Merged PR 5528: 1/26 PM Publish

2025-07-10 06:33:40 +00:00 · 2018-01-26 23:30:56 +00:00
parent 2009ea3824 8ac4c28055
commit 9f64effa70
4 changed files with 25 additions and 12 deletions
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@ -6,11 +6,14 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 10/30/2017
+ms.date: 01/04/2018
 ---

 # BitLocker CSP

+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703.

 > [!Note]  
@ -794,6 +797,12 @@ The following diagram shows the BitLocker configuration service provider in tree

 <p style="margin-left: 20px">Allows the Admin to disable the warning prompt for other disk encryption on the user machines.</p>

+> [!Important]  
+> Starting in Windows 10, next major update, the value 0 can only be set for Azure Active Directory joined devices.  Windows will attempt to silently enable [BitLocker](https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-overview) for value 0.
+
+> [!Warning]
+> When you enable BitLocker on a device with third party encryption, it may render the device unusable and will require reinstallation of Windows.
+
 <table>
 <tr>
 	<th>Home</th>
@ -817,11 +826,9 @@ The following diagram shows the BitLocker configuration service provider in tree

 <p style="margin-left: 20px">The following list shows the supported values:</p>

-   0 – Disables the warning prompt.
+-   0 – Disables the warning prompt. Starting in Windows 10, next major update, the value 0 can only be set for Azure Active Directory joined devices.  Windows will attempt to silently enable BitLocker for value 0.
 -   1 (default) – Warning prompt allowed.

-<p style="margin-left: 20px">Admin should set the value to 0 to disable the warning. If you want to disable this policy use the following SyncML:</p>
-
 ``` syntax
 <Replace>
 	<CmdID>110</CmdID>
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@ -1457,6 +1457,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>Search/AllowCortanaInAAD</li>
 <li>Search/DoNotUseWebResults</li>
 <li>Security/ConfigureWindowsPasswords</li>
+<li>System/FeedbackHubAlwaysSaveDiagnosticsLocally</li>
 <li>SystemServices/ConfigureHomeGroupListenerServiceStartupMode</li>
 <li>SystemServices/ConfigureHomeGroupProviderServiceStartupMode</li>
 <li>SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode</li>
@ -1507,6 +1508,11 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>Settings/AllowOnlineTips</li>
 <li>System/DisableEnterpriseAuthProxy </li>
 </ul>
+</tr>
+<tr class="odd">
+<td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
+<td style="vertical-align:top"><p>Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, next major update.</p>
+</td></tr>
 </tbody>
 </table>

--- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
+++ b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
-ms.date: 01/25/2018
+ms.date: 01/26/2018
 ms.localizationpriority: high
 ---

@ -110,18 +110,18 @@ Result codes can be matched to the type of error encountered. To match a result
        <br>**C** = NTSTATUS value (ex: 0x**C**1900107)
 2. Write down the last 4 digits of the error code (ex: 0x8007**0070** = 0070). These digits are the actual error code type as defined in the [HRESULT](https://msdn.microsoft.com/en-us/library/cc231198.aspx) or the [NTSTATUS](https://msdn.microsoft.com/en-us/library/cc231200.aspx) structure. Other digits in the code identify things such as the device type that produced the error.
 3. Based on the type of error code determined in the first step (Win32 or NTSTATUS), match the 4 digits derived from the second step to either a Win32 error code or NTSTATUS value using the following links:
-    a. [Win32 error code](https://msdn.microsoft.com/en-us/library/cc231199.aspx)
-    b. [NTSTATUS value](https://msdn.microsoft.com/en-us/library/cc704588.aspx)
+    - [Win32 error code](https://msdn.microsoft.com/en-us/library/cc231199.aspx)
+    - [NTSTATUS value](https://msdn.microsoft.com/en-us/library/cc704588.aspx)

 Examples:
 - 0x80070070 
    - Based on the "8" this is a Win32 error code 
-    - The last four digits are 0070, so look up 0x00000070 in the Win32 error code table
-    - The error is: ERROR_DISK_FULL
+    - The last four digits are 0070, so look up 0x00000070 in the [Win32 error code](https://msdn.microsoft.com/en-us/library/cc231199.aspx) table
+    - The error is: **ERROR_DISK_FULL**
 - 0xC1900107 
    - Based on the "C" this is an NTSTATUS error code
-    - The last four digits are 0107, so look up 0x00000107 in the NTSTATUS values table 
-    - The error is: STATUS_SOME_NOT_MAPPED
+    - The last four digits are 0107, so look up 0x00000107 in the [NTSTATUS value](https://msdn.microsoft.com/en-us/library/cc704588.aspx) table 
+    - The error is: **STATUS_SOME_NOT_MAPPED**

 Some result codes are self-explanatory, whereas others are more generic and require further analysis. In the examples shown above, ERROR_DISK_FULL indicates that the hard drive is full and additional room is needed to complete Windows upgrade. The message STATUS_SOME_NOT_MAPPED is more ambiguous, and means that an action is pending. In this case, the action pending is often the cleanup operation from a previous installation attempt, which can be resolved with a system reboot. 

--- a/windows/threat-protection/windows-defender-application-control.md
+++ b/windows/threat-protection/windows-defender-application-control.md
@ -44,6 +44,6 @@ Group Policy can also be used to distribute Group Policy Objects that contain WD
 Prior to Windows 10, version 1709, Windows Defender Application Control was known as Windows Defender Device Guard configurable code integrity policies.  

 Beginning with Windows 10, version 1703, you can use WDAC not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps (such as a line-of-business application or a browser). 
-For more information, see [Steps to deploy Windows Defender Application Control](https://docs.microsoft.com/windows/device-security/device-guard/deploy-code-integrity-policies-steps).  
+For more information, see [Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules](https://docs.microsoft.com/windows/device-security/device-guard/steps-to-deploy-windows-defender-application-control#use-a-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules).