset configuration only for modules (no processes) @@ -64,7 +64,7 @@ Microsoft Intune | [!include[Check mark yes](images/svg/check-yes.svg)]
[U Reporting | [!include[Check mark yes](images/svg/check-yes.svg)]
With [Windows event logs](event-views-exploit-guard.md) and [full audit mode reporting](audit-windows-defender-exploit-guard.md)
[Full integration with Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/secure-score-dashboard.md) | [!include[Check mark yes](images/svg/check-yes.svg)]
Limited Windows event log monitoring Audit mode | [!include[Check mark yes](images/svg/check-yes.svg)]
[Full audit mode with Windows event reporting](audit-windows-defender-exploit-guard.md) | [!include[Check mark no](images/svg/check-no.svg)]
Limited to EAF, EAF+, and anti-ROP mitigations -([1](#ref1)) Requires an enterprise subscription with Azure Active Directory or a [Software Assurance ID](https://www.microsoft.com/en-us/licensing/licensing-programs/software-assurance-default.aspx). +([1](#ref1)) Requires an enterprise subscription with Azure Active Directory or a [Software Assurance ID](https://www.microsoft.com/licensing/licensing-programs/software-assurance-default.aspx). ([2](#ref2-1)) Additional requirements may apply (such as use of Windows Defender Antivirus). See [Windows Defender Exploit Guard requirements](windows-defender-exploit-guard.md#requirements) for more details. Customizable mitigation options that are configured with [Exploit protection](exploit-protection-exploit-guard.md) do not require Windows Defender Antivirus. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md index d701915788..72ab3ef09f 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md @@ -106,7 +106,7 @@ The table in this section illustrates the differences between EMET and Windows D Windows versions | [!include[Check mark yes](images/svg/check-yes.svg)]
All versions of Windows 10 starting with version 1709 | [!include[Check mark yes](images/svg/check-yes.svg)]
Windows 8.1; Windows 8; Windows 7
Cannot be installed on Windows 10, version 1709 and later Installation requirements | [Windows Security in Windows 10](../windows-defender-security-center/windows-defender-security-center.md)
(no additional installation required)
Windows Defender Exploit Guard is built into Windows - it doesn't require a separate tool or package for management, configuration, or deployment. | Available only as an additional download and must be installed onto a management device User interface | Modern interface integrated with the [Windows Security app](../windows-defender-security-center/windows-defender-security-center.md) | Older, complex interface that requires considerable ramp-up training -Supportability | [!include[Check mark yes](images/svg/check-yes.svg)]
[Dedicated submission-based support channel](https://www.microsoft.com/en-us/wdsi/filesubmission)[[1](#fn1)]
[Part of the Windows 10 support lifecycle](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) | [!include[Check mark no](images/svg/check-no.svg)]
Ends after July 31, 2018 +Supportability | [!include[Check mark yes](images/svg/check-yes.svg)]
[Dedicated submission-based support channel](https://www.microsoft.com/wdsi/filesubmission)[[1](#fn1)]
[Part of the Windows 10 support lifecycle](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet) | [!include[Check mark no](images/svg/check-no.svg)]
Ends after July 31, 2018 Updates | [!include[Check mark yes](images/svg/check-yes.svg)]
Ongoing updates and development of new features, released twice yearly as part of the [Windows 10 semi-annual update channel](https://blogs.technet.microsoft.com/windowsitpro/2017/07/27/waas-simplified-and-aligned/) | [!include[Check mark no](images/svg/check-no.svg)]
No planned updates or development Exploit protection | [!include[Check mark yes](images/svg/check-yes.svg)]
All EMET mitigations plus new, specific mitigations ([see table](#mitigation-comparison))
[Can convert and import existing EMET configurations](import-export-exploit-protection-emet-xml.md) | [!include[Check mark yes](images/svg/check-yes.svg)]
Limited set of mitigations Attack surface reduction[[2](#fn2)] | [!include[Check mark yes](images/svg/check-yes.svg)]
[Helps block known infection vectors](attack-surface-reduction-exploit-guard.md)
[Can configure individual rules](enable-attack-surface-reduction.md) | [!include[Check mark yes](images/svg/check-yes.svg)]
Limited ruleset configuration only for modules (no processes) @@ -120,7 +120,7 @@ Microsoft Intune | [!include[Check mark yes](images/svg/check-yes.svg)]
[U Reporting | [!include[Check mark yes](images/svg/check-yes.svg)]
With [Windows event logs](event-views-exploit-guard.md) and [full audit mode reporting](audit-windows-defender-exploit-guard.md)
[Full integration with Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/secure-score-dashboard.md) | [!include[Check mark yes](images/svg/check-yes.svg)]
Limited Windows event log monitoring Audit mode | [!include[Check mark yes](images/svg/check-yes.svg)]
[Full audit mode with Windows event reporting](audit-windows-defender-exploit-guard.md) | [!include[Check mark no](images/svg/check-no.svg)]
Limited to EAF, EAF+, and anti-ROP mitigations -([1](#ref1)) Requires an enterprise subscription with Azure Active Directory or a [Software Assurance ID](https://www.microsoft.com/en-us/licensing/licensing-programs/software-assurance-default.aspx). +([1](#ref1)) Requires an enterprise subscription with Azure Active Directory or a [Software Assurance ID](https://www.microsoft.com/licensing/licensing-programs/software-assurance-default.aspx). ([2](#ref2-1)) Additional requirements may apply (such as use of Windows Defender Antivirus). See [Windows Defender Exploit Guard requirements](windows-defender-exploit-guard.md#requirements) for more details. Customizable mitigation options that are configured with [exploit protection](exploit-protection-exploit-guard.md) do not require Windows Defender Antivirus. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md index 373d0c8387..9b3271425d 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md @@ -78,7 +78,7 @@ To add an exclusion, see [Customize Attack surface reduction](customize-attack-s ## Report a false positive or false negative -Use the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/en-us/wdsi/filesubmission) to report a false negative or false positive for network protection. With an E5 subscription, you can also [provide a link to any associated alert](../microsoft-defender-atp/alerts-queue.md). +Use the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/wdsi/filesubmission) to report a false negative or false positive for network protection. With an E5 subscription, you can also [provide a link to any associated alert](../microsoft-defender-atp/alerts-queue.md). ## Collect diagnostic data for file submissions diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index a60d5f5a24..7f4ef0cb7c 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -47,7 +47,7 @@ You can also [enable audit mode](audit-windows-defender-exploit-guard.md) for th Windows Defender EG can be managed and reported on in the Windows Security app as part of the Microsoft Defender Advanced Threat Protection suite of threat mitigation, preventing, protection, and analysis technologies. -You can use the Windows Security app to obtain detailed reporting into events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). You can [sign up for a free trial of Microsoft Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-docs-msa4053440) to see how it works. +You can use the Windows Security app to obtain detailed reporting into events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). You can [sign up for a free trial of Microsoft Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-msa4053440) to see how it works. ## Requirements diff --git a/windows/whats-new/get-started-with-1709.md b/windows/whats-new/get-started-with-1709.md index 6dc2400981..b7879030be 100644 --- a/windows/whats-new/get-started-with-1709.md +++ b/windows/whats-new/get-started-with-1709.md @@ -38,7 +38,7 @@ To view availability dates and servicing options for each version and update of ## Windows 10 Roadmap -If you'd like to gain some insight into preview, or in-development features, visit the [Windows 10 Roadmap](https://www.microsoft.com/en-us/WindowsForBusiness/windows-roadmap) page. You'll be able to filter by feature state and product category, to make this information easier to navigate. +If you'd like to gain some insight into preview, or in-development features, visit the [Windows 10 Roadmap](https://www.microsoft.com/WindowsForBusiness/windows-roadmap) page. You'll be able to filter by feature state and product category, to make this information easier to navigate. ## Top support solutions for Windows 10 diff --git a/windows/whats-new/whats-new-windows-10-version-1709.md b/windows/whats-new/whats-new-windows-10-version-1709.md index df1f40120d..720dcc1cf3 100644 --- a/windows/whats-new/whats-new-windows-10-version-1709.md +++ b/windows/whats-new/whats-new-windows-10-version-1709.md @@ -25,7 +25,7 @@ A brief description of new or updated features in this version of Windows 10 is -> [!video https://www.microsoft.com/en-us/videoplayer/embed/43942201-bec9-4f8b-8ba7-2d9bfafa8bba?autoplay=false] +> [!video https://www.microsoft.com/videoplayer/embed/43942201-bec9-4f8b-8ba7-2d9bfafa8bba?autoplay=false] ## Deployment diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index 7c41c62396..b86ec98036 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -25,7 +25,7 @@ This article lists new and updated features and content that are of interest to The following 3-minute video summarizes some of the new features that are available for IT Pros in this release. -> [!video https://www.microsoft.com/en-us/videoplayer/embed/RE21ada?autoplay=false] +> [!video https://www.microsoft.com/videoplayer/embed/RE21ada?autoplay=false] ## Deployment @@ -66,7 +66,7 @@ With this release you can easily deploy and manage kiosk devices with Microsoft - To help with troubleshooting, you can now view error reports generated if an assigned access-configured app has issues. For more information, see: -- [Making IT simpler with a modern workplace](https://www.microsoft.com/en-us/microsoft-365/blog/2018/04/27/making-it-simpler-with-a-modern-workplace/) +- [Making IT simpler with a modern workplace](https://www.microsoft.com/microsoft-365/blog/2018/04/27/making-it-simpler-with-a-modern-workplace/) - [Simplifying kiosk management for IT with Windows 10](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Simplifying-kiosk-management-for-IT-with-Windows-10/ba-p/187691) ### Windows 10 Subscription Activation From 9b78b26abd2768f77c6805aa18e86ec7200431f0 Mon Sep 17 00:00:00 2001 From: Onur
[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege
[Create global objects](/windows/device-security/security-policy-settings/create-global-objects): SeCreateGlobalPrivilege
[Generate security audits](/windows/device-security/security-policy-settings/generate-security-audits): SeAuditPrivilege
[Impersonate a client after authentication](/windows/device-security/security-policy-settings/impersonate-a-client-after-authentication): SeImpersonatePrivilege
[Restore files and directories](/windows/device-security/security-policy-settings/restore-files-and-directories): SeRestorePrivilege
[Replace a process level token](/windows/device-security/security-policy-settings/replace-a-process-level-token): SeAssignPrimaryTokenPrivilege
| +|Default User Rights| [Adjust memory quotas for a process](/windows/device-security/security-policy-settings/adjust-memory-quotas-for-a-process): SeIncreaseQuotaPrivilege
[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege
[Create global objects](/windows/device-security/security-policy-settings/create-global-objects): SeCreateGlobalPrivilege
[Generate security audits](/windows/device-security/security-policy-settings/generate-security-audits): SeAuditPrivilege
[Impersonate a client after authentication](/windows/device-security/security-policy-settings/impersonate-a-client-after-authentication): SeImpersonatePrivilege
[Replace a process level token](/windows/device-security/security-policy-settings/replace-a-process-level-token): SeAssignPrimaryTokenPrivilege
| ## NTLM Authentication From 1da9c092fb7cd4b5f0038eb62cacc3ae9e2555cb Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 21 Aug 2019 09:30:32 +0300 Subject: [PATCH 070/112] Update windows/client-management/mdm/management-tool-for-windows-store-for-business.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../mdm/management-tool-for-windows-store-for-business.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md index 5f18d8bd84..f1f4f5b05f 100644 --- a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md +++ b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md @@ -81,7 +81,7 @@ For code samples, see [Microsoft Azure Active Directory Samples and Documentatio ## Configure your Azure AD application -[Here](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app) are the steps to configure your Azure AD app. +See [Quickstart: Register an application with the Microsoft identity platform](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app) for the steps to configure your Azure AD app. ## Azure AD Authentication for MTS From 7796c3c08660a4720bfee9474b4a6d8ae1bfed08 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Wed, 21 Aug 2019 18:34:20 +0800 Subject: [PATCH 071/112] Updated to new author metadata This is related to issue #3388 where there's an email communication regarding new author ownership. Please see this comment - https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3388#issuecomment-506835838 --- windows/deployment/update/device-health-using.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/device-health-using.md b/windows/deployment/update/device-health-using.md index 72d8385c62..0dc82df677 100644 --- a/windows/deployment/update/device-health-using.md +++ b/windows/deployment/update/device-health-using.md @@ -8,8 +8,8 @@ ms.mktglfcycl: deploy keywords: oms, operations management suite, wdav, health, log analytics ms.sitesec: library ms.pagetype: deploy -author: jaimeo -ms.author: jaimeo +author: stephow-MSFT +ms.author: stephow ms.localizationpriority: medium ms.collection: M365-analytics ms.topic: article From df69ddd8c80d54f6243b47945dc278d34c6b3d24 Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Wed, 21 Aug 2019 06:38:40 -0500 Subject: [PATCH 072/112] Update windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../windows-defender-application-guard/configure-wd-app-guard.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md index eb671ec6f3..cde467c137 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md @@ -33,7 +33,6 @@ These settings, located at **Computer Configuration\Administrative Templates\Net |Policy name|Supported versions|Description| |-----------|------------------|-----------| |Private network ranges for apps|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.| - |Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Notes: 1) Include a full domain name in the configuration, for example **www.contoso.com**, to trust only in this literal value. 2) You may optionally use "." as a wildcard character to automatically trust subdomains on only one level of the domain hierarchy that is to the left of the dot. Configuring **".constoso.com"** will automatically trust **"local.contoso.com"**, **"shop.contoso.com"**, and all other values on the left. 3) You may optionally use ".." as a wildcard character to automatically trust subdomains on all the levels of the domain hierarchy that are to the left of the dots. Configuring **"..constoso.com"** will automatically trust **"us.shop.contoso.com"**, **"trainning.contoso.com"**, and all other values on the left. | |Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment.| From 1e3dbd370a696d29ff5b31f6cad858a6054532db Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Wed, 21 Aug 2019 06:38:50 -0500 Subject: [PATCH 073/112] Update windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../windows-defender-application-guard/configure-wd-app-guard.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md index cde467c137..c39a63739c 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md @@ -34,7 +34,6 @@ These settings, located at **Computer Configuration\Administrative Templates\Net |-----------|------------------|-----------| |Private network ranges for apps|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.| |Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Notes: 1) Include a full domain name in the configuration, for example **www.contoso.com**, to trust only in this literal value. 2) You may optionally use "." as a wildcard character to automatically trust subdomains on only one level of the domain hierarchy that is to the left of the dot. Configuring **".constoso.com"** will automatically trust **"local.contoso.com"**, **"shop.contoso.com"**, and all other values on the left. 3) You may optionally use ".." as a wildcard character to automatically trust subdomains on all the levels of the domain hierarchy that are to the left of the dots. Configuring **"..constoso.com"** will automatically trust **"us.shop.contoso.com"**, **"trainning.contoso.com"**, and all other values on the left. | - |Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment.| From 6e89eeca04d45bfef9800ff1db24353b5a5da07d Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 21 Aug 2019 20:31:50 +0200 Subject: [PATCH 074/112] Update windows/configuration/kiosk-prepare.md - grammar improvements Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/configuration/kiosk-prepare.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md index cdea0721e9..5df7e93f1c 100644 --- a/windows/configuration/kiosk-prepare.md +++ b/windows/configuration/kiosk-prepare.md @@ -22,7 +22,7 @@ ms.topic: article - Windows 10 Pro, Enterprise, and Education > [!WARNING] -> For kiosks in public-facing environments with auto sign-in enabled, you should use a user account with least privilege, such as a local standard user account. +> For kiosks in public-facing environments with auto sign-in enabled, you should use a user account with the least privileges, such as a local standard user account. > > Assigned access can be configured via Windows Management Instrumentation (WMI) or configuration service provider (CSP) to run its applications under a domain user or service account, rather than a local account. However, use of domain user or service accounts introduces risks that an attacker subverting the assigned access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so. From 9680122059a99af2b36e3355128550ae7bcd1c70 Mon Sep 17 00:00:00 2001 From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com> Date: Wed, 21 Aug 2019 20:33:28 +0200 Subject: [PATCH 075/112] Update windows/configuration/kiosk-prepare.md - readability improvement (natural speech) Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/configuration/kiosk-prepare.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md index 5df7e93f1c..af5a26163b 100644 --- a/windows/configuration/kiosk-prepare.md +++ b/windows/configuration/kiosk-prepare.md @@ -24,7 +24,7 @@ ms.topic: article > [!WARNING] > For kiosks in public-facing environments with auto sign-in enabled, you should use a user account with the least privileges, such as a local standard user account. > -> Assigned access can be configured via Windows Management Instrumentation (WMI) or configuration service provider (CSP) to run its applications under a domain user or service account, rather than a local account. However, use of domain user or service accounts introduces risks that an attacker subverting the assigned access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so. +> Assigned access can be configured via Windows Management Instrumentation (WMI) or configuration service provider (CSP) to run its applications under a domain user or service account, rather than a local account. However, use of domain user or service accounts introduces risks that might allow an attacker subverting the assigned access application to gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so. > [!IMPORTANT] > [User account control (UAC)](https://docs.microsoft.com/windows/security/identity-protection/user-account-control/user-account-control-overview) must be turned on to enable kiosk mode. From a59fc81251516029e824873702b454f814a9137f Mon Sep 17 00:00:00 2001 From: tmlyon
| Topic | -Description | -
|---|---|
| - | This section provides information about using the Compatibility Administrator tool. |
-
Managing Application-Compatibility Fixes and Custom Fix Databases |
-This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases. |
-
| - | You must deploy your customized database (.sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways, including by using a logon script, by using Group Policy, or by performing file copy operations. |
-
| Topic | +Description | +
|---|---|
| + | This section provides information about using the Compatibility Administrator tool. |
+
Managing Application-Compatibility Fixes and Custom Fix Databases |
+This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases. |
+
| + | You must deploy your customized database (.sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways, including by using a logon script, by using Group Policy, or by performing file copy operations. |
+
| Fix | -Fix Description | -
|---|---|
8And16BitAggregateBlts |
-Applications that are mitigated by 8/16-bit mitigation can exhibit performance issues. This layer aggregates all the blt operations and improves performance. |
-
8And16BitDXMaxWinMode |
-Applications that use DX8/9 and are mitigated by the 8/16-bit mitigation are run in a maximized windowed mode. This layer mitigates applications that exhibit graphical corruption in full screen mode. |
-
8And16BitGDIRedraw |
-This fix repairs applications that use GDI and that work in 8-bit color mode. The application is forced to repaint its window on RealizePalette. |
-
AccelGdipFlush |
-This fix increases the speed of GdipFlush, which has perf issues in DWM. |
-
AoaMp4Converter |
-This fix resolves a display issue for the AoA Mp4 Converter. |
-
BIOSRead |
-This problem is indicated when an application cannot access the Device\PhysicalMemory object beyond the kernel-mode drivers, on any of the Windows Server® 2003 operating systems. -The fix enables OEM executable (.exe) files to use the GetSystemFirmwareTable function instead of the NtOpenSection function when the BIOS is queried for the \Device\Physical memory information.. |
-
BlockRunasInteractiveUser |
-This problem occurs when InstallShield creates installers and uninstallers that fail to complete and that generate error messages or warnings. -The fix blocks InstallShield from setting the value of RunAs registry keys to InteractiveUser Because InteractiveUser no longer has Administrator rights. -
-Note
-For more detailed information about this application fix, see Using the BlockRunAsInteractiveUser Fix. -
-
- |
-
ChangeFolderPathToXPStyle |
-This fix is required when an application cannot return shell folder paths when it uses the SHGetFolder API. -The fix intercepts the SHGetFolder path request to the common appdata file path and returns the Windows® XP-style file path instead of the Windows Vista-style file path. |
-
ClearLastErrorStatusonIntializeCriticalSection |
-This fix is indicated when an application fails to start. -The fix modifies the InitializeCriticalSection function call so that it checks the NTSTATUS error code, and then sets the last error to ERROR_SUCCESS. |
-
CopyHKCUSettingsFromOtherUsers |
-This problem occurs when an application's installer must run in elevated mode and depends on the HKCU settings that are provided for other users. -The fix scans the existing user profiles and tries to copy the specified keys into the HKEY_CURRENT_USER registry area. -You can control this fix further by entering the relevant registry keys as parameters that are separated by the ^ Symbol; for example:
-Note
-For more detailed information about this application fix, see Using the CopyHKCUSettingsFromOtherUsers Fix. -
-
- |
-
CorrectCreateBrushIndirectHatch |
-The problem is indicated by an access violation error message that displays and when the application fails when you select or crop an image. -The fix corrects the brush style hatch value, which is passed to the CreateBrushIndirect() function and enables the information to be correctly interpreted. |
-
CorrectFilePaths |
-The problem is indicated when an application tries to write files to the hard disk and is denied access or receives a file not found or path not found error message. -The fix modifies the file path names to point to a new location on the hard disk. -
-Note
-For more detailed information about the CorrectFilePaths application fix, see Using the CorrectFilePaths Fix. We recommend that you use this fix together with the CorrectFilePathsUninstall fix if you are applying it to a setup installation file. -
-
- |
-
CorrectFilePathsUninstall |
-This problem occurs when an uninstalled application leaves behind files, directories, and links. -The fix corrects the file paths that are used by the uninstallation process of an application. -
-Note
-For more detailed information about this fix, see Using the CorrectFilePathsUninstall Fix. We recommend that you use this fix together with the CorrectFilePaths fix if you are applying it to a setup installation file. -
-
- |
-
CorrectShellExecuteHWND |
-This problem occurs when you start an executable (.exe) and a taskbar item blinks instead of an elevation prompt being opened, or when the application does not provide a valid HWND value when it calls the ShellExecute(Ex) function. -The fix intercepts the ShellExecute(Ex) calls, and then inspects the HWND value. If the value is invalid, this fix enables the call to use the currently active HWND value. -
-Note
-For more detailed information about the CorrectShellExecuteHWND application fix, see Using the CorrectShellExecuteHWND Fix. -
-
- |
-
CustomNCRender |
-This fix instructs DWM to not render the non-client area, thereby forcing the application to do its own NC rendering. This often gives windows an XP look. |
-
DelayApplyFlag |
-This fix applies a KERNEL, USER, or PROCESS flag if the specified DLL is loaded. -You can control this fix further by typing the following command at the command prompt: -DLL_Name;Flag_Type;Hexidecimal_Value -Where the DLL_Name is the name of the specific DLL, including the file extension. Flag_Type is KERNEL, USER, or PROCESS, and a Hexidecimal_Value, starting with 0x and up to 64-bits long. -
