mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-13 22:07:22 +00:00
slight edit to login.live endpoint language for tone and style
This commit is contained in:
jaimeo
commit
a5bdaf7ffd
@ -1,13 +1,13 @@
|
||||
{
|
||||
"redirections": [
|
||||
{
|
||||
"source_path": "browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md",
|
||||
"redirect_url": "https://docs.microsoft.com/en-us/microsoft-edge/deploy/emie-to-improve-compatibility",
|
||||
"source_path": "windows/application-management/msix-app-packaging-tool-walkthrough.md",
|
||||
"redirect_url": "https://docs.microsoft.com/windows/msix/mpt-overview",
|
||||
"redirect_document_id": true
|
||||
},
|
||||
{
|
||||
"source_path": "browsers/edge/emie-to-improve-compatibility.md",
|
||||
"redirect_url": "https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/interoperability-enterprise-guidance-gp",
|
||||
"source_path": "browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md",
|
||||
"redirect_url": "https://docs.microsoft.com/en-us/microsoft-edge/deploy/emie-to-improve-compatibility",
|
||||
"redirect_document_id": true
|
||||
},
|
||||
{
|
||||
@ -5426,6 +5426,21 @@
|
||||
"redirect_document_id": true
|
||||
},
|
||||
{
|
||||
"source_path": "devices/hololens/hololens-microsoft-dynamics-365-layout-app.md",
|
||||
"redirect_url": "https://docs.microsoft.com/dynamics365/mixed-reality/layout/",
|
||||
"redirect_document_id": true
|
||||
},
|
||||
{
|
||||
"source_path": "devices/hololens/hololens-microsoft-remote-assist-app.md",
|
||||
"redirect_url": "https://docs.microsoft.com/dynamics365/mixed-reality/remote-assist/",
|
||||
"redirect_document_id": true
|
||||
},
|
||||
{
|
||||
"source_path": "devices/hololens/hololens-public-preview-apps.md",
|
||||
"redirect_url": "https://docs.microsoft.com/dynamics365/#pivot=mixed-reality-apps",
|
||||
"redirect_document_id": true
|
||||
},
|
||||
{
|
||||
"source_path": "devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md",
|
||||
"redirect_url": "/surface-hub/provisioning-packages-for-surface-hub",
|
||||
"redirect_document_id": true
|
||||
|
||||
@ -2,6 +2,8 @@
|
||||
|
||||
## [System requirements and supported languages](about-microsoft-edge.md)
|
||||
|
||||
## [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md)
|
||||
|
||||
## [Deploy Microsoft Edge kiosk mode](microsoft-edge-kiosk-mode-deploy.md)
|
||||
|
||||
## [Group policies & configuration options](group-policies/index.yml)
|
||||
|
||||
@ -35,11 +35,14 @@ Some of the components might also need additional system resