deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 11:53:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into wip-dep

Browse Source
This commit is contained in:
Joey Caparas
2020-04-06 09:30:45 -07:00
parent 681f9c7c17 f7aef59bc3
commit a3b0df4ee3
242 changed files with 2851 additions and 1348 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
windows/application-management/apps-in-windows-10.md
View File

@ -44,51 +44,51 @@ Here are the provisioned Windows apps in Windows 10 versions 1703, 1709, 1803 an
<br>
| Package name | App name | 1703 | 1709 | 1803 | 1809 | Uninstall through UI? |
|----------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:|
| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | x | | | | Yes |
| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | Yes |
| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | Via Settings App |
| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | | x | x | x | No |
| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | | | x | No |
| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.MicrosoftOfficeHub | [My Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | Yes |
| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | Yes |
| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | | | x | No |
| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.Office.OneNote | [OneNote](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | Yes |
| Microsoft.OneConnect | [Paid Wi-Fi & Cellular](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | | x | x | x | No |
| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | | | x | No |
| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | No |
| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.VP9VideoExtensions | | | | | x | No |
| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | | | x | x | No |
| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | | | x | No |
| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | No |
| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.Xbox.TCUI | [Xbox TCUI](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | | x | x | x | No |
| Microsoft.XboxApp | [Xbox](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.XboxGameOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.XboxGamingOverlay | [Xbox Gaming Overlay](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | | | x | x | No |
| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | No |
| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | | | x | No |
| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | No |
| Package name | App name | 1709 | 1803 | 1809 | 1909 | Uninstall through UI? |
|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:|
| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | | | | | Yes |
| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | Yes |
| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | Via Settings App |
| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | | x | x | No |
| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.MicrosoftOfficeHub | [My Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | Yes |
| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | Yes |
| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | | x | x | No |
| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.Office.OneNote | [OneNote](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | Yes |
| Microsoft.OneConnect | [Paid Wi-Fi & Cellular](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.Outlook.DesktopIntegrationServices | | | | | x | |
| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | | x | x | No |
| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | No |
| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.VP9VideoExtensions | | | | x | x | No |
| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | | x | x | x | No |
| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | | x | x | No |
| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | No |
| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.Xbox.TCUI | [Xbox TCUI](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.XboxApp | [Xbox](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.XboxGameOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.XboxGamingOverlay | [Xbox Gaming Overlay](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | | x | x | x | No |
| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | No |
| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | | x | x | No |
| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | No |
| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | No |
>[!NOTE]
>The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it.
@ -149,7 +149,7 @@ System apps are integral to the operating system. Here are the typical system ap
> [!NOTE]
> - The Contact Support app changed to Get Help in version 1709. Get Help is a provisioned app (instead of system app like Contact Support).
> The Contact Support app changed to Get Help in version 1709. Get Help is a provisioned app (instead of system app like Contact Support).
## Installed Windows apps

8
windows/client-management/generate-kernel-or-complete-crash-dump.md
View File

@ -9,7 +9,7 @@ ms.localizationpriority: medium
ms.author: delhan
ms.date: 8/28/2019
ms.reviewer:
manager: dcscontentpm
manager: willchen
---
# Generate a kernel or complete crash dump
@ -61,7 +61,7 @@ If you can log on while the problem is occurring, you can use the Microsoft Sysi
2. Select **Start**, and then select **Command Prompt**.
3. At the command line, run the following command:
```cmd
```console
notMyfault.exe /crash
```
@ -80,6 +80,7 @@ To do this, follow these steps:
> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur.
1. In Registry Editor, locate the following registry subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl**
2. Right-click **CrashControl**, point to **New**, and then click **DWORD Value**.
@ -101,6 +102,8 @@ To do this, follow these steps:
9. Test this method on the server by using the NMI switch to generate a dump file. You will see a STOP 0x00000080 hardware malfunction.
If you want to run NMI in Microsoft Azure using Serial Console, see [Use Serial Console for SysRq and NMI calls](https://docs.microsoft.com/azure/virtual-machines/linux/serial-console-nmi-sysrq).
### Use the keyboard
[Forcing a System Crash from the Keyboard](https://docs.microsoft.com/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-keyboard)
@ -108,4 +111,3 @@ To do this, follow these steps:
### Use Debugger
[Forcing a System Crash from the Debugger](https://docs.microsoft.com/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-debugger)

5
windows/client-management/mdm/accounts-csp.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: lomayor
ms.date: 04/17/2018
ms.date: 03/27/2020
ms.reviewer:
manager: dansimp
---
@ -39,6 +39,9 @@ Available naming macros:
Supported operation is Add.
> [!Note]
> For desktop PCs on the next major release of Windows 10 or later, use the **Ext/Microsoft/DNSComputerName** node in [DevDetail CSP](devdetail-csp.md).
<a href="" id="users"></a>**Users**
Interior node for the user account information.

157
windows/client-management/mdm/devdetail-csp.md
View File

@ -9,7 +9,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 07/11/2018
ms.date: 03/27/2020
---
# DevDetail CSP
@ -29,121 +29,136 @@ The following diagram shows the DevDetail configuration service provider managem
![devdetail csp (dm)](images/provisioning-csp-devdetail-dm.png)
<a href="" id="devtyp"></a>**DevTyp**
<p style="margin-left: 20px"><p style="margin-left: 20px">Required. Returns the device model name /SystemProductName as a string.
Required. Returns the device model name /SystemProductName as a string.
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
<a href="" id="oem"></a>**OEM**
<p style="margin-left: 20px">Required. Returns the name of the Original Equipment Manufacturer (OEM) as a string, as defined in the specification SyncML Device Information, version 1.1.2.
Required. Returns the name of the Original Equipment Manufacturer (OEM) as a string, as defined in the specification SyncML Device Information, version 1.1.2.
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
<a href="" id="fwv"></a>**FwV**
<p style="margin-left: 20px">Required. Returns the firmware version, as defined in the registry key HKEY_LOCAL_MACHINE\System\Platform\DeviceTargetingInfo\PhoneFirmwareRevision.
Required. Returns the firmware version, as defined in the registry key HKEY_LOCAL_MACHINE\System\Platform\DeviceTargetingInfo\PhoneFirmwareRevision.
<p style="margin-left: 20px">For Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), it returns the BIOS version as defined in the registry key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion.
For Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), it returns the BIOS version as defined in the registry key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion.
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
<a href="" id="swv"></a>**SwV**
<p style="margin-left: 20px">Required. Returns the Windows 10 OS software version in the format MajorVersion.MinorVersion.BuildNumber.QFEnumber. Currently the BuildNumber returns the build number on the desktop and mobile build number on the phone. In the future, the build numbers may converge.
Required. Returns the Windows 10 OS software version in the format MajorVersion.MinorVersion.BuildNumber.QFEnumber. Currently the BuildNumber returns the build number on the desktop and mobile build number on the phone. In the future, the build numbers may converge.
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
<a href="" id="hwv"></a>**HwV**
<p style="margin-left: 20px">Required. Returns the hardware version, as defined in the registry key HKEY_LOCAL_MACHINE\System\Platform\DeviceTargetingInfo\PhoneRadioHardwareRevision.
Required. Returns the hardware version, as defined in the registry key HKEY_LOCAL_MACHINE\System\Platform\DeviceTargetingInfo\PhoneRadioHardwareRevision.
<p style="margin-left: 20px">For Windows 10 for desktop editions, it returns the BIOS version as defined in the registry key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion.
For Windows 10 for desktop editions, it returns the BIOS version as defined in the registry key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion.
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
<a href="" id="lrgobj"></a>**LrgObj**
<p style="margin-left: 20px">Required. Returns whether the device uses OMA DM Large Object Handling, as defined in the specification SyncML Device Information, version 1.1.2.
Required. Returns whether the device uses OMA DM Large Object Handling, as defined in the specification SyncML Device Information, version 1.1.2.
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
<a href="" id="uri-maxdepth"></a>**URI/MaxDepth**
<p style="margin-left: 20px">Required. Returns the maximum depth of the management tree that the device supports. The default is zero (0).
Required. Returns the maximum depth of the management tree that the device supports. The default is zero (0).
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
<p style="margin-left: 20px">This is the maximum number of URI segments that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited depth.
This is the maximum number of URI segments that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited depth.
<a href="" id="uri-maxtotlen"></a>**URI/MaxTotLen**
<p style="margin-left: 20px">Required. Returns the maximum total length of any URI used to address a node or node property. The default is zero (0).
Required. Returns the maximum total length of any URI used to address a node or node property. The default is zero (0).
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
<p style="margin-left: 20px">This is the largest number of characters in the URI that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited length.
This is the largest number of characters in the URI that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited length.
<a href="" id="uri-maxseglen"></a>**URI/MaxSegLen**
<p style="margin-left: 20px">Required. Returns the total length of any URI segment in a URI that addresses a node or node property. The default is zero (0).
Required. Returns the total length of any URI segment in a URI that addresses a node or node property. The default is zero (0).
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
<p style="margin-left: 20px">This is the largest number of characters that the device can support in a single URI segment. The default value zero (0) indicates that the device supports URI segment of unlimited length.
This is the largest number of characters that the device can support in a single URI segment. The default value zero (0) indicates that the device supports URI segment of unlimited length.
<a href="" id="ext-microsoft-mobileid"></a>**Ext/Microsoft/MobileID**
<p style="margin-left: 20px">Required. Returns the mobile device ID associated with the cellular network. Returns 404 for devices that do not have a cellular network support.
Required. Returns the mobile device ID associated with the cellular network. Returns 404 for devices that do not have a cellular network support.
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
<p style="margin-left: 20px">The IMSI value is returned for GSM and UMTS networks. CDMA and worldwide phones will return a 404 Not Found status code error if queried for this element.
<a href="" id="ext-microsoft-localtime"></a>**Ext/Microsoft/LocalTime**
<p style="margin-left: 20px">Required. Returns the client local time in ISO 8601 format.
<p style="margin-left: 20px">Supported operation is Get.
<a href="" id="ext-microsoft-osplatform"></a>**Ext/Microsoft/OSPlatform**
<p style="margin-left: 20px">Required. Returns the OS platform of the device. For Windows 10 for desktop editions, it returns the ProductName as defined in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName.
<p style="margin-left: 20px">Supported operation is Get.
<a href="" id="ext-microsoft-processortype"></a>**Ext/Microsoft/ProcessorType**
<p style="margin-left: 20px">Required. Returns the processor type of the device as documented in SYSTEM_INFO.
<p style="margin-left: 20px">Supported operation is Get.
The IMSI value is returned for GSM and UMTS networks. CDMA and worldwide phones will return a 404 Not Found status code error if queried for this element.
<a href="" id="ext-microsoft-radioswv"></a>**Ext/Microsoft/RadioSwV**
<p style="margin-left: 20px">Required. Returns the radio stack software version number.
Required. Returns the radio stack software version number.
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
<a href="" id="ext-microsoft-resolution"></a>**Ext/Microsoft/Resolution**
<p style="margin-left: 20px">Required. Returns the UI screen resolution of the device (example: &quot;480x800&quot;).
Required. Returns the UI screen resolution of the device (example: &quot;480x800&quot;).
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
<a href="" id="ext-microsoft-commercializationoperator"></a>**Ext/Microsoft/CommercializationOperator**
<p style="margin-left: 20px">Required. Returns the name of the mobile operator if it exists; otherwise it returns 404..
Required. Returns the name of the mobile operator if it exists; otherwise it returns 404..
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
<a href="" id="ext-microsoft-processorarchitecture"></a>**Ext/Microsoft/ProcessorArchitecture**
<p style="margin-left: 20px">Required. Returns the processor architecture of the device as &quot;arm&quot; or &quot;x86&quot;.
Required. Returns the processor architecture of the device as &quot;arm&quot; or &quot;x86&quot;.
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
<a href="" id="ext-microsoft-processortype"></a>**Ext/Microsoft/ProcessorType**
Required. Returns the processor type of the device as documented in SYSTEM_INFO.
Supported operation is Get.
<a href="" id="ext-microsoft-osplatform"></a>**Ext/Microsoft/OSPlatform**
Required. Returns the OS platform of the device. For Windows 10 for desktop editions, it returns the ProductName as defined in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName.
Supported operation is Get.
<a href="" id="ext-microsoft-localtime"></a>**Ext/Microsoft/LocalTime**
Required. Returns the client local time in ISO 8601 format.
Supported operation is Get.
<a href="" id="ext-microsoft-devicename"></a>**Ext/Microsoft/DeviceName**
<p style="margin-left: 20px">Required. Contains the user-specified device name.
Required. Contains the user-specified device name.
<p style="margin-left: 20px">Support for Replace operation for Windows 10 Mobile was added in Windows 10, version 1511. Replace operation is not supported in the desktop or IoT Core. When you change the device name using this node, it triggers a dialog on the device asking the user to reboot. The new device name does not take effect until the device is restarted. If the user cancels the dialog, it will show again until a reboot occurs.
Support for Replace operation for Windows 10 Mobile was added in Windows 10, version 1511. Replace operation is not supported in the desktop or IoT Core. When you change the device name using this node, it triggers a dialog on the device asking the user to reboot. The new device name does not take effect until the device is restarted. If the user cancels the dialog, it will show again until a reboot occurs.
<p style="margin-left: 20px">Value type is string.
Value type is string.
<p style="margin-left: 20px">Supported operations are Get and Replace.
Supported operations are Get and Replace.
<a href="" id="ext-microsoft-dnscomputername "></a>**Ext/Microsoft/DNSComputerName**
Added in the next major release of Windows 10. This node specifies the DNS computer name for a device. The server must explicitly reboot the device for this value to take effect. A couple of macros can be embedded within the value for dynamic substitution. Using any of these macros will limit the new name to 63 characters. This node replaces the **Domain/ComputerName** node in [Accounts CSP](accounts-csp.md).
The following are the available naming macros:
| Macro | Description | Example | Generated Name |
| -------| -------| -------| -------|
| %RAND:<# of digits> | Generates the specified number of random digits. | Test%RAND:6% | Test123456|
| %SERIAL% | Generates the serial number derived from the device. If the serial number causes the new name to exceed the 63 character limit, the serial number will be truncated from the beginning of the sequence.| Test-Device-%SERIAL% | Test-Device-456|
Value type is string. Supported operations are Get and Replace.
> [!Note]
> On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer&quot;s` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit does not count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts** > **ComputerAccount**.
<a href="" id="ext-microsoft-totalstorage"></a>**Ext/Microsoft/TotalStorage**
<p style="margin-left: 20px">Added in Windows 10, version 1511. Integer that specifies the total available storage in MB from first internal drive on the device (may be less than total physical storage).
Added in Windows 10, version 1511. Integer that specifies the total available storage in MB from first internal drive on the device (may be less than total physical storage).
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
> [!NOTE]
> This is only supported in Windows 10 Mobile.
<a href="" id="ext-microsoft-totalram"></a>**Ext/Microsoft/TotalRAM**
<p style="margin-left: 20px">Added in Windows 10, version 1511. Integer that specifies the total available memory in MB on the device (may be less than total physical memory).
Added in Windows 10, version 1511. Integer that specifies the total available memory in MB on the device (may be less than total physical memory).
Supported operation is Get.
@ -153,45 +168,45 @@ Added in Windows 10, version 1809. SMBIOS Serial Number of the device.
Value type is string. Supported operation is Get.
<a href="" id="ext-wlanmacaddress"></a>**Ext/WLANMACAddress**
<p style="margin-left: 20px">The MAC address of the active WLAN connection, as a 12-digit hexadecimal number.
The MAC address of the active WLAN connection, as a 12-digit hexadecimal number.
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
> [!NOTE]
> This is not supported in Windows 10 for desktop editions.
<a href="" id="volteservicesetting"></a>**Ext/VoLTEServiceSetting**
<p style="margin-left: 20px">Returns the VoLTE service to on or off. This is only exposed to mobile operator OMA-DM servers.
Returns the VoLTE service to on or off. This is only exposed to mobile operator OMA-DM servers.
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
<a href="" id="wlanipv4address"></a>**Ext/WlanIPv4Address**
<p style="margin-left: 20px">Returns the IPv4 address of the active Wi-Fi connection. This is only exposed to enterprise OMA DM servers.
Returns the IPv4 address of the active Wi-Fi connection. This is only exposed to enterprise OMA DM servers.
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
<a href="" id="wlanipv6address"></a>**Ext/WlanIPv6Address**
<p style="margin-left: 20px">Returns the IPv6 address of the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers.
Returns the IPv6 address of the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers.
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
<a href="" id="wlandnssuffix"></a>**Ext/WlanDnsSuffix**
<p style="margin-left: 20px">Returns the DNS suffix of the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers.
Returns the DNS suffix of the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers.
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
<a href="" id="wlansubnetmask"></a>**Ext/WlanSubnetMask**
<p style="margin-left: 20px">Returns the subnet mask for the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers.
Returns the subnet mask for the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers.
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
<a href="" id="devicehardwaredata"></a>**Ext/DeviceHardwareData**
<p style="margin-left: 20px">Added in Windows 10 version 1703. Returns a base64-encoded string of the hardware parameters of a device.
Added in Windows 10 version 1703. Returns a base64-encoded string of the hardware parameters of a device.
> [!NOTE]
> This node contains a raw blob used to identify a device in the cloud. It's not meant to be human readable by design and you cannot parse the content to get any meaningful hardware information.
<p style="margin-left: 20px">Supported operation is Get.
Supported operation is Get.
## Related topics

24
windows/client-management/mdm/devdetail-ddf-file.md
View File

@ -21,7 +21,7 @@ This topic shows the OMA DM device description framework (DDF) for the **DevDeta
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
The XML below is for Windows 10, version 1809.
The XML below is the current version for this CSP.
```xml
<?xml version="1.0" encoding="UTF-8"?>
@ -488,6 +488,28 @@ The XML below is for Windows 10, version 1809.
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>DNSComputerName</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<Description>This node specifies the DNS name for a device. This setting can be managed remotely. A couple of macros can be embedded within the value for dynamic substitution: %RAND:&lt;# of digits&gt;% and %SERIAL%. Examples: (a) "Test%RAND:6%" will generate a name "Test" followed by 6 random digits (e.g., "Test123456"). (b) "Foo%SERIAL%", will generate a name "Foo" followed by the serial number derived from device's ID. If both macros are in the string, the RANDOM macro will take priority over the SERIAL macro (SERIAL will be ignored). The server must explicitly reboot the device for this value to take effect. This value has a maximum allowed length of 63 characters as per DNS standards.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>TotalStorage</NodeName>
<DFProperties>