-Note
-The PROCESS flag type can have a 32-bit length only. You can separate multiple entries with a backslash (). -
-
- |
-
DeprecatedServiceShim |
-The problem is indicated when an application tries to install a service that has a dependency on a deprecated service. An error message displays. -The fix intercepts the CreateService function calls and removes the deprecated dependency service from the lpDependencies parameter. -You can control this fix further by typing the following command at the command prompt: -Deprecated_Service\App_Service/Deprecated_Service2 \App_Service2 -Where Deprecated_Service is the name of the service that has been deprecated and App_Service is the name of the specific application service that is to be modified; for example, NtLmSsp\WMI. -
-Note
-If you do not provide an App_Service name, the deprecated service will be removed from all newly created services. -
-
-
-
-Note
-You can separate multiple entries with a forward slash (/). -
-
- |
-
DirectXVersionLie |
-This problem occurs when an application fails because it does not find the correct version number for DirectX®. -The fix modifies the DXDIAGN GetProp function call to return the correct DirectX version. -You can control this fix further by typing the following command at the command prompt: -MAJORVERSION.MINORVERSION.LETTER -For example, |
-
DetectorDWM8And16Bit |
-This fix offeres mitigation for applications that work in 8/16-bit display color mode because these legacy color modes are not supported in Windows 8 . |
-
Disable8And16BitD3D |
-This fix improves performance of 8/16-bit color applications that render using D3D and do not mix directdraw. |
-
Disable8And16BitModes |
-This fix disables 8/16-bit color mitigation and enumeration of 8/16-bit color modes. |
-
DisableDWM |
-The problem occurs when some objects are not drawn or object artifacts remain on the screen in an application. -The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications. -
-Note
-For more detailed information about this application fix, see Using the DisableDWM Fix. -
-
- |
-
DisableFadeAnimations |
-The problem is indicated when an application fade animations, buttons, or other controls do not function properly. -The fix disables the fade animations functionality for unsupported applications. |
-
DisableThemeMenus |
-The problem is indicated by an application that behaves unpredictably when it tries to detect and use the correct Windows settings. -The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications. |
-
DisableWindowsDefender |
-The fix disables Windows Defender for security applications that do not work with Windows Defender. |
-
DWM8And16BitMitigation |
-The fix offers mitigation for applications that work in 8/16-bit display color mode because these legacy color modes are not supported in Windows 8. |
-
DXGICompat |
-The fix allows application-specific compatibility instructions to be passed to the DirectX engine. |
-
DXMaximizedWindowedMode |
-Applications that use DX8/9 are run in a maximized windowed mode. This is required for applications that use GDI/DirectDraw in addition to Direct3D. |
-
ElevateCreateProcess |
-The problem is indicated when installations, de-installations, or updates fail because the host process calls the CreateProcess function and it returns an ERROR_ELEVATION_REQUIRED error message. -The fix handles the error code and attempts to recall the CreateProcess function together with requested elevation. If the fixed application already has a UAC manifest, the error code will be returned unchanged. -
-Note
-For more detailed information about this application fix, see Using the ElevateCreateProcess Fix. -
-
- |
-
EmulateOldPathIsUNC |
-The problem occurs when an application fails because of an incorrect UNC path. -The fix changes the PathIsUNC function to return a value of True for UNC paths in Windows. |
-
EmulateGetDiskFreeSpace |
-The problem is indicated when an application fails to install or to run, and it generates an error message that there is not enough free disk space to install or use the application, even though there is enough free disk space to meet the application requirements. -The fix determines the amount of free space, so that if the amount of free space is larger than 2 GB, the compatibility fix returns a value of 2 GB, but if the amount of free space is smaller than 2 GB, the compatibility fix returns the actual free space amount. -
-Note
-For more detailed information about this application fix, see Using the EmulateGetDiskFreeSpace Fix. -
-
- |
-
EmulateSorting |
-The problem occurs when an application experiences search functionality issues. -The fix forces applications that use the CompareStringW/LCMapString sorting table to use an older version of the table. -
-Note
-For more detailed information about this e application fix, see Using the EmulateSorting Fix. -
-
- |
-
EmulateSortingWindows61 |
-The fix emulates the sorting order of Windows 7 and Windows Server 2008 R2 for various APIs. |
-
EnableRestarts |
-The problem is indicated when an application and computer appear to hang because processes cannot end to allow the computer to complete its restart processes. -The fix enables the computer to restart and finish the installation process by verifying and enabling that the SeShutdownPrivilege service privilege exists. -
-Note
-For more detailed information about this application fix, see Using the EnableRestarts Fix. -
-
- |
-
ExtraAddRefDesktopFolder |
-The problem occurs when an application invokes the Release() method too many times and causes an object to be prematurely destroyed. -The fix counteracts the application's tries to obtain the shell desktop folder by invoking the AddRef() method on the Desktop folder, which is returned by the SHGetDesktopFolder function. |
-
FailObsoleteShellAPIs |
-The problem occurs when an application fails because it generated deprecated API calls. -The fix either fully implements the obsolete functions or implements the obsolete functions with stubs that fail. -
-Note
-You can type FailAll=1 at the command prompt to suppress the function implementation and force all functions to fail. -
-
- |
-
FailRemoveDirectory |
-The problem occurs when an application uninstallation process does not remove all of the application files and folders. -This fix fails calls to RemoveDirectory() when called with a path matching the one specified in the shim command-line. Only a single path is supported. The path can contain environment variables, but must be an exact path – no partial paths are supported. -The fix can resolve an issue where an application expects RemoveDirectory() to delete a folder immediately even though a handle is open to it. |
-
FakeLunaTheme |
-The problem occurs when a theme application does not properly display: the colors are washed out or the user interface is not detailed. -The fix intercepts the GetCurrentThemeName API and returns the value for the Windows XP default theme, (Luna). -
-Note
-For more detailed information about the FakeLunaTheme application fix, see Using the FakeLunaTheme Fix. -
-
- |
-
FlushFile |
-This problem is indicated when a file is updated and changes do not immediately appear on the hard disk. Applications cannot see the file changes. -The fix enables the WriteFile function to call to the FlushFileBuffers APIs, which flush the file cache onto the hard disk. |
-
FontMigration |
-The fix replaces an application-requested font with a better font selection, to avoid text truncation. |
-
ForceAdminAccess |
-The problem occurs when an application fails to function during an explicit administrator check. -The fix allows the user to temporarily imitate being a part of the Administrators group by returning a value of True during the administrator check. -
-Note
-For more detailed information about this application fix, see Using the ForceAdminAccess Fix. -
-
- |
-
ForceInvalidateOnClose |
-The fix invalidates any windows that exist under a closing or hiding window for applications that rely on the invalidation messages. |
-
ForceLoadMirrorDrvMitigation |
-The fix loads the Windows 8 mirror driver mitigation for applications where the mitigation is not automatically applied. |
-
FreestyleBMX |
-The fix resolves an application race condition that is related to window message order. |
-
GetDriveTypeWHook |
-The application presents unusual behavior during installation; for example, the setup program states that it cannot install to a user-specified location. -The fix changes GetDriveType() so that only the root information appears for the file path. This is required when an application passes an incomplete or badly-formed file path when it tries to retrieve the drive type on which the file path exists. |
-
GlobalMemoryStatusLie |
-The problem is indicated by a Computer memory full error message that displays when you start an application. -The fix modifies the memory status structure, so that it reports a swap file that is 400 MB, regardless of the true swap file size. |
-
HandleBadPtr |
-The problem is indicated by an access violation error message that displays because an API is performing pointer validation before it uses a parameter. -The fix supports using lpBuffer validation from the InternetSetOptionA and InternetSetOptionW functions to perform the additional parameter validation. |
-
HandleMarkedContentNotIndexed |
-The problem is indicated by an application that fails when it changes an attribute on a file or directory. -The fix intercepts any API calls that return file attributes and directories that are invoked from the %TEMP% directory, and resets the FILE_ATTRIBUTE_NOT_CONTENT_INDEXED attribute to its original state. |
-
HeapClearAllocation |
-The problem is indicated when the allocation process shuts down unexpectedly. -The fix uses zeros to clear out the heap allocation for an application. |
-
IgnoreAltTab |
-The problem occurs when an application fails to function when special key combinations are used. -The fix intercepts the RegisterRawInputDevices API and prevents the delivery of the WM_INPUT messages. This delivery failure forces the included hooks to be ignored and forces DInput to use Windows-specific hooks. -
-Note
-For more detailed information about this application fix, see Using the IgnoreAltTab Fix. -
-
- |
-
IgnoreChromeSandbox |
-The fix allows Google Chrome to run on systems that have ntdll loaded above 4GB. |
-
IgnoreDirectoryJunction |
-The problem is indicated by a read or access violation error message that displays when an application tries to find or open files. -The fix links the FindNextFileW, FindNextFileA, FindFirstFileExW, FindFirstFileExA, FindFirstFileW and FindFirstFileA APIs to prevent them from returning directory junctions. -
-Note
-Symbolic links appear starting in Windows Vista. -
-
- |
-
IgnoreException |
-The problem is indicated when an application stops functioning immediately after it starts, or the application starts with only a cursor appearing on the screen. -The fix enables the application to ignore specified exceptions. By default, this fix ignores privileged-mode exceptions; however, it can be configured to ignore any exception. -You can control this fix further by typing the following command at the command prompt: -Exception1;Exception2 -Where Exception1 and Exception2 are specific exceptions to be ignored. For example: ACCESS_VIOLATION_READ:1;ACCESS_VIOLATION_WRITE:1. -
-Important
-You should use this compatibility fix only if you are certain that it is acceptable to ignore the exception. You might experience additional compatibility issues if you choose to incorrectly ignore an exception. -
-
-
-
-Note
-For more detailed information about this application fix, see Using the IgnoreException Fix. -
-
- |
-
IgnoreFloatingPointRoundingControl |
-This fix enables an application to ignore the rounding control request and to behave as expected in previous versions of the application. -Before floating point SSE2 support in the C runtime library, the rounding control request was being ignored which would use round to nearest option by default. This shim ignores the rounding control request to support applications relying on old behavior. |
-
IgnoreFontQuality |
-The problem occurs when application text appears to be distorted. -The fix enables color-keyed fonts to properly work with anti-aliasing. |
-
IgnoreMessageBox |
-The problem is indicated by a message box that displays with debugging or extraneous content when the application runs on an unexpected operating system. -The fix intercepts the MessageBox* APIs and inspects them for specific message text. If matching text is found, the application continues without showing the message box. -
-Note
-For more detailed information about this application fix, see Using the IgnoreMessageBox Fix. -
-
- |
-
IgnoreMSOXMLMF |
-The problem is indicated by an error message that states that the operating system cannot locate the MSVCR80D.DLL file. -The fix ignores the registered MSOXMLMF.DLL object, which Microsoft® Office 2007 loads into the operating system any time that you load an XML file, and then it fails the CoGetClassObject for its CLSID. This compatibility fix will just ignore the registered MSOXMLMF and fail the CoGetClassObject for its CLSID. |
-
IgnoreSetROP2 |
-The fix ignores read-modify-write operations on the desktop to avoid performance issues. |
-
InstallComponent |
-The fix prompts the user to install.Net 3.5 or .Net 2.0 because .Net is not included with Windows 8. |
-
LoadLibraryRedirect |
-The fix forces an application to load system versions of libraries instead of loading redistributable versions that shipped with the application. |
-
LocalMappedObject |
-The problem occurs when an application unsuccessfully tries to create an object in the Global namespace. -The fix intercepts the function call to create the object and replaces the word Global with Local. -
-Note
-For more detailed information about this application fix, see Using the LocalMappedObject Fix. -
-
- |
-
MakeShortcutRunas |
-The problem is indicated when an application fails to uninstall because of access-related errors. -The fix locates any RunDLL.exe-based uninstallers and forces them to run with different credentials during the application installation. After it applies this fix, the installer will create a shortcut that specifies a matching string to run during the application installation, thereby enabling the uninstallation to occur later. -
-Note
-For more detailed information about this application fix, see Using the MakeShortcutRunas Fix -
-
- |
-
ManageLinks |
-The fix intercepts common APIs that are going to a directory or to an executable (.exe) file, and then converts any symbolic or directory junctions before passing it back to the original APIs. |
-
MirrorDriverWithComposition |
-The fix allows mirror drivers to work properly with acceptable performance with desktop composition. |
-
MoveToCopyFileShim |
-The problem occurs when an application experiences security access issues during setup. -The fix forces the CopyFile APIs to run instead of the MoveFile APIs. CopyFile APIs avoid moving the security descriptor, which enables the application files to get the default descriptor of the destination folder and prevents the security access issue. |
-
OpenDirectoryAcl |
-The problem is indicated by an error message that states that you do not have the appropriate permissions to access the application. -The fix reduces the security privilege levels on a specified set of files and folders. -
-Note
-For more detailed information about this application fix, see Using the OpenDirectoryACL Fix. -
-
- |
-
PopCapGamesForceResPerf |
-The fix resolves the performance issues in PopCap games like Bejeweled2. The performance issues are visible in certain low-end cards at certain resolutions where the 1024x768 buffer is scaled to fit the display resolution. |
-
PreInstallDriver |
-The fix preinstalls drivers for applications that would otherwise try to install or start drivers during the initial start process. |
-
PreInstallSmarteSECURE |
-The fix preinstalls computer-wide CLSIDs for applications that use SmartSECURE copy protection, which would otherwise try to install the CLSIDs during the initial start process. |
-
ProcessPerfData |
-The problem is indicated by an Unhandled Exception error message because the application tried to read the process performance data registry value to determine if another instance of the application is running. -The fix handles the failure case by passing a fake process performance data registry key, so that the application perceives that it is the only instance running. -
-Note
-This issue seems to occur most frequently with .NET applications. -
-
- |
-
PromoteDAM |
-The fix registers an application for power state change notifications. |
-
PropagateProcessHistory |
-The problem occurs when an application incorrectly fails to apply an application fix. -The fix sets the _PROCESS_HISTORY environment variable so that child processes can look in the parent directory for matching information while searching for application fixes. |
-
ProtectedAdminCheck |
-The problem occurs when an application fails to run because of incorrect Protected Administrator permissions. -The fix addresses the issues that occur when applications use non-standard Administrator checks, thereby generating false positives for user accounts that are being run as Protected Administrators. In this case, the associated SID exists, but it is set as deny-only. |
-
RedirectCRTTempFile |
-The fix intercepts failing CRT calls that try to create a temporary file at the root of the volume, thereby redirecting the calls to a temporary file in the user's temporary directory. |
-
RedirectHKCUKeys |
-The problem occurs when an application cannot be accessed because of User Account Control (UAC) restrictions. -The fix duplicates any newly created HKCU keys to other users' HKCU accounts. This fix is generic for UAC restrictions, whereby the HKCU keys are required, but are unavailable to an application at runtime. |
-
RedirectMP3Codec |
-This problem occurs when you cannot play MP3 files. -The fix intercepts the CoCreateInstance call for the missing filter and then redirects it to a supported version. |
-
RedirectShortcut |
-The problem occurs when an application cannot be accessed by its shortcut, or application shortcuts are not removed during the application uninstallation process. -The fix redirects all of the shortcuts created during the application setup to appear according to a specified path. -
This issue occurs because of UAC restrictions: specifically, when an application setup runs by using elevated privileges and stores the shortcuts according to the elevated user's context. In this situation, a restricted user cannot access the shortcuts. -You cannot apply this fix to an .exe file that includes a manifest and provides a runlevel. |
-
RelaunchElevated |
-The problem occurs when installers, uninstallers, or updaters fail when they are started from a host application. -The fix enables a child .exe file to run with elevated privileges when it is difficult to determine the parent process with either the ElevateCreateProcess fix or by marking the .exe files to RunAsAdmin. -
-Note
-For more detailed information about this application fix, see Using the RelaunchElevated Fix. -
-
- |
-
RetryOpenSCManagerWithReadAccess |
-The problem occurs when an application tries to open the Service Control Manager (SCM) and receives an Access Denied error message. -The fix retries the call and requests a more restricted set of rights that include the following: -
|
-
RetryOpenServiceWithReadAccess |
-The problem occurs when an Unable to open service due to your application using the OpenService() API to test for the existence of a particular service error message displays. -The fix retries the OpenService() API call and verifies that the user has Administrator rights, is not a Protected Administrator, and by using read-only access. Applications can test for the existence of a service by calling the OpenService() API but some applications ask for all access when making this check. This fix retries the call but only asking for read-only access. The user needs to be an administrator for this to work -
-Note
-For more detailed information about this application fix, see Using the RetryOpenServiceWithReadAccess Fix. -
-
- |
-
RunAsAdmin |
-The problem occurs when an application fails to function by using the Standard User or Protected Administrator account. -The fix enables the application to run by using elevated privileges. The fix is the equivalent of specifying requireAdministrator in an application manifest. -
-Note
-For more detailed information about this application fix, see Using the RunAsAdmin Fix. -
-
- |
-
RunAsHighest |
-The problem occurs when administrators cannot view the read/write version of an application that presents a read-only view to standard users. -The fix enables the application to run by using the highest available permissions. This is the equivalent of specifying highestAvailable in an application manifest. -
-Note
-For more detailed information about this application fix, see Using the RunAsHighest Fix. -
-
- |
-
RunAsInvoker |
-The problem occurs when an application is not detected as requiring elevation. -The fix enables the application to run by using the privileges that are associated with the creation process, without requiring elevation. This is the equivalent of specifying asInvoker in an application manifest. -
-Note
-For more detailed information about this application fix, see Using the RunAsInvoker Fix. -
-
- |
-
SecuROM7 |
-The fix repairs applications by using SecuROM7 for copy protection. |
-
SessionShim |
-The fix intercepts API calls from applications that are trying to interact with services that are running in another session, by using the terminal service name prefix (Global or Local) as the parameter. -At the command prompt, you can supply a list of objects to modify, separating the values by a double backslash (). Or, you can choose not to include any parameters, so that all of the objects are modified. -
-Important
-Users cannot log in as Session 0 (Global Session) in Windows Vista and later. Therefore, applications that require access to Session 0 automatically fail. -
-
-
-
-Note
-For more detailed information about this application fix, see Using the SessionShim Fix. -
-
- |
-
SetProtocolHandler |
-The fix registers an application as a protocol handler. -You can control this fix further by typing the following command at the command prompt: -Client;Protocol;App -Where the Client is the name of the email protocol, Protocol is mailto, and App is the name of the application. -
-Note
-Only the mail client and the mailto protocol are supported. You can separate multiple clients by using a backslash (). -
-
- |
-
SetupCommitFileQueueIgnoreWow |
-The problem occurs when a 32-bit setup program fails to install because it requires 64-bit drivers. -The fix disables the Wow64 file system that is used by the 64-bit editions of Windows, to prevent 32-bit applications from accessing 64-bit file systems during the application setup. |
-
SharePointDesigner2007 |
-The fix resolves an application bug that severely slows the application when it runs in DWM. |
-
ShimViaEAT |
-The problem occurs when an application fails, even after applying acompatibility fix that is known to fix an issue. Applications that use unicows.dll or copy protection often present this issue. -The fix applies the specified compatibility fixes by modifying the export table and by nullifying the use of module inclusion and exclusion. -
-Note
-For more information about this application fix, see Using the ShimViaEAT Fix. -
-
- |
-
ShowWindowIE |
-The problem occurs when a web application experiences navigation and display issues because of the tabbing feature. -The fix intercepts the ShowWindow API call to address the issues that can occur when a web application determines that it is in a child window. This fix calls the real ShowWindow API on the top-level parent window. |
-
SierraWirelessHideCDROM |
-The fix repairs the Sierra Wireless Driver installation, thereby preventing bugcheck. |
-
Sonique2 |
-The application uses an invalid window style, which breaks in DWM. This fix replaces the window style with a valid value. |
-
SpecificInstaller |
-The problem occurs when an application installation file fails to be picked up by the GenericInstaller function. -The fix flags the application as being an installer file (for example, setup.exe), and then prompts for elevation. -
-Note
-For more detailed information about this application fix, see Using the SpecificInstaller Fix. -
-
- |
-
SpecificNonInstaller |
-The problem occurs when an application that is not an installer (and has sufficient privileges) generates a false positive from the GenericInstaller function. -The fix flags the application to exclude it from detection by the GenericInstaller function. -
-Note
-For more detailed information about this application fix, see Using the SpecificNonInstaller Fix. -
-
- |
-
SystemMetricsLie |
-The fix replaces SystemMetrics values and SystemParametersInfo values with the values of previous Windows versions. |
-
TextArt |
-The application receives different mouse coordinates with DWM ON versus DWM OFF, which causes the application to hang. This fix resolves the issue. |
-
TrimDisplayDeviceNames |
-The fix trims the names of the display devices that are returned by the EnumDisplayDevices API. |
-
UIPICompatLogging |
-The fix enables the logging of Windows messages from Internet Explorer and other processes. |
-
UIPIEnableCustomMsgs |
-The problem occurs when an application does not properly communicate with other processes because customized Windows messages are not delivered. -The fix enables customized Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the RegisterWindowMessage function, followed by the ChangeWindowMessageFilter function in the code. -You can control this fix further by typing the following command at the command prompt: -MessageString1 MessageString2 -Where MessageString1 and MessageString2 reflect the message strings that can pass. -
-Note
-Multiple message strings must be separated by spaces. For more detailed information about this application fix, see Using the UIPIEnableCustomMsgs Fix. -
-
- |
-
UIPIEnableStandardMsgs |