1
windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
View File

@ -245,6 +245,7 @@ To collect Event Viewer logs:
### Useful Links
- [Windows 10 Administrative Templates for Windows 10 November 2019 Update 1909](https://www.microsoft.com/download/details.aspx?id=100591)
- [Windows 10 Administrative Templates for Windows 10 May 2019 Update 1903](https://www.microsoft.com/download/details.aspx?id=58495)
- [Windows 10 Administrative Templates for Windows 10 October 2018 Update 1809](https://www.microsoft.com/download/details.aspx?id=57576)
- [Windows 10 Administrative Templates for Windows 10 April 2018 Update 1803](https://www.microsoft.com/download/details.aspx?id=56880)

BIN
windows/client-management/mdm/images/provisioning-csp-devdetail-dm.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 31 KiB

After

Width:  |  Height:  |  Size: 61 KiB

2
windows/client-management/mdm/policy-csp-exploitguard.md
View File

@ -74,7 +74,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML. For more information Exploit Protection, see [Protect devices from exploits](https://docs.microsoft.com/windows/threat-protection/windows-defender-exploit-guard/exploit-protection) and [Import, export, and deploy Exploit Protection configurations](https://docs.microsoft.com/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml).
Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML. For more information Exploit Protection, see [Enable Exploit Protection on Devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection) and [Import, export, and deploy Exploit Protection configurations](https://docs.microsoft.com/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml).
The system settings require a reboot; the application settings do not require a reboot.

2
windows/client-management/mdm/policy-csp-smartscreen.md
View File

@ -83,7 +83,7 @@ manager: dansimp
Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store.
> [!Note]
> This policy will block installation only while the device is online. To block offline installation too, **SmartScreen/PreventOverrideForFilesInShell** and **SmartScreen/EnableSmartScreenInShell** policies should also be enabled.
> This policy will block installation only while the device is online. To block offline installation too, **SmartScreen/PreventOverrideForFilesInShell** and **SmartScreen/EnableSmartScreenInShell** policies should also be enabled.<p>This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.
<!--/Description-->
<!--ADMXMapped-->

6
windows/client-management/mdm/policy-csp-userrights.md
View File

@ -53,17 +53,17 @@ Here are examples of data fields. The encoded 0xF000 is the standard delimiter/s
- Grant an user right to multiple groups (Administrators, Authenticated Users) via SID
```
<Data>*S-1-5-32-544&#61440;*S-1-5-11</Data>
<Data>*S-1-5-32-544&#xF000;*S-1-5-11</Data>
```
- Grant an user right to multiple groups (Administrators, Authenticated Users) via a mix of SID and Strings
```
<Data>*S-1-5-32-544&#61440;Authenticated Users</Data>
<Data>*S-1-5-32-544&#xF000;Authenticated Users</Data>
```
- Grant an user right to multiple groups (Authenticated Users, Administrators) via strings
```
<Data>Authenticated Users&#61440;Administrators</Data>
<Data>Authenticated Users&#xF000;Administrators</Data>
```
- Empty input indicates that there are no users configured to have that user right

6
windows/configuration/customize-and-export-start-layout.md
View File

@ -117,11 +117,11 @@ When you have the Start layout that you want your users to see, use the [Export-
</thead>
<tbody>
<tr class="odd">
<td align="left"><pre><code>&lt;LayoutModificationTemplate Version=&quot;1&quot; xmlns=&quot;http://schemas.microsoft.com/Start/2014/LayoutModification&quot;&gt;
<td align="left"><pre><code>&lt;LayoutModificationTemplate Version=&quot;1&quot; xmlns=&quot;https://schemas.microsoft.com/Start/2014/LayoutModification&quot;&gt;
&lt;DefaultLayoutOverride&gt;
&lt;StartLayoutCollection&gt;
&lt;defaultlayout:StartLayout GroupCellWidth=&quot;6&quot; xmlns:defaultlayout=&quot;http://schemas.microsoft.com/Start/2014/FullDefaultLayout&quot;&gt;
&lt;start:Group Name=&quot;Life at a glance&quot; xmlns:start=&quot;http://schemas.microsoft.com/Start/2014/StartLayout&quot;&gt;
&lt;defaultlayout:StartLayout GroupCellWidth=&quot;6&quot; xmlns:defaultlayout=&quot;https://schemas.microsoft.com/Start/2014/FullDefaultLayout&quot;&gt;
&lt;start:Group Name=&quot;Life at a glance&quot; xmlns:start=&quot;https://schemas.microsoft.com/Start/2014/StartLayout&quot;&gt;
&lt;start:Tile Size=&quot;2x2&quot; Column=&quot;0&quot; Row=&quot;0&quot; AppUserModelID=&quot;Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge&quot; /&gt;
&lt;start:Tile Size=&quot;2x2&quot; Column=&quot;4&quot; Row=&quot;0&quot; AppUserModelID=&quot;Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI&quot; /&gt;
&lt;start:Tile Size=&quot;2x2&quot; Column=&quot;2&quot; Row=&quot;0&quot; AppUserModelID=&quot;Microsoft.BingWeather_8wekyb3d8bbwe!App&quot; /&gt;

1
windows/configuration/kiosk-policies.md
View File

@ -40,7 +40,6 @@ Remove access to the context menus for the task bar | Enabled
Clear history of recently opened documents on exit | Enabled
Prevent users from customizing their Start Screen | Enabled
Prevent users from uninstalling applications from Start | Enabled
Remove All Programs list from the Start menu | Enabled
Remove Run menu from Start Menu | Enabled
Disable showing balloon notifications as toast | Enabled
Do not allow pinning items in Jump Lists | Enabled

10
windows/configuration/ue-v/uev-application-template-schema-reference.md
View File

@ -70,9 +70,9 @@ The XML declaration must specify the XML version 1.0 attribute (&lt;?xml version
**Type: String**
UE-V uses the http://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate namespace for all applications. SettingsLocationTemplate is the root element and contains all other elements. Reference SettingsLocationTemplate in all templates using this tag:
UE-V uses the https://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate namespace for all applications. SettingsLocationTemplate is the root element and contains all other elements. Reference SettingsLocationTemplate in all templates using this tag:
`<SettingsLocationTemplate xmlns='http://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate'>`
`<SettingsLocationTemplate xmlns='https://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate'>`
### <a href="" id="data21"></a>Data types
@ -646,10 +646,10 @@ Here is the SettingsLocationTemplate.xsd file showing its elements, child elemen
```xml
<?xml version="1.0" encoding="utf-8"?>
<xs:schema id="UevSettingsLocationTemplate"
targetNamespace="http://schemas.microsoft.com/UserExperienceVirtualization/2013A/SettingsLocationTemplate"
targetNamespace="https://schemas.microsoft.com/UserExperienceVirtualization/2013A/SettingsLocationTemplate"
elementFormDefault="qualified"
xmlns="http://schemas.microsoft.com/UserExperienceVirtualization/2013A/SettingsLocationTemplate"
xmlns:mstns="http://schemas.microsoft.com/UserExperienceVirtualization/2013A/SettingsLocationTemplate"
xmlns="https://schemas.microsoft.com/UserExperienceVirtualization/2013A/SettingsLocationTemplate"
xmlns:mstns="https://schemas.microsoft.com/UserExperienceVirtualization/2013A/SettingsLocationTemplate"
xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:simpleType name="Guid">

2
windows/configuration/ue-v/uev-release-notes-1607.md
View File

@ -67,7 +67,7 @@ WORKAROUND: None.
### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office
We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click [here](<http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx>). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click [here](<https://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx>). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
WORKAROUND: None

18
windows/deployment/TOC.md
View File

@ -103,15 +103,16 @@
##### [Use Orchestrator runbooks with MDT](deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md)
### Deploy Windows 10 with Microsoft Endpoint Configuration Manager
#### [Prepare for Windows 10 deployment with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
#### Deploy Windows 10 with Configuration Manager
#### Prepare for Windows 10 deployment with Configuration Manager
##### [Prepare for Zero Touch Installation with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
##### [Create a custom Windows PE boot image with Configuration Manager](deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
##### [Add a Windows 10 operating system image using Configuration Manager](deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md)
##### [Create an application to deploy with Windows 10 using Configuration Manager](deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
##### [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
##### [Create a task sequence with Configuration Manager and MDT](deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md)
##### [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md)
#### Deploy Windows 10 with Configuration Manager
##### [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md)
##### [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
##### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
@ -245,13 +246,20 @@
### Monitor Windows Updates
#### [Monitor Windows Updates with Update Compliance](update/update-compliance-monitor.md)
#### [Get started with Update Compliance](update/update-compliance-get-started.md)
##### [Update Compliance Configuration Script](update/update-compliance-configuration-script.md)
##### [Manually Configuring Devices for Update Compliance](update/update-compliance-configuration-manual.md)
#### [Use Update Compliance](update/update-compliance-using.md)
##### [Need Attention! report](update/update-compliance-need-attention.md)
##### [Security Update Status report](update/update-compliance-security-update-status.md)
##### [Feature Update Status report](update/update-compliance-feature-update-status.md)
##### [Windows Defender AV Status report](update/update-compliance-wd-av-status.md)
##### [Delivery Optimization in Update Compliance](update/update-compliance-delivery-optimization.md)
##### [Update Compliance Perspectives](update/update-compliance-perspectives.md)
##### [Data Handling and Privacy in Update Compliance](update/update-compliance-privacy.md)
##### [Update Compliance Schema Reference](update/update-compliance-schema.md)
###### [WaaSUpdateStatus](update/update-compliance-schema-waasupdatestatus.md)
###### [WaaSInsiderStatus](update/update-compliance-schema-waasinsiderstatus.md)
###### [WaaSDeploymentStatus](update/update-compliance-schema-waasdeploymentstatus.md)
###### [WUDOStatus](update/update-compliance-schema-wudostatus.md)
###### [WUDOAggregatedStatus](update/update-compliance-schema-wudoaggregatedstatus.md)
### Best practices
#### [Best practices for feature updates on mission-critical devices](update/feature-update-mission-critical.md)
#### [Update Windows 10 media with Dynamic Update](update/media-dynamic-update.md)

7
windows/deployment/deploy-windows-cm/TOC.md
View File

@ -1,13 +1,14 @@
# Deploy Windows 10 with Microsoft Endpoint Configuration Manager
## [Prepare for Windows 10 deployment with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
## Deploy Windows 10 with Configuration Manager
## Prepare for Windows 10 deployment with Configuration Manager
### [Prepare for Zero Touch Installation with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
### [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
### [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
### [Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
### [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
### [Create a task sequence with Configuration Manager and MDT](create-a-task-sequence-with-configuration-manager-and-mdt.md)
### [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md)
## Deploy Windows 10 with Configuration Manager
### [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
### [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)

7
windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
View File

@ -30,7 +30,12 @@ For the purposes of this guide, we will use one server computer: CM01.
## Add drivers for Windows PE
This section will show you how to import some network and storage drivers for Windows PE. This section assumes you have downloaded some drivers to the **D:\\Sources\\OSD\\DriverSources\\WinPE x64** folder on CM01.
This section will show you how to import some network and storage drivers for Windows PE.
>[!NOTE]
>Windows PE usually has a fairly comprehensive set of drivers out of the box, assuming that you are using a recent version of the Windows ADK. This is different than the full Windows OS which will often require drivers. You shouldn't add drivers to Windows PE unless you have an issue or are missing functionality, and in these cases you should only add the driver that you need. An example of a common driver that is added is the Intel I217 driver. Adding too many drivers can cause conflicts and lead to driver bloat in the Config Mgr database. This section shows you how to add drivers, but typically you can just skip this procedure.
This section assumes you have downloaded some drivers to the **D:\\Sources\\OSD\\DriverSources\\WinPE x64** folder on CM01.
![Drivers](../images/cm01-drivers.png)

7
windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
View File

@ -22,6 +22,7 @@ ms.topic: article
- Windows 10
In Microsoft Microsoft Endpoint Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features. This topic shows you how to create a custom Windows PE 5.0 boot image with the Microsoft Deployment Toolkit (MDT) wizard. You can also add the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 to the boot image as part of the boot image creation process.
- The boot image that is created is based on the version of ADK that is installed.
For the purposes of this guide, we will use one server computer: CM01.
- CM01 is a domain member server and Configuration Manager software distribution point. In this guide CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.
@ -30,7 +31,9 @@ For the purposes of this guide, we will use one server computer: CM01.
## Add DaRT 10 files and prepare to brand the boot image
The steps below outline the process for adding DaRT 10 installation files to the MDT installation directory. You also copy a custom background image to be used later. We assume you have downloaded [Microsoft Desktop Optimization Pack (MDOP) 2015](https://my.visualstudio.com/Downloads?q=Desktop%20Optimization%20Pack%202015) and copied the x64 version of MSDaRT100.msi to the **C:\\Setup\\DaRT 10** folder on CM01. We also assume you have created a custom background image and saved it in **C:\\Setup\\Branding** on CM01. In this section, we use a custom background image named <a href="../images/ContosoBackground.png">ContosoBackground.bmp</a>.
The steps below outline the process for adding DaRT 10 installation files to the MDT installation directory. You also copy a custom background image to be used later. These steps are optional. If you do not wish to add DaRT, skip the steps below to copy DaRT tools and later skip adding the DaRT component to the boot image.
We assume you have downloaded [Microsoft Desktop Optimization Pack (MDOP) 2015](https://my.visualstudio.com/Downloads?q=Desktop%20Optimization%20Pack%202015) and copied the x64 version of MSDaRT100.msi to the **C:\\Setup\\DaRT 10** folder on CM01. We also assume you have created a custom background image and saved it in **C:\\Setup\\Branding** on CM01. In this section, we use a custom background image named <a href="../images/ContosoBackground.png">ContosoBackground.bmp</a>.
On **CM01**:
@ -61,6 +64,8 @@ On **CM01**:
Add the DaRT component to the Configuration Manager boot image.
>Note: Another common component to add here is Windows PowerShell to enable PowerShell support within Windows PE.
6. On the **Customization** page, select the **Use a custom background bitmap file** check box, and in the **UNC path:** text box, browse to **\\\\CM01\\Sources$\\OSD\\Branding\\ContosoBackground.bmp** and then click **Next** twice. Wait a few minutes while the boot image is generated, and then click **Finish**.
7. Distribute the boot image to the CM01 distribution point by selecting the **Boot images** node, right-clicking the **Zero Touch WinPE x64** boot image, and selecting **Distribute Content**.
8. In the Distribute Content Wizard, add the CM01 distribution point, and complete the wizard.

17
windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
View File

@ -21,7 +21,16 @@ ms.topic: article
- Windows 10
In this topic, you will learn how to deploy Windows 10 using Microsoft Endpoint Configuration Manager deployment packages and task sequences. This topic will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) machine named PC0001.
In this topic, you will learn how to deploy Windows 10 using Microsoft Endpoint Configuration Manager deployment packages and task sequences. This topic will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) computer named PC0001. An existing Configuration Manager infrastructure that is integrated with MDT is used for the procedures in this topic.
This topic assumes that you have completed the following prerequisite procedures:
- [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
- [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
- [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
- [Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
- [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
- [Create a task sequence with Configuration Manager and MDT](create-a-task-sequence-with-configuration-manager-and-mdt.md)
- [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md)
For the purposes of this guide, we will use a minimum of two server computers (DC01 and CM01) and one client computer (PC0001).
- DC01 is a domain controller and DNS server for the contoso.com domain. DHCP services are also available and optionally installed on DC01 or another server. Note: DHCP services are required for the client (PC0001) to connect to the Windows Deployment Service (WDS).
@ -36,10 +45,8 @@ All servers are running Windows Server 2019. However, an earlier, supported vers
All server and client computers referenced in this guide are on the same subnet. This is not required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
>[!NOTE]
>No WDS console configuration required for PXE to work. Everything is done with the Configuration Manager console.
>No WDS console configuration is required for PXE to work. Everything is done with the Configuration Manager console.
## Procedures
@ -52,7 +59,7 @@ An existing Configuration Manager infrastructure that is integrated with MDT is
* Install the Windows 10 operating system.
* Install the Configuration Manager client and the client hotfix.
* Join the machine to the domain.
* Join the computer to the domain.
* Install the application added to the task sequence.
>[!NOTE]

4
windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
View File

@ -35,7 +35,8 @@ In this topic, you will use [components](#components-of-configuration-manager-op
- The Configuration Manager [reporting services](https://docs.microsoft.com/configmgr/core/servers/manage/configuring-reporting) point role has been added and configured.
- A file system folder structure and Configuration Manager console folder structure for packages has been created. Steps to verify or create this folder structure are [provided below](#review-the-sources-folder-structure).
- The [Windows ADK](https://docs.microsoft.com/windows-hardware/get-started/adk-install) (including USMT) version 1903, Windows PE add-on, WSIM 1903 update, [MDT](https://www.microsoft.com/download/details.aspx?id=54259) version 8456, and DaRT 10 (part of [MDOP 2015](https://my.visualstudio.com/Downloads?q=Desktop%20Optimization%20Pack%202015)) are installed.
- The CMTrace tool (part of the [Microsoft System 2012 R2 Center Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717)) is installed on the distribution point.
- The [CMTrace tool](https://docs.microsoft.com/configmgr/core/support/cmtrace) (cmtrace.exe) is installed on the distribution point.
- Note: CMTrace is automatically installed with the current branch of Configuration Manager at **Program Files\Microsoft Configuration Manager\tools\cmtrace.exe**. In previous releases of ConfigMgr it was necessary to install the [Configuration Manager Toolkit](https://www.microsoft.com/download/details.aspx?id=50012) separately to get the CMTrace tool, but this is no longer needed. Configuraton Manager version 1910 installs version 5.0.8913.1000 of the CMTrace tool.
For the purposes of this guide, we will use three server computers: DC01, CM01 and HV01.
- DC01 is a domain controller and DNS server for the contoso.com domain. DHCP services are also available and optionally installed on DC01 or another server.
@ -372,7 +373,6 @@ MDT Zero Touch simply extends Configuration Manager with many useful built-in op
### Why use MDT Lite Touch to create reference images
You can create reference images for Configuration Manager in Configuration Manager, but in general we recommend creating them in MDT Lite Touch for the following reasons:
- In a deployment project, it is typically much faster to create a reference image using MDT Lite Touch than Configuration Manager.
- You can use the same image for every type of operating system deployment - Microsoft Virtual Desktop Infrastructure (VDI), Microsoft System Center Virtual Machine Manager (VMM), MDT, Configuration Manager, Windows Deployment Services (WDS), and more.
- Configuration Manager performs deployment in the LocalSystem context. This means that you cannot configure the Administrator account with all of the settings that you would like to be included in the image. MDT runs in the context of the Local Administrator, which means you can configure the look and feel of the configuration and then use the CopyProfile functionality to copy these changes to the default user during deployment.
- The Configuration Manager task sequence does not suppress user interface interaction.

5
windows/deployment/mbr-to-gpt.md
View File

@ -233,7 +233,7 @@ The following steps illustrate high-level phases of the MBR-to-GPT conversion pr
1. Disk validation is performed.
2. The disk is repartitioned to create an EFI system partition (ESP) if one does not already exist.
3. UEFI boot files are installed to the ESP.
4. GPT metatdata and layout information is applied.
4. GPT metadata and layout information is applied.
5. The boot configuration data (BCD) store is updated.
6. Drive letter assignments are restored.
@ -427,6 +427,9 @@ To fix this issue, mount the Windows PE image (WIM), copy the missing file from
For example, if the ADK is installed to the default location of C:\Program Files (x86)\Windows Kits\10 and the Windows PE image is mounted to C:\WinPE_Mount, run the following commands from an elevated Command Prompt window:
> [!NOTE]
> You can access the ReAgent files if you have installed the User State Migration Tool (USMT) as a feature while installing Windows Assessment and Deployment Kit.
**Command 1:**
```cmd
copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Setup\amd64\Sources\ReAgent*.*" "C:\WinPE_Mount\Windows\System32"

6
windows/deployment/planning/windows-10-deprecated-features.md
View File

@ -21,7 +21,8 @@ The features described below are no longer being actively developed, and might b
**The following list is subject to change and might not include every affected feature or functionality.**
>If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app).
> [!NOTE]
> If you have feedback about the proposed replacement of any of these features, you can use the [Feedback Hub app](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app).
|Feature | Details and mitigation | Announced in version |
| ----------- | --------------------- | ---- |
@ -47,7 +48,6 @@ The features described below are no longer being actively developed, and might b
|Business Scanning| This feature is also called Distributed Scan Management (DSM) **(Added 05/03/2018)**<br>&nbsp;<br>The [Scan Management functionality](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759124(v=ws.11)) was introduced in Windows 7 and enabled secure scanning and the management of scanners in an enterprise. We're no longer investing in this feature, and there are no devices available that support it.| 1803 |
|IIS 6 Management Compatibility* | We recommend that users use alternative scripting tools and a newer management console. | 1709 |
|IIS Digest Authentication | We recommend that users use alternative authentication methods.| 1709 |
|Resilient File System (ReFS) (added: August 17, 2017)| Creation ability will be available in the following editions only: Windows 10 Enterprise and Windows 10 Pro for Workstations. Creation ability will be removed from all other editions. All other editions will have Read and Write ability. | 1709 |
|RSA/AES Encryption for IIS | We recommend that users use CNG encryption provider. | 1709 |
|Screen saver functionality in Themes | Disabled in Themes. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 |
|Sync your settings (updated: August 17, 2017) | Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. The **Sync your settings** options and the Enterprise State Roaming feature will continue to work. | 1709 |
@ -63,4 +63,4 @@ The features described below are no longer being actively developed, and might b
|TLS DHE_DSS ciphers DisabledByDefault| [TLS RC4 Ciphers](https://docs.microsoft.com/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server) will be disabled by default in this release. | 1703 |
|TCPChimney | TCP Chimney Offload is no longer being developed. See [Performance Tuning Network Adapters](https://docs.microsoft.com/windows-server/networking/technologies/network-subsystem/net-sub-performance-tuning-nics). | 1703 |
|IPsec Task Offload| [IPsec Task Offload](https://docs.microsoft.com/windows-hardware/drivers/network/task-offload) versions 1 and 2 are no longer being developed and should not be used. | 1703 |
|wusa.exe /uninstall /kb:####### /quiet|The wusa usage to quietly uninstall an update has been deprecated. The uninstall command with /quite switch fails with event ID 8 in the Setup event log. Uninstalling updates quietly could be a security risk because malicious software could quietly uninstall an update in the background without user intervention.|1507 <br /> Applies to Windows Server 2016 and Windows Server 2019 as well.|
|wusa.exe /uninstall /kb:####### /quiet|The wusa usage to quietly uninstall an update has been deprecated. The uninstall command with /quiet switch fails with event ID 8 in the Setup event log. Uninstalling updates quietly could be a security risk because malicious software could quietly uninstall an update in the background without user intervention.|1507 <br /> Applies to Windows Server 2016 and Windows Server 2019 as well.|

7
windows/deployment/planning/windows-10-removed-features.md
View File

@ -18,7 +18,7 @@ ms.topic: article
Each version of Windows 10 adds new features and functionality; occasionally we also remove features and functionality, often because we've added a better option. Below are the details about the features and functionalities that we removed in Windows 10. **The list below is subject to change and might not include every affected feature or functionality.**
For information about features that might be removed in a future release, see [Windows 10 features were no longer developing](windows-10-deprecated-features.md)
For information about features that might be removed in a future release, see [Windows 10 features were no longer developing](windows-10-deprecated-features.md).
> [!NOTE]
> Join the [Windows Insider program](https://insider.windows.com) to get early access to new Windows 10 builds and test these changes yourself.
@ -50,12 +50,13 @@ The following features and functionalities have been removed from the installed
|Reading List | Functionality to be integrated into Microsoft Edge. | 1709 |
|Screen saver functionality in Themes | This functionality is disabled in Themes, and classified as **Removed** in this table. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 |
|Syskey.exe | Removing this nonsecure security feature. We recommend that users use BitLocker instead. For more information, see [4025993 Syskey.exe utility is no longer supported in Windows 10 RS3 and Windows Server 2016 RS3](https://support.microsoft.com/help/4025993/syskey-exe-utility-is-no-longer-supported-in-windows-10-rs3-and-window). | 1709 |
|TCP Offload Engine | Removing this legacy code. This functionality was previously transitioned to the Stack TCP Engine. For more information, see [Why Are We Deprecating Network Performance Features?](https://blogs.technet.microsoft.com/askpfeplat/2017/06/13/why-are-we-deprecating-network-performance-features-kb4014193).| 1709 |
|TCP Offload Engine | Removing this legacy code. This functionality was previously transitioned to the Stack TCP Engine. For more information, see [Why Are We Deprecating Network Performance Features?](https://blogs.technet.microsoft.com/askpfeplat/2017/06/13/why-are-we-deprecating-network-performance-features-kb4014193)| 1709 |
|Tile Data Layer |To be replaced by the Tile Store.| 1709 |
|Resilient File System (ReFS) (added: August 17, 2017)| Creation ability will be available in the following editions only: Windows 10 Enterprise and Windows 10 Pro for Workstations. Creation ability will be removed from all other editions. All other editions will have Read and Write ability. | 1709 |
|Apps Corner| This Windows 10 mobile application is removed in the version 1703 release. | 1703 |
|By default, Flash autorun in Edge is turned off. | Use the Click-to-Run (C2R) option instead. (This setting can be changed by the user.) | 1703 |
|Interactive Service Detection Service| See [Interactive Services](https://docs.microsoft.com/windows/win32/services/interactive-services?redirectedfrom=MSDN) for guidance on how to keep software up to date. | 1703 |
|Microsoft Paint | This application will not be available for languages that are not on the [full localization list](https://www.microsoft.com/windows/windows-10-specifications#Windows-10-localization). | 1703 |
|NPN support in TLS | This feature is superseded by Application-Layer Protocol Negotiation (ALPN). | 1703 |
|Windows Information Protection "AllowUserDecryption" policy | Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported. | 1703 |
|WSUS for Windows Mobile | Updates are being transitioned to the new Unified Update Platform (UUP) | 1703 |
|WSUS for Windows Mobile | Updates are being transitioned to the new Unified Update Platform (UUP). | 1703 |

BIN
windows/deployment/update/images/UC-vid-crop.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 37 KiB

BIN
windows/deployment/update/images/UC_00_marketplace_search.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 171 KiB

BIN
windows/deployment/update/images/UC_01_marketplace_create.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 280 KiB