-The problem occurs when an application does not communicate properly with other processes because standard Windows messages are not delivered. -The fix enables standard Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the ChangeWindowMessageFilter function in the code. -You can control this fix further by typing the following command at the command prompt: -1055 1056 1069 -Where 1055 reflects the first message ID, 1056 reflects the second message ID, and 1069 reflects the third message ID that can pass. -
-Note
-Multiple messages can be separated by spaces. For more detailed information about this application fix, see Using the UIPIEnableStandardMsgs Fix [act]. -
-
- |
-
VirtualizeDeleteFileLayer |
-The fix virtualizes DeleteFile operations for applications that try to delete protected files. |
-
VirtualizeDesktopPainting |
-This fix improves the performance of a number of operations on the Desktop DC while using DWM. |
-
VirtualRegistry |
-The problem is indicated when a Component failed to be located error message displays when an application is started. -The fix enables the registry functions to allow for virtualization, redirection, expansion values, version spoofing, the simulation of performance data counters, and so on. -For more detailed information about this application fix, see Using the VirtualRegistry Fix. |
-
VirtualizeDeleteFile |
-The problem occurs when several error messages display and the application cannot delete files. -The fix makes the application's DeleteFile function call a virtual call in an effort to remedy the UAC and file virtualization issues that were introduced with Windows Vista. This fix also links other file APIs (for example, GetFileAttributes) to ensure that the virtualization of the file is deleted. -
-Note
-For more detailed information about this application fix, see Using the VirtualizeDeleteFile Fix. -
-
- |
-
VirtualizeHKCRLite |
-The problem occurs when an application fails to register COM components at runtime. -The fix redirects the HKCR write calls (HKLM) to the HKCU hive for a per-user COM registration. This operates much like the VirtualRegistry fix when you use the VirtualizeHKCR parameter; however, VirtualizeHKCRLite provides better performance. -HKCR is a virtual merge of the HKCU\Software\Classes and HKLM\Software\Classes directories. The use of HKCU is preferred if an application is not elevated and is ignored if the application is elevated. -You typically will use this compatibility fix in conjunction with the VirtualizeRegisterTypeLib fix. -For more detailed information about this application fix, see Using the VirtualizeHKCRLite Fix. |
-
VirtualizeRegisterTypeLib |
-The fix, when it is used with the VirtualizeHKCRLite fix, ensures that the type library and the COM class registration happen simultaneously. This functions much like the RegistryTypeLib fix when the RegisterTypeLibForUser parameter is used. -
-Note
-For more detailed information about this application fix, see Using the VirtualizeRegisterTypelib Fix. -
-
- |
-
WaveOutIgnoreBadFormat |
-This problem is indicated by an error message that states: Unable to initialize sound device from your audio driver; the application then closes. -The fix enables the application to ignore the format error and continue to function properly. |
-
WerDisableReportException |
-The fix turns off the silent reporting of exceptions to the Windows Error Reporting tool, including those that are reported by Object Linking and Embedding-Database (OLE DB). The fix intercepts the RtlReportException API and returns a STATUS_NOT_SUPPORTED error message. |
-
Win7RTM/Win8RTM |
-The layer provides the application with Windows 7/Windows 8 compatibility mode. |
-
WinxxRTMVersionLie |
-The problem occurs when an application fails because it does not find the correct version number for the required Windows operating system. -All version lie compatibility fixes address the issue whereby an application fails to function because it is checking for, but not finding, a specific version of the operating system. The version lie fix returns the appropriate operating system version information. For example, the VistaRTMVersionLie returns the Windows Vista version information to the application, regardless of the actual operating system version that is running on the computer. |
-
Wing32SystoSys32 |
-The problem is indicated by an error message that states that the WinG library was not properly installed. -The fix detects whether the WinG32 library exists in the correct directory. If the library is located in the wrong location, this fix copies the information (typically during the runtime of the application) into the %WINDIR% \system32 directory. -
-Important
-The application must have Administrator privileges for this fix to work. -
-
- |
-
WinSrv08R2RTM |
-- |
WinXPSP2VersionLie |
-The problem occurs when an application experiences issues because of a VB runtime DLL. -The fix forces the application to follow these steps: -
|
-
WRPDllRegister |
-The application fails when it tries to register a COM component that is released together with Windows Vista and later. -The fix skips the processes of registering and unregistering WRP-protected COM components when calling the DLLRegisterServer and DLLUnregisterServer functions. -You can control this fix further by typing the following command at the command prompt: -Component1.dll;Component2.dll -Where Component1.dll and Component2.dll reflect the components to be skipped. -
-Note
-For more detailed information about this application fix, see Using the WRPDllRegister Fix. -
-
- |
-
WRPMitigation |
-The problem is indicated when an access denied error message displays when the application tries to access a protected operating system resource by using more than read-only access. -The fix emulates the successful authentication and modification of file and registry APIs, so that the application can continue. -
-Note
-For more detailed information about WRPMitigation, see Using the WRPMitigation Fix. -
-
- |
-
WRPRegDeleteKey |
-The problem is indicated by an access denied error message that displays when the application tries to delete a registry key. -The fix verifies whether the registry key is WRP-protected. If the key is protected, this fix emulates the deletion process. |
-
XPAfxIsValidAddress |
-The fix emulates the behavior of Windows XP for MFC42!AfxIsValidAddress. |
-
| Compatibility Mode Name | -Description | -Included Compatibility Fixes | -
|---|---|---|
WinSrv03 |
-Emulates the Windows Server 2003 operating system. |
-
|
-
WinSrv03Sp1 |
-Emulates the Windows Server 2003 with Service Pack 1 (SP1) operating system. |
-
|
-
| Fix | +Fix Description | +
|---|---|
8And16BitAggregateBlts |
+Applications that are mitigated by 8/16-bit mitigation can exhibit performance issues. This layer aggregates all the blt operations and improves performance. |
+
8And16BitDXMaxWinMode |
+Applications that use DX8/9 and are mitigated by the 8/16-bit mitigation are run in a maximized windowed mode. This layer mitigates applications that exhibit graphical corruption in full screen mode. |
+
8And16BitGDIRedraw |
+This fix repairs applications that use GDI and that work in 8-bit color mode. The application is forced to repaint its window on RealizePalette. |
+
AccelGdipFlush |
+This fix increases the speed of GdipFlush, which has perf issues in DWM. |
+
AoaMp4Converter |
+This fix resolves a display issue for the AoA Mp4 Converter. |
+
BIOSRead |
+This problem is indicated when an application cannot access the Device\PhysicalMemory object beyond the kernel-mode drivers, on any of the Windows Server® 2003 operating systems. +The fix enables OEM executable (.exe) files to use the GetSystemFirmwareTable function instead of the NtOpenSection function when the BIOS is queried for the \Device\Physical memory information.. |
+
BlockRunasInteractiveUser |
+This problem occurs when InstallShield creates installers and uninstallers that fail to complete and that generate error messages or warnings. +The fix blocks InstallShield from setting the value of RunAs registry keys to InteractiveUser Because InteractiveUser no longer has Administrator rights. +
+Note
+For more detailed information about this application fix, see Using the BlockRunAsInteractiveUser Fix. +
+
+ |
+
ChangeFolderPathToXPStyle |
+This fix is required when an application cannot return shell folder paths when it uses the SHGetFolder API. +The fix intercepts the SHGetFolder path request to the common appdata file path and returns the Windows® XP-style file path instead of the Windows Vista-style file path. |
+
ClearLastErrorStatusonIntializeCriticalSection |
+This fix is indicated when an application fails to start. +The fix modifies the InitializeCriticalSection function call so that it checks the NTSTATUS error code, and then sets the last error to ERROR_SUCCESS. |
+
CopyHKCUSettingsFromOtherUsers |
+This problem occurs when an application's installer must run in elevated mode and depends on the HKCU settings that are provided for other users. +The fix scans the existing user profiles and tries to copy the specified keys into the HKEY_CURRENT_USER registry area. +You can control this fix further by entering the relevant registry keys as parameters that are separated by the ^ Symbol; for example:
+Note
+For more detailed information about this application fix, see Using the CopyHKCUSettingsFromOtherUsers Fix. +
+
+ |
+
CorrectCreateBrushIndirectHatch |
+The problem is indicated by an access violation error message that displays and when the application fails when you select or crop an image. +The fix corrects the brush style hatch value, which is passed to the CreateBrushIndirect() function and enables the information to be correctly interpreted. |
+
CorrectFilePaths |
+The problem is indicated when an application tries to write files to the hard disk and is denied access or receives a file not found or path not found error message. +The fix modifies the file path names to point to a new location on the hard disk. +
+Note
+For more detailed information about the CorrectFilePaths application fix, see Using the CorrectFilePaths Fix. We recommend that you use this fix together with the CorrectFilePathsUninstall fix if you are applying it to a setup installation file. +
+
+ |
+
CorrectFilePathsUninstall |
+This problem occurs when an uninstalled application leaves behind files, directories, and links. +The fix corrects the file paths that are used by the uninstallation process of an application. +
+Note
+For more detailed information about this fix, see Using the CorrectFilePathsUninstall Fix. We recommend that you use this fix together with the CorrectFilePaths fix if you are applying it to a setup installation file. +
+
+ |
+
CorrectShellExecuteHWND |
+This problem occurs when you start an executable (.exe) and a taskbar item blinks instead of an elevation prompt being opened, or when the application does not provide a valid HWND value when it calls the ShellExecute(Ex) function. +The fix intercepts the ShellExecute(Ex) calls, and then inspects the HWND value. If the value is invalid, this fix enables the call to use the currently active HWND value. +
+Note
+For more detailed information about the CorrectShellExecuteHWND application fix, see Using the CorrectShellExecuteHWND Fix. +
+
+ |
+
CustomNCRender |
+This fix instructs DWM to not render the non-client area, thereby forcing the application to do its own NC rendering. This often gives windows an XP look. |
+
DelayApplyFlag |
+This fix applies a KERNEL, USER, or PROCESS flag if the specified DLL is loaded. +You can control this fix further by typing the following command at the command prompt: +DLL_Name;Flag_Type;Hexidecimal_Value +Where the DLL_Name is the name of the specific DLL, including the file extension. Flag_Type is KERNEL, USER, or PROCESS, and a Hexidecimal_Value, starting with 0x and up to 64-bits long. +
+Note
+The PROCESS flag type can have a 32-bit length only. You can separate multiple entries with a backslash (). +
+
+ |
+
DeprecatedServiceShim |
+The problem is indicated when an application tries to install a service that has a dependency on a deprecated service. An error message displays. +The fix intercepts the CreateService function calls and removes the deprecated dependency service from the lpDependencies parameter. +You can control this fix further by typing the following command at the command prompt: +Deprecated_Service\App_Service/Deprecated_Service2 \App_Service2 +Where Deprecated_Service is the name of the service that has been deprecated and App_Service is the name of the specific application service that is to be modified; for example, NtLmSsp\WMI. +
+Note
+If you do not provide an App_Service name, the deprecated service will be removed from all newly created services. +
+
+
+
+Note
+You can separate multiple entries with a forward slash (/). +
+
+ |
+
DirectXVersionLie |
+This problem occurs when an application fails because it does not find the correct version number for DirectX®. +The fix modifies the DXDIAGN GetProp function call to return the correct DirectX version. +You can control this fix further by typing the following command at the command prompt: +MAJORVERSION.MINORVERSION.LETTER +For example, |
+
DetectorDWM8And16Bit |
+This fix offeres mitigation for applications that work in 8/16-bit display color mode because these legacy color modes are not supported in Windows 8 . |
+
Disable8And16BitD3D |
+This fix improves performance of 8/16-bit color applications that render using D3D and do not mix directdraw. |
+
Disable8And16BitModes |
+This fix disables 8/16-bit color mitigation and enumeration of 8/16-bit color modes. |
+
DisableDWM |
+The problem occurs when some objects are not drawn or object artifacts remain on the screen in an application. +The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications. +
+Note
+For more detailed information about this application fix, see Using the DisableDWM Fix. +
+
+ |
+
DisableFadeAnimations |
+The problem is indicated when an application fade animations, buttons, or other controls do not function properly. +The fix disables the fade animations functionality for unsupported applications. |
+
DisableThemeMenus |
+The problem is indicated by an application that behaves unpredictably when it tries to detect and use the correct Windows settings. +The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications. |
+
DisableWindowsDefender |
+The fix disables Windows Defender for security applications that do not work with Windows Defender. |
+
DWM8And16BitMitigation |
+The fix offers mitigation for applications that work in 8/16-bit display color mode because these legacy color modes are not supported in Windows 8. |
+
DXGICompat |
+The fix allows application-specific compatibility instructions to be passed to the DirectX engine. |
+
DXMaximizedWindowedMode |
+Applications that use DX8/9 are run in a maximized windowed mode. This is required for applications that use GDI/DirectDraw in addition to Direct3D. |
+
ElevateCreateProcess |
+The problem is indicated when installations, de-installations, or updates fail because the host process calls the CreateProcess function and it returns an ERROR_ELEVATION_REQUIRED error message. +The fix handles the error code and attempts to recall the CreateProcess function together with requested elevation. If the fixed application already has a UAC manifest, the error code will be returned unchanged. +
+Note
+For more detailed information about this application fix, see Using the ElevateCreateProcess Fix. +
+
+ |
+
EmulateOldPathIsUNC |
+The problem occurs when an application fails because of an incorrect UNC path. +The fix changes the PathIsUNC function to return a value of True for UNC paths in Windows. |
+
EmulateGetDiskFreeSpace |
+The problem is indicated when an application fails to install or to run, and it generates an error message that there is not enough free disk space to install or use the application, even though there is enough free disk space to meet the application requirements. +The fix determines the amount of free space, so that if the amount of free space is larger than 2 GB, the compatibility fix returns a value of 2 GB, but if the amount of free space is smaller than 2 GB, the compatibility fix returns the actual free space amount. +
+Note
+For more detailed information about this application fix, see Using the EmulateGetDiskFreeSpace Fix. +
+
+ |
+
EmulateSorting |
+The problem occurs when an application experiences search functionality issues. +The fix forces applications that use the CompareStringW/LCMapString sorting table to use an older version of the table. +
+Note
+For more detailed information about this e application fix, see Using the EmulateSorting Fix. +
+
+ |
+
EmulateSortingWindows61 |
+The fix emulates the sorting order of Windows 7 and Windows Server 2008 R2 for various APIs. |
+
EnableRestarts |
+The problem is indicated when an application and computer appear to hang because processes cannot end to allow the computer to complete its restart processes. +The fix enables the computer to restart and finish the installation process by verifying and enabling that the SeShutdownPrivilege service privilege exists. +
+Note
+For more detailed information about this application fix, see Using the EnableRestarts Fix. +
+
+ |
+
ExtraAddRefDesktopFolder |
+The problem occurs when an application invokes the Release() method too many times and causes an object to be prematurely destroyed. +The fix counteracts the application's tries to obtain the shell desktop folder by invoking the AddRef() method on the Desktop folder, which is returned by the SHGetDesktopFolder function. |
+
FailObsoleteShellAPIs |
+The problem occurs when an application fails because it generated deprecated API calls. +The fix either fully implements the obsolete functions or implements the obsolete functions with stubs that fail. +
+Note
+You can type FailAll=1 at the command prompt to suppress the function implementation and force all functions to fail. +
+
+ |
+
FailRemoveDirectory |
+The problem occurs when an application uninstallation process does not remove all of the application files and folders. +This fix fails calls to RemoveDirectory() when called with a path matching the one specified in the shim command-line. Only a single path is supported. The path can contain environment variables, but must be an exact path – no partial paths are supported. +The fix can resolve an issue where an application expects RemoveDirectory() to delete a folder immediately even though a handle is open to it. |
+
FakeLunaTheme |
+The problem occurs when a theme application does not properly display: the colors are washed out or the user interface is not detailed. +The fix intercepts the GetCurrentThemeName API and returns the value for the Windows XP default theme, (Luna). +
+Note
+For more detailed information about the FakeLunaTheme application fix, see Using the FakeLunaTheme Fix. +
+
+ |
+
FlushFile |
+This problem is indicated when a file is updated and changes do not immediately appear on the hard disk. Applications cannot see the file changes. +The fix enables the WriteFile function to call to the FlushFileBuffers APIs, which flush the file cache onto the hard disk. |
+
FontMigration |
+The fix replaces an application-requested font with a better font selection, to avoid text truncation. |
+
ForceAdminAccess |
+The problem occurs when an application fails to function during an explicit administrator check. +The fix allows the user to temporarily imitate being a part of the Administrators group by returning a value of True during the administrator check. +
+Note
+For more detailed information about this application fix, see Using the ForceAdminAccess Fix. +
+
+ |
+
ForceInvalidateOnClose |
+The fix invalidates any windows that exist under a closing or hiding window for applications that rely on the invalidation messages. |
+
ForceLoadMirrorDrvMitigation |
+The fix loads the Windows 8 mirror driver mitigation for applications where the mitigation is not automatically applied. |
+
FreestyleBMX |
+The fix resolves an application race condition that is related to window message order. |
+
GetDriveTypeWHook |
+The application presents unusual behavior during installation; for example, the setup program states that it cannot install to a user-specified location. +The fix changes GetDriveType() so that only the root information appears for the file path. This is required when an application passes an incomplete or badly-formed file path when it tries to retrieve the drive type on which the file path exists. |
+
GlobalMemoryStatusLie |
+The problem is indicated by a Computer memory full error message that displays when you start an application. +The fix modifies the memory status structure, so that it reports a swap file that is 400 MB, regardless of the true swap file size. |
+
HandleBadPtr |
+The problem is indicated by an access violation error message that displays because an API is performing pointer validation before it uses a parameter. +The fix supports using lpBuffer validation from the InternetSetOptionA and InternetSetOptionW functions to perform the additional parameter validation. |
+
HandleMarkedContentNotIndexed |
+The problem is indicated by an application that fails when it changes an attribute on a file or directory. +The fix intercepts any API calls that return file attributes and directories that are invoked from the %TEMP% directory, and resets the FILE_ATTRIBUTE_NOT_CONTENT_INDEXED attribute to its original state. |
+
HeapClearAllocation |
+The problem is indicated when the allocation process shuts down unexpectedly. +The fix uses zeros to clear out the heap allocation for an application. |
+
IgnoreAltTab |
+The problem occurs when an application fails to function when special key combinations are used. +The fix intercepts the RegisterRawInputDevices API and prevents the delivery of the WM_INPUT messages. This delivery failure forces the included hooks to be ignored and forces DInput to use Windows-specific hooks. +
+Note
+For more detailed information about this application fix, see Using the IgnoreAltTab Fix. +
+
+ |
+
IgnoreChromeSandbox |
+The fix allows Google Chrome to run on systems that have ntdll loaded above 4GB. |
+
IgnoreDirectoryJunction |
+The problem is indicated by a read or access violation error message that displays when an application tries to find or open files. +The fix links the FindNextFileW, FindNextFileA, FindFirstFileExW, FindFirstFileExA, FindFirstFileW and FindFirstFileA APIs to prevent them from returning directory junctions. +
+Note
+Symbolic links appear starting in Windows Vista. +
+
+ |
+
IgnoreException |
+The problem is indicated when an application stops functioning immediately after it starts, or the application starts with only a cursor appearing on the screen. +The fix enables the application to ignore specified exceptions. By default, this fix ignores privileged-mode exceptions; however, it can be configured to ignore any exception. +You can control this fix further by typing the following command at the command prompt: +Exception1;Exception2 +Where Exception1 and Exception2 are specific exceptions to be ignored. For example: ACCESS_VIOLATION_READ:1;ACCESS_VIOLATION_WRITE:1. +
+Important
+You should use this compatibility fix only if you are certain that it is acceptable to ignore the exception. You might experience additional compatibility issues if you choose to incorrectly ignore an exception. +
+
+
+
+Note
+For more detailed information about this application fix, see Using the IgnoreException Fix. +
+
+ |
+
IgnoreFloatingPointRoundingControl |
+This fix enables an application to ignore the rounding control request and to behave as expected in previous versions of the application. +Before floating point SSE2 support in the C runtime library, the rounding control request was being ignored which would use round to nearest option by default. This shim ignores the rounding control request to support applications relying on old behavior. |
+
IgnoreFontQuality |
+The problem occurs when application text appears to be distorted. +The fix enables color-keyed fonts to properly work with anti-aliasing. |
+
IgnoreMessageBox |
+The problem is indicated by a message box that displays with debugging or extraneous content when the application runs on an unexpected operating system. +The fix intercepts the MessageBox* APIs and inspects them for specific message text. If matching text is found, the application continues without showing the message box. +
+Note
+For more detailed information about this application fix, see Using the IgnoreMessageBox Fix. +
+
+ |
+
IgnoreMSOXMLMF |
+The problem is indicated by an error message that states that the operating system cannot locate the MSVCR80D.DLL file. +The fix ignores the registered MSOXMLMF.DLL object, which Microsoft® Office 2007 loads into the operating system any time that you load an XML file, and then it fails the CoGetClassObject for its CLSID. This compatibility fix will just ignore the registered MSOXMLMF and fail the CoGetClassObject for its CLSID. |
+
IgnoreSetROP2 |
+The fix ignores read-modify-write operations on the desktop to avoid performance issues. |
+
InstallComponent |
+The fix prompts the user to install.Net 3.5 or .Net 2.0 because .Net is not included with Windows 8. |
+
LoadLibraryRedirect |
+The fix forces an application to load system versions of libraries instead of loading redistributable versions that shipped with the application. |
+
LocalMappedObject |
+The problem occurs when an application unsuccessfully tries to create an object in the Global namespace. +The fix intercepts the function call to create the object and replaces the word Global with Local. +
+Note
+For more detailed information about this application fix, see Using the LocalMappedObject Fix. +
+
+ |
+
MakeShortcutRunas |
+The problem is indicated when an application fails to uninstall because of access-related errors. +The fix locates any RunDLL.exe-based uninstallers and forces them to run with different credentials during the application installation. After it applies this fix, the installer will create a shortcut that specifies a matching string to run during the application installation, thereby enabling the uninstallation to occur later. +
+Note
+For more detailed information about this application fix, see Using the MakeShortcutRunas Fix +
+
+ |
+
ManageLinks |
+The fix intercepts common APIs that are going to a directory or to an executable (.exe) file, and then converts any symbolic or directory junctions before passing it back to the original APIs. |
+
MirrorDriverWithComposition |
+The fix allows mirror drivers to work properly with acceptable performance with desktop composition. |
+
MoveToCopyFileShim |