BIN
windows/deployment/update/images/UC_02_workspace_create.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 123 KiB

BIN
windows/deployment/update/images/UC_03_workspace_select.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 92 KiB

BIN
windows/deployment/update/images/UC_04_resourcegrp_deployment_successful.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 130 KiB

BIN
windows/deployment/update/images/UC_commercialID.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 29 KiB

BIN
windows/deployment/update/images/UC_commercialID_GP.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 83 KiB

BIN
windows/deployment/update/images/UC_telemetrylevel.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 86 KiB

BIN
windows/deployment/update/images/UC_workspace_WDAV_status.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 28 KiB

BIN
windows/deployment/update/images/uc-01-wdav.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 56 KiB

BIN
windows/deployment/update/images/uc-01.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 56 KiB

BIN
windows/deployment/update/images/uc-02.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 642 KiB

BIN
windows/deployment/update/images/uc-02a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 9.3 KiB

BIN
windows/deployment/update/images/uc-03.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 796 KiB

BIN
windows/deployment/update/images/uc-03a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 11 KiB

BIN
windows/deployment/update/images/uc-04.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 150 KiB

BIN
windows/deployment/update/images/uc-04a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 50 KiB

BIN
windows/deployment/update/images/uc-05.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 135 KiB

BIN
windows/deployment/update/images/uc-05a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 30 KiB

BIN
windows/deployment/update/images/uc-06.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 110 KiB

BIN
windows/deployment/update/images/uc-06a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 51 KiB

BIN
windows/deployment/update/images/uc-07.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 120 KiB

BIN
windows/deployment/update/images/uc-07a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 29 KiB

BIN
windows/deployment/update/images/uc-08.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 345 KiB

BIN
windows/deployment/update/images/uc-08a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 11 KiB

BIN
windows/deployment/update/images/uc-09.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 68 KiB

BIN
windows/deployment/update/images/uc-09a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 47 KiB

BIN
windows/deployment/update/images/uc-10.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 157 KiB

BIN
windows/deployment/update/images/uc-10a.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 47 KiB

BIN
windows/deployment/update/images/uc-11.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 32 KiB

BIN
windows/deployment/update/images/uc-12.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 32 KiB

BIN
windows/deployment/update/images/uc-13.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 28 KiB

BIN
windows/deployment/update/images/uc-14.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 76 KiB

BIN
windows/deployment/update/images/uc-15.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 23 KiB

BIN
windows/deployment/update/images/uc-16.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 51 KiB

BIN
windows/deployment/update/images/uc-17.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 28 KiB

BIN
windows/deployment/update/images/uc-18.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 14 KiB

BIN
windows/deployment/update/images/uc-19.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 16 KiB

BIN
windows/deployment/update/images/uc-20.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 20 KiB

BIN
windows/deployment/update/images/uc-21.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 28 KiB

BIN
windows/deployment/update/images/uc-22.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 14 KiB

BIN
windows/deployment/update/images/uc-23.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 16 KiB

BIN
windows/deployment/update/images/uc-24.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 21 KiB

BIN
windows/deployment/update/images/uc-25.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 68 KiB

BIN
windows/deployment/update/images/uc-DO-status.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 71 KiB

BIN
windows/deployment/update/images/uc-emptyworkspacetile.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 31 KiB

BIN
windows/deployment/update/images/uc-featureupdatestatus.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 70 KiB

BIN
windows/deployment/update/images/uc-filledworkspacetile.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.7 KiB

BIN
windows/deployment/update/images/uc-filledworkspaceview.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 103 KiB

BIN
windows/deployment/update/images/uc-needattentionoverview.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 73 KiB

BIN
windows/deployment/update/images/uc-overviewblade.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 35 KiB

BIN
windows/deployment/update/images/uc-perspectiveupdatedeploymentstatus.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 203 KiB

BIN
windows/deployment/update/images/uc-securityupdatestatus.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 46 KiB

BIN
windows/deployment/update/images/uc-windowsdefenderavstatus.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 48 KiB

77
windows/deployment/update/update-compliance-configuration-manual.md Normal file
View File

@ -0,0 +1,77 @@
---
title: Manually configuring devices for Update Compliance
ms.reviewer:
manager: laurawi
description: Manually configuring devices for Update Compliance
keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: deploy
audience: itpro
author: jaimeo
ms.author: jaimeo
ms.localizationpriority: medium
ms.collection: M365-analytics
ms.topic: article
---
# Manually Configuring Devices for Update Compliance
There are a number of requirements to consider when manually configuring Update Compliance. These can potentially change with newer versions of Windows 10. The [Update Compliance Configuration Script](update-compliance-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required.
The requirements are separated into different categories:
1. Ensuring the [**required policies**](#required-policies) for Update Compliance are correctly configured.
2. Devices in every network topography needs to send data to the [**required endpoints**](#required-endpoints) for Update Compliance, for example both devices in main and satellite offices, which may have different network configurations.
3. Ensure [**Required Windows services**](#required-services) are running or are scheduled to run. It is recommended all Microsoft and Windows services are set to their out-of-box defaults to ensure proper functionality.
## Required policies
> [!NOTE]
> Windows 10 MDM and Group Policies are backed by registry keys. It is not recommended you set these registry keys directly for configuration as it can lead to unexpected behavior, so the exact registry key locations are not provided, though they are referenced for troubleshooting configuration issues with the [Update Compliance Configuration Script](update-compliance-configuration-script.md).
Update Compliance has a number of policies that must be appropriately configured in order for devices to be processed by Microsoft and visible in Update Compliance. They are enumerated below, separated by whether the policies will be configured via [Mobile Device Management](https://docs.microsoft.com/windows/client-management/mdm/) (MDM) or Group Policy. For both tables:
- **Policy** corresponds to the location and name of the policy.
- **Value** Indicates what value the policy must be set to. Update Compliance requires *at least* Basic (or Required) telemetry, but can function off Enhanced or Full (or Optional).
- **Function** details why the policy is required and what function it serves for Update Compliance. It will also detail a minimum version the policy is required, if any.
### Mobile Device Management policies
Each MDM Policy links to its documentation in the CSP hierarchy, providing its exact location in the hierarchy and more details.
| Policy | Value | Function |
|---------------------------|-|------------------------------------------------------------|
|**Provider/*ProviderID*/**[**CommercialID**](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp#provider-providerid-commercialid) |[Your CommercialID](update-compliance-get-started.md#get-your-commercialid) |Identifies the device as belonging to your organization. |
|**System/**[**AllowTelemetry**](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) |1- Basic |Configures the maximum allowed telemetry to be sent to Microsoft. Individual users can still set this lower than what the policy defines, see the below policy for more information. |
|**System/**[**ConfigureTelemetryOptInSettingsUx**](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) | Disable Telemetry opt-in Settings | (*Windows 10 1803+*) Determines whether end-users of the device can adjust telemetry to levels lower than the level defined by AllowTelemetry. It is recommended you disable this policy order the effective telemetry level on devices may not be sufficient. |
|**System/**[**AllowDeviceNameInDiagnosticData**](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) | 1 - Allowed | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or set to 0 (Disabled), Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. |
### Group Policies
All Group Policies that need to be configured for Update Compliance are under **Computer Configuration>Administrative Templates>Windows Components\Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value* below.
| Policy | Value | Function |
|---------------------------|-|-----------------------------------------------------------|
|**Configure the Commercial ID** |[Your CommercialID](update-compliance-get-started.md#get-your-commercialid) | Identifies the device as belonging to your organization. |
|**Allow Telemetry** | 1 - Basic |Configures the maximum allowed telemetry to be sent to Microsoft. Individual users can still set this lower than what the policy defines, see the below policy for more information. |
|**Configure telemetry opt-in setting user interface** | Disable telemetry opt-in Settings |(*Windows 10 1803+*) Determines whether end-users of the device can adjust telemetry to levels lower than the level defined by AllowTelemetry. It is recommended you disable this policy order the effective telemetry level on devices may not be sufficient. |
|**Allow device name to be sent in Windows diagnostic data** | Enabled | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. |
## Required endpoints
To enable data sharing between devices, your network, and Microsoft's Diagnostic Data Service, configure your proxy to allow devices to contact the below endpoints.
| **Endpoint** | **Function** |
|---------------------------------------------------------|-----------|
| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. Census.exe must run on a regular cadence and contact this endpoint in order to receive the majority of [WaaSUpdateStatus](update-compliance-schema-waasupdatestatus.md) information for Update Compliance. |
| `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier. |
| `https://settings-win.data.microsoft.com` | Required for Windows Update functionality. |
| `http://adl.windows.com` | Required for Windows Update functionality. |
| `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER), used to provide more advanced error reporting in the event of certain Feature Update deployment failures. |
| `https://oca.telemetry.microsoft.com` | Online Crash Analysis, used to provide device-specific recommendations and detailed errors in the event of certain crashes. |
| `https://login.live.com` | This endpoint facilitates MSA access and is required to create the primary identifier we use for devices. Without this service, devices will not be visible in the solution. This also requires Microsoft Account Sign-in Assistant service to be running (wlidsvc). |
## Required services
Many Windows and Microsoft services are required to ensure that not only the device can function, but Update Compliance can see device data. It is recommended that you allow all default services from the out-of-box experience to remain running. The [Update Compliance Configuration Script](update-compliance-configuration-script.md) checks whether the majority of these services are running or are allowed to run automatically.

99
windows/deployment/update/update-compliance-configuration-script.md Normal file
View File

@ -0,0 +1,99 @@
---
title: Update Compliance Configuration Script
ms.reviewer:
manager: laurawi
description: Downloading and using the Update Compliance Configuration Script
keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: deploy
audience: itpro
author: jaimeo
ms.author: jaimeo
ms.localizationpriority: medium
ms.collection: M365-analytics
ms.topic: article
---
# Configuring devices through the Update Compliance Configuration Script
The Update Compliance Configuration Script is the recommended method of configuring devices to send data to Microsoft for use with Update Compliance. The script configures device policies via Group Policy, ensures that required services are running, and more.
You can [**download the script here**](https://github.com/cinglis-msft/UpdateComplianceConfigurationScript). Keep reading to learn how to configure the script and interpret error codes that are output in logs for troubleshooting.
## How the script is organized
The script is organized into two folders **Pilot** and **Deployment**. Both folders have the same key files: `ConfigScript.ps1` and `RunConfig.bat`. You configure `RunConfig.bat` according to the directions in the .bat itself, which will then execute `ConfigScript.ps1` with the parameters entered to RunConfig.bat.
- The **Pilot** folder and its contents are intended to be used on an initial set of single devices in specific environments (main office & satellite office, for example) for testing and troubleshooting prior to broader deployment. This script is configured to collect and output detailed logs for every device it runs on.
- The **Deployment** folder is intended to be deployed across an entire device population in a specific environment once devices in that environment have been validated with the Pilot script.
## How to use the script
### Piloting and Troubleshooting
> [!IMPORTANT]
> If you encounter an issue with Update Compliance, the first step should be to run the script in Pilot mode on a device you are encountering issues with, and save these Logs for reference with Support.
When using the script in the context of troubleshooting, use `Pilot`. Enter `RunConfig.bat`, and configure it as follows:
1. Configure `logPath` to a path where the script will have write access and a place you can easily access. This specifies the output of the log files generated when the script is in Verbose mode.
2. Configure `commercialIDValue` to your CommercialID. To get your CommercialID, see [Getting your CommercialID](update-compliance-get-started.md#get-your-commercialid).
3. Run the script. The script must be run in System context.
4. Examine the Logs output for any issues. If there were issues:
- Compare Logs output with the required settings covered in [Manually Configuring Devices for Update Compliance] (update-compliance-configuration-manual.md).
- Examine the script errors and refer to the [script error reference](#script-error-reference) on how to interpret the codes.
- Make the necessary corrections and run the script again.
5. When you no longer have issues, proceed to using the script for more broad deployment with the `Deployment` folder.
### Broad deployment
After verifying on a set of devices in a specific environment that everything is configured correctly, you can proceed to broad deployment.
1. Configure `commercialIDValue` in `RunConfig.bat` to [your CommercialID](update-compliance-get-started.md#get-your-commercialid).
2. Use a management tool like Configuration Manager or Intune to broadly deploy the script to your entire target population.
## Script Error Reference
|Error |Description |
|-|-------------------|
| 27 | Not system account. |
| 37 | Unexpected exception when collecting logs|
| 1 | General unexpected error|
| 6 | Invalid CommercialID|
| 48 | CommercialID is not a GUID|
| 8 | Couldn't create registry key path to setup CommercialID|
| 9 | Couldn't write CommercialID at registry key path|
| 53 | There are conflicting CommercialID values.|
| 11 | Unexpected result when setting up CommercialID.|
| 62 | AllowTelemetry registry key is not of the correct type `REG_DWORD`|
| 63 | AllowTelemetry is not set to the appropriate value and it could not be set by the script.|
| 64 | AllowTelemetry is not of the correct type `REG_DWORD`.|
| 99 | Device is not Windows 10.|
| 40 | Unexpected exception when checking and setting telemetry.|
| 12 | CheckVortexConnectivity failed, check Log output for more information.|
| 12 | Unexpected failure when running CheckVortexConnectivity.|
| 66 | Failed to verify UTC connectivity and recent uploads.|
| 67 | Unexpected failure when verifying UTC CSP connectivity of the WMI Bridge.|
| 41 | Unable to impersonate logged-on user.|
| 42 | Unexpected exception when attempting to impersonate logged-on user.|
| 43 | Unexpected exception when attempting to impersonate logged-on user.|
| 16 | Reboot is pending on device, restart device and restart script.|
| 17 | Unexpected exception in CheckRebootRequired.|
| 44 | Error when running CheckDiagTrack service.|
| 45 | DiagTrack.dll not found.|
| 50 | DiagTrack service not running.|
| 54 | Microsoft Account Sign In Assistant (MSA) Service disabled.|
| 55 | Failed to create new registry path for `SetDeviceNameOptIn` of the PowerShell script.|
| 56 | Failed to create property for `SetDeviceNameOptIn` of the PowerShell script at registry path.|
| 57 | Failed to update value for `SetDeviceNameOptIn` of the PowerShell script.|
| 58 | Unexpected exception in `SetDeviceNameOptIn` of the PowerShell script.|
| 59 | Failed to delete `LastPersistedEventTimeOrFirstBoot` property at registry path when attempting to clean up OneSettings.|
| 60 | Failed to delete registry key when attempting to clean up OneSettings.|
| 61 | Unexpected exception when attempting to clean up OneSettings.|
| 52 | Could not find Census.exe|
| 51 | Unexpected exception when attempting to run Census.exe|
| 34 | Unexpected exception when attempting to check Proxy settings.|
| 30 | Unable to disable Enterprise Auth Proxy. This registry value must be 0 for UTC to operate in an authenticated proxy environment.|
| 35 | Unexpected exception when checking User Proxy.|