+The problem occurs when an application experiences security access issues during setup. +The fix forces the CopyFile APIs to run instead of the MoveFile APIs. CopyFile APIs avoid moving the security descriptor, which enables the application files to get the default descriptor of the destination folder and prevents the security access issue. |
+
OpenDirectoryAcl |
+The problem is indicated by an error message that states that you do not have the appropriate permissions to access the application. +The fix reduces the security privilege levels on a specified set of files and folders. +
+Note
+For more detailed information about this application fix, see Using the OpenDirectoryACL Fix. +
+
+ |
+
PopCapGamesForceResPerf |
+The fix resolves the performance issues in PopCap games like Bejeweled2. The performance issues are visible in certain low-end cards at certain resolutions where the 1024x768 buffer is scaled to fit the display resolution. |
+
PreInstallDriver |
+The fix preinstalls drivers for applications that would otherwise try to install or start drivers during the initial start process. |
+
PreInstallSmarteSECURE |
+The fix preinstalls computer-wide CLSIDs for applications that use SmartSECURE copy protection, which would otherwise try to install the CLSIDs during the initial start process. |
+
ProcessPerfData |
+The problem is indicated by an Unhandled Exception error message because the application tried to read the process performance data registry value to determine if another instance of the application is running. +The fix handles the failure case by passing a fake process performance data registry key, so that the application perceives that it is the only instance running. +
+Note
+This issue seems to occur most frequently with .NET applications. +
+
+ |
+
PromoteDAM |
+The fix registers an application for power state change notifications. |
+
PropagateProcessHistory |
+The problem occurs when an application incorrectly fails to apply an application fix. +The fix sets the _PROCESS_HISTORY environment variable so that child processes can look in the parent directory for matching information while searching for application fixes. |
+
ProtectedAdminCheck |
+The problem occurs when an application fails to run because of incorrect Protected Administrator permissions. +The fix addresses the issues that occur when applications use non-standard Administrator checks, thereby generating false positives for user accounts that are being run as Protected Administrators. In this case, the associated SID exists, but it is set as deny-only. |
+
RedirectCRTTempFile |
+The fix intercepts failing CRT calls that try to create a temporary file at the root of the volume, thereby redirecting the calls to a temporary file in the user's temporary directory. |
+
RedirectHKCUKeys |
+The problem occurs when an application cannot be accessed because of User Account Control (UAC) restrictions. +The fix duplicates any newly created HKCU keys to other users' HKCU accounts. This fix is generic for UAC restrictions, whereby the HKCU keys are required, but are unavailable to an application at runtime. |
+
RedirectMP3Codec |
+This problem occurs when you cannot play MP3 files. +The fix intercepts the CoCreateInstance call for the missing filter and then redirects it to a supported version. |
+
RedirectShortcut |
+The problem occurs when an application cannot be accessed by its shortcut, or application shortcuts are not removed during the application uninstallation process. +The fix redirects all of the shortcuts created during the application setup to appear according to a specified path. +
This issue occurs because of UAC restrictions: specifically, when an application setup runs by using elevated privileges and stores the shortcuts according to the elevated user's context. In this situation, a restricted user cannot access the shortcuts. +You cannot apply this fix to an .exe file that includes a manifest and provides a runlevel. |
+
RelaunchElevated |
+The problem occurs when installers, uninstallers, or updaters fail when they are started from a host application. +The fix enables a child .exe file to run with elevated privileges when it is difficult to determine the parent process with either the ElevateCreateProcess fix or by marking the .exe files to RunAsAdmin. +
+Note
+For more detailed information about this application fix, see Using the RelaunchElevated Fix. +
+
+ |
+
RetryOpenSCManagerWithReadAccess |
+The problem occurs when an application tries to open the Service Control Manager (SCM) and receives an Access Denied error message. +The fix retries the call and requests a more restricted set of rights that include the following: +
|
+
RetryOpenServiceWithReadAccess |
+The problem occurs when an Unable to open service due to your application using the OpenService() API to test for the existence of a particular service error message displays. +The fix retries the OpenService() API call and verifies that the user has Administrator rights, is not a Protected Administrator, and by using read-only access. Applications can test for the existence of a service by calling the OpenService() API but some applications ask for all access when making this check. This fix retries the call but only asking for read-only access. The user needs to be an administrator for this to work +
+Note
+For more detailed information about this application fix, see Using the RetryOpenServiceWithReadAccess Fix. +
+
+ |
+
RunAsAdmin |
+The problem occurs when an application fails to function by using the Standard User or Protected Administrator account. +The fix enables the application to run by using elevated privileges. The fix is the equivalent of specifying requireAdministrator in an application manifest. +
+Note
+For more detailed information about this application fix, see Using the RunAsAdmin Fix. +
+
+ |
+
RunAsHighest |
+The problem occurs when administrators cannot view the read/write version of an application that presents a read-only view to standard users. +The fix enables the application to run by using the highest available permissions. This is the equivalent of specifying highestAvailable in an application manifest. +
+Note
+For more detailed information about this application fix, see Using the RunAsHighest Fix. +
+
+ |
+
RunAsInvoker |
+The problem occurs when an application is not detected as requiring elevation. +The fix enables the application to run by using the privileges that are associated with the creation process, without requiring elevation. This is the equivalent of specifying asInvoker in an application manifest. +
+Note
+For more detailed information about this application fix, see Using the RunAsInvoker Fix. +
+
+ |
+
SecuROM7 |
+The fix repairs applications by using SecuROM7 for copy protection. |
+
SessionShim |
+The fix intercepts API calls from applications that are trying to interact with services that are running in another session, by using the terminal service name prefix (Global or Local) as the parameter. +At the command prompt, you can supply a list of objects to modify, separating the values by a double backslash (). Or, you can choose not to include any parameters, so that all of the objects are modified. +
+Important
+Users cannot log in as Session 0 (Global Session) in Windows Vista and later. Therefore, applications that require access to Session 0 automatically fail. +
+
+
+
+Note
+For more detailed information about this application fix, see Using the SessionShim Fix. +
+
+ |
+
SetProtocolHandler |
+The fix registers an application as a protocol handler. +You can control this fix further by typing the following command at the command prompt: +Client;Protocol;App +Where the Client is the name of the email protocol, Protocol is mailto, and App is the name of the application. +
+Note
+Only the mail client and the mailto protocol are supported. You can separate multiple clients by using a backslash (). +
+
+ |
+
SetupCommitFileQueueIgnoreWow |
+The problem occurs when a 32-bit setup program fails to install because it requires 64-bit drivers. +The fix disables the Wow64 file system that is used by the 64-bit editions of Windows, to prevent 32-bit applications from accessing 64-bit file systems during the application setup. |
+
SharePointDesigner2007 |
+The fix resolves an application bug that severely slows the application when it runs in DWM. |
+
ShimViaEAT |
+The problem occurs when an application fails, even after applying acompatibility fix that is known to fix an issue. Applications that use unicows.dll or copy protection often present this issue. +The fix applies the specified compatibility fixes by modifying the export table and by nullifying the use of module inclusion and exclusion. +
+Note
+For more information about this application fix, see Using the ShimViaEAT Fix. +
+
+ |
+
ShowWindowIE |
+The problem occurs when a web application experiences navigation and display issues because of the tabbing feature. +The fix intercepts the ShowWindow API call to address the issues that can occur when a web application determines that it is in a child window. This fix calls the real ShowWindow API on the top-level parent window. |
+
SierraWirelessHideCDROM |
+The fix repairs the Sierra Wireless Driver installation, thereby preventing bugcheck. |
+
Sonique2 |
+The application uses an invalid window style, which breaks in DWM. This fix replaces the window style with a valid value. |
+
SpecificInstaller |
+The problem occurs when an application installation file fails to be picked up by the GenericInstaller function. +The fix flags the application as being an installer file (for example, setup.exe), and then prompts for elevation. +
+Note
+For more detailed information about this application fix, see Using the SpecificInstaller Fix. +
+
+ |
+
SpecificNonInstaller |
+The problem occurs when an application that is not an installer (and has sufficient privileges) generates a false positive from the GenericInstaller function. +The fix flags the application to exclude it from detection by the GenericInstaller function. +
+Note
+For more detailed information about this application fix, see Using the SpecificNonInstaller Fix. +
+
+ |
+
SystemMetricsLie |
+The fix replaces SystemMetrics values and SystemParametersInfo values with the values of previous Windows versions. |
+
TextArt |
+The application receives different mouse coordinates with DWM ON versus DWM OFF, which causes the application to hang. This fix resolves the issue. |
+
TrimDisplayDeviceNames |
+The fix trims the names of the display devices that are returned by the EnumDisplayDevices API. |
+
UIPICompatLogging |
+The fix enables the logging of Windows messages from Internet Explorer and other processes. |
+
UIPIEnableCustomMsgs |
+The problem occurs when an application does not properly communicate with other processes because customized Windows messages are not delivered. +The fix enables customized Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the RegisterWindowMessage function, followed by the ChangeWindowMessageFilter function in the code. +You can control this fix further by typing the following command at the command prompt: +MessageString1 MessageString2 +Where MessageString1 and MessageString2 reflect the message strings that can pass. +
+Note
+Multiple message strings must be separated by spaces. For more detailed information about this application fix, see Using the UIPIEnableCustomMsgs Fix. +
+
+ |
+
UIPIEnableStandardMsgs |
+The problem occurs when an application does not communicate properly with other processes because standard Windows messages are not delivered. +The fix enables standard Windows messages to pass through to the current process from a lower Desktop integrity level. This fix is the equivalent of calling the ChangeWindowMessageFilter function in the code. +You can control this fix further by typing the following command at the command prompt: +1055 1056 1069 +Where 1055 reflects the first message ID, 1056 reflects the second message ID, and 1069 reflects the third message ID that can pass. +
+Note
+Multiple messages can be separated by spaces. For more detailed information about this application fix, see Using the UIPIEnableStandardMsgs Fix [act]. +
+
+ |
+
VirtualizeDeleteFileLayer |
+The fix virtualizes DeleteFile operations for applications that try to delete protected files. |
+
VirtualizeDesktopPainting |
+This fix improves the performance of a number of operations on the Desktop DC while using DWM. |
+
VirtualRegistry |
+The problem is indicated when a Component failed to be located error message displays when an application is started. +The fix enables the registry functions to allow for virtualization, redirection, expansion values, version spoofing, the simulation of performance data counters, and so on. +For more detailed information about this application fix, see Using the VirtualRegistry Fix. |
+
VirtualizeDeleteFile |
+The problem occurs when several error messages display and the application cannot delete files. +The fix makes the application's DeleteFile function call a virtual call in an effort to remedy the UAC and file virtualization issues that were introduced with Windows Vista. This fix also links other file APIs (for example, GetFileAttributes) to ensure that the virtualization of the file is deleted. +
+Note
+For more detailed information about this application fix, see Using the VirtualizeDeleteFile Fix. +
+
+ |
+
VirtualizeHKCRLite |
+The problem occurs when an application fails to register COM components at runtime. +The fix redirects the HKCR write calls (HKLM) to the HKCU hive for a per-user COM registration. This operates much like the VirtualRegistry fix when you use the VirtualizeHKCR parameter; however, VirtualizeHKCRLite provides better performance. +HKCR is a virtual merge of the HKCU\Software\Classes and HKLM\Software\Classes directories. The use of HKCU is preferred if an application is not elevated and is ignored if the application is elevated. +You typically will use this compatibility fix in conjunction with the VirtualizeRegisterTypeLib fix. +For more detailed information about this application fix, see Using the VirtualizeHKCRLite Fix. |
+
VirtualizeRegisterTypeLib |
+The fix, when it is used with the VirtualizeHKCRLite fix, ensures that the type library and the COM class registration happen simultaneously. This functions much like the RegistryTypeLib fix when the RegisterTypeLibForUser parameter is used. +
+Note
+For more detailed information about this application fix, see Using the VirtualizeRegisterTypelib Fix. +
+
+ |
+
WaveOutIgnoreBadFormat |
+This problem is indicated by an error message that states: Unable to initialize sound device from your audio driver; the application then closes. +The fix enables the application to ignore the format error and continue to function properly. |
+
WerDisableReportException |
+The fix turns off the silent reporting of exceptions to the Windows Error Reporting tool, including those that are reported by Object Linking and Embedding-Database (OLE DB). The fix intercepts the RtlReportException API and returns a STATUS_NOT_SUPPORTED error message. |
+
Win7RTM/Win8RTM |
+The layer provides the application with Windows 7/Windows 8 compatibility mode. |
+
WinxxRTMVersionLie |
+The problem occurs when an application fails because it does not find the correct version number for the required Windows operating system. +All version lie compatibility fixes address the issue whereby an application fails to function because it is checking for, but not finding, a specific version of the operating system. The version lie fix returns the appropriate operating system version information. For example, the VistaRTMVersionLie returns the Windows Vista version information to the application, regardless of the actual operating system version that is running on the computer. |
+
Wing32SystoSys32 |
+The problem is indicated by an error message that states that the WinG library was not properly installed. +The fix detects whether the WinG32 library exists in the correct directory. If the library is located in the wrong location, this fix copies the information (typically during the runtime of the application) into the %WINDIR% \system32 directory. +
+Important
+The application must have Administrator privileges for this fix to work. +
+
+ |
+
WinSrv08R2RTM |
++ |
WinXPSP2VersionLie |
+The problem occurs when an application experiences issues because of a VB runtime DLL. +The fix forces the application to follow these steps: +
|
+
WRPDllRegister |
+The application fails when it tries to register a COM component that is released together with Windows Vista and later. +The fix skips the processes of registering and unregistering WRP-protected COM components when calling the DLLRegisterServer and DLLUnregisterServer functions. +You can control this fix further by typing the following command at the command prompt: +Component1.dll;Component2.dll +Where Component1.dll and Component2.dll reflect the components to be skipped. +
+Note
+For more detailed information about this application fix, see Using the WRPDllRegister Fix. +
+
+ |
+
WRPMitigation |
+The problem is indicated when an access denied error message displays when the application tries to access a protected operating system resource by using more than read-only access. +The fix emulates the successful authentication and modification of file and registry APIs, so that the application can continue. +
+Note
+For more detailed information about WRPMitigation, see Using the WRPMitigation Fix. +
+
+ |
+
WRPRegDeleteKey |
+The problem is indicated by an access denied error message that displays when the application tries to delete a registry key. +The fix verifies whether the registry key is WRP-protected. If the key is protected, this fix emulates the deletion process. |
+
XPAfxIsValidAddress |
+The fix emulates the behavior of Windows XP for MFC42!AfxIsValidAddress. |
+
| Compatibility Mode Name | +Description | +Included Compatibility Fixes | +
|---|---|---|
WinSrv03 |
+Emulates the Windows Server 2003 operating system. |
+
|
+
WinSrv03Sp1 |
+Emulates the Windows Server 2003 with Service Pack 1 (SP1) operating system. |
+
|
+
Vendor name |
-Product description |
-HWID |
-Windows Update availability |
-
Broadcom |
-802.11abgn Wireless SDIO adapter |
-sd\vid_02d0&pid_4330&fn_1 |
-Contact the system OEM or Broadcom for driver availability. |
-
Broadcom |
-802.11n Network Adapter |
-pci\ven_14e4&dev_4331&subsys_00d6106b&rev_02 |
-Contact the system OEM or Broadcom for driver availability. |
-
Broadcom |
-802.11n Network Adapter |
-pci\ven_14e4&dev_4331&subsys_00f5106b&rev_02 |
-Contact the system OEM or Broadcom for driver availability. |
-
Broadcom |
-802.11n Network Adapter |
-pci\ven_14e4&dev_4331&subsys_00ef106b&rev_02 |
-Contact the system OEM or Broadcom for driver availability. |
-
Broadcom |
-802.11n Network Adapter |
-pci\ven_14e4&dev_4331&subsys_00f4106b&rev_02 |
-Contact the system OEM or Broadcom for driver availability. |
-
Broadcom |
-802.11n Network Adapter |
-pci\ven_14e4&dev_4331&subsys_010e106b&rev_02 |
-Contact the system OEM or Broadcom for driver availability. |
-
Broadcom |
-802.11n Network Adapter |
-pci\ven_14e4&dev_4331&subsys_00e4106b&rev_02 |
-Contact the system OEM or Broadcom for driver availability. |
-
Broadcom |
-802.11n Network Adapter |
-pci\ven_14e4&dev_4331&subsys_433114e4&rev_02 |
-Contact the system OEM or Broadcom for driver availability. |
-
Broadcom |
-802.11n Network Adapter |
-pci\ven_14e4&dev_4331&subsys_010f106b&rev_02 |
-Contact the system OEM or Broadcom for driver availability. |
-
Marvell |
-Yukon 88E8001/8003/8010 PCI Gigabit Ethernet |
-pci\ven_11ab&dev_4320&subsys_811a1043 |
-- | -
Marvell |
-Libertas 802.11b/g Wireless |
-pci\ven_11ab&dev_1faa&subsys_6b001385&rev_03 |
-- | -
Qualcomm |
-Atheros AR6004 Wireless LAN Adapter |
-sd\vid_0271&pid_0401 |
-
- 64-bit driver not available |
-
Qualcomm |
-Atheros AR5BWB222 Wireless Network Adapter |
-pci\ven_168c&dev_0034&subsys_20031a56 |
-
- 64-bit driver not available |
-
Qualcomm |
-Atheros AR5BWB222 Wireless Network Adapter |
-pci\ven_168c&dev_0034&subsys_020a1028&rev_01 |
-Contact the system OEM or Qualcom for driver availability. |
-
Qualcomm |
-Atheros AR5005G Wireless Network Adapter |
-pci\ven_168c&dev_001a&subsys_04181468&rev_01 |
-- | -
Ralink |
-Wireless-G PCI Adapter |
-pci\ven_1814&dev_0301&subsys_00551737&rev_00 |
-- | -
Ralink |
-Turbo Wireless LAN Card |
-pci\ven_1814&dev_0301&subsys_25611814&rev_00 |
-- | -
Ralink |
-Wireless LAN Card V1 |
-pci\ven_1814&dev_0302&subsys_3a711186&rev_00 |
-- | -
Ralink |
-D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C) |
-pci\ven_1814&dev_0302&subsys_3c091186&rev_00 |
-- | -
Vendor name |
+Product description |
+HWID |
+Windows Update availability |
+
Broadcom |
+802.11abgn Wireless SDIO adapter |
+sd\vid_02d0&pid_4330&fn_1 |
+Contact the system OEM or Broadcom for driver availability. |
+
Broadcom |
+802.11n Network Adapter |
+pci\ven_14e4&dev_4331&subsys_00d6106b&rev_02 |
+Contact the system OEM or Broadcom for driver availability. |
+
Broadcom |
+802.11n Network Adapter |
+pci\ven_14e4&dev_4331&subsys_00f5106b&rev_02 |
+Contact the system OEM or Broadcom for driver availability. |
+
Broadcom |
+802.11n Network Adapter |
+pci\ven_14e4&dev_4331&subsys_00ef106b&rev_02 |
+Contact the system OEM or Broadcom for driver availability. |
+
Broadcom |
+802.11n Network Adapter |
+pci\ven_14e4&dev_4331&subsys_00f4106b&rev_02 |
+Contact the system OEM or Broadcom for driver availability. |
+
Broadcom |
+802.11n Network Adapter |
+pci\ven_14e4&dev_4331&subsys_010e106b&rev_02 |
+Contact the system OEM or Broadcom for driver availability. |
+
Broadcom |
+802.11n Network Adapter |
+pci\ven_14e4&dev_4331&subsys_00e4106b&rev_02 |
+Contact the system OEM or Broadcom for driver availability. |
+
Broadcom |
+802.11n Network Adapter |
+pci\ven_14e4&dev_4331&subsys_433114e4&rev_02 |
+Contact the system OEM or Broadcom for driver availability. |
+
Broadcom |
+802.11n Network Adapter |
+pci\ven_14e4&dev_4331&subsys_010f106b&rev_02 |
+Contact the system OEM or Broadcom for driver availability. |
+
Marvell |
+Yukon 88E8001/8003/8010 PCI Gigabit Ethernet |
+pci\ven_11ab&dev_4320&subsys_811a1043 |
++ | +
Marvell |
+Libertas 802.11b/g Wireless |
+pci\ven_11ab&dev_1faa&subsys_6b001385&rev_03 |
++ | +
Qualcomm |
+Atheros AR6004 Wireless LAN Adapter |
+sd\vid_0271&pid_0401 |
+
+ 64-bit driver not available |
+
Qualcomm |
+Atheros AR5BWB222 Wireless Network Adapter |
+pci\ven_168c&dev_0034&subsys_20031a56 |
+
+ 64-bit driver not available |
+
Qualcomm |
+Atheros AR5BWB222 Wireless Network Adapter |
+pci\ven_168c&dev_0034&subsys_020a1028&rev_01 |
+Contact the system OEM or Qualcom for driver availability. |
+
Qualcomm |
+Atheros AR5005G Wireless Network Adapter |
+pci\ven_168c&dev_001a&subsys_04181468&rev_01 |
++ | +
Ralink |
+Wireless-G PCI Adapter |
+pci\ven_1814&dev_0301&subsys_00551737&rev_00 |
++ | +
Ralink |
+Turbo Wireless LAN Card |
+pci\ven_1814&dev_0301&subsys_25611814&rev_00 |
++ | +
Ralink |
+Wireless LAN Card V1 |
+pci\ven_1814&dev_0302&subsys_3a711186&rev_00 |
++ | +
Ralink |
+D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C) |
+pci\ven_1814&dev_0302&subsys_3c091186&rev_00 |
++ | +
The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.| -|Print 3D app|Going forward, 3D Builder is the recommended 3D printing app. To 3D print objects on new Windows devices, customers must first install 3D Builder from the Store.| - +--- +title: Windows 10, version 1903 - Features that have been removed +description: Learn about features that will be removed or deprecated in Windows 10, version 1903, or a future release +ms.prod: w10 +ms.mktglfcycl: plan +ms.localizationpriority: medium +ms.sitesec: library +audience: itpro +author: greg-lindsay +manager: laurawi +ms.author: greglin +ms.topic: article +--- +# Features removed or planned for replacement starting with Windows 10, version 1903 + +> Applies to: Windows 10, version 1903 + +Each version of Windows 10 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that we removed in Windows 10, version 1903. **The list below is subject to change and might not include every affected feature or functionality.** + +> [!NOTE] +> Join the [Windows Insider program](https://insider.windows.com) to get early access to new Windows 10 builds and test these changes yourself. + +## Features we removed or will remove soon + +The following features and functionalities are removed from the installed product image for Windows 10, version 1903, or are planned for removal in an upcoming release. Applications or code that depend on these features won't function in this release unless you use another method. + + +| Feature | Details | +|---------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| XDDM-based remote display driver | Starting with this release the Remote Desktop Services uses a Windows Display Driver Model (WDDM) based Indirect Display Driver (IDD) for a single session remote desktop. The support for Windows 2000 Display Driver Model (XDDM) based remote display drivers will be removed in a future release. Independent Software Vendors that use XDDM-based remote display driver should plan a migration to the WDDM driver model. For more information on implementing remote indirect display driver ISVs can reach out to [rdsdev@microsoft.com](mailto:rdsdev@microsoft.com). | +| Desktop messaging app doesn't offer messages sync | The messaging app on Desktop has a sync feature that can be used to sync SMS text messages received from Windows Mobile and keep a copy of them on the Desktop. The sync feature has been removed from all devices. Due to this change, you will only be able to access messages from the device that received the message. | + +## Features we’re no longer developing + +We're no longer actively developing these features and may remove them from a future update. Some features have been replaced with other features or functionality, while others are now available from different sources. + +If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app). + +|Feature |Details| +|-----------|---------------------| +| Taskbar settings roaming| Roaming of taskbar settings is no longer being developed and we plan to disable this capability in a future release| +|Wi-Fi WEP and TKIP|In this release a warning message will appear when connecting to Wi-Fi networks secured with WEP or TKIP, which are not as secure as those using WPA2 or WPA3. In a future release, any connection to a Wi-Fi network using these old ciphers will be disallowed. Wi-Fi routers should be updated to use AES ciphers, available with WPA2 or WPA3. | +|Windows To Go|Windows To Go is no longer being developed.
The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.| +|Print 3D app|Going forward, 3D Builder is the recommended 3D printing app. To 3D print objects on new Windows devices, customers must first install 3D Builder from the Store.| + diff --git a/windows/deployment/planning/windows-10-infrastructure-requirements.md b/windows/deployment/planning/windows-10-infrastructure-requirements.md index 36c030bdcf..03fd161f35 100644 --- a/windows/deployment/planning/windows-10-infrastructure-requirements.md +++ b/windows/deployment/planning/windows-10-infrastructure-requirements.md @@ -1,133 +1,135 @@ ---- -title: Windows 10 infrastructure requirements (Windows 10) -description: There are specific infrastructure requirements to deploy and manage Windows 10 that should be in place prior to significant Windows 10 deployments within your organization. -ms.assetid: B0FA27D9-A206-4E35-9AE6-74E70748BE64 -ms.reviewer: -manager: laurawi -ms.author: greglin -keywords: deploy, upgrade, update, hardware -ms.prod: w10 -ms.mktglfcycl: plan -ms.localizationpriority: medium -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.topic: article ---- - -# Windows 10 infrastructure requirements - - -**Applies to** - -- Windows 10 - -There are specific infrastructure requirements to deploy and manage Windows 10 that should be in place prior to significant Windows 10 deployments within your organization. - -## High-level requirements - - -For initial Windows 10 deployments, as well as subsequent Windows 10 upgrades, ensure that sufficient disk space is available for distribution of the Windows 10 installation files (about 3 GB for Windows 10 x64 images, slightly smaller for x86). Also, be sure to take into account the network impact of moving these large images to each PC; you may need to leverage local server storage. - -For persistent VDI environments, carefully consider the I/O impact from upgrading large numbers of PCs in a short period of time. Ensure that upgrades are performed in smaller numbers, or during off-peak time periods. (For pooled VDI environments, a better approach is to replace the base image with a new version.) - -## Deployment tools - - -A new version of the Assessment and Deployment Toolkit (ADK) has been released to support Windows 10. This new version, available for download [here](https://go.microsoft.com/fwlink/p/?LinkId=526740), is required for Windows 10; you should not use earlier versions of the ADK to deploy Windows 10. It also supports the deployment of Windows 7, Windows 8, and Windows 8.1. - -Significant enhancements in the ADK for Windows 10 include new runtime provisioning capabilities, which leverage the Windows Imaging and Configuration Designer (Windows ICD), as well as updated versions of existing deployment tools (DISM, USMT, Windows PE, and more). - -Microsoft Deployment Toolkit 2013 Update 1, available for download [here](https://go.microsoft.com/fwlink/p/?LinkId=625079), has also been updated to support Windows 10 and the new ADK; older versions do not support Windows 10. New in this release is task sequence support for Windows 10 in-place upgrades. - -For System Center Configuration Manager, Windows 10 support is offered with various releases: - -| Release | Windows 10 management? | Windows 10 deployment? | -|---------------------------------------------|------------------------|------------------------------------------------| -| System Center Configuration Manager 2007 | Yes, with a hotfix | No | -| System Center Configuration Manager 2012 | Yes, with SP2 and CU1 | Yes, with SP2, CU1, and the ADK for Windows 10 | -| System Center Configuration Manager 2012 R2 | Yes, with SP1 and CU1 | Yes, with SP1, CU1, and the ADK for Windows 10 | - - ->Note: Configuration Manager 2012 supports Windows 10 version 1507 (build 10.0.10240) and 1511 (build 10.0.10586) for the lifecycle of these builds. Future releases of Windows 10 CB/CBB are not supported With Configuration Manager 2012, and will require System Center Configuration Manager current branch for supported management. - - -For more details about System Center Configuration Manager support for Windows 10, see [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](../deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md). - -## Management tools - - -In addition to System Center Configuration Manager, Windows 10 also leverages other tools for management. For Windows Server and Active Directory, existing supported versions are fully supported for Windows 10. New Group Policy templates will be needed to configure new settings available in Windows 10; these templates are available in the Windows 10 media images, and are available as a separate download [here](https://go.microsoft.com/fwlink/p/?LinkId=625081). See [Group Policy settings reference](https://go.microsoft.com/fwlink/p/?LinkId=625082) for a list of the new and modified policy settings. If you are using a central policy store, follow the steps outlined [here](https://go.microsoft.com/fwlink/p/?LinkId=625083) to update the ADMX files stored in that central store. - -No new Active Directory schema updates or specific functional levels are currently required for core Windows 10 product functionality, although subsequent upgrades could require these to support new features. - -Microsoft Desktop Optimization Pack (MDOP) has been updated to support Windows 10. The minimum versions required to support Windows 10 are as follows: - -| Product | Required version | -|----------------------------------------------------------|--------------------------| -| Advanced Group Policy Management (AGPM) | AGPM 4.0 Service Pack 3 | -| Application Virtualization (App-V) | App-V 5.1 | -| Diagnostics and Recovery Toolkit (DaRT) | DaRT 10 | -| Microsoft BitLocker Administration and Monitoring (MBAM) | MBAM 2.5 SP1 (2.5 is OK) | -| User Experience Virtualization (UE-V) | UE-V 2.1 SP1 | - - - -For more information, see the [MDOP TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=625090). - -For devices you manage with mobile device management (MDM) solutions such as Microsoft Intune, existing capabilities (provided initially in Windows 8.1) are fully supported in Windows 10; new Windows 10 MDM settings and capabilities will require updates to the MDM services. See [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkId=625084) for more information. - -Windows Server Update Services (WSUS) requires some additional configuration to receive updates for Windows 10. Use the Windows Server Update Services admin tool and follow these instructions: - -1. Select the **Options** node, and then click **Products and Classifications**. - -2. In the **Products** tree, select the **Windows 10** and **Windows 10 LTSB** products and any other Windows 10-related items that you want. Click **OK**. - -3. From the **Synchronizations** node, right-click and choose **Synchronize Now**. - - - -Figure 1. WSUS product list with Windows 10 choices - -Because Windows 10 updates are cumulative in nature, each month’s new update will supersede the previous month's. Consider leveraging “express installation” packages to reduce the size of the payload that needs to be sent to each PC each month; see [Express installation files](https://go.microsoft.com/fwlink/p/?LinkId=625086) for more information. (Note that this will increase the amount of disk storage needed by WSUS, and impacts all operating systems being managed with WSUS.) - -## Activation - - -Windows 10 volume license editions of Windows 10 will continue to support all existing activation methods (KMS, MAK, and AD-based activation). An update will be required for existing KMS servers: - -| Product | Required update | -|----------------------------------------|---------------------------------------------------------------------------------------------| -| Windows 10 | None | -| Windows Server 2012 R2 and Windows 8.1 | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) | -| Windows Server 2012 and Windows 8 | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) | -| Windows Server 2008 R2 and Windows 7 | [https://support.microsoft.com/kb/3079821](https://support.microsoft.com/kb/3079821) | - - - -Also see: [Windows Server 2016 Volume Activation Tips](https://blogs.technet.microsoft.com/askcore/2016/10/19/windows-server-2016-volume-activation-tips/) - -Additionally, new product keys will be needed for all types of volume license activation (KMS, MAK, and AD-based Activation); these keys are available on the Volume Licensing Service Center (VLSC) for customers with rights to the Windows 10 operating system. To find the needed keys: - -- Sign into the [Volume Licensing Service Center (VLSC)](https://go.microsoft.com/fwlink/p/?LinkId=625088) at with a Microsoft account that has appropriate rights. - -- For KMS keys, click **Licenses** and then select **Relationship Summary**. Click the appropriate active license ID, and then select **Product Keys** near the right side of the page. For KMS running on Windows Server, find the **Windows Srv 2012R2 DataCtr/Std KMS for Windows 10** product key; for KMS running on client operating systems, find the **Windows 10** product key. - -- For MAK keys, click **Downloads and Keys**, and then filter the list by using **Windows 10** as a product. Click the **Key** link next to an appropriate list entry (for example, **Windows 10 Enterprise** or **Windows 10 Enterprise LTSB**) to view the available MAK keys. (You can also find keys for KMS running on Windows 10 in this list. These keys will not work on Windows servers running KMS.) - -Note that Windows 10 Enterprise and Windows 10 Enterprise LTSB installations use different MAK keys. But you can use the same KMS server or Active Directory-based activation environment for both; the KMS keys obtained from the Volume Licensing Service Center will work with both. - -## Related topics - - -[Windows 10 servicing options](../update/waas-servicing-strategy-windows-10-updates.md) -
[Windows 10 deployment considerations](windows-10-deployment-considerations.md) -
[Windows 10 compatibility](windows-10-compatibility.md) - - - - - - - - - +--- +title: Windows 10 infrastructure requirements (Windows 10) +description: There are specific infrastructure requirements to deploy and manage Windows 10 that should be in place prior to significant Windows 10 deployments within your organization. +ms.assetid: B0FA27D9-A206-4E35-9AE6-74E70748BE64 +ms.reviewer: +manager: laurawi +ms.author: greglin +keywords: deploy, upgrade, update, hardware +ms.prod: w10 +ms.mktglfcycl: plan +ms.localizationpriority: medium +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.topic: article +--- + +# Windows 10 infrastructure requirements + + +**Applies to** + +- Windows 10 + +There are specific infrastructure requirements to deploy and manage Windows 10 that should be in place prior to significant Windows 10 deployments within your organization. + +## High-level requirements + + +For initial Windows 10 deployments, as well as subsequent Windows 10 upgrades, ensure that sufficient disk space is available for distribution of the Windows 10 installation files (about 3 GB for Windows 10 x64 images, slightly smaller for x86). Also, be sure to take into account the network impact of moving these large images to each PC; you may need to leverage local server storage. + +For persistent VDI environments, carefully consider the I/O impact from upgrading large numbers of PCs in a short period of time. Ensure that upgrades are performed in smaller numbers, or during off-peak time periods. (For pooled VDI environments, a better approach is to replace the base image with a new version.) + +## Deployment tools + + +A new version of the Assessment and Deployment Toolkit (ADK) has been released to support Windows 10. This new version, available for download [here](https://go.microsoft.com/fwlink/p/?LinkId=526740), is required for Windows 10; you should not use earlier versions of the ADK to deploy Windows 10. It also supports the deployment of Windows 7, Windows 8, and Windows 8.1. + +Significant enhancements in the ADK for Windows 10 include new runtime provisioning capabilities, which leverage the Windows Imaging and Configuration Designer (Windows ICD), as well as updated versions of existing deployment tools (DISM, USMT, Windows PE, and more). + +Microsoft Deployment Toolkit 2013 Update 1, available for download [here](https://go.microsoft.com/fwlink/p/?LinkId=625079), has also been updated to support Windows 10 and the new ADK; older versions do not support Windows 10. New in this release is task sequence support for Windows 10 in-place upgrades. + +For System Center Configuration Manager, Windows 10 support is offered with various releases: + +| Release | Windows 10 management? | Windows 10 deployment? | +|---------------------------------------------|------------------------|------------------------------------------------| +| System Center Configuration Manager 2007 | Yes, with a hotfix | No | +| System Center Configuration Manager 2012 | Yes, with SP2 and CU1 | Yes, with SP2, CU1, and the ADK for Windows 10 | +| System Center Configuration Manager 2012 R2 | Yes, with SP1 and CU1 | Yes, with SP1, CU1, and the ADK for Windows 10 | + + +> [!NOTE] +> Configuration Manager 2012 supports Windows 10 version 1507 (build 10.0.10240) and 1511 (build 10.0.10586) for the lifecycle of these builds. Future releases of Windows 10 CB/CBB are not supported With Configuration Manager 2012, and will require System Center Configuration Manager current branch for supported management. + + +For more details about System Center Configuration Manager support for Windows 10, see [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](../deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md). + +## Management tools + + +In addition to System Center Configuration Manager, Windows 10 also leverages other tools for management. For Windows Server and Active Directory, existing supported versions are fully supported for Windows 10. New Group Policy templates will be needed to configure new settings available in Windows 10; these templates are available in the Windows 10 media images, and are available as a separate download [here](https://go.microsoft.com/fwlink/p/?LinkId=625081). See [Group Policy settings reference](https://go.microsoft.com/fwlink/p/?LinkId=625082) for a list of the new and modified policy settings. If you are using a central policy store, follow the steps outlined [here](https://go.microsoft.com/fwlink/p/?LinkId=625083) to update the ADMX files stored in that central store. + +No new Active Directory schema updates or specific functional levels are currently required for core Windows 10 product functionality, although subsequent upgrades could require these to support new features. + +Microsoft Desktop Optimization Pack (MDOP) has been updated to support Windows 10. The minimum versions required to support Windows 10 are as follows: + +| Product | Required version | +|----------------------------------------------------------|--------------------------| +| Advanced Group Policy Management (AGPM) | AGPM 4.0 Service Pack 3 | +| Application Virtualization (App-V) | App-V 5.1 | +| Diagnostics and Recovery Toolkit (DaRT) | DaRT 10 | +| Microsoft BitLocker Administration and Monitoring (MBAM) | MBAM 2.5 SP1 (2.5 is OK) | +| User Experience Virtualization (UE-V) | UE-V 2.1 SP1 | + + + +For more information, see the [MDOP TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=625090). + +For devices you manage with mobile device management (MDM) solutions such as Microsoft Intune, existing capabilities (provided initially in Windows 8.1) are fully supported in Windows 10; new Windows 10 MDM settings and capabilities will require updates to the MDM services. See [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkId=625084) for more information. + +Windows Server Update Services (WSUS) requires some additional configuration to receive updates for Windows 10. Use the Windows Server Update Services admin tool and follow these instructions: + +1. Select the **Options** node, and then click **Products and Classifications**. + +2. In the **Products** tree, select the **Windows 10** and **Windows 10 LTSB** products and any other Windows 10-related items that you want. Click **OK**. + +3. From the **Synchronizations** node, right-click and choose **Synchronize Now**. + + + +Figure 1. WSUS product list with Windows 10 choices + +Because Windows 10 updates are cumulative in nature, each month’s new update will supersede the previous month's. Consider leveraging “express installation” packages to reduce the size of the payload that needs to be sent to each PC each month; see [Express installation files](https://go.microsoft.com/fwlink/p/?LinkId=625086) for more information. (Note that this will increase the amount of disk storage needed by WSUS, and impacts all operating systems being managed with WSUS.) + +## Activation + + +Windows 10 volume license editions of Windows 10 will continue to support all existing activation methods (KMS, MAK, and AD-based activation). An update will be required for existing KMS servers: + +| Product | Required update | +|----------------------------------------|---------------------------------------------------------------------------------------------| +| Windows 10 | None | +| Windows Server 2012 R2 and Windows 8.1 | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) | +| Windows Server 2012 and Windows 8 | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) | +| Windows Server 2008 R2 and Windows 7 | [https://support.microsoft.com/kb/3079821](https://support.microsoft.com/kb/3079821) | + + + +Also see: [Windows Server 2016 Volume Activation Tips](https://blogs.technet.microsoft.com/askcore/2016/10/19/windows-server-2016-volume-activation-tips/) + +Additionally, new product keys will be needed for all types of volume license activation (KMS, MAK, and AD-based Activation); these keys are available on the Volume Licensing Service Center (VLSC) for customers with rights to the Windows 10 operating system. To find the needed keys: + +- Sign into the [Volume Licensing Service Center (VLSC)](https://go.microsoft.com/fwlink/p/?LinkId=625088) at with a Microsoft account that has appropriate rights. + +- For KMS keys, click **Licenses** and then select **Relationship Summary**. Click the appropriate active license ID, and then select **Product Keys** near the right side of the page. For KMS running on Windows Server, find the **Windows Srv 2012R2 DataCtr/Std KMS for Windows 10** product key; for KMS running on client operating systems, find the **Windows 10** product key. + +- For MAK keys, click **Downloads and Keys**, and then filter the list by using **Windows 10** as a product. Click the **Key** link next to an appropriate list entry (for example, **Windows 10 Enterprise** or **Windows 10 Enterprise LTSB**) to view the available MAK keys. (You can also find keys for KMS running on Windows 10 in this list. These keys will not work on Windows servers running KMS.) + +Note that Windows 10 Enterprise and Windows 10 Enterprise LTSB installations use different MAK keys. But you can use the same KMS server or Active Directory-based activation environment for both; the KMS keys obtained from the Volume Licensing Service Center will work with both. + +## Related topics + + +[Windows 10 servicing options](../update/waas-servicing-strategy-windows-10-updates.md) +
[Windows 10 deployment considerations](windows-10-deployment-considerations.md) +
[Windows 10 compatibility](windows-10-compatibility.md) + + + + + + + + + diff --git a/windows/deployment/planning/windows-to-go-frequently-asked-questions.md b/windows/deployment/planning/windows-to-go-frequently-asked-questions.md index c48af35d6e..40c4c03e81 100644 --- a/windows/deployment/planning/windows-to-go-frequently-asked-questions.md +++ b/windows/deployment/planning/windows-to-go-frequently-asked-questions.md @@ -1,462 +1,463 @@ ---- -title: Windows To Go frequently asked questions (Windows 10) -description: Windows To Go frequently asked questions -ms.assetid: bfdfb824-4a19-4401-b369-22c5e6ca9d6e -ms.reviewer: -manager: laurawi -ms.author: greglin -keywords: FAQ, mobile, device, USB -ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: mobility -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.topic: article ---- - -# Windows To Go: frequently asked questions - - -**Applies to** - -- Windows 10 - ->[!IMPORTANT] ->Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. - -The following list identifies some commonly asked questions about Windows To Go. - -- [What is Windows To Go?](#wtg-faq-whatis) - -- [Does Windows To Go rely on virtualization?](#wtg-faq-virt) - -- [Who should use Windows To Go?](#wtg-faq-who) - -- [How can Windows To Go be deployed in an organization?](#wtg-faq-deploy) - -- [Is Windows To Go supported on both USB 2.0 and USB 3.0 drives?](#wtg-faq-usbvs) - -- [Is Windows To Go supported on USB 2.0 and USB 3.0 ports?](#wtg-faq-usbports) - -- [How do I identify a USB 3.0 port?](#wtg-faq-usb3port) - -- [Does Windows To Go run faster on a USB 3.0 port?](#wtg-faq-usb3speed) - -- [Can the user self-provision Windows To Go?](#wtg-faq-selfpro) - -- [How can Windows To Go be managed in an organization?](#wtg-faq-mng) - -- [How do I make my computer boot from USB?](#wtf-faq-startup) - -- [Why isn’t my computer booting from USB?](#wtg-faq-noboot) - -- [What happens if I remove my Windows To Go drive while it is running?](#wtg-faq-surprise) - -- [Can I use BitLocker to protect my Windows To Go drive?](#wtg-faq-bitlocker) - -- [Why can’t I enable BitLocker from Windows To Go Creator?](#wtg-faq-blfail) - -- [What power states does Windows To Go support?](#wtg-faq-power) - -- [Why is hibernation disabled in Windows To Go?](#wtg-faq-hibernate) - -- [Does Windows To Go support crash dump analysis?](#wtg-faq-crashdump) - -- [Do “Windows To Go Startup Options” work with dual boot computers?](#wtg-faq-dualboot) - -- [I plugged my Windows To Go drive into a running computer and I can’t see the partitions on the drive. Why not?](#wtg-faq-diskpart) - -- [I’m booted into Windows To Go, but I can’t browse to the internal hard drive of the host computer. Why not?](#wtg-faq-san4) - -- [Why does my Windows To Go drive have an MBR disk format with a FAT32 system partition?](#wtg-faq-fatmbr) - -- [Is Windows To Go secure if I use it on an untrusted machine?](#wtg-faq-malhost) - -- [Does Windows To Go work with ARM processors?](#wtg-faq-arm) - -- [Can I synchronize data from Windows To Go with my other computer?](#wtg-faq-datasync) - -- [What size USB Flash Drive do I need to make a Windows To Go drive?](#wtg-faq-usbsz) - -- [Do I need to activate Windows To Go every time I roam?](#wtg-faq-roamact) - -- [Can I use all Windows features on Windows To Go?](#wtg-faq-features) - -- [Can I use all my applications on Windows To Go?](#wtg-faq-approam) - -- [Does Windows To Go work slower than standard Windows?](#wtg-faq-slow) - -- [If I lose my Windows To Go drive, will my data be safe?](#wtg-faq-safeloss) - -- [Can I boot Windows To Go on a Mac?](#wtg-faq-mac) - -- [Are there any APIs that allow applications to identify a Windows To Go workspace?](#wtg-faq-api) - -- [How is Windows To Go licensed?](#wtg-faq-lic) - -- [Does Windows Recovery Environment work with Windows To Go? What’s the guidance for recovering a Windows To Go drive?](#wtg-faq-recovery) - -- [Why won’t Windows To Go work on a computer running Windows XP or Windows Vista?](#wtg-faq-oldos) - -- [Why does the operating system on the host computer matter?](#wtg-faq-oldos2) - -- [My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go?](#wtg-faq-blreckey) - -- [I decided to stop using a drive for Windows To Go and reformatted it – why doesn’t it have a drive letter assigned and how can I fix it?](#wtg-faq-reformat) - -- [Why do I keep on getting the message “Installing devices…” when I boot Windows To Go?](#bkmk-roamconflict) - -- [How do I upgrade the operating system on my Windows To Go drive?](#bkmk-upgradewtg) - -## What is Windows To Go? - - -Windows To Go is a feature for users of Windows 10 Enterprise and Windows 10 Education that enables users to boot a full version of Windows from external USB drives on host PCs. - -## Does Windows To Go rely on virtualization? - - -No. Windows To Go is a native instance of Windows 10 that runs from a USB device. It is just like a laptop hard drive with Windows 8 that has been put into a USB enclosure. - -## Who should use Windows To Go? - - -Windows To Go was designed for enterprise usage and targets scenarios such as continuance of operations, contractors, managed free seating, traveling workers, and work from home. - -## How can Windows To Go be deployed in an organization? - - -Windows To Go can be deployed using standard Windows deployment tools like Diskpart and DISM. The prerequisites for deploying Windows To Go are: - -- A Windows To Go recommended USB drive to provision; See the list of currently available USB drives at [Hardware considerations for Windows To Go](windows-to-go-overview.md#wtg-hardware) - -- A Windows 10 Enterprise or Windows 10 Education image - -- A Windows 10 Enterprise, Windows 10 Education or Windows 10 Professional host PC that can be used to provision new USB keys - -You can use a Windows PowerShell script to target several drives and scale your deployment for a large number of Windows To Go drives. You can also use a USB duplicator to duplicate a Windows To Go drive after it has been provisioned if you are creating a large number of drives. See the [Windows To Go Step by Step](https://go.microsoft.com/fwlink/p/?LinkId=618950) article on the TechNet wiki for a walkthrough of the drive creation process. - -## Is Windows To Go supported on both USB 2.0 and USB 3.0 drives? - - -No. Windows To Go is supported on USB 3.0 drives that are certified for Windows To Go. - -## Is Windows To Go supported on USB 2.0 and USB 3.0 ports? - - -Yes. Windows To Go is fully supported on either USB 2.0 ports or USB 3.0 ports on PCs certified for Windows 7 or later. - -## How do I identify a USB 3.0 port? - - -USB 3.0 ports are usually marked blue or carry a SS marking on the side. - -## Does Windows To Go run faster on a USB 3.0 port? - - -Yes. Because USB 3.0 offers significantly faster speeds than USB 2.0, a Windows To Go drive running on a USB 3.0 port will operate considerably faster. This speed increase applies to both drive provisioning and when the drive is being used as a workspace. - -## Can the user self-provision Windows To Go? - - -Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise, Windows 10 Education and Windows 10 Professional. Additionally, System Center 2012 Configuration Manager SP1 and later releases includes support for user self-provisioning of Windows To Go drives. Configuration Manager can be downloaded for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkID=618746). - -## How can Windows To Go be managed in an organization? - - -Windows To Go can be deployed and managed like a traditional desktop PC using standard Windows enterprise software distribution tools like System Center Configuration Manager. Computer and user settings for Windows To Go workspaces can be managed using Group Policy setting also in the same manner that you manage Group Policy settings for other PCs in your organization. Windows To Go workspaces can be configured to connect to the organizational resources remotely using DirectAccess or a virtual private network connection so that they can connect securely to your network. - -## How do I make my computer boot from USB? - - -For host computers running Windows 10 - -- Using Cortana, search for **Windows To Go startup options**, and then press Enter. -- In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB. - -For host computers running Windows 8 or Windows 8.1: - -Press **Windows logo key+W** and then search for **Windows To Go startup options** and then press Enter. - -In the **Windows To Go Startup Options** dialog box select **Yes** and then click **Save Changes** to configure the computer to boot from USB. - -**Note** -Your IT department can use Group Policy to configure Windows To Go Startup Options in your organization. - - - -If the host computer is running an earlier version of the Windows operating system need to configure the computer to boot from USB manually. - -To do this, early during boot time (usually when you see the manufacturer’s logo), enter your firmware/BIOS setup. (This method to enter firmware/BIOS setup differs with different computer manufacturers, but is usually entered by pressing one of the function keys, such as F12, F2, F1, Esc, and so forth. You should check the manufacturer’s site to be sure if you do not know which key to use to enter firmware setup.) - -After you have entered firmware setup, make sure that boot from USB is enabled. Then change the boot order to boot from USB drives first. - -Alternatively, if your computer supports it, you can try to use the one-time boot menu (often F12), to select USB boot on a per-boot basis. - -For more detailed instructions, see the wiki article, [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951). - -**Warning** -Configuring a computer to boot from USB will cause your computer to attempt to boot from any bootable USB device connected to your computer. This potentially includes malicious devices. Users should be informed of this risk and instructed to not have any bootable USB storage devices plugged in to their computers except for their Windows To Go drive. - - - -## Why isn’t my computer booting from USB? - - -Computers certified for Windows 7 and later are required to have support for USB boot. Check to see if any of the following items apply to your situation: - -1. Ensure that your computer has the latest BIOS installed and the BIOS is configured to boot from a USB device. - -2. Ensure that the Windows To Go drive is connected directly to a USB port on the computer. Many computers don’t support booting from a device connected to a USB 3 PCI add-on card or external USB hubs. - -3. If the computer is not booting from a USB 3.0 port, try to boot from a USB 2.0 port. - -If none of these items enable the computer to boot from USB, contact the hardware manufacturer for additional support. - -## What happens if I remove my Windows To Go drive while it is running? - - -If the Windows To Go drive is removed, the computer will freeze and the user will have 