4
windows/deployment/update/update-compliance-feature-update-status.md
View File

@ -37,9 +37,7 @@ Refer to the following list for what each state means:
## Compatibility holds
Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *compatibility hold* is generated to delay the devices upgrade and safeguard the end-user experience. Holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all compatibility holds on the Windows 10 release information page for any given release.
To learn how compatibility holds are reflected in the experience, see [Update compliance perspectives](update-compliance-perspectives.md#deployment-status).
Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *compatibility hold* is generated to delay the device's upgrade and safeguard the end-user experience. Holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all compatibility holds on the Windows 10 release information page for any given release.
### Opting out of compatibility hold

129
windows/deployment/update/update-compliance-get-started.md
View File

@ -1,8 +1,8 @@
---
title: Get started with Update Compliance (Windows 10)
title: Get started with Update Compliance
ms.reviewer:
manager: laurawi
description: Configure Update Compliance in Azure Portal to see the status of updates and antimalware protection on devices in your network.
description: Prerequisites, Azure onboarding, and configuring devices for Update Compliance
keywords: update compliance, oms, operations management suite, prerequisites, requirements, updates, upgrades, antivirus, antimalware, signature, log analytics, wdav
ms.prod: w10
ms.mktglfcycl: deploy
@ -16,113 +16,68 @@ ms.topic: article
---
# Get started with Update Compliance
This topic explains the steps necessary to configure your environment for Update Compliance.
Steps are provided in sections that follow the recommended setup process:
This topic introduces the high-level steps required to enroll to the Update Compliance solution and configure devices to send data to it. The following steps cover the enrollment and device configuration workflow.
1. Ensure you meet the [Update Compliance prerequisites](#update-compliance-prerequisites).
2. [Add Update Compliance to your Azure subscription](#add-update-compliance-to-your-azure-subscription).
3. [Enroll devices in Update Compliance](#enroll-devices-in-update-compliance).
4. [Use Update Compliance](update-compliance-using.md) to monitor Windows Updates and get Delivery Optimization insights.
1. Ensure you can [meet the requirements](#update-compliance-prerequisites) to use Update Compliance.
2. [Add Update Compliance](#add-update-compliance-to-your-azure-subscription) to your Azure subscription.
3. [Configure devices](#enroll-devices-in-update-compliance) to send data to Update Compliance.
After adding the solution to Azure and configuring devices, there will be a waiting period of up to 72 hours before you can begin to see devices in the solution. Before or as devices appear, you can learn how to [Use Update Compliance](update-compliance-using.md) to monitor Windows Updates and Delivery Optimization.
## Update Compliance prerequisites
Before you begin the process to add Update Compliance to your Azure subscription, first ensure you can meet the prerequisites:
1. Update Compliance works only with Windows 10 Professional, Education, and Enterprise editions. Update Compliance only provides data for the standard Desktop Windows 10 version and is not currently compatible with Windows Server, Surface Hub, IoT, etc.
2. Update Compliance provides detailed deployment data for devices on the Semi-Annual Channel and the Long-term Servicing Channel. Update Compliance will show Windows Insider Preview devices, but currently will not provide detailed deployment information for them.
3. Update Compliance requires at least the Basic level of diagnostic data and a Commercial ID to be enabled on the device.
4. For Windows 10 1803+, device names will not appear in Update Compliance unless you opt in. The steps to accomplish this is outlined in the [Enroll devices in Update Compliance](#enroll-devices-in-update-compliance) section.
1. **Compatible Operating Systems and Editions**: Update Compliance works only with Windows 10 Professional, Education, and Enterprise editions. Update Compliance supports both the typical Windows 10 Enterprise edition, as well as [Windows 10 Enterprise multi-session](https://docs.microsoft.com/azure/virtual-desktop/windows-10-multisession-faq). Update Compliance only provides data for the standard Desktop Windows 10 version and is not currently compatible with Windows Server, Surface Hub, IoT, etc.
2. **Compatible Windows 10 Servicing Channels**: Update Compliance supports Windows 10 devices on the Semi-Annual Channel (SAC) and the Long-term Servicing Channel (LTSC). Update Compliance *counts* Windows Insider Preview (WIP) devices, but does not currently provide detailed deployment insights for them.
3. **Diagnostic data requirements**: Update Compliance requires devices be configured to send diagnostic data at *Required* level (previously *Basic*). To learn more about what's included in different diagnostic levels, see [Diagnostics, feedback, and privacy in Windows 10](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy).
4. **Data transmission requirements**: Devices must be able to contact specific endpoints required to authenticate and send diagnostic data. These are enumerated in detail at [Configuring Devices for Update Compliance manually](update-compliance-configuration-manual.md).
5. **Showing Device Names in Update Compliance**: For Windows 10 1803+, device names will not appear in Update Compliance unless you individually opt-in devices via policy. The steps to accomplish this is outlined in [Configuring Devices for Update Compliance](update-compliance-configuration-manual.md).
## Add Update Compliance to your Azure subscription
Update Compliance is offered as a solution which is linked to a new or existing [Azure Log Analytics](https://docs.microsoft.com/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. To configure this, follow these steps:
1. Sign in to the [Azure Portal](https://portal.azure.com) with your work or school account or a Microsoft account. If you don't already have an Azure subscription you can create one (including free trial options) through the portal.
Update Compliance is offered as an Azure Marketplace application which is linked to a new or existing [Azure Log Analytics](https://docs.microsoft.com/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. To configure this, follow these steps:
1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You may need to login to your Azure subscription to access this.
2. Select **Get it now**.
3. Choose an existing or configure a new Log Analytics Workspace. While an Azure subscription is required, you will not be charged for ingestion of Update Compliance data.
- [Desktop Analytics](https://docs.microsoft.com/sccm/desktop-analytics/overview) customers are advised to use the same workspace for Update Compliance.
- [Azure Update Management](https://docs.microsoft.com/azure/automation/automation-update-management) customers are advised to use the same workspace for Update Compliance.
4. After your workspace is configured and selected, select **Create**. You will receive a notification when the solution has been successfully created.
> [!NOTE]
> Update Compliance is included at no additional cost with Windows 10 Professional, Education, and Enterprise editions. An Azure subscription is required for managing and using Update Compliance, but no Azure charges are expected to accrue to the subscription as a result of using Update Compliance.
> It is not currently supported to programmatically enroll to Update Compliance via the [Azure CLI](https://docs.microsoft.com/cli/azure) or otherwise. You must manually add Update Compliance to your Azure subscription.
2. In the Azure portal select **+ Create a resource**, and search for “Update Compliance". You should see it in the results below.
### Get your CommercialID
![Update Compliance marketplace search results](images/UC_00_marketplace_search.png)
A CommercialID is a globally-unique identifier assigned to a specific Log Analytics workspace. The CommercialID is copied to an MDM or Group Policy and is used to identify devices in your environment.
3. Select **Update Compliance** and a blade will appear summarizing the solutions offerings. At the bottom, select **Create** to begin adding the solution to Azure.
To find your CommercialID within Azure:
![Update Compliance solution creation](images/UC_01_marketplace_create.png)
1. Navigate to the **Solutions** tab for your workspace, and then select the **WaaSUpdateInsights** solution.
2. From there, select the Update Compliance Settings page on the navbar.
3. Your CommercialID is available in the settings page.
4. Choose an existing workspace or create a new workspace that will be assigned to the Update Compliance solution.
- [Desktop Analytics](https://docs.microsoft.com/sccm/desktop-analytics/overview) customers are advised to use the same workspace for Update Compliance.
- If you are creating a new workspace, and your organization does not have policies governing naming conventions and structure, consider the following workspace settings to get started:
- Choose a workspace name which reflects the scope of planned usage in your organization, for example *PC-Analytics*.
- For the resource group setting select **Create new** and use the same name you chose for your new workspace.
- For the location setting, choose the Azure region where you would prefer the data to be stored.
- For the pricing tier select **per GB**.
![Update Compliance workspace creation](images/UC_02_workspace_create.png)
5. The resource group and workspace creation process could take a few minutes. After this, you are able to use that workspace for Update Compliance. Select **Create**.
![Update Compliance workspace selection](images/UC_03_workspace_select.png)
6. Watch for a notification in the Azure portal that your deployment has been successful. This might take a few minutes. Then, select **Go to resource**.
![Update Compliance deployment successful](images/UC_04_resourcegrp_deployment_successful.png)
> [!IMPORTANT]
> Regenerate your CommercialID only if your original ID can no longer be used or if you want to completely reset your workspace. Regenerating your CommercialID cannot be undone and will result in you losing data for all devices that have the current CommercialID until the new CommercialID is deployed to devices.
## Enroll devices in Update Compliance
Once you've added Update Compliance to a workspace in your Azure subscription, you can start enrolling the devices in your organization. For Update Compliance there are three key steps to ensure successful enrollment:
### Deploy your Commercial ID to devices
A Commercial ID is a globally-unique identifier assigned to a specific Log Analytics workspace. This is used to identify devices as part of your environment.
Once you've added Update Compliance to a workspace in your Azure subscription, you'll need to configure any devices you want to monitor. There are two ways to configure devices to use Update Compliance.
To find your Commercial ID within Azure:
1. Navigate to the **Solutions** tab for your workspace, and then select the **WaaSUpdateInsights** solution.
2. From there, select the Update Compliance Settings page on the navbar.
3. Your Commercial ID is available in the settings page.
> [!NOTE]
> After configuring devices via one of the two methods below, it can take up to 72 hours before devices are visible in the solution. Until then, Update Compliance will indicate it is still assessing devices.
![Update Compliance Settings page](images/UC_commercialID.png)
### Configure devices using the Update Compliance Configuration Script
>**Important**
>
>Regenerate your Commercial ID only if your Original ID key can no longer be used or if you want to completely reset your workspace. Regenerating your Commercial ID cannot be undone and will result in you losing data for all devices that have the current Commercial ID until the new Commercial ID is deployed to devices.
The recommended way to configure devices to send data to Update Compliance is using the [Update Compliance Configuration Script](update-compliance-configuration-script.md). The script configures required policies via Group Policy. The script comes with two versions:
#### Deploying Commercial ID using Group Policy
Commercial ID can be deployed using Group Policy. The Group Policy for Commercial ID is under **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds\Configure the Commercial ID**.
- Pilot is more verbose and is intended to be use on an initial set of devices and for troubleshooting.
- Deployment is intended to be deployed across the entire device population you want to monitor with Update Compliance.
![Commercial ID Group Policy location](images/UC_commercialID_GP.png)
To download the script and learn what you need to configure and how to troubleshoot errors, see [Configuring Devices using the Update Compliance Configuration Script](update-compliance-configuration-script.md).
#### Deploying Commercial ID using MDM
Commercial ID can be deployed through a [Mobile Device Management](https://docs.microsoft.com/windows/client-management/mdm/) (MDM) policy beginning with Windows 10, version 1607. Commercial ID is under the [DMClient configuration service provider](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp).
### Configure devices manually
### Ensure endpoints are whitelisted
To enable data sharing between devices, your network, and Microsoft's Diagnostic Data Service, configure your proxy to whitelist the following endpoints. You may need security group approval to do this.
| **Endpoint** | **Function** |
|---------------------------------------------------------|-----------|
| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. |
| `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier. |
| `https://settings-win.data.microsoft.com` | Enables the compatibility update to send data to Microsoft. |
| `http://adl.windows.com` | Allows the compatibility update to receive the latest compatibility data from Microsoft. |
| `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER), used to provide more advanced error reporting in the event of certain Feature Update deployment failures. |
| `https://oca.telemetry.microsoft.com` | Online Crash Analysis, used to provide device-specific recommendations and detailed errors in the event of certain crashes. |
| `https://login.live.com` | This endpoint is optional but allows for the Update Compliance service to more reliably identify and process devices. If you want to disable end-user managed service account (MSA) access, you should apply the appropriate [policy](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts#block-all-consumer-microsoft-account-user-authentication) instead of blocking this endpoint. |
### Set diagnostic data levels
Update Compliance requires that devices are configured to send Microsoft at least the Basic level of diagnostic data in order to function. For more information on Windows diagnostic data, see [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization).
#### Configuring Telemetry level using Group Policy
You can set Allow Telemetry through Group Policy, this setting is in the same place as the Commercial ID policy, under **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds\Allow Telemetry**. Update Compliance requires at least Basic (level 1) to function.
![Allow Telemetry in Group Policy](images/UC_telemetrylevel.png)
#### Configuring Telemetry level using MDM
Telemetry level can additionally be configured through a [Mobile Device Management](https://docs.microsoft.com/windows/client-management/mdm/) (MDM) policy. Allow Telemetry is under the [Policy Configuration Service Provider](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) as [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry).
### Enabling Device Name in telemetry
Beginning with Windows 10, version 1803, Device Name is no longer collected as part of normal Windows Diagnostic Data and must explicitly be allowed to be sent to Microsoft. If devices do not have this policy enabled, their device name will appear as '#' instead.
#### Allow Device Name in Telemetry with Group Policy
Allow Device Name in Telemetry is under the same node as Commercial ID and Allow Telemetry policies in Group Policy, listed as **Allow device name to be sent in Windows diagnostic data**.
#### Allow Device Name in Telemetry with MDM
Allow Device Name in Telemetry is under the [Policy Configuration Service Provider](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) as [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry).
>[!NOTE]
>After enrolling your devices (by deploying your CommercialID and Windows Diagnostic Data settings), it might take 48-72 hours for the first data to appear in the solution. Until then, Update Compliance will indicate it is still assessing devices.
It is possible to manually configure devices to send data to Update Compliance, but the recommended method of configuration is to use the [Update Compliance Configuration Script](update-compliance-configuration-script.md). To learn more about configuring devices manually, see [Manually Configuring Devices for Update Compliance](update-compliance-configuration-manual.md).