60 seconds to reinsert the Windows To Go drive. If the Windows To Go drive is reinserted into the same port it was removed from, Windows will resume at the point where the drive was removed. If the USB drive is not reinserted, or is reinserted into a different port, the host computer will turn off after 60 seconds. - -**Warning** -You should never remove your Windows To Go drive when your workspace is running. The computer freeze is a safety measure to help mitigate the risk of accidental removal. Removing the Windows To Go drive without shutting down the Windows To Go workspace could result in corruption of the Windows To Go drive. - - - -## Can I use BitLocker to protect my Windows To Go drive? - - -Yes. In Windows 8 and later, BitLocker has added support for using a password to protect operating system drives. This means that you can use a password to secure your Windows To Go workspace and you will be prompted to enter this password every time you use the Windows To Go workspace. - -## Why can’t I enable BitLocker from Windows To Go Creator? - - -Several different Group Policies control the use of BitLocker on your organizations computers. These policies are located in the **Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption** folder of the local Group Policy editor. The folder contains three sub-folders for fixed, operating system and removable data drive types. - -When you are using Windows To Go Creator, the Windows To Go drive is considered a removable data drive by BitLocker. Review the following setting to see if these settings apply in your situation: - -1. **Control use of BitLocker on removable drives** - - If this setting is disabled BitLocker cannot be used with removable drives, so the Windows To Go Creator wizard will fail if it attempts to enable BitLocker on the Windows To Go drive. - -2. **Configure use of smart cards on removable data drives** - - If this setting is enabled and the option **Require use of smart cards on removable data drives** is also selected the creator wizard might fail if you have not already signed on using your smart card credentials before starting the Windows To Go Creator wizard. - -3. **Configure use of passwords for removable data drives** - - If this setting is enabled and the **Require password complexity option** is selected the computer must be able to connect to the domain controller to verify that the password specified meets the password complexity requirements. If the connection is not available, the Windows To Go Creator wizard will fail to enable BitLocker. - -Additionally, the Windows To Go Creator will disable the BitLocker option if the drive does not have any volumes. In this situation, you should initialize the drive and create a volume using the Disk Management console before provisioning the drive with Windows To Go. - -## What power states does Windows To Go support? - - -Windows To Go supports all power states except the hibernate class of power states, which include hybrid boot, hybrid sleep, and hibernate. This default behavior can be modified by using Group Policy settings to enable hibernation of the Windows To Go workspace. - -## Why is hibernation disabled in Windows To Go? - - -When a Windows To Go workspace is hibernated, it will only successfully resume on the exact same hardware. Therefore, if a Windows To Go workspace is hibernated on one computer and roamed to another, the hibernation state (and therefore user state) will be lost. To prevent this from happening, the default settings for a Windows To Go workspace disable hibernation. If you are confident that you will only attempt to resume on the same computer, you can enable hibernation using the Windows To Go Group Policy setting, **Allow hibernate (S4) when started from a Windows To Go workspace** that is located at **\\\\Computer Configuration\\Administrative Templates\\Windows Components\\Portable Operating System\\** in the Local Group Policy Editor (gpedit.msc). - -## Does Windows To Go support crash dump analysis? - - -Yes. Windows 8 and later support crash dump stack analysis for both USB 2.0 and 3.0. - -## Do “Windows To Go Startup Options” work with dual boot computers? - - -Yes, if both operating systems are running the Windows 8 operating system. Enabling “Windows To Go Startup Options” should cause the computer to boot from the Windows To Go workspace when the drive is plugged in before the computer is turned on. - -If you have configured a dual boot computer with a Windows operating system and another operating system it might work occasionally and fail occasionally. Using this configuration is unsupported. - -## I plugged my Windows To Go drive into a running computer and I can’t see the partitions on the drive. Why not? - - -Windows To Go Creator and the recommended deployment steps for Windows To Go set the NO\_DEFAULT\_DRIVE\_LETTER flag on the Windows To Go drive. This flag prevents Windows from automatically assigning drive letters to the partitions on the Windows To Go drive. That’s why you can’t see the partitions on the drive when you plug your Windows To Go drive into a running computer. This helps prevent accidental data leakage between the Windows To Go drive and the host computer. If you really need to access the files on the Windows To Go drive from a running computer, you can use diskmgmt.msc or diskpart to assign a drive letter. - -**Warning** -It is strongly recommended that you do not plug your Windows To Go drive into a running computer. If the computer is compromised, your Windows To Go workspace can also be compromised. - - - -## I’m booted into Windows To Go, but I can’t browse to the internal hard drive of the host computer. Why not? - - -Windows To Go Creator and the recommended deployment steps for Windows To Go set SAN Policy 4 on Windows To Go drive. This policy prevents Windows from automatically mounting internal disk drives. That’s why you can’t see the internal hard drives of the host computer when you are booted into Windows To Go. This is done to prevent accidental data leakage between Windows To Go and the host system. This policy also prevents potential corruption on the host drives or data loss if the host operating system is in a hibernation state. If you really need to access the files on the internal hard drive, you can use diskmgmt.msc to mount the internal drive. - -**Warning** -It is strongly recommended that you do not mount internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 or later operating system, mounting the drive will lead to loss of hibernation state and therefor user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted. - - - -## Why does my Windows To Go drive have an MBR disk format with a FAT32 system partition? - - -This is done to allow Windows To Go to boot from UEFI and legacy systems. - -## Is Windows To Go secure if I use it on an untrusted computer? - - -While you are more secure than if you use a completely untrusted operating system, you are still vulnerable to attacks from the firmware or anything that runs before Windows To Go starts. If you plug your Windows To Go drive into a running untrusted computer, your Windows To Go drive can be compromised because any malicious software that might be active on the computer can access the drive. - -## Does Windows To Go work with ARM processors? - - -No. Windows RT is a specialized version of Windows designed for ARM processors. Windows To Go is currently only supported on PCs with x86 or x64-based processors. - -## Can I synchronize data from Windows To Go with my other computer? - - -To get your data across all your computers, we recommend using folder redirection and client side caching to store copies of your data on a server while giving you offline access to the files you need. - -## What size USB flash drive do I need to make a Windows To Go drive? - - -The size constraints are the same as full Windows. To ensure that you have enough space for Windows, your data, and your applications, we recommend USB drives that are a minimum of 20 GB in size. - -## Do I need to activate Windows To Go every time I roam? - - -No, Windows To Go requires volume activation; either using the [Key Management Service](https://go.microsoft.com/fwlink/p/?LinkId=619051) (KMS) server in your organization or using [Active Directory](https://go.microsoft.com/fwlink/p/?LinkId=619053) based volume activation. The Windows To Go workspace will not need to be reactivated every time you roam. KMS activates Windows on a local network, eliminating the need for individual computers to connect to Microsoft. To remain activated, KMS client computers must renew their activation by connecting to the KMS host on periodic basis. This typically occurs as soon as the user has access to the corporate network (either through a direct connection on-premises or a through remote connection using DirectAccess or a virtual private network connection), once activated the machine will not need to be activated again until the activation validity interval has passed. In a KMS configuration the activation validity interval is 180 days. - -## Can I use all Windows features on Windows To Go? - - -Yes, with some minor exceptions, you can use all Windows features with your Windows To Go workspace. The only currently unsupported features are using the Windows Recovery Environment and PC Reset & Refresh. - -## Can I use all my applications on Windows To Go? - - -Yes. Because your Windows To Go workspace is a full Windows 10 environment, all applications that work with Windows 10 should work in your Windows To Go workspace. However, any applications that use hardware binding (usually for licensing and/or digital rights management reasons) may not run when you roam your Windows To Go drive between different host computers, and you may have to use those applications on the same host computer every time. - -## Does Windows To Go work slower than standard Windows? - - -If you are using a USB 3.0 port and a Windows To Go certified device, there should be no perceivable difference between standard Windows and Windows To Go. However, if you are booting from a USB 2.0 port, you may notice some slowdown since USB 2.0 transfer speeds are slower than SATA speeds. - -## If I lose my Windows To Go drive, will my data be safe? - - -Yes! If you enable BitLocker on your Windows To Go drive, all your data will be encrypted and protected and a malicious user will not be able to access your data without your password. If you don’t enable BitLocker, your data will be vulnerable if you lose your Windows To Go drive. - -## Can I boot Windows To Go on a Mac? - - -We are committed to give customers a consistent and quality Windows 10 experience with Windows To Go. Windows To Go supports host devices certified for use with Windows 7 or later. Because Mac computers are not certified for use with Windows 7 or later, using Windows To Go is not supported on a Mac. - -## Are there any APIs that allow applications to identify a Windows To Go workspace? - - -Yes. You can use a combination of identifiers to determine if the currently running operating system is a Windows To Go workspace. First, check if the **PortableOperatingSystem** property is true. When that value is true it means that the operating system was booted from an external USB device. - -Next, check if the **OperatingSystemSKU** property is equal to **4** (for Windows 10 Enterprise) or **121** (for Windows 10 Education). The combination of those two properties represents a Windows To Go workspace environment. - -For more information, see the MSDN article on the [Win32\_OperatingSystem class](https://go.microsoft.com/fwlink/p/?LinkId=619059). - -## How is Windows To Go licensed? - - -Windows To Go allows organization to support the use of privately owned PCs at the home or office with more secure access to their organizational resources. With Windows To Go use rights under [Software Assurance](https://go.microsoft.com/fwlink/p/?LinkId=619062), an employee will be able to use Windows To Go on any company PC licensed with Software Assurance as well as from their home PC. - -## Does Windows Recovery Environment work with Windows To Go? What’s the guidance for recovering a Windows To Go drive? - - -No, use of Windows Recovery Environment is not supported on Windows To Go. It is recommended that you implement user state virtualization technologies like Folder Redirection to centralize and back up user data in the data center. If any corruption occurs on a Windows To Go drive, you should re-provision the workspace. - -## Why won’t Windows To Go work on a computer running Windows XP or Windows Vista? - - -Actually it might. If you have purchased a computer certified for Windows 7 or later and then installed an older operating system, Windows To Go will boot and run as expected as long as you have configured the firmware to boot from USB. However, if the computer was certified for Windows XP or Windows Vista, it might not meet the hardware requirements for Windows To Go to run. Typically computers certified for Windows Vista and earlier operating systems have less memory, less processing power, reduced video rendering, and slower USB ports. - -## Why does the operating system on the host computer matter? - - -It doesn’t other than to help visually identify if the PC has compatible hardware. For a PC to be certified for Windows 7 or later it had to support booting from USB. If a computer cannot boot from USB there is no way that it can be used with Windows To Go. The Windows To Go workspace is a full Windows 10 environment, so all of the hardware requirements of Windows 10 with respect to processing speed, memory usage, and graphics rendering need to be supported to be assured that it will work as expected. - -## My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go? - - -The default BitLocker protection profile in Windows 7 monitors the host computer for changes to the boot order as part of protecting the computer from tampering. When you change the boot order of the host computer to enable it to boot from the Windows To Go drive, the BitLocker system measurements will reflect that change and boot into recovery mode so that the computer can be inspected if necessary. - -You can reset the BitLocker system measurements to incorporate the new boot order using the following steps: - -1. Log on to the host computer using an account with administrator privileges. - -2. Click **Start**, click **Control Panel**, click **System and Security**, and then click **BitLocker Drive Encryption**. - -3. Click **Suspend Protection** for the operating system drive. - - A message is displayed, informing you that your data will not be protected while BitLocker is suspended and asking if you want to suspend BitLocker Drive Encryption. Click **Yes** to continue and suspend BitLocker on the drive. - -4. Restart the computer and enter the firmware settings to reset the boot order to boot from USB first. For more information on changing the boot order in the BIOS, see [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951) on the TechNet wiki. - -5. Restart the computer again and then log on to the host computer using an account with administrator privileges. (Neither your Windows To Go drive nor any other USB drive should be inserted.) - -6. Click **Start**, click **Control Panel**, click **System and Security**, and then click **BitLocker Drive Encryption**. - -7. Click **Resume Protection** to re-enable BitLocker protection. - -The host computer will now be able to be booted from a USB drive without triggering recovery mode. - -**Note** -The default BitLocker protection profile in Windows 8 or later does not monitor the boot order. - - - -## I decided to stop using a drive for Windows To Go and reformatted it – why doesn’t it have a drive letter assigned and how can I fix it? - - -Reformatting the drive erases the data on the drive, but doesn’t reconfigure the volume attributes. When a drive is provisioned for use as a Windows To Go drive the NODEFAULTDRIVELETTER attribute is set on the volume. To remove this attribute, use the following steps: - -1. Open a command prompt with full administrator permissions. - - **Note** - If your user account is a member of the Administrators group, but is not the Administrator account itself, then, by default, the programs that you run only have standard user permissions unless you explicitly choose to elevate them. - - - -2. Start the [diskpart](https://go.microsoft.com/fwlink/p/?LinkId=619070) command interpreter, by typing `diskpart` at the command prompt. - -3. Use the `select disk` command to identify the drive. If you do not know the drive number, use the `list` command to display the list of disks available. - -4. After selecting the disk, run the `clean` command to remove all data, formatting, and initialization information from the drive. - -## Why do I keep on getting the message “Installing devices…” when I boot Windows To Go? - - -One of the challenges involved in moving the Windows To Go drive between PCs while seamlessly booting Windows with access to all of their applications and data is that for Windows to be fully functional, specific drivers need to be installed for the hardware in each machine that runs Windows. Windows 8 or later has a process called respecialize which will identify new drivers that need to be loaded for the new PC and disable drivers which are not present on the new configuration. In general this feature is reliable and efficient when roaming between PCs of widely varying hardware configurations. - -In certain cases, third party drivers for different hardware models or versions can reuse device ID’s, driver file names, registry keys (or any other operating system constructs which do not support side-by-side storage) for similar hardware. For example, Touchpad drivers on different laptops often reuse the same device ID’s, and video cards from the same manufacturer may often reuse service names. Windows handles these situations by marking the non-present device node with a flag that indicates the existing driver needs to be reinstalled before continuing to install the new driver. - -This process will occur on any boot that a new driver is found and a driver conflict is detected. In some cases that will result in a respecialize progress message “Installing devices…” displaying every time that a Windows to Go drive is roamed between two PCs which require conflicting drivers. - -## How do I upgrade the operating system on my Windows To Go drive? - - -There is no support in Windows for upgrading a Windows To Go drive. Deployed Windows To Go drives with older versions of Windows will need to be re-imaged with a new version of Windows in order to transition to the new operating system version. - -## Additional resources - - -- [Windows 10 forums](https://go.microsoft.com/fwlink/p/?LinkId=618949) - -- [Windows To Go Step by Step Wiki](https://go.microsoft.com/fwlink/p/?LinkId=618950) - -- [Windows To Go: feature overview](windows-to-go-overview.md) - -- [Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md) - -- [Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md) - -- [Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md) - - - - - - - - - +--- +title: Windows To Go frequently asked questions (Windows 10) +description: Windows To Go frequently asked questions +ms.assetid: bfdfb824-4a19-4401-b369-22c5e6ca9d6e +ms.reviewer: +manager: laurawi +ms.author: greglin +keywords: FAQ, mobile, device, USB +ms.prod: w10 +ms.mktglfcycl: deploy +ms.pagetype: mobility +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.topic: article +--- + +# Windows To Go: frequently asked questions + + +**Applies to** + +- Windows 10 + +>[!IMPORTANT] +>Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. + +The following list identifies some commonly asked questions about Windows To Go. + +- [What is Windows To Go?](#wtg-faq-whatis) + +- [Does Windows To Go rely on virtualization?](#wtg-faq-virt) + +- [Who should use Windows To Go?](#wtg-faq-who) + +- [How can Windows To Go be deployed in an organization?](#wtg-faq-deploy) + +- [Is Windows To Go supported on both USB 2.0 and USB 3.0 drives?](#wtg-faq-usbvs) + +- [Is Windows To Go supported on USB 2.0 and USB 3.0 ports?](#wtg-faq-usbports) + +- [How do I identify a USB 3.0 port?](#wtg-faq-usb3port) + +- [Does Windows To Go run faster on a USB 3.0 port?](#wtg-faq-usb3speed) + +- [Can the user self-provision Windows To Go?](#wtg-faq-selfpro) + +- [How can Windows To Go be managed in an organization?](#wtg-faq-mng) + +- [How do I make my computer boot from USB?](#wtf-faq-startup) + +- [Why isn’t my computer booting from USB?](#wtg-faq-noboot) + +- [What happens if I remove my Windows To Go drive while it is running?](#wtg-faq-surprise) + +- [Can I use BitLocker to protect my Windows To Go drive?](#wtg-faq-bitlocker) + +- [Why can’t I enable BitLocker from Windows To Go Creator?](#wtg-faq-blfail) + +- [What power states does Windows To Go support?](#wtg-faq-power) + +- [Why is hibernation disabled in Windows To Go?](#wtg-faq-hibernate) + +- [Does Windows To Go support crash dump analysis?](#wtg-faq-crashdump) + +- [Do “Windows To Go Startup Options” work with dual boot computers?](#wtg-faq-dualboot) + +- [I plugged my Windows To Go drive into a running computer and I can’t see the partitions on the drive. Why not?](#wtg-faq-diskpart) + +- [I’m booted into Windows To Go, but I can’t browse to the internal hard drive of the host computer. Why not?](#wtg-faq-san4) + +- [Why does my Windows To Go drive have an MBR disk format with a FAT32 system partition?](#wtg-faq-fatmbr) + +- [Is Windows To Go secure if I use it on an untrusted machine?](#wtg-faq-malhost) + +- [Does Windows To Go work with ARM processors?](#wtg-faq-arm) + +- [Can I synchronize data from Windows To Go with my other computer?](#wtg-faq-datasync) + +- [What size USB Flash Drive do I need to make a Windows To Go drive?](#wtg-faq-usbsz) + +- [Do I need to activate Windows To Go every time I roam?](#wtg-faq-roamact) + +- [Can I use all Windows features on Windows To Go?](#wtg-faq-features) + +- [Can I use all my applications on Windows To Go?](#wtg-faq-approam) + +- [Does Windows To Go work slower than standard Windows?](#wtg-faq-slow) + +- [If I lose my Windows To Go drive, will my data be safe?](#wtg-faq-safeloss) + +- [Can I boot Windows To Go on a Mac?](#wtg-faq-mac) + +- [Are there any APIs that allow applications to identify a Windows To Go workspace?](#wtg-faq-api) + +- [How is Windows To Go licensed?](#wtg-faq-lic) + +- [Does Windows Recovery Environment work with Windows To Go? What’s the guidance for recovering a Windows To Go drive?](#wtg-faq-recovery) + +- [Why won’t Windows To Go work on a computer running Windows XP or Windows Vista?](#wtg-faq-oldos) + +- [Why does the operating system on the host computer matter?](#wtg-faq-oldos2) + +- [My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go?](#wtg-faq-blreckey) + +- [I decided to stop using a drive for Windows To Go and reformatted it – why doesn’t it have a drive letter assigned and how can I fix it?](#wtg-faq-reformat) + +- [Why do I keep on getting the message “Installing devices…” when I boot Windows To Go?](#bkmk-roamconflict) + +- [How do I upgrade the operating system on my Windows To Go drive?](#bkmk-upgradewtg) + +## What is Windows To Go? + + +Windows To Go is a feature for users of Windows 10 Enterprise and Windows 10 Education that enables users to boot a full version of Windows from external USB drives on host PCs. + +## Does Windows To Go rely on virtualization? + + +No. Windows To Go is a native instance of Windows 10 that runs from a USB device. It is just like a laptop hard drive with Windows 8 that has been put into a USB enclosure. + +## Who should use Windows To Go? + + +Windows To Go was designed for enterprise usage and targets scenarios such as continuance of operations, contractors, managed free seating, traveling workers, and work from home. + +## How can Windows To Go be deployed in an organization? + + +Windows To Go can be deployed using standard Windows deployment tools like Diskpart and DISM. The prerequisites for deploying Windows To Go are: + +- A Windows To Go recommended USB drive to provision; See the list of currently available USB drives at [Hardware considerations for Windows To Go](windows-to-go-overview.md#wtg-hardware) + +- A Windows 10 Enterprise or Windows 10 Education image + +- A Windows 10 Enterprise, Windows 10 Education or Windows 10 Professional host PC that can be used to provision new USB keys + +You can use a Windows PowerShell script to target several drives and scale your deployment for a large number of Windows To Go drives. You can also use a USB duplicator to duplicate a Windows To Go drive after it has been provisioned if you are creating a large number of drives. See the [Windows To Go Step by Step](https://go.microsoft.com/fwlink/p/?LinkId=618950) article on the TechNet wiki for a walkthrough of the drive creation process. + +## Is Windows To Go supported on both USB 2.0 and USB 3.0 drives? + + +No. Windows To Go is supported on USB 3.0 drives that are certified for Windows To Go. + +## Is Windows To Go supported on USB 2.0 and USB 3.0 ports? + + +Yes. Windows To Go is fully supported on either USB 2.0 ports or USB 3.0 ports on PCs certified for Windows 7 or later. + +## How do I identify a USB 3.0 port? + + +USB 3.0 ports are usually marked blue or carry a SS marking on the side. + +## Does Windows To Go run faster on a USB 3.0 port? + + +Yes. Because USB 3.0 offers significantly faster speeds than USB 2.0, a Windows To Go drive running on a USB 3.0 port will operate considerably faster. This speed increase applies to both drive provisioning and when the drive is being used as a workspace. + +## Can the user self-provision Windows To Go? + + +Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise, Windows 10 Education and Windows 10 Professional. Additionally, System Center 2012 Configuration Manager SP1 and later releases includes support for user self-provisioning of Windows To Go drives. Configuration Manager can be downloaded for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkID=618746). + +## How can Windows To Go be managed in an organization? + + +Windows To Go can be deployed and managed like a traditional desktop PC using standard Windows enterprise software distribution tools like System Center Configuration Manager. Computer and user settings for Windows To Go workspaces can be managed using Group Policy setting also in the same manner that you manage Group Policy settings for other PCs in your organization. Windows To Go workspaces can be configured to connect to the organizational resources remotely using DirectAccess or a virtual private network connection so that they can connect securely to your network. + +## How do I make my computer boot from USB? + + +For host computers running Windows 10 + +- Using Cortana, search for **Windows To Go startup options**, and then press Enter. +- In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB. + +For host computers running Windows 8 or Windows 8.1: + +Press **Windows logo key+W** and then search for **Windows To Go startup options** and then press Enter. + +In the **Windows To Go Startup Options** dialog box select **Yes** and then click **Save Changes** to configure the computer to boot from USB. + +> [!NOTE] +> Your IT department can use Group Policy to configure Windows To Go Startup Options in your organization. + + + +If the host computer is running an earlier version of the Windows operating system need to configure the computer to boot from USB manually. + +To do this, early during boot time (usually when you see the manufacturer’s logo), enter your firmware/BIOS setup. (This method to enter firmware/BIOS setup differs with different computer manufacturers, but is usually entered by pressing one of the function keys, such as F12, F2, F1, Esc, and so forth. You should check the manufacturer’s site to be sure if you do not know which key to use to enter firmware setup.) + +After you have entered firmware setup, make sure that boot from USB is enabled. Then change the boot order to boot from USB drives first. + +Alternatively, if your computer supports it, you can try to use the one-time boot menu (often F12), to select USB boot on a per-boot basis. + +For more detailed instructions, see the wiki article, [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951). + +**Warning** +Configuring a computer to boot from USB will cause your computer to attempt to boot from any bootable USB device connected to your computer. This potentially includes malicious devices. Users should be informed of this risk and instructed to not have any bootable USB storage devices plugged in to their computers except for their Windows To Go drive. + + + +## Why isn’t my computer booting from USB? + + +Computers certified for Windows 7 and later are required to have support for USB boot. Check to see if any of the following items apply to your situation: + +1. Ensure that your computer has the latest BIOS installed and the BIOS is configured to boot from a USB device. + +2. Ensure that the Windows To Go drive is connected directly to a USB port on the computer. Many computers don’t support booting from a device connected to a USB 3 PCI add-on card or external USB hubs. + +3. If the computer is not booting from a USB 3.0 port, try to boot from a USB 2.0 port. + +If none of these items enable the computer to boot from USB, contact the hardware manufacturer for additional support. + +## What happens if I remove my Windows To Go drive while it is running? + + +If the Windows To Go drive is removed, the computer will freeze and the user will have 60 seconds to reinsert the Windows To Go drive. If the Windows To Go drive is reinserted into the same port it was removed from, Windows will resume at the point where the drive was removed. If the USB drive is not reinserted, or is reinserted into a different port, the host computer will turn off after 60 seconds. + +**Warning** +You should never remove your Windows To Go drive when your workspace is running. The computer freeze is a safety measure to help mitigate the risk of accidental removal. Removing the Windows To Go drive without shutting down the Windows To Go workspace could result in corruption of the Windows To Go drive. + + + +## Can I use BitLocker to protect my Windows To Go drive? + + +Yes. In Windows 