30
windows/deployment/update/update-compliance-monitor.md
View File

@ -20,9 +20,8 @@ ms.topic: article
> [!IMPORTANT]
> While [Windows Analytics was retired on January 31, 2020](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor), support for Update Compliance has continued through the Azure Portal; however, please note the following updates:
>
> * On March 31, 2020, the Windows Defender Antivirus reporting feature of Update Compliance will be removed. You can continue to define and review security compliance policies using [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager), which allows finer control over security features and updates.
> * The Perspectives feature of Update Compliance will also be removed on March 31, 2020 in favor of a better experience. The Perspectives feature is part of the Log Search portal of Log Analytics, which was deprecated on February 15, 2019 in favor of [Azure Monitor Logs](https://docs.microsoft.com/azure/azure-monitor/log-query/log-search-transition). Your Update Compliance solution will be automatically upgraded to Azure Monitor Logs, and the data available in Perspectives will be migrated to a set of queries in the [Needs Attention section](update-compliance-need-attention.md) of Update Compliance.
> * On March 31, 2020, the Windows Defender Antivirus reporting feature of Update Compliance was retired. You can continue to review malware definition status and manage and monitor malware attacks with Microsoft Endpoint Manager's [Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune). Configuration Manager customers can monitor Endpoint Protection with [Endpoint Protection in Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/monitor-endpoint-protection).
> * The Perspectives feature of Update Compliance was retired on March 31, 2020 in favor of a better experience. The Perspectives feature is part of the Log Search portal of Log Analytics, which was deprecated on February 15, 2019 in favor of [Azure Monitor Logs](https://docs.microsoft.com/azure/azure-monitor/log-query/log-search-transition). Your Update Compliance solution will be automatically upgraded to Azure Monitor Logs, and the data available in Perspectives will be migrated to a set of queries in the [Needs Attention section](update-compliance-need-attention.md) of Update Compliance.
## Introduction
@ -38,26 +37,11 @@ Update Compliance uses Windows 10 and Windows Defender Antivirus diagnostic data
See the following topics in this guide for detailed information about configuring and using the Update Compliance solution:
- [Get started with Update Compliance](update-compliance-get-started.md): How to add Update Compliance to your environment.
- [Using Update Compliance](update-compliance-using.md): How to begin using Update Compliance.
- [Get started with Update Compliance](update-compliance-get-started.md) provides directions on adding Update Compliance to your Azure subscription and configuring devices to send data to Update Compliance.
- [Using Update Compliance](update-compliance-using.md) breaks down every aspect of the Update Compliance experience.
## Update Compliance architecture
The Update Compliance architecture and data flow follows this process:
1. User computers send diagnostic data to a secure Microsoft data center using the Microsoft Data Management Service.
2. Diagnostic data is analyzed by the Update Compliance Data Service.
3. Diagnostic data is pushed from the Update Compliance Data Service to your Azure Monitor workspace.
4. Diagnostic data is available in the Update Compliance solution.
> [!NOTE]
> This process assumes that Windows diagnostic data is enabled and data sharing is enabled as outlined in the enrollment section of [Get started with Update Compliance](update-compliance-get-started.md).
## Related topics
[Get started with Update Compliance](update-compliance-get-started.md)<BR>
[Use Update Compliance to monitor Windows Updates](update-compliance-using.md)
* [Get started with Update Compliance](update-compliance-get-started.md)
* [Use Update Compliance to monitor Windows Updates](update-compliance-using.md)
* [Update Compliance Schema Reference](update-compliance-schema.md)

8
windows/deployment/update/update-compliance-need-attention.md
View File

@ -19,8 +19,8 @@ ms.topic: article
The **Needs attention!** section provides a breakdown of all Windows 10 device and update issues detected by Update Compliance. The summary tile for this section counts the number of devices that have issues, while the blades within break down the issues encountered. Finally, a [list of queries](#list-of-queries) blade in this section contains queries that provide values but do not fit within any other main section.
>[!NOTE]
>The summary tile counts the number of devices that have issues, while the blades within the section break down the issues encountered. A single device can have more than one issue, so these numbers might not add up.
> [!NOTE]
> The summary tile counts the number of devices that have issues, while the blades within the section break down the issues encountered. A single device can have more than one issue, so these numbers might not add up.
The different issues are broken down by Device Issues and Update Issues:
@ -39,8 +39,8 @@ The different issues are broken down by Device Issues and Update Issues:
Selecting any of the issues will take you to a [Log Analytics](https://docs.microsoft.com/azure/log-analytics/query-language/get-started-analytics-portal) view with all devices that have the given issue.
>[!NOTE]
>This blade also has a link to the [Setup Diagnostic Tool](https://docs.microsoft.com/windows/deployment/upgrade/setupdiag), a standalone tool you can use to obtain details about why a Windows 10 feature update was unsuccessful.
> [!NOTE]
> This blade also has a link to the [Setup Diagnostic Tool](https://docs.microsoft.com/windows/deployment/upgrade/setupdiag), a standalone tool you can use to obtain details about why a Windows 10 feature update was unsuccessful.
## List of Queries

70
windows/deployment/update/update-compliance-perspectives.md
View File

@ -1,70 +0,0 @@
---
title: Update Compliance - Perspectives
ms.reviewer:
manager: laurawi
description: an overview of Update Compliance Perspectives
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: deploy
audience: itpro
itproauthor: jaimeo
author: jaimeo
ms.author: jaimeo
ms.collection: M365-analytics
ms.topic: article
---
# Perspectives
> [!IMPORTANT]
> On March 31, 2020, the Perspectives feature of Update Compliance will be removed in favor of a better experience. The Perspectives feature is part of the Log Search portal of Log Analytics, which was deprecated on February 15, 2019 in favor of [Azure Monitor Logs](https://docs.microsoft.com/azure/azure-monitor/log-query/log-search-transition). Your Update Compliance solution will be automatically upgraded to Azure Monitor Logs, and the data available in Perspectives will be migrated to a set of queries in the [Needs Attention section](update-compliance-need-attention.md) of Update Compliance.
![Perspectives data view](images/uc-perspectiveupdatedeploymentstatus.png)
Perspectives are elaborations on specific queries hand-crafted by developers which data views that provide deeper insight into your data. Perspectives are loaded whenever clicking into more detailed views from both the Security Update Status section and Feature Update Status section of Update Compliance.
There is only one perspective framework; it is for **Update Deployment Status**. The same framework is utilized for both feature and quality updates.
The first blade is the **Build Summary** blade. This blade summarizes the most important aspects of the given build being queried, listing the total number of devices, the total number of update failures for the build, and a breakdown of the different errors encountered.
The second blade is the **Deferral Configurations** blade, breaking down Windows Update for Business deferral settings (if any).
## Deployment status
The third blade is the **Deployment Status** blade. This defines how many days it has been since the queried version has been released, and breaks down the various states in the update funnel each device has reported to be in. The possible states are as follows:
| State | Description |
| --- | --- |
| Update Completed | When a device has finished the update process and is on the queried update, it will display here as Update completed. |
| In Progress | Devices that report they are "In Progress" are one of the various stages of installing an update; these stages are reported in the Detailed Deployment Status blade. |
| Deferred | When a device's Windows Update for Business deferral policy dictates that the update is not yet applicable due to deferral, it will report as such in this blade. |
| Progress stalled | Devices that report as "Progress stalled" have been stuck at "In progress" for more than 7 days. |
| Cancelled | The update was canceled. |
| Blocked | There is a hard block on the update being completed. This could be that another update must be completed before this one, or some other task is blocking the installation of the update. |
| Unknown | Devices that do not report detailed information on the status of their updates will report Unknown. This is most likely devices that do not use Windows Update for deployment. |
| Update paused | These devices have Windows Update for Business pause enabled, preventing this update from being installed. |
| Failed | A device is unable to install an update. This failure could be linked to a serious error in the update installation process or, in some cases, a [compatibility hold](update-compliance-feature-update-status.md#compatibility-holds). |
## Detailed deployment status
The final blade is the **Detailed Deployment Status** blade. This blade breaks down the detailed stage of deployment a device is in, beyond the generalized terms defined in Deployment Status. The following are the possible stages a device can report:
| State | Description |
| --- | --- |
| Update deferred | When a device's Windows Update for Business policy dictates the update is deferred. |
| Update paused | The device's Windows Update for Business policy dictates the update is paused from being offered. |
| Update offered | The device has been offered the update, but has not begun downloading it. |
| Pre-Download tasks passed | The device has finished all necessary tasks prior to downloading the update. |
| Compatibility hold | The device has been placed under a *compatibility hold* to ensure a smooth feature update experience and will not resume the update until the hold has been cleared. For more information see [Feature Update Status report](update-compliance-feature-update-status.md#compatibility-holds) |
| Download Started | The update has begun downloading on the device. |
| Download Succeeded | The update has successfully completed downloading. |
| Pre-Install Tasks Passed | Tasks that must be completed prior to installing the update have been completed. |
| Install Started | Installation of the update has begun. |
| Reboot Required | The device has finished installing the update, and a reboot is required before the update can be completed.
| Reboot Pending | The device has a scheduled reboot to apply the update. |
| Reboot Initiated | The scheduled reboot has been initiated. |
| Update Completed/Commit | The update has successfully installed. |
> [!NOTE]
> Interacting with any rows in the perspective view will automatically apply the given value to the query and execute it with the new parameter, narrowing the perspective to devices that satisfy that criteria. For example, clicking "Not configured (-1)" devices in Deferral Configurations will filter the query to only contain devices that do not have a deferral configuration. These filters can also be applied to queries via the filter sidebar.

55
windows/deployment/update/update-compliance-privacy.md Normal file
View File

@ -0,0 +1,55 @@
---
title: Privacy in Update Compliance
ms.reviewer:
manager: laurawi
description: an overview of the Feature Update Status report
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: deploy
audience: itpro
itproauthor: jaimeo
author: jaimeo
ms.author: jaimeo
ms.collection: M365-analytics
ms.topic: article
---
# Privacy in Update Compliance
Update Compliance is fully committed to privacy, centering on these tenets:
- **Transparency:** Windows 10 diagnostic data events that are required for Update Compliance's operation are fully documented (see the links for additional information) so you can review them with your company's security and compliance teams. The Diagnostic Data Viewer lets you see diagnostic data sent from a given device (see [Diagnostic Data Viewer Overview](https://docs.microsoft.com/windows/configuration/diagnostic-data-viewer-overview) for details).
- **Control:** You ultimately control the level of diagnostic data you wish to share. In Windows 10, version 1709 we added a new policy to Limit enhanced diagnostic data to the minimum required by Windows Analytics.
- **Security:** Your data is protected with strong security and encryption.
- **Trust:** Update Compliance supports the Online Services Terms.
## Data flow for Update Compliance
The data flow sequence is as follows:
1. Diagnostic data is sent from devices to the Microsoft Diagnostic Data Management service, which is hosted in the US.
2. An IT Administrator creates an Azure Log Analytics workspace. They then choose the location this workspace will store data and receives a Commercial ID for that workspace. The Commercial ID is added to each device in an organization by way of Group Policy, MDM or registry key.
3. Each day Microsoft produces a "snapshot" of IT-focused insights for each workspace in the Diagnostic Data Management Service, identifying devices by Commercial ID.
4. These snapshots are copied to transient storage, used solely for Update Compliance where they are partitioned by Commercial ID.
5. The snapshots are then copied to the appropriate Azure Log Analytics workspace, where the Update Compliance experience pulls the information from to populate visuals.
## FAQ
### Can Update Compliance be used without a direct client connection to the Microsoft Data Management Service?
No, the entire service is powered by Windows diagnostic data, which requires that devices have this direct connectivity.
### Can I choose the data center location?
Yes for Azure Log Analytics, but no for the Microsoft Data Management Service (which is hosted in the US).
## Related topics
See related topics for additional background information on privacy and treatment of diagnostic data:
- [Windows 10 and the GDPR for IT Decision Makers](https://docs.microsoft.com/windows/privacy/gdpr-it-guidance)
- [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization)
- [Diagnostic Data Viewer Overview](https://docs.microsoft.com/windows/configuration/diagnostic-data-viewer-overview)
- [Licensing Terms and Documentation](https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=31)
- [Confidence in the trusted cloud](https://azure.microsoft.com/support/trust-center/)
- [Trust Center](https://www.microsoft.com/trustcenter)

46
windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md Normal file
View File

@ -0,0 +1,46 @@
---
title: Update Compliance Schema - WaaSDeploymentStatus
ms.reviewer:
manager: laurawi
description: WaaSDeploymentStatus schema
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: deploy
audience: itpro
itproauthor: jaimeo
author: jaimeo
ms.author: jaimeo
ms.collection: M365-analytics
ms.topic: article
---
# WaaSDeploymentStatus
WaaSDeploymentStatus records track a specific update's installation progress on a specific device. Multiple WaaSDeploymentStatus records can exist simultaneously for a given device, as each record is specific to a given update and its type. For example, a device can have both a WaaSDeploymentStatus tracking a Windows Feature Update, as well as one tracking a Windows Quality Update, at the same time.
|Field |Type |Example |Description |
|-|-|-----|------------------------|
|**Computer** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`JohnPC-Contoso` |User or Organization-provided device name. If this appears as '#', then Device Name may not be sent through telemetry. To enable Device Name to be sent with telemetry, see [Enabling Device Name in Telemetry](https://docs.microsoft.com/windows/deployment/update/update-compliance-get-started#allow-device-name-in-telemetry-with-group-policy). |
|**ComputerID** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user Managed Service Account (MSA) service is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. |
|**DeferralDays** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`0` |The deferral policy for this content type or `UpdateCategory` (Windows `Feature` or `Quality`). |
|**DeploymentError** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Disk Error` |A readable string describing the error, if any. If empty, there is either no string matching the error or there is no error. |
|**DeploymentErrorCode** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`8003001E` |Microsoft internal error code for the error, if any. If empty, there is either no error or there is *no error code*, meaning that the issue raised does not correspond to an error, but some inferred issue. |
|**DeploymentStatus** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Failed` |The high level status of installing this update on this device. Possible values are:<br><li> **Update completed**: Device has completed the update installation.<li> **In Progress**: Device is in one of the various stages of installing an update, detailed in `DetailedStatus`.<li> **Deferred**: A device's deferral policy is preventing the update from being offered by Windows Update.<li> **Cancelled**: The update was cancelled.<li> **Blocked**: There is a hard block on the update being completed. This could be that another update must be completed before this one, or some other task is blocking the installation of the update.<li> **Unknown**: Update Compliance generated WaaSDeploymentStatus records for devices as soon as it detects an update newer than the one installed on the device. Devices that have not sent any deployment data for that update will have the status `Unknown`.<li> **Update paused**: Devices are paused via Windows Update for Business Pause policies, preventing the update from being offered by Windows Update. <li> **Failed**: Device encountered a failure in the update process, preventing it from installing the update. This may result in an automatic retry in the case of Windows Update, unless the `DeploymentError` indicates the issue requires action before the update can continue.|
|**DetailedStatus** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Reboot required` |A detailed status for the installation of this update on this device. Possible values are:<br><li> **Update deferred**: When a device's Windows Update for Business policy dictates the update is deferred.<li> **Update paused**: The device's Windows Update for Business policy dictates the update is paused from being offered.<li> **Update offered**: The device has been offered the update, but has not begun downloading it.<li> **Pre-Download tasks passed**: The device has finished all necessary tasks prior to downloading the update.<li> **Compatibility hold**: The device has been placed under a *compatibility hold* to ensure a smooth feature update experience and will not resume the update until the hold has been cleared. For more information see [Feature Update Status report](update-compliance-feature-update-status.md#compatibility-holds).<li> **Download started**: The update has begun downloading on the device.<li> **Download Succeeded**: The update has successfully completed downloading. <li> **Pre-Install Tasks Passed**: Tasks that must be completed prior to installing the update have been completed.<li> **Install Started**: Installation of the update has begun.<li> **Reboot Required**: The device has finished installing the update, and a reboot is required before the update can be completed.<li> **Reboot Pending**: The device has a scheduled reboot to apply the update.<li> **Reboot Initiated**: The scheduled reboot has been initiated.<li> **Commit**: Changes are being committed post-reboot. This is another step of the installation process.<li> **Update Completed**: The update has successfully installed.|
|**ExpectedInstallDate** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|`3/28/2020, 1:00:01.318 PM`|Rather than the expected date this update will be installed, this should be interpreted as the minimum date Windows Update will make the update available for the device. This takes into account Deferrals. |
|**LastScan** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|`3/22/2020, 1:00:01.318 PM`|The last point in time that this device sent Update Session data. |
|**OriginBuild** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`18363.719` |The build originally installed on the device when this Update Session began. |
|**OSBuild** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`18363.719` |The build currently installed on the device. |
|**OSRevisionNumber** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`719` |The revision of the OSBuild installed on the device. |
|**OSServicingBranch** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Semi-Annual` |The Servicing Branch or [Servicing Channel](https://docs.microsoft.com/windows/deployment/update/waas-overview#servicing-channels) the device is on. Dictates which Windows updates the device receives and the cadence of those updates. |
|**OSVersion** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`1909` |The version of Windows 10. This typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This maps to the `Major` portion of OSBuild. |
|**PauseState** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`NotConfigured` |The on-client Windows Update for Business Pause state. Reflects whether or not a device has paused Feature Updates.<br><li> **Expired**: The pause period has expired.<li> **NotConfigured**: Pause is not configured.<li> **Paused**: The device was last reported to be pausing this content type.<li> **NotPaused**: The device was last reported to not have any pause on this content type. |
|**RecommendedAction** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) | |The recommended action to take in the event this device needs attention, if any. |
|**ReleaseName** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`KB4551762` |The KB Article corresponding to the TargetOSRevision, if any. |
|**TargetBuild** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`18363.720` |The target OSBuild, the update being installed or considered as part of this WaaSDeploymentStatus record. |
|**TargetOSVersion** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`1909` |The target OSVersion. |
|**TargetOSRevision** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`720` |The target OSRevisionNumber. |
|**TimeGenerated** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime) |`3/22/2020, 1:00:01.318 PM`|A DateTime corresponding to the moment Azure Monitor Logs ingested this record to your Log Analytics workspace. |
|**UpdateCategory** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Quality` |The high-level category of content type this Windows Update belongs to. Possible values are **Feature** and **Quality**. |
|**UpdateClassification** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Security` |Similar to UpdateCategory, this more specifically determines whether a Quality update is a security update or not. |
|**UpdateReleasedDate** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime) |`3/22/2020, 1:00:01.318 PM`|A DateTime corresponding to the time the update came available on Windows Update. |