8 and later, BitLocker has added support for using a password to protect operating system drives. This means that you can use a password to secure your Windows To Go workspace and you will be prompted to enter this password every time you use the Windows To Go workspace. + +## Why can’t I enable BitLocker from Windows To Go Creator? + + +Several different Group Policies control the use of BitLocker on your organizations computers. These policies are located in the **Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption** folder of the local Group Policy editor. The folder contains three sub-folders for fixed, operating system and removable data drive types. + +When you are using Windows To Go Creator, the Windows To Go drive is considered a removable data drive by BitLocker. Review the following setting to see if these settings apply in your situation: + +1. **Control use of BitLocker on removable drives** + + If this setting is disabled BitLocker cannot be used with removable drives, so the Windows To Go Creator wizard will fail if it attempts to enable BitLocker on the Windows To Go drive. + +2. **Configure use of smart cards on removable data drives** + + If this setting is enabled and the option **Require use of smart cards on removable data drives** is also selected the creator wizard might fail if you have not already signed on using your smart card credentials before starting the Windows To Go Creator wizard. + +3. **Configure use of passwords for removable data drives** + + If this setting is enabled and the **Require password complexity option** is selected the computer must be able to connect to the domain controller to verify that the password specified meets the password complexity requirements. If the connection is not available, the Windows To Go Creator wizard will fail to enable BitLocker. + +Additionally, the Windows To Go Creator will disable the BitLocker option if the drive does not have any volumes. In this situation, you should initialize the drive and create a volume using the Disk Management console before provisioning the drive with Windows To Go. + +## What power states does Windows To Go support? + + +Windows To Go supports all power states except the hibernate class of power states, which include hybrid boot, hybrid sleep, and hibernate. This default behavior can be modified by using Group Policy settings to enable hibernation of the Windows To Go workspace. + +## Why is hibernation disabled in Windows To Go? + + +When a Windows To Go workspace is hibernated, it will only successfully resume on the exact same hardware. Therefore, if a Windows To Go workspace is hibernated on one computer and roamed to another, the hibernation state (and therefore user state) will be lost. To prevent this from happening, the default settings for a Windows To Go workspace disable hibernation. If you are confident that you will only attempt to resume on the same computer, you can enable hibernation using the Windows To Go Group Policy setting, **Allow hibernate (S4) when started from a Windows To Go workspace** that is located at **\\\\Computer Configuration\\Administrative Templates\\Windows Components\\Portable Operating System\\** in the Local Group Policy Editor (gpedit.msc). + +## Does Windows To Go support crash dump analysis? + + +Yes. Windows 8 and later support crash dump stack analysis for both USB 2.0 and 3.0. + +## Do “Windows To Go Startup Options” work with dual boot computers? + + +Yes, if both operating systems are running the Windows 8 operating system. Enabling “Windows To Go Startup Options” should cause the computer to boot from the Windows To Go workspace when the drive is plugged in before the computer is turned on. + +If you have configured a dual boot computer with a Windows operating system and another operating system it might work occasionally and fail occasionally. Using this configuration is unsupported. + +## I plugged my Windows To Go drive into a running computer and I can’t see the partitions on the drive. Why not? + + +Windows To Go Creator and the recommended deployment steps for Windows To Go set the NO\_DEFAULT\_DRIVE\_LETTER flag on the Windows To Go drive. This flag prevents Windows from automatically assigning drive letters to the partitions on the Windows To Go drive. That’s why you can’t see the partitions on the drive when you plug your Windows To Go drive into a running computer. This helps prevent accidental data leakage between the Windows To Go drive and the host computer. If you really need to access the files on the Windows To Go drive from a running computer, you can use diskmgmt.msc or diskpart to assign a drive letter. + +**Warning** +It is strongly recommended that you do not plug your Windows To Go drive into a running computer. If the computer is compromised, your Windows To Go workspace can also be compromised. + + + +## I’m booted into Windows To Go, but I can’t browse to the internal hard drive of the host computer. Why not? + + +Windows To Go Creator and the recommended deployment steps for Windows To Go set SAN Policy 4 on Windows To Go drive. This policy prevents Windows from automatically mounting internal disk drives. That’s why you can’t see the internal hard drives of the host computer when you are booted into Windows To Go. This is done to prevent accidental data leakage between Windows To Go and the host system. This policy also prevents potential corruption on the host drives or data loss if the host operating system is in a hibernation state. If you really need to access the files on the internal hard drive, you can use diskmgmt.msc to mount the internal drive. + +**Warning** +It is strongly recommended that you do not mount internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 or later operating system, mounting the drive will lead to loss of hibernation state and therefor user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted. + + + +## Why does my Windows To Go drive have an MBR disk format with a FAT32 system partition? + + +This is done to allow Windows To Go to boot from UEFI and legacy systems. + +## Is Windows To Go secure if I use it on an untrusted computer? + + +While you are more secure than if you use a completely untrusted operating system, you are still vulnerable to attacks from the firmware or anything that runs before Windows To Go starts. If you plug your Windows To Go drive into a running untrusted computer, your Windows To Go drive can be compromised because any malicious software that might be active on the computer can access the drive. + +## Does Windows To Go work with ARM processors? + + +No. Windows RT is a specialized version of Windows designed for ARM processors. Windows To Go is currently only supported on PCs with x86 or x64-based processors. + +## Can I synchronize data from Windows To Go with my other computer? + + +To get your data across all your computers, we recommend using folder redirection and client side caching to store copies of your data on a server while giving you offline access to the files you need. + +## What size USB flash drive do I need to make a Windows To Go drive? + + +The size constraints are the same as full Windows. To ensure that you have enough space for Windows, your data, and your applications, we recommend USB drives that are a minimum of 20 GB in size. + +## Do I need to activate Windows To Go every time I roam? + + +No, Windows To Go requires volume activation; either using the [Key Management Service](https://go.microsoft.com/fwlink/p/?LinkId=619051) (KMS) server in your organization or using [Active Directory](https://go.microsoft.com/fwlink/p/?LinkId=619053) based volume activation. The Windows To Go workspace will not need to be reactivated every time you roam. KMS activates Windows on a local network, eliminating the need for individual computers to connect to Microsoft. To remain activated, KMS client computers must renew their activation by connecting to the KMS host on periodic basis. This typically occurs as soon as the user has access to the corporate network (either through a direct connection on-premises or a through remote connection using DirectAccess or a virtual private network connection), once activated the machine will not need to be activated again until the activation validity interval has passed. In a KMS configuration the activation validity interval is 180 days. + +## Can I use all Windows features on Windows To Go? + + +Yes, with some minor exceptions, you can use all Windows features with your Windows To Go workspace. The only currently unsupported features are using the Windows Recovery Environment and PC Reset & Refresh. + +## Can I use all my applications on Windows To Go? + + +Yes. Because your Windows To Go workspace is a full Windows 10 environment, all applications that work with Windows 10 should work in your Windows To Go workspace. However, any applications that use hardware binding (usually for licensing and/or digital rights management reasons) may not run when you roam your Windows To Go drive between different host computers, and you may have to use those applications on the same host computer every time. + +## Does Windows To Go work slower than standard Windows? + + +If you are using a USB 3.0 port and a Windows To Go certified device, there should be no perceivable difference between standard Windows and Windows To Go. However, if you are booting from a USB 2.0 port, you may notice some slowdown since USB 2.0 transfer speeds are slower than SATA speeds. + +## If I lose my Windows To Go drive, will my data be safe? + + +Yes! If you enable BitLocker on your Windows To Go drive, all your data will be encrypted and protected and a malicious user will not be able to access your data without your password. If you don’t enable BitLocker, your data will be vulnerable if you lose your Windows To Go drive. + +## Can I boot Windows To Go on a Mac? + + +We are committed to give customers a consistent and quality Windows 10 experience with Windows To Go. Windows To Go supports host devices certified for use with Windows 7 or later. Because Mac computers are not certified for use with Windows 7 or later, using Windows To Go is not supported on a Mac. + +## Are there any APIs that allow applications to identify a Windows To Go workspace? + + +Yes. You can use a combination of identifiers to determine if the currently running operating system is a Windows To Go workspace. First, check if the **PortableOperatingSystem** property is true. When that value is true it means that the operating system was booted from an external USB device. + +Next, check if the **OperatingSystemSKU** property is equal to **4** (for Windows 10 Enterprise) or **121** (for Windows 10 Education). The combination of those two properties represents a Windows To Go workspace environment. + +For more information, see the MSDN article on the [Win32\_OperatingSystem class](https://go.microsoft.com/fwlink/p/?LinkId=619059). + +## How is Windows To Go licensed? + + +Windows To Go allows organization to support the use of privately owned PCs at the home or office with more secure access to their organizational resources. With Windows To Go use rights under [Software Assurance](https://go.microsoft.com/fwlink/p/?LinkId=619062), an employee will be able to use Windows To Go on any company PC licensed with Software Assurance as well as from their home PC. + +## Does Windows Recovery Environment work with Windows To Go? What’s the guidance for recovering a Windows To Go drive? + + +No, use of Windows Recovery Environment is not supported on Windows To Go. It is recommended that you implement user state virtualization technologies like Folder Redirection to centralize and back up user data in the data center. If any corruption occurs on a Windows To Go drive, you should re-provision the workspace. + +## Why won’t Windows To Go work on a computer running Windows XP or Windows Vista? + + +Actually it might. If you have purchased a computer certified for Windows 7 or later and then installed an older operating system, Windows To Go will boot and run as expected as long as you have configured the firmware to boot from USB. However, if the computer was certified for Windows XP or Windows Vista, it might not meet the hardware requirements for Windows To Go to run. Typically computers certified for Windows Vista and earlier operating systems have less memory, less processing power, reduced video rendering, and slower USB ports. + +## Why does the operating system on the host computer matter? + + +It doesn’t other than to help visually identify if the PC has compatible hardware. For a PC to be certified for Windows 7 or later it had to support booting from USB. If a computer cannot boot from USB there is no way that it can be used with Windows To Go. The Windows To Go workspace is a full Windows 10 environment, so all of the hardware requirements of Windows 10 with respect to processing speed, memory usage, and graphics rendering need to be supported to be assured that it will work as expected. + +## My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go? + + +The default BitLocker protection profile in Windows 7 monitors the host computer for changes to the boot order as part of protecting the computer from tampering. When you change the boot order of the host computer to enable it to boot from the Windows To Go drive, the BitLocker system measurements will reflect that change and boot into recovery mode so that the computer can be inspected if necessary. + +You can reset the BitLocker system measurements to incorporate the new boot order using the following steps: + +1. Log on to the host computer using an account with administrator privileges. + +2. Click **Start**, click **Control Panel**, click **System and Security**, and then click **BitLocker Drive Encryption**. + +3. Click **Suspend Protection** for the operating system drive. + + A message is displayed, informing you that your data will not be protected while BitLocker is suspended and asking if you want to suspend BitLocker Drive Encryption. Click **Yes** to continue and suspend BitLocker on the drive. + +4. Restart the computer and enter the firmware settings to reset the boot order to boot from USB first. For more information on changing the boot order in the BIOS, see [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951) on the TechNet wiki. + +5. Restart the computer again and then log on to the host computer using an account with administrator privileges. (Neither your Windows To Go drive nor any other USB drive should be inserted.) + +6. Click **Start**, click **Control Panel**, click **System and Security**, and then click **BitLocker Drive Encryption**. + +7. Click **Resume Protection** to re-enable BitLocker protection. + +The host computer will now be able to be booted from a USB drive without triggering recovery mode. + +> [!NOTE] +> The default BitLocker protection profile in Windows 8 or later does not monitor the boot order. + + + +## I decided to stop using a drive for Windows To Go and reformatted it – why doesn’t it have a drive letter assigned and how can I fix it? + + +Reformatting the drive erases the data on the drive, but doesn’t reconfigure the volume attributes. When a drive is provisioned for use as a Windows To Go drive the NODEFAULTDRIVELETTER attribute is set on the volume. To remove this attribute, use the following steps: + +1. Open a command prompt with full administrator permissions. + + > [!NOTE] + > If your user account is a member of the Administrators group, but is not the Administrator account itself, then, by default, the programs that you run only have standard user permissions unless you explicitly choose to elevate them. + + + +2. Start the [diskpart](https://go.microsoft.com/fwlink/p/?LinkId=619070) command interpreter, by typing `diskpart` at the command prompt. + +3. Use the `select disk` command to identify the drive. If you do not know the drive number, use the `list` command to display the list of disks available. + +4. After selecting the disk, run the `clean` command to remove all data, formatting, and initialization information from the drive. + +## Why do I keep on getting the message “Installing devices…” when I boot Windows To Go? + + +One of the challenges involved in moving the Windows To Go drive between PCs while seamlessly booting Windows with access to all of their applications and data is that for Windows to be fully functional, specific drivers need to be installed for the hardware in each machine that runs Windows. Windows 8 or later has a process called respecialize which will identify new drivers that need to be loaded for the new PC and disable drivers which are not present on the new configuration. In general this feature is reliable and efficient when roaming between PCs of widely varying hardware configurations. + +In certain cases, third party drivers for different hardware models or versions can reuse device ID’s, driver file names, registry keys (or any other operating system constructs which do not support side-by-side storage) for similar hardware. For example, Touchpad drivers on different laptops often reuse the same device ID’s, and video cards from the same manufacturer may often reuse service names. Windows handles these situations by marking the non-present device node with a flag that indicates the existing driver needs to be reinstalled before continuing to install the new driver. + +This process will occur on any boot that a new driver is found and a driver conflict is detected. In some cases that will result in a respecialize progress message “Installing devices…” displaying every time that a Windows to Go drive is roamed between two PCs which require conflicting drivers. + +## How do I upgrade the operating system on my Windows To Go drive? + + +There is no support in Windows for upgrading a Windows To Go drive. Deployed Windows To Go drives with older versions of Windows will need to be re-imaged with a new version of Windows in order to transition to the new operating system version. + +## Additional resources + + +- [Windows 10 forums](https://go.microsoft.com/fwlink/p/?LinkId=618949) + +- [Windows To Go Step by Step Wiki](https://go.microsoft.com/fwlink/p/?LinkId=618950) + +- [Windows To Go: feature overview](windows-to-go-overview.md) + +- [Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md) + +- [Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md) + +- [Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md) + + + + + + + + + diff --git a/windows/deployment/planning/windows-to-go-overview.md b/windows/deployment/planning/windows-to-go-overview.md index 3ed1e2e88c..14a975949c 100644 --- a/windows/deployment/planning/windows-to-go-overview.md +++ b/windows/deployment/planning/windows-to-go-overview.md @@ -1,284 +1,285 @@ ---- -title: Windows To Go feature overview (Windows 10) -description: Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs. -ms.assetid: 9df82b03-acba-442c-801d-56db241f8d42 -ms.reviewer: -manager: laurawi -ms.author: greglin -keywords: workspace, mobile, installation, image, USB, device, image, edu -ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: mobility, edu -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.topic: article ---- - -# Windows To Go: feature overview - - -**Applies to** - -- Windows 10 - ->[!IMPORTANT] ->Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. - -Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs. - -PCs that meet the Windows 7 or later [certification requirements](https://go.microsoft.com/fwlink/p/?LinkId=618711) can run Windows 10 in a Windows To Go workspace, regardless of the operating system running on the PC. Windows To Go workspaces can use the same image enterprises use for their desktops and laptops and can be managed the same way. Windows To Go is not intended to replace desktops, laptops or supplant other mobility offerings. Rather, it provides support for efficient use of resources for alternative workplace scenarios. There are some additional considerations that you should keep in mind before you start to use Windows To Go: - -- [Differences between Windows To Go and a typical installation of Windows](#bkmk-wtgdif) -- [Roaming with Windows To Go](#bkmk-wtgroam) -- [Prepare for Windows To Go](#wtg-prep-intro) -- [Hardware considerations for Windows To Go](#wtg-hardware) - -**Note** -Windows To Go is not supported on Windows RT. - - - -## Differences between Windows To Go and a typical installation of Windows - - -Windows To Go workspace operates just like any other installation of Windows with a few exceptions. These exceptions are: - -- **Internal disks are offline.** To ensure data isn’t accidentally disclosed, internal hard disks on the host computer are offline by default when booted into a Windows To Go workspace. Similarly if a Windows To Go drive is inserted into a running system, the Windows To Go drive will not be listed in Windows Explorer. - -- **Trusted Platform Module (TPM) is not used.** When using BitLocker Drive Encryption a pre-operating system boot password will be used for security rather than the TPM since the TPM is tied to a specific computer and Windows To Go drives will move between computers. - -- **Hibernate is disabled by default.** To ensure that the Windows To Go workspace is able to move between computers easily, hibernation is disabled by default. Hibernation can be re-enabled by using Group Policy settings. - -- **Windows Recovery Environment is not available.** In the rare case that you need to recover your Windows To Go drive, you should re-image it with a fresh image of Windows. - -- **Refreshing or resetting a Windows To Go workspace is not supported.** Resetting to the manufacturer’s standard for the computer doesn’t apply when running a Windows To Go workspace, so the feature was disabled. - -- **Upgrading a Windows To Go workspace is not supported.** Older Windows 8 or Windows 8.1 Windows To Go workspaces cannot be upgraded to Windows 10 workspaces, nor can Windows 10 Windows To Go workspaces be upgraded to future versions of Windows 10. For new versions, the workspace needs to be re-imaged with a fresh image of Windows. - -## Roaming with Windows To Go - - -Windows To Go drives can be booted on multiple computers. When a Windows To Go workspace is first booted on a host computer it will detect all hardware on the computer and install any needed drivers. When the Windows To Go workspace is subsequently booted on that host computer it will be able to identify the host computer and load the correct set of drivers automatically. - -The applications that you want to use from the Windows To Go workspace should be tested to make sure they also support roaming. Some applications bind to the computer hardware which will cause difficulties if the workspace is being used with multiple host computers. - -## Prepare for Windows To Go - - -Enterprises install Windows on a large group of computers either by using configuration management software (such as System Center Configuration Manager), or by using standard Windows deployment tools such as DiskPart and the Deployment Image Servicing and Management (DISM) tool. - -These same tools can be used to provision Windows To Go drive, just as you would if you were planning for provisioning a new class of mobile PCs. You can use the [Windows Assessment and Deployment Kit](https://go.microsoft.com/fwlink/p/?LinkId=526803) to review deployment tools available. - -**Important** -Make sure you use the versions of the deployment tools provided for the version of Windows you are deploying. There have been many enhancements made to support Windows To Go. Using versions of the deployment tools released for earlier versions of Windows to provision a Windows To Go drive is not supported. - - - -As you decide what to include in your Windows To Go image, be sure to consider the following questions: - -Are there any drivers that you need to inject into the image? - -How will data be stored and synchronized to appropriate locations from the USB device? - -Are there any applications that are incompatible with Windows To Go roaming that should not be included in the image? - -What should be the architecture of the image - 32bit/64bit? - -What remote connectivity solution should be supported in the image if Windows To Go is used outside the corporate network? - -For more information about designing and planning your Windows To Go deployment, see [Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md). - -## Hardware considerations for Windows To Go - - -**For USB drives** - -The devices listed in this section have been specially optimized and certified for Windows To Go and meet the necessary requirements for booting and running a full version of Windows 10 from a USB drive. The optimizations for Windows To Go include the following: - -- Windows To Go certified USB drives are built for high random read/write speeds and support the thousands of random access I/O operations per second required for running normal Windows workloads smoothly. - -- Windows To Go certified USB drives have been tuned to ensure they boot and run on hardware certified for use with Windows 7 and later. - -- Windows To Go certified USB drives are built to last. Certified USB drives are backed with manufacturer warranties and should continue operating under normal usage. Refer to the manufacturer websites for warranty details. - -As of the date of publication, the following are the USB drives currently certified for use as Windows To Go drives: - -**Warning** -Using a USB drive that has not been certified is not supported - - - -- IronKey Workspace W700 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w700.html](https://go.microsoft.com/fwlink/p/?LinkId=618714)) - -- IronKey Workspace W500 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w500.html](https://go.microsoft.com/fwlink/p/?LinkId=618717)) - -- IronKey Workspace W300 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w300.html](https://go.microsoft.com/fwlink/p/?LinkId=618718)) - -- Kingston DataTraveler Workspace for Windows To Go ([http://www.kingston.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618719)) - -- Spyrus Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720)) - - We recommend that you run the Spyrus Deployment Suite for Windows To Go to provision the Spyrus Portable Workplace. - -- Spyrus Secure Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720)) - - **Important** - You must use the Spyrus Deployment Suite for Windows To Go to provision the Spyrus Secure Portable Workplace. For more information about the Spyrus Deployment Suite for Windows To Go please refer to [http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720). - - - -- Spyrus Worksafe ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720)) - - **Tip** - This device contains an embedded smart card. - - - -- Super Talent Express RC4 for Windows To Go - - -and- - - Super Talent Express RC8 for Windows To Go - - ([http://www.supertalent.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618721)) - -- Western Digital My Passport Enterprise ([http://www.wd.com/wtg](https://go.microsoft.com/fwlink/p/?LinkId=618722)) - - We recommend that you run the WD Compass utility to prepare the Western Digital My Passport Enterprise drive for provisioning with Windows To Go. For more information about the WD Compass utility please refer to [http://www.wd.com/wtg](https://go.microsoft.com/fwlink/p/?LinkId=618722) - -**For host computers** - -When assessing the use of a PC as a host for a Windows To Go workspace you should consider the following criteria: - -- Hardware that has been certified for use with Windows 7or later operating systems will work well with Windows To Go. - -- Running a Windows To Go workspace from a computer that is running Windows RT is not a supported scenario. - -- Running a Windows To Go workspace on a Mac computer is not a supported scenario. - -The following table details the characteristics that the host computer must have to be used with Windows To Go: - -
| Item | -Requirement | -
|---|---|
Boot process |
-Capable of USB boot |
-
Firmware |
-USB boot enabled. (PCs certified for use with Windows 7 or later can be configured to boot directly from USB, check with the hardware manufacturer if you are unsure of the ability of your PC to boot from USB) |
-
Processor architecture |
-Must support the image on the Windows To Go drive |
-
External USB Hubs |
-Not supported; connect the Windows To Go drive directly to the host machine |
-
Processor |
-1 Ghz or faster |
-
RAM |
-2 GB or greater |
-
Graphics |
-DirectX 9 graphics device with WDDM 1.2 or greater driver |
-
USB port |
-USB 2.0 port or greater |
-
| Host PC Firmware Type | -Host PC Processor Architecture | -Compatible Windows To Go Image Architecture | -
|---|---|---|
Legacy BIOS |
-32-bit |
-32-bit only |
-
Legacy BIOS |
-64-bit |
-32-bit and 64-bit |
-
UEFI BIOS |
-32-bit |
-32-bit only |
-
UEFI BIOS |
-64-bit |
-64-bit only |
-
| Item | +Requirement | +
|---|---|
Boot process |
+Capable of USB boot |
+
Firmware |
+USB boot enabled. (PCs certified for use with Windows 7 or later can be configured to boot directly from USB, check with the hardware manufacturer if you are unsure of the ability of your PC to boot from USB) |
+
Processor architecture |
+Must support the image on the Windows To Go drive |
+
External USB Hubs |
+Not supported; connect the Windows To Go drive directly to the host machine |
+
Processor |
+1 Ghz or faster |
+
RAM |
+2 GB or greater |
+
Graphics |
+DirectX 9 graphics device with WDDM 1.2 or greater driver |
+
USB port |
+USB 2.0 port or greater |
+
| Host PC Firmware Type | +Host PC Processor Architecture | +Compatible Windows To Go Image Architecture | +
|---|---|---|
Legacy BIOS |
+32-bit |
+32-bit only |
+
Legacy BIOS |
+64-bit |
+32-bit and 64-bit |
+
UEFI BIOS |
+32-bit |
+32-bit only |
+
UEFI BIOS |
+64-bit |
+64-bit only |
+
`LastProcessedTimeUtc`
The time range will be: from sinceTimeUtc time to current time.
**NOTE**: When not specified, all alerts generated in the last two hours are retrieved. -DateTime?untilTimeUtc | string | Defines the upper time bound alerts are retrieved.
The time range will be: from `sinceTimeUtc` time to `untilTimeUtc` time.
**NOTE**: When not specified, the default value will be the current time. -string ago | string | Pulls alerts in the following time range: from `(current_time - ago)` time to `current_time` time.