35
windows/deployment/update/update-compliance-schema-waasinsiderstatus.md Normal file
View File

@ -0,0 +1,35 @@
---
title: Update Compliance Schema - WaaSInsiderStatus
ms.reviewer:
manager: laurawi
description: WaaSInsiderStatus schema
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: deploy
audience: itpro
itproauthor: jaimeo
author: jaimeo
ms.author: jaimeo
ms.collection: M365-analytics
ms.topic: article
---
# WaaSInsiderStatus
WaaSInsiderStatus records contain device-centric data and acts as the device record for devices on Windows Insider Program builds in Update Compliance. Each record provided in daily snapshots map to a single device in a single tenant. This table has data such as the current device's installed version of Windows, whether it is on the latest available updates, and whether the device needs attention. Insider devices have fewer fields than [WaaSUpdateStatus](update-compliance-schema-waasupdatestatus.md).
|Field |Type |Example |Description |
|--|--|---|--|
|**Computer** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`JohnPC-Contoso` |User or Organization-provided device name. If this appears as '#', then Device Name may not be sent through telemetry. To enable Device Name to be sent with telemetry, see [Enabling Device Name in Telemetry](https://docs.microsoft.com/windows/deployment/update/update-compliance-get-started#allow-device-name-in-telemetry-with-group-policy). |
|**ComputerID** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user Managed Service Account (MSA) service is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. |
|**OSArchitecture** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`amd64` |The architecture of the Operating System. |
|**OSName** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Windows 10` |The name of the Operating System. This will always be Windows 10 for Update Compliance. |
|**OSVersion** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`1909` |The version of Windows 10. This typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This maps to the `Major` portion of OSBuild. |
|**OSBuild** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`18363.720` |The currently-installed Windows 10 Build, in the format `Major`.`Revision`. `Major` corresponds to which Feature Update the device is on, whereas `Revision` corresponds to which quality update the device is on. Mappings between Feature release and Major, as well as Revision and KBs, are available at [aka.ms/win10releaseinfo](https://docs.microsoft.com/windows/release-information/). |
|**OSRevisionNumber** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`720` |An integer value for the revision number of the currently-installed Windows 10 OSBuild on the device. |
|**OSEdition** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Enterprise` |The Windows 10 Edition or SKU. |
|**OSFamily** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Windows.Desktop` |The Device Family of the device. Only `Windows.Desktop` is currently supported. |
|**OSServicingBranch** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Semi-Annual` |The Servicing Branch or [Servicing Channel](https://docs.microsoft.com/windows/deployment/update/waas-overview#servicing-channels) the device is on. Dictates which Windows updates the device receives and the cadence of those updates. |
|**TimeGenerated** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|3/22/`2020, 1:00:01.318 PM`|A DateTime corresponding to the moment Azure Monitor Logs ingested this record to your Log Analytics workspace. |
|**LastScan** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|3/22/`2020, 2:00:00.436 AM`|A DateTime corresponding to the last time the device sent data to Microsoft. This does not necessarily mean all data that is needed to populate all fields Update Compliance uses was sent, this is more like a "heartbeat". |

46
windows/deployment/update/update-compliance-schema-waasupdatestatus.md Normal file
View File

@ -0,0 +1,46 @@
---
title: Update Compliance Schema - WaaSUpdateStatus
ms.reviewer:
manager: laurawi
description: WaaSUpdateStatus schema
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: deploy
audience: itpro
itproauthor: jaimeo
author: jaimeo
ms.author: jaimeo
ms.collection: M365-analytics
ms.topic: article
---
# WaaSUpdateStatus
WaaSUpdateStatus records contain device-centric data and acts as the device record for Update Compliance. Each record provided in daily snapshots map to a single device in a single tenant. This table has data such as the current device's installed version of Windows, whether it is on the latest available updates, and whether the device needs attention.
|Field |Type |Example |Description |
|--|-|----|------------------------|
|**Computer** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`JohnPC-Contoso` |User or Organization-provided device name. If this appears as '#', then Device Name may not be sent through telemetry. To enable Device Name to be sent with telemetry, see [Enabling Device Name in Telemetry](https://docs.microsoft.com/windows/deployment/update/update-compliance-get-started#allow-device-name-in-telemetry-with-group-policy). |
|**ComputerID** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user Managed Service Account (MSA) service is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. |
|**DownloadMode** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Simple (99)` |The device's Delivery Optimization DownloadMode. To learn about possible values, see [Delivery Optimization Reference - Download mode](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference#download-mode) |
|**FeatureDeferralDays** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`0` |The on-client Windows Update for Business Deferral Policy days.<br> - **<0**: A value below 0 indicates the policy is disabled. <br> - **0**: A value of 0 indicates the policy is enabled, but the deferral period is 0 days.<br> - **1+**: A value of 1 and above indicates the deferral setting, in days. |
|**FeaturePauseDays** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`0` |*Deprecated* This provides the count of days left in a pause |
|**FeaturePauseState** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`NotConfigured` |The on-client Windows Update for Business Pause state. Reflects whether or not a device has paused Feature Updates.<br><li> **Expired**: The pause period has expired.<li> **NotConfigured**: Pause is not configured.<li> **Paused**: The device was last reported to be pausing this content type.<li> **NotPaused**: The device was last reported to not have any pause on this content type. |
|**QualityDeferralDays** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`0` |The on-client Windows Update for Business Deferral Policy days.<br><li> **<0**: A value below 0 indicates the policy is disabled. <li> **0**: A value of 0 indicates the policy is enabled, but the deferral period is 0 days. <li> **1+**: A value of 1 and above indicates the deferral setting, in days. |
|**QualityPauseDays** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`0` |**Deprecated**. This provides the count of days left in a pause period.|
|**QualityPauseState** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`NotConfigured` |The on-client Windows Update for Business Pause state. Reflects whether or not a device has paused Quality Updates.<br><li>**Expired**: The pause period has expired.<li> **NotConfigured**: Pause is not configured.<li>**Paused**: The device was last reported to be pausing this content type.<li>**NotPaused**: The device was last reported to not have any pause on this content type. |
|**NeedAttentionStatus** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) | |Indicates any reason a device needs attention; if empty, there are no [Device Issues](https://docs.microsoft.com/windows/deployment/update/update-compliance-need-attention#device-issues) for this device. |
|**OSArchitecture** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`amd64` |The architecture of the Operating System. |
|**OSName** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Windows 10` |The name of the Operating System. This will always be Windows 10 for Update Compliance. |
|**OSVersion** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`1909` |The version of Windows 10. This typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This maps to the `Major` portion of OSBuild. |
|**OSBuild** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`18363.720` |The currently-installed Windows 10 Build, in the format `Major`.`Revision`. `Major` corresponds to which Feature Update the device is on, whereas `Revision` corresponds to which quality update the device is on. Mappings between Feature release and Major, as well as Revision and KBs, are available at [aka.ms/win10releaseinfo](https://docs.microsoft.com/windows/release-information/). |
|**OSRevisionNumber** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`720` |An integer value for the revision number of the currently-installed Windows 10 OSBuild on the device. |
|**OSCurrentStatus** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Current` |*Deprecated* Whether or not the device is on the latest Windows Feature Update available, as well as the latest Quality Update for that Feature Update. |
|**OSEdition** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Enterprise` |The Windows 10 Edition or SKU. |
|**OSFamily** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Windows.Desktop` |The Device Family of the device. Only `Windows.Desktop` is currently supported. |
|**OSFeatureUpdateStatus** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Up-to-date` |Indicates whether or not the device is on the latest available Windows 10 Feature Update. |
|**OSQualityUpdateStatus** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Up-to-date` |Indicates whether or not the device is on the latest available Windows 10 Quality Update (for its Feature Update). |
|**OSSecurityUpdateStatus**|[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Up-to-date` |Indicates whether or not the device is on the latest available Windows 10 Quality Update **that is classified as containing security fixes**. |
|**OSServicingBranch** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Semi-Annual` |The Servicing Branch or [Servicing Channel](https://docs.microsoft.com/windows/deployment/update/waas-overview#servicing-channels) the device is on. Dictates which Windows updates the device receives and the cadence of those updates. |
|**TimeGenerated** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|`3/22/2020, 1:00:01.318 PM`|A DateTime corresponding to the moment Azure Monitor Logs ingested this record to your Log Analytics workspace. |
|**LastScan** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|`3/22/2020, 2:00:00.436 AM`|A DateTime corresponding to the last time the device sent data to Microsoft. This does not necessarily mean all data that is needed to populate all fields Update Compliance uses was sent, this is more like a "heartbeat". |

34
windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md Normal file
View File

@ -0,0 +1,34 @@
---
title: Update Compliance Schema - WUDOAggregatedStatus
ms.reviewer:
manager: laurawi
description: WUDOAggregatedStatus schema
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: deploy
audience: itpro
itproauthor: jaimeo
author: jaimeo
ms.author: jaimeo
ms.collection: M365-analytics
ms.topic: article
---
# WUDOAggregatedStatus
WUDOAggregatedStatus records provide information, across all devices, on their bandwidth utilization for a specific content type in the event they use [Delivery Optimization](https://support.microsoft.com/help/4468254/windows-update-delivery-optimization-faq), over the past 28 days.
These fields are briefly described in this article, to learn more about Delivery Optimization in general, check out the [Delivery Optimization Reference](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference).
|Field |Type |Example |Description |
|-|-|-|-|
|**DeviceCount** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`9999` |Total number of devices in this aggregated record. |
|**BWOptPercent28Days** |[real](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/real) |`68.72` |Bandwidth optimization (as a percentage of savings of total bandwidth otherwise incurred) as a result of using Delivery Optimization *across all devices*, computed on a rolling 28-day basis. |
|**BWOptPercent7Days** |[real](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/real) |`13.58` |Bandwidth optimization (as a percentage of savings of total bandwidth otherwise incurred) as a result of using Delivery Optimization *across all devices*, computed on a rolling 7-day basis. |
|**BytesFromCDN** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`254139` |Total number of bytes downloaded from a CDN versus a Peer. This counts against bandwidth optimization.|
|**BytesFromGroupPeers** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`523132` |Total number of bytes downloaded from Group Peers. |
|**BytesFromIntPeers** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`328350` |Total number of bytes downloaded from Internet Peers. |
|**BytesFromPeers** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`43145` |Total number of bytes downloaded from peers. |
|**ContentType** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`Quality Updates` |The type of content being downloaded.|
|**DownloadMode** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`HTTP+LAN (1)` |Device's Delivery Optimization [Download Mode](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference#download-mode) configuration for this device. |
|**TimeGenerated** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|`1601-01-01T00:00:00Z` |A DateTime corresponding to the moment Azure Monitor Logs ingested this record to your Log Analytics workspace.|

57
windows/deployment/update/update-compliance-schema-wudostatus.md Normal file
View File

@ -0,0 +1,57 @@
---
title: Update Compliance Schema - WUDOStatus
ms.reviewer:
manager: laurawi
description: WUDOStatus schema
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: deploy
audience: itpro
itproauthor: jaimeo
author: jaimeo
ms.author: jaimeo
ms.collection: M365-analytics
ms.topic: article
---
# WUDOStatus
> [!NOTE]
> Currently all location-based fields are not working properly. This is a known issue.
WUDOStatus records provide information, for a single device, on their bandwidth utilization for a specific content type in the event they use [Delivery Optimization](https://support.microsoft.com/help/4468254/windows-update-delivery-optimization-faq), and other information to create more detailed reports and splice on certain common characteristics.
These fields are briefly described in this article, to learn more about Delivery Optimization in general, check out the [Delivery Optimization Reference](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference).
|Field |Type |Example |Description |
|-|-|-|-|
|**Computer** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`JohnPC-Contoso` |User or Organization-provided device name. If this appears as '#', then Device Name may not be sent through telemetry. To enable Device Name to be sent with telemetry, see [Enabling Device Name in Telemetry](https://docs.microsoft.com/windows/deployment/update/update-compliance-get-started#allow-device-name-in-telemetry-with-group-policy). |
|**ComputerID** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user Managed Service Account (MSA) service is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. |
|**City** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) | |Approximate city device was in while downloading content, based on IP Address. |
|**Country** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) | |Approximate country device was in while downloading content, based on IP Address. |
|**ISP** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) | |The Internet Service Provider estimation. |
|**BWOptPercent28Days** |[real](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/real) |`68.72` |Bandwidth optimization (as a percentage of savings of total bandwidth otherwise incurred) as a result of using Delivery Optimization *for this device*, computed on a rolling 28-day basis. |
|**BWOptPercent7Days** |[real](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/real) |`13.58` |Bandwidth optimization (as a percentage of savings of total bandwidth otherwise incurred) as a result of using Delivery Optimization *for this device*, computed on a rolling 7-day basis. |
|**BytesFromCDN** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`254139` |Total number of bytes downloaded from a CDN versus a Peer. This counts against bandwidth optimization. |
|**BytesFromGroupPeers** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`523132` |Total number of bytes downloaded from Group Peers. |
|**BytesFromIntPeers** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`328350` |Total number of bytes downloaded from Internet Peers. |
|**BytesFromPeers** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`43145` |Total number of bytes downloaded from peers. |
|**ContentDownloadMode** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`0` |Device's Delivery Optimization [Download Mode](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference#download-mode)**@JAIME** configuration for this content. |
|**ContentType** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`Quality Updates` |The type of content being downloaded. |
|**DOStatusDescription** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) | |A short description of DO's status, if any. |
|**DownloadMode** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`HTTP+LAN (1)` |Device's Delivery Optimization [Download Mode](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference#download-mode) configuration for this device. |
|**DownloadModeSrc** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Default` |The source of the DownloadMode configuration. |
|**GroupID** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) | |The DO Group ID. |
|**NoPeersCount** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) | |The number of peers this device interacted with. |
|**OSName** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`Windows 10` |The name of the Operating System. This will always be Windows 10 for Update Compliance. |
|**OSVersion** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`1909` |The version of Windows 10. This typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This maps to the `Major` portion of OSBuild.  |
|**PeerEligibleTransfers** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`0` |Total number of eligible transfers by Peers. |
|**PeeringStatus** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`On` |The DO Peering Status |
|**PeersCannotConnectCount**|[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`0` |The number of peers this device was unable to connect to. |
|**PeersSuccessCount** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`0` |The number of peers this device successfully connected to. |
|**PeersUnknownCount** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`0` |The number of peers for which there is an unknown relation. |
|**LastScan** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|`1601-01-01T00:00:00Z` |A DateTime corresponding to the last time the device sent data to Microsoft. This does not necessarily mean all data that is needed to populate all fields Update Compliance uses was sent, this is more like a "heartbeat". |
|**TimeGenerated** |[datetime](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/datetime)|`1601-01-01T00:00:00Z` |A DateTime corresponding to the moment Azure Monitor Logs ingested this record to your Log Analytics workspace. |
|**TotalTimeForDownload** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`0:00:00` |The total time it took to download the content. |
|**TotalTransfers** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`0` |The total number of data transfers to download this content. |