Value should be set according to **ISO 8601** duration format
E.g. `ago=PT10M` will pull alerts received in the last 10 minutes. -int?limit | int | Defines the number of alerts to be retrieved. Most recent alerts will be retrieved based on the number defined.
**NOTE**: When not specified, all alerts available in the time range will be retrieved. -machinegroups | String | Specifies machine groups to pull alerts from.
**NOTE**: When not specified, alerts from all machine groups will be retrieved.
Example:
```https://wdatp-alertexporter-eu.securitycenter.windows.com/api/Alerts/?machinegroups=UKMachines&machinegroups=FranceMachines``` +sinceTimeUtc | DateTime | Defines the lower time bound alerts are retrieved from, based on field:
`LastProcessedTimeUtc`
The time range will be: from sinceTimeUtc time to current time.
**NOTE**: When not specified, all alerts generated in the last two hours are retrieved. +untilTimeUtc | DateTime | Defines the upper time bound alerts are retrieved.
The time range will be: from `sinceTimeUtc` time to `untilTimeUtc` time.
**NOTE**: When not specified, the default value will be the current time. +ago | string | Pulls alerts in the following time range: from `(current_time - ago)` time to `current_time` time.
Value should be set according to **ISO 8601** duration format
E.g. `ago=PT10M` will pull alerts received in the last 10 minutes. +limit | int | Defines the number of alerts to be retrieved. Most recent alerts will be retrieved based on the number defined.
**NOTE**: When not specified, all alerts available in the time range will be retrieved. +machinegroups | string | Specifies machine groups to pull alerts from.
**NOTE**: When not specified, alerts from all machine groups will be retrieved.
Example:
```https://wdatp-alertexporter-eu.securitycenter.windows.com/api/Alerts/?machinegroups=UKMachines&machinegroups=FranceMachines``` DeviceCreatedMachineTags | string | Single machine tag from the registry. CloudCreatedMachineTags | string | Machine tags that were created in Microsoft Defender Security Center. From a2877b36af95789c77ea5bf334102917a4aec17d Mon Sep 17 00:00:00 2001 From: illfated
Onboard supported versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor +## Cloud Clipboard + +Cloud clipboard allows users to copy the content between devices. It also manages the clipboard histroy so that you can paste your old copied data. You can access it by clicking **Windows+V** key. + +To try this: + +1. Go to**Windows Settings** and select **Systems**. +2. On the left menu, click on **Clipboard**. +3. Toggle the on button to turn on **Clipboard history** +4. Under **Sync across devices**, toggle the on button to turn this feature on. + ## Kiosk setup experience We introduced a simplified assigned access configuration experience in **Settings** that allows device administrators to easily set up a PC as a kiosk or digital sign. A wizard experience walks you through kiosk setup including creating a kiosk account that will automatically sign in when a device starts. From a1082eede892db89e3426a751f0fc0be080435ce Mon Sep 17 00:00:00 2001 From: Daniel Simpson
+
+
August 17, 2019—update for Team edition based on KB4512474* (OS Build 15063.2021)
+ +This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: + + * Ensures that Video Out on Hub 2S defaults to "Duplicate" mode. + +Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. +*[KB4503289](https://support.microsoft.com/help/4503289) +June 18, 2019—update for Team edition based on KB4503289* (OS Build 15063.1897)
@@ -31,6 +42,9 @@ This update to the Surface Hub includes quality improvements and security fixes. * Addresses an issue with log collection for Microsoft Surface Hub 2S. * Addresses an issue preventing a user from signing in to a Microsoft Surface Hub device with an Azure Active Directory account. This issue occurs because a previous session did not end successfully. +* Adds support for TLS 1.2 connections to identity providers and Exchange in device account setup scenarios. +* Fixes to improve reliability of Hardware Diagnostic App on Hub 2S. +* Fix to improve consistency of first-run setup experience on Hub 2S. Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. *[KB4503289](https://support.microsoft.com/help/4503289) From 76b7dd8d3c7c47173a133b68c111f96cae47ac0b Mon Sep 17 00:00:00 2001 From: Greg LindsayYou must deploy your customized database (.sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways, including by using a logon script, by using Group Policy, or by performing file copy operations. |
-
+[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
+[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md) - - - - - - - - - diff --git a/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md b/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md index e06c1c3f42..487a1a93d2 100644 --- a/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md +++ b/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md @@ -11,7 +11,6 @@ ms.pagetype: appcompat ms.sitesec: library audience: itpro author: greg-lindsay -ms.date: 04/19/2017 ms.topic: article --- @@ -31,11 +30,10 @@ You can disable and enable individual compatibility fixes in your customized dat ## Disabling Compatibility Fixes - Customized compatibility databases can become quite complex as you add your fixes for the multiple applications found in your organization. Over time, you may find you need to disable a particular fix in your customized database. For example, if a software vendor releases a fix for an issue addressed in one of your compatibility fixes, you must validate that the vendor's fix is correct and that it resolves your issue. To do this, you must temporarily disable the compatibility fix and then test your application. -> [!IMPORTANT] -> Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to work with custom databases for 32-bit applications and the 64-bit version to work with custom databases for 64-bit applications. +>[!IMPORTANT] +>Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to work with custom databases for 32-bit applications and the 64-bit version to work with custom databases for 64-bit applications. @@ -66,4 +64,5 @@ You can enable your disabled compatibility fixes at any time. 2. On the **Database** menu, click **Enable Entry**. ## Related topics + [Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) diff --git a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md index 03e9af0af8..42ebfb4c7f 100644 --- a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md +++ b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md @@ -11,7 +11,6 @@ ms.pagetype: appcompat ms.sitesec: library audience: itpro author: greg-lindsay -ms.date: 04/19/2017 ms.topic: article --- @@ -31,8 +30,8 @@ You can access the Query tool from within Compatibility Administrator. The Query For information about the Search feature, see [Searching for Fixed Applications in Compatibility Administrator](searching-for-fixed-applications-in-compatibility-administrator.md). However, the Query tool provides more detailed search criteria, including tabs that enable you to search the program properties, the compatibility fix properties, and the fix description. You can perform a search by using SQL SELECT and WHERE clauses, in addition to searching specific types of databases. -> [!IMPORTANT] -> You must perform your search with the correct version of the Compatibility Administrator tool. To use the Query tool to search for a 32-bit custom database, you must use the 32-bit version of Compatibility Administrator. To use the Query tool to search for a 64-bit custom database, you must use the 64-bit version of Compatibility Administrator. +>[!IMPORTANT] +>You must perform your search with the correct version of the Compatibility Administrator tool. To use the Query tool to search for a 32-bit custom database, you must use the 32-bit version of Compatibility Administrator. To use the Query tool to search for a 64-bit custom database, you must use the 64-bit version of Compatibility Administrator. @@ -172,13 +171,5 @@ You can export any of your search results into a tab-delimited text (.txt) file 2. Browse to the location where you intend to store the search results file, and then click **Save**. ## Related topics -[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) - - - - - - - - +[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) \ No newline at end of file diff --git a/windows/deployment/planning/understanding-and-using-compatibility-fixes.md b/windows/deployment/planning/understanding-and-using-compatibility-fixes.md index 9c20d5e963..fab1e74808 100644 --- a/windows/deployment/planning/understanding-and-using-compatibility-fixes.md +++ b/windows/deployment/planning/understanding-and-using-compatibility-fixes.md @@ -11,13 +11,11 @@ ms.pagetype: appcompat ms.sitesec: library audience: itpro author: greg-lindsay -ms.date: 04/19/2017 ms.topic: article --- # Understanding and Using Compatibility Fixes - **Applies to** - Windows 10 @@ -31,7 +29,6 @@ As the Windows operating system evolves to support new technology and functional ## How the Compatibility Fix Infrastructure Works - The Compatibility Fix infrastructure uses the linking ability of APIs to redirect an application from Windows code directly to alternative code that implements the compatibility fix. The Windows Portable Executable File Format includes headers that contain the data directories that are used to provide a layer of indirection between the application and the linked file. API calls to the external binary files take place through the Import Address Table (IAT), which then directly calls the Windows operating system, as shown in the following figure. @@ -42,14 +39,13 @@ Specifically, the process modifies the address of the affected Windows function  -> [!NOTE] -> For statically linked DLLs, the code redirection occurs as the application loads. You can also fix dynamically linked DLLs by hooking into the GetProcAddress API. +>[!NOTE] +>For statically linked DLLs, the code redirection occurs as the application loads. You can also fix dynamically linked DLLs by hooking into the GetProcAddress API. ## Design Implications of the Compatibility Fix Infrastructure - There are important considerations to keep in mind when determining your application fix strategy, due to certain characteristics of the Compatibility Fix infrastructure. - The compatibility fix is not part of the Windows operating system (as shown in the previous figure). Therefore, the same security restrictions apply to the compatibility fix as apply to the application code, which means that you cannot use compatibility fixes to bypass any of the security mechanisms of the operating system. Therefore, compatibility fixes do not increase your security exposure, nor do you need to lower your security settings to accommodate compatibility fixes. @@ -65,7 +61,6 @@ There are important considerations to keep in mind when determining your applica ## Determining When to Use a Compatibility Fix - The decision to use compatibility fixes to remedy your compatibility issues may involve more than just technical issues. The following scenarios reflect other common reasons for using a compatibility fix. ### Scenario 1 @@ -88,15 +83,14 @@ In the situation where an application is either unimportant to your organization ## Determining Which Version of an Application to Fix - You can apply a compatibility fix to a particular version of an application, either by using the "up to or including" clause or by selecting that specific version. This means that the next version of the application will not have the compatibility fix automatically applied. This is important, because it allows you to continue to use your application, but it also encourages the vendor to fix the application. ## Support for Compatibility Fixes - Compatibility fixes are shipped as part of the Windows operating system and are updated by using Windows Update. Therefore, they receive the same level of support as Windows itself. You can apply the compatibility fixes to any of your applications. However, Microsoft does not provide the tools to use the Compatibility Fix infrastructure to create your own custom fixes. ## Related topics + [Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md) diff --git a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md b/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md index 6759684011..e6d35d3d8f 100644 --- a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md +++ b/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md @@ -11,7 +11,6 @@ ms.pagetype: appcompat ms.sitesec: library audience: itpro author: greg-lindsay -ms.date: 04/19/2017 ms.topic: article --- @@ -29,14 +28,14 @@ ms.topic: article The **Events** screen enables you to record and to view your activities in the Compatibility Administrator tool, provided that the screen is open while you perform the activities. -> [!IMPORTANT] -> The **Events** screen only records your activities when the screen is open. If you perform an action before opening the **Events** screen, the action will not appear in the list. +>[!IMPORTANT] +>The **Events** screen only records your activities when the screen is open. If you perform an action before opening the **Events** screen, the action will not appear in the list. **To open the Events screen** -- On the **View** menu, click **Events**. +- On the **View** menu, click **Events**. ## Handling Multiple Copies of Compatibility Fixes @@ -46,15 +45,5 @@ Compatibility Administrator enables you to copy your compatibility fixes from on If you open the **Events** screen and then perform the copy operation, you can see a description of the action, along with the time stamp, which enables you to view your fix information without confusion. ## Related topics -[Creating a Custom Compatibility Mode in Compatibility Administrator](creating-a-custom-compatibility-mode-in-compatibility-administrator.md) - -[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) - - - - - - - - - +[Creating a Custom Compatibility Mode in Compatibility Administrator](creating-a-custom-compatibility-mode-in-compatibility-administrator.md)
+[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) \ No newline at end of file diff --git a/windows/deployment/planning/windows-to-go-overview.md b/windows/deployment/planning/windows-to-go-overview.md index 14a975949c..f25da887d0 100644 --- a/windows/deployment/planning/windows-to-go-overview.md +++ b/windows/deployment/planning/windows-to-go-overview.md @@ -29,32 +29,26 @@ Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education t PCs that meet the Windows 7 or later [certification requirements](https://go.microsoft.com/fwlink/p/?LinkId=618711) can run Windows 10 in a Windows To Go workspace, regardless of the operating system running on the PC. Windows To Go workspaces can use the same image enterprises use for their desktops and laptops and can be managed the same way. Windows To Go is not intended to replace desktops, laptops or supplant other mobility offerings. Rather, it provides support for efficient use of resources for alternative workplace scenarios. There are some additional considerations that you should keep in mind before you start to use Windows To Go: -- [Differences between Windows To Go and a typical installation of Windows](#bkmk-wtgdif) -- [Roaming with Windows To Go](#bkmk-wtgroam) -- [Prepare for Windows To Go](#wtg-prep-intro) -- [Hardware considerations for Windows To Go](#wtg-hardware) +- [Differences between Windows To Go and a typical installation of Windows](#bkmk-wtgdif) +- [Roaming with Windows To Go](#bkmk-wtgroam) +- [Prepare for Windows To Go](#wtg-prep-intro) +- [Hardware considerations for Windows To Go](#wtg-hardware) -> [!NOTE] -> Windows To Go is not supported on Windows RT. +>[!NOTE] +>Windows To Go is not supported on Windows RT. ## Differences between Windows To Go and a typical installation of Windows - Windows To Go workspace operates just like any other installation of Windows with a few exceptions. These exceptions are: -- **Internal disks are offline.** To ensure data isn’t accidentally disclosed, internal hard disks on the host computer are offline by default when booted into a Windows To Go workspace. Similarly if a Windows To Go drive is inserted into a running system, the Windows To Go drive will not be listed in Windows Explorer. - -- **Trusted Platform Module (TPM) is not used.** When using BitLocker Drive Encryption a pre-operating system boot password will be used for security rather than the TPM since the TPM is tied to a specific computer and Windows To Go drives will move between computers. - -- **Hibernate is disabled by default.** To ensure that the Windows To Go workspace is able to move between computers easily, hibernation is disabled by default. Hibernation can be re-enabled by using Group Policy settings. - -- **Windows Recovery Environment is not available.** In the rare case that you need to recover your Windows To Go drive, you should re-image it with a fresh image of Windows. - -- **Refreshing or resetting a Windows To Go workspace is not supported.** Resetting to the manufacturer’s standard for the computer doesn’t apply when running a Windows To Go workspace, so the feature was disabled. - -- **Upgrading a Windows To Go workspace is not supported.** Older Windows 8 or Windows 8.1 Windows To Go workspaces cannot be upgraded to Windows 10 workspaces, nor can Windows 10 Windows To Go workspaces be upgraded to future versions of Windows 10. For new versions, the workspace needs to be re-imaged with a fresh image of Windows. +- **Internal disks are offline.** To ensure data isn’t accidentally disclosed, internal hard disks on the host computer are offline by default when booted into a Windows To Go workspace. Similarly if a Windows To Go drive is inserted into a running system, the Windows To Go drive will not be listed in Windows Explorer. +- **Trusted Platform Module (TPM) is not used.** When using BitLocker Drive Encryption a pre-operating system boot password will be used for security rather than the TPM since the TPM is tied to a specific computer and Windows To Go drives will move between computers. +- **Hibernate is disabled by default.** To ensure that the Windows To Go workspace is able to move between computers easily, hibernation is disabled by default. Hibernation can be re-enabled by using Group Policy settings. +- **Windows Recovery Environment is not available.** In the rare case that you need to recover your Windows To Go drive, you should re-image it with a fresh image of Windows. +- **Refreshing or resetting a Windows To Go workspace is not supported.** Resetting to the manufacturer’s standard for the computer doesn’t apply when running a Windows To Go workspace, so the feature was disabled. +- **Upgrading a Windows To Go workspace is not supported.** Older Windows 8 or Windows 8.1 Windows To Go workspaces cannot be upgraded to Windows 10 workspaces, nor can Windows 10 Windows To Go workspaces be upgraded to future versions of Windows 10. For new versions, the workspace needs to be re-imaged with a fresh image of Windows. ## Roaming with Windows To Go @@ -96,11 +90,9 @@ For more information about designing and planning your Windows To Go deployment, The devices listed in this section have been specially optimized and certified for Windows To Go and meet the necessary requirements for booting and running a full version of Windows 10 from a USB drive. The optimizations for Windows To Go include the following: -- Windows To Go certified USB drives are built for high random read/write speeds and support the thousands of random access I/O operations per second required for running normal Windows workloads smoothly. - -- Windows To Go certified USB drives have been tuned to ensure they boot and run on hardware certified for use with Windows 7 and later. - -- Windows To Go certified USB drives are built to last. Certified USB drives are backed with manufacturer warranties and should continue operating under normal usage. Refer to the manufacturer websites for warranty details. +- Windows To Go certified USB drives are built for high random read/write speeds and support the thousands of random access I/O operations per second required for running normal Windows workloads smoothly. +- Windows To Go certified USB drives have been tuned to ensure they boot and run on hardware certified for use with Windows 7 and later. +- Windows To Go certified USB drives are built to last. Certified USB drives are backed with manufacturer warranties and should continue operating under normal usage. Refer to the manufacturer websites for warranty details. As of the date of publication, the following are the USB drives currently certified for use as Windows To Go drives: @@ -109,26 +101,21 @@ Using a USB drive that has not been certified is not supported -- IronKey Workspace W700 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w700.html](https://go.microsoft.com/fwlink/p/?LinkId=618714)) - -- IronKey Workspace W500 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w500.html](https://go.microsoft.com/fwlink/p/?LinkId=618717)) - -- IronKey Workspace W300 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w300.html](https://go.microsoft.com/fwlink/p/?LinkId=618718)) - -- Kingston DataTraveler Workspace for Windows To Go ([http://www.kingston.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618719)) - -- Spyrus Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720)) +- IronKey Workspace W700 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w700.html](https://go.microsoft.com/fwlink/p/?LinkId=618714)) +- IronKey Workspace W500 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w500.html](https://go.microsoft.com/fwlink/p/?LinkId=618717)) +- IronKey Workspace W300 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w300.html](https://go.microsoft.com/fwlink/p/?LinkId=618718)) +- Kingston DataTraveler Workspace for Windows To Go ([http://www.kingston.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618719)) +- Spyrus Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720)) We recommend that you run the Spyrus Deployment Suite for Windows To Go to provision the Spyrus Portable Workplace. -- Spyrus Secure Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720)) +- Spyrus Secure Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720)) > [!IMPORTANT] > You must use the Spyrus Deployment Suite for Windows To Go to provision the Spyrus Secure Portable Workplace. For more information about the Spyrus Deployment Suite for Windows To Go please refer to [http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720). - -- Spyrus Worksafe ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720)) +- Spyrus Worksafe ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720)) **Tip** This device contains an embedded smart card. @@ -151,11 +138,9 @@ Using a USB drive that has not been certified is not supported When assessing the use of a PC as a host for a Windows To Go workspace you should consider the following criteria: -- Hardware that has been certified for use with Windows 7or later operating systems will work well with Windows To Go. - -- Running a Windows To Go workspace from a computer that is running Windows RT is not a supported scenario. - -- Running a Windows To Go workspace on a Mac computer is not a supported scenario. +- Hardware that has been certified for use with Windows 7or later operating systems will work well with Windows To Go. +- Running a Windows To Go workspace from a computer that is running Windows RT is not a supported scenario. +- Running a Windows To Go workspace on a Mac computer is not a supported scenario. The following table details the characteristics that the host computer must have to be used with Windows To Go: @@ -249,37 +234,17 @@ In addition to the USB boot support in the BIOS, the Windows 10 image on your W - - ## Additional resources - -- [Windows 10 forums](https://go.microsoft.com/fwlink/p/?LinkId=618949) - -- [Windows To Go Step by Step Wiki](https://go.microsoft.com/fwlink/p/?LinkId=618950) - -- [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951) +- [Windows 10 forums](https://go.microsoft.com/fwlink/p/?LinkId=618949) +- [Windows To Go Step by Step Wiki](https://go.microsoft.com/fwlink/p/?LinkId=618950) +- [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951) ## Related topics - -- [Deploy Windows To Go in your organization](https://go.microsoft.com/fwlink/p/?LinkId=619975) - -- [Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md) - -- [Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md) - -- [Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md) - -- [Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md) - -- [Best practice recommendations for Windows To Go](best-practice-recommendations-for-windows-to-go.md) - - - - - - - - - +[Deploy Windows To Go in your organization](https://go.microsoft.com/fwlink/p/?LinkId=619975)
+[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md)
+[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
+[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
+[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
+[Best practice recommendations for Windows To Go](best-practice-recommendations-for-windows-to-go.md) From de24746606c2905180d67c49c1e73c50475492c9 Mon Sep 17 00:00:00 2001 From: Dani Halfin
You must deploy your customized database (.sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways, including by using a logon script, by using Group Policy, or by performing file copy operations.
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) \ No newline at end of file +[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) From 9278d433e4526436a43802b62273ec6e45d5c40d Mon Sep 17 00:00:00 2001 From: Dulce Montemayor
[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
From bfaab3359a63dde24e6d0dca11b841e045c481f6 Mon Sep 17 00:00:00 2001 From: Greg Lindsay
The Microsoft Defender ATP evaluation lab is designed to eliminate the complexities of machine and environment configuration so that you can focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action. -- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-2008-r2-sp1--windows-server-2012-r2-and-windows-server-2016)
You can now onboard Windows Server 2008 R2 SP1. - - [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac)
Microsoft Defender ATP for Mac brings the next-generation protection, and endpoint detection and response coverage to Mac devices. Core components of the unified endpoint security platform will now be available for Mac devices. - [Live response](live-response.md)
Get instantaneous access to a machine using a remote shell connection. Do in-depth investigative work and take immediate response actions to promptly contain identified threats – real-time. diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index ca56b9c2fd..10cba3e6d8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -28,6 +28,11 @@ The following features are generally available (GA) in the latest release of Mic For more information preview features, see [Preview features](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection). + +## September 2019 +- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-2008-r2-sp1--windows-server-2012-r2-and-windows-server-2016)
You can now onboard Windows Server 2008 R2 SP1. + + ## June 2019 - [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
A new built-in capability that uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. From f8bb6106c6db3fcdb34ba28d68405197c577ae30 Mon Sep 17 00:00:00 2001 From: Dani Halfin
Firmware
USB boot enabled. (PCs certified for use with Windows 7 or later can be configured to boot directly from USB, check with the hardware manufacturer if you are unsure of the ability of your PC to boot from USB)
USB boot enabled. (PCs certified for use with Windows 7 or later can be configured to boot directly from USB, check with the hardware manufacturer if you are unsure of the ability of your PC to boot from USB)
Processor architecture
| Summary | Originating update | Status | Last updated |
| Windows Desktop Search may not return any results and may have high CPU usage Windows Desktop Search may not return any results and SearchUI.exe may have high CPU usage after installing KB4512941. See details > | OS Build 18362.329 August 30, 2019 KB4512941 | Investigating | September 04, 2019 02:25 PM PT |
| Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error. See details > | OS Build 18362.295 August 13, 2019 KB4512508 | Resolved KB4512941 | August 30, 2019 10:00 AM PT |
| Issues updating when certain versions of Intel storage drivers are installed Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail. See details > | OS Build 18362.145 May 29, 2019 KB4497935 | Resolved KB4512941 | August 30, 2019 10:00 AM PT |
| Initiating a Remote Desktop connection may result in black screen When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen. See details > | OS Build 18362.145 May 29, 2019 KB4497935 | Resolved KB4512941 | August 30, 2019 10:00 AM PT |
| Details | Originating update | Status | History |
| Windows Desktop Search may not return any results and may have high CPU usage Microsoft is getting reports that a small number of users may not receive results when using Windows Desktop Search and may see high CPU usage from SearchUI.exe when searching after installing KB4512941. This issue is only encountered on devices in which searching the web from Windows Desktop Search has been disabled. Affected platforms:
Next steps: We are working on a resolution and estimate a solution will be available in mid-September. Back to top | OS Build 18362.329 August 30, 2019 KB4512941 | Investigating | Last updated: September 04, 2019 02:25 PM PT Opened: September 04, 2019 02:25 PM PT |