29
windows/deployment/update/update-compliance-schema.md Normal file
View File

@ -0,0 +1,29 @@
---
title: Update Compliance Data Schema
ms.reviewer:
manager: laurawi
description: an overview of Update Compliance data schema
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: deploy
audience: itpro
itproauthor: jaimeo
author: jaimeo
ms.author: jaimeo
ms.collection: M365-analytics
ms.topic: article
---
# Update Compliance Schema
When the visualizations provided in the default experience don't fulfill your reporting needs, or if you need to troubleshoot issues with devices, it's valuable to understand the schema for Update Compliance and have a high-level understanding of the capabilities of [Azure Monitor log queries](https://docs.microsoft.com/azure/azure-monitor/log-query/query-language) to power additional dashboards, integration with external data analysis tools, automated alerting, and more.
The table below summarizes the different tables that are part of the Update Compliance solution. To learn how to navigate Azure Monitor Logs to find this data, see [Get started with log queries in Azure Monitor](https://docs.microsoft.com/azure/azure-monitor/log-query/get-started-queries).
|Table |Category |Description |
|--|--|--|
|[**WaaSUpdateStatus**](update-compliance-schema-waasupdatestatus.md) |Device record |This table houses device-centric data and acts as the device record for Update Compliance. Each record provided in daily snapshots map to a single device in a single tenant. This table has data such as the current device's installed version of Windows, whether it is on the latest available updates, and whether the device needs attention. |
|[**WaaSInsiderStatus**](update-compliance-schema-waasinsiderstatus.md) |Device record |This table houses device-centric data specifically for devices enrolled to the Windows Insider Program. Devices enrolled to the Windows Insider Program do not currently have any WaaSDeploymentStatus records, so do not have Update Session data to report on update deployment progress. |
|[**WaaSDeploymentStatus**](update-compliance-schema-waasdeploymentstatus.md) |Update Session record |This table tracks a specific update on a specific device. Multiple WaaSDeploymentStatus records can exist simultaneously for a given device, as each record is specific to a given update and its type. For example, a device can have both a WaaSDeploymentStatus tracking a Windows Feature Update, as well as one tracking a Windows Quality Update, at the same time. |
|[**WUDOStatus**](update-compliance-schema-wudostatus.md) |Delivery Optimization record |This table provides information, for a single device, on their bandwidth utilization across content types in the event they use [Delivery Optimization](https://support.microsoft.com/help/4468254/windows-update-delivery-optimization-faq). |
|[**WUDOAggregatedStatus**](update-compliance-schema-wudoaggregatedstatus.md) |Delivery Optimization record |This table aggregates all individual WUDOStatus records across the tenant and summarizes bandwidth savings across all devices enrolled to Delivery Optimization. |

45
windows/deployment/update/update-compliance-security-update-status.md
View File

@ -22,49 +22,4 @@ The **Overall Security Update Status** blade provides a visualization of devices
The **Latest Security Update Status** and **Previous Security Update Status** tiles are stacked to form one blade. The **Latest Security Update Status** provides a visualization of the different deployment states devices are in regarding the latest update for each build (or version) of Windows 10, along with the revision of that update. The **Previous Security Update Status** blade provides the same information without the accompanying visualization.
The various deployment states reported by devices are as follows:
## Deployment status
Deployment status summarizes detailed status into higher-level states to get a quick sense of the status the given device was last reported to be in relative to this specific update. Note that with the latency of deployment data, devices might have since moved on from the reported deployment status.
|Deployment status |Description |
|---------|---------|
|Failed | The device encountered a failure during the update process. Note that due to latency, devices reporting this status may have since retried the update. |
|Progress stalled | The device started the update process, but no progress has been reported in the last 7 days. |
|Deferred | The device is currently deferring the update process due to Windows Update for Business policies. |
|In progress | The device has begun the updating process for this update. This status appears if the device is in any stage of the update process including and after download, but before completing the update. If no progress has been reported in the last 7 days, devices will move to **Progress stalled**.** |
|Update completed | The device has completed the update process. |
|Update paused | The device is prevented from being offered the update due to updates being paused on the device. |
|Unknown | No record is available for this device relative to this update. This is a normal status if an update has recently been released or if the device does not use Windows Update. |
## Detailed status
Detailed status provides a detailed stage-level representation of where in the update process the device was last reported to be in relative to this specific update. Note that with the latency of deployment data, devices might have since moved on from the reported detailed status.
|Detailed status |Description |
|---------|---------|
|Scheduled in next X days | The device is currently deferring the update with Windows Update for Business policies but will be offered the update within the next X days. |
|Compatibility hold | The device has been placed under a *compatibility hold* to ensure a smooth feature update experience and will not resume the update until the hold has been cleared. For more information see [Feature Update Status report](update-compliance-feature-update-status.md#compatibility-holds) |
|Update deferred | The device is currently deferring the update with Windows Update for Business policies. |
|Update paused | The device is prevented from being offered the update due to updates being paused on the device. |
|Update offered | The device has been offered the update by Windows Update but has not yet begun to download it. |
|Download started | The device has begun downloading the update. |
|Download succeeded | The device has finished downloading the update but has not yet begun installing the update. |
|Install started | The device has begun installing the update. |
|PreInstall task passed | The device has passed checks prior to beginning the rest of the installation process after a restart. |
|Reboot required | The device requires a restart to install the update, but one has not yet been scheduled. |
|Reboot pending | The device is pending a restart to install the update. |
|Reboot initiated | The device reports "Reboot initiated" just before actually restarting specifically to apply the update. |
|Commit | The device, after a restart, is committing changes relevant to the update. |
|Finalize succeeded | The device has finished final tasks after a restart to apply the update. |
|Update successful | The device has successfully applied the update. |
|Cancelled | The update was canceled at some point in the update process. |
|Uninstalled | The update was successfully uninstalled from the device. |
|Rollback | The update failed to apply during the update process, causing the device to roll back changes and revert to the previous update. |
The rows of each tile in this section are interactive; selecting them will navigate you to the query that is representative of that row and section.

13
windows/deployment/update/update-compliance-using.md
View File

@ -21,14 +21,13 @@ In this section you'll learn how to use Update Compliance to monitor your device
Update Compliance:
- Provides detailed deployment data for Windows 10 security, quality, and feature updates.
- Reports when devices have issues related to updates that need attention.
- Shows Windows Defender AV status information for devices that use it and meet the [prerequisites](update-compliance-get-started.md#update-compliance-prerequisites).
- Provides detailed deployment monitoring for Windows 10 Feature and Quality updates.
- Reports when devices need attention due to issues related to update deployment.
- Shows bandwidth usage and savings for devices that are configured to use [Delivery Optimization](waas-delivery-optimization.md).
- Provides all of the above data in [Log Analytics](#using-log-analytics), which affords additional querying and export capabilities.
## The Update Compliance tile
After Update Compliance has successfully been [added to your Azure subscription](update-compliance-get-started.md#add-update-compliance-to-your-azure-subscription), youll see this tile:
After Update Compliance has successfully been [added to your Azure subscription](update-compliance-get-started.md#add-update-compliance-to-your-azure-subscription), you'll see this tile:
![Update Compliance tile no data](images/UC_tile_assessing.png)
@ -48,7 +47,7 @@ When you select this tile, you will be redirected to the Update Compliance works
![The Overview blade](images/UC_workspace_overview_blade.png)
Update Compliances overview blade summarizes all the data Update Compliance provides. It functions as a hub from which you can navigate to different sections. The total number of devices detected by Update Compliance is reported in the title of this blade. What follows is a distribution for all devices as to whether they are up to date on the following items:
Update Compliance's overview blade summarizes all the data Update Compliance provides. It functions as a hub from which you can navigate to different sections. The total number of devices detected by Update Compliance is reported in the title of this blade. What follows is a distribution for all devices as to whether they are up to date on the following items:
* Security updates: A device is up to date on quality updates whenever it has the latest applicable quality update installed. Quality updates are monthly cumulative updates that are specific to a version of Windows 10.
* Feature updates: A device is up to date on feature updates whenever it has the latest applicable feature update installed. Update Compliance considers [Servicing Channel](waas-overview.md#servicing-channels) when determining update applicability.
* AV Signature: A device is up to date on Antivirus Signature when the latest Windows Defender Signatures have been downloaded. This distribution only considers devices that are running Windows Defender Antivirus.
@ -84,9 +83,9 @@ This means you should generally expect to see new data device data every 24 hour
Update Compliance is built on the Log Analytics platform that is integrated into Operations Management Suite. All data in the workspace is the direct result of a query. Understanding the tools and features at your disposal, all integrated within Azure Portal, can deeply enhance your experience and complement Update Compliance.
See below for a few topics related to Log Analytics:
* Learn how to effectively execute custom Log Searches by referring to Microsoft Azures excellent documentation on [querying data in Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-log-searches).
* Learn how to effectively execute custom Log Searches by referring to Microsoft Azure's excellent documentation on [querying data in Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-log-searches).
* To develop your own custom data views in Operations Management Suite or [Power BI](https://powerbi.microsoft.com/); check out documentation on [analyzing data for use in Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-dashboards).
* [Gain an overview of Log Analytics alerts](https://docs.microsoft.com/azure/log-analytics/log-analytics-alerts) and learn how to use it to always stay informed about the most critical issues you care about.
* [Gain an overview of Log Analytics' alerts](https://docs.microsoft.com/azure/log-analytics/log-analytics-alerts) and learn how to use it to always stay informed about the most critical issues you care about.
## Related topics

47
windows/deployment/update/update-compliance-wd-av-status.md
View File

@ -1,47 +0,0 @@
---
title: Update Compliance - Windows Defender AV Status report
ms.reviewer:
manager: laurawi
description: an overview of the Windows Defender AV Status report
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: deploy
audience: itpro
itproauthor: jaimeo
author: jaimeo
ms.author: jaimeo
ms.collection: M365-analytics
ms.topic: article
---
# Windows Defender AV Status
> [!IMPORTANT]
> On March 31, 2020, the Windows Defender Antivirus reporting feature of Update Compliance will be removed. You can continue to define and review security compliance policies using [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager), which allows finer control over security features and updates.
![The Windows Defender AV Status report](images/UC_workspace_WDAV_status.png)
The Windows Defender AV Status section deals with data concerning signature and threat status for devices that use Windows Defender Antivirus. The section tile in the [Overview Blade](update-compliance-using.md#overview-blade) provides the percentage of devices with insufficient protection this percentage only considers devices using Windows Defender Antivirus.
> [!NOTE]
> Update Compliance's Windows Defender Antivirus status is compatible with E3, B, F1, VL Professional and below licenses. Devices with an E5 license are not shown here; devices with an E5 license can be monitored using the [Windows Defender ATP portal](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection). If you'd like to learn more about Windows 10 licensing, see the [Windows 10 product licensing options](https://www.microsoft.com/Licensing/product-licensing/windows10.aspx).
## Windows Defender AV Status sections
The **Protection Status** blade gives a count for devices that have either out-of-date signatures or real-time protection turned off. Below, it gives a more detailed breakdown of the two issues. Selecting any of these statuses will navigate you to a Log Search view containing the query.
The **Threat Status** blade shows, among devices that have encountered threats, how many were and were not remediated successfully. It also provides a detailed count. Selecting either of these will take you to the respective query in Log Search for further investigation.
Here are some important terms to consider when using the Windows Defender AV Status section of Update Compliance:
* **Signature out of date** devices are devices with a signature older than 14 days.
* **No real-time protection** devices are devices that are using Windows Defender AV but have turned off real-time protection.
* **Recently disappeared** devices are devices that were previously seen by Windows Defender AV and are no longer seen in the past 7 days.
* **Remediation failed** devices are devices where Windows Defender AV failed to remediate the threat. This could be due to a number of reasons, including a full disk, network error, operation aborted, etc. Manual intervention might be needed from IT team.
* **Not assessed** devices are devices where either a non-Microsoft AV solution is used or it has been more than 7 days since the device recently disappeared.
## Windows Defender data latency
Because of the way Windows Defender is associated with the rest of Windows device data, Defender data for new devices might take much longer to appear than other data types. This process could take up to 28 days.
## Related topics
- [Windows Defender Antivirus pre-requisites](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting#confirm-pre-requisites)

2
windows/deployment/update/waas-manage-updates-wufb.md
View File

@ -52,7 +52,7 @@ You can control when updates are applied, for example by deferring when an updat
Windows Update for Business offers you the ability to turn on or off both driver and Microsoft product updates.
- Drivers (on/off): When "on," this policy will not include drivers with Windows Update.
- Disable Drivers (on/off): When "on," this policy will not include drivers with Windows Update.
- Microsoft product updates (on/off): When "on" this policy will install updates for other Microsoft products.

BIN
windows/deployment/windows-autopilot/images/csp2.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 58 KiB

After

Width:  |  Height:  |  Size: 331 KiB

BIN
windows/deployment/windows-autopilot/images/csp3a.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 253 KiB

BIN
windows/deployment/windows-autopilot/images/csp3b.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 229 KiB

BIN
windows/deployment/windows-autopilot/images/csp4.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 74 KiB

After

Width:  |  Height:  |  Size: 404 KiB

Some files were not shown because too many files have changed in this diff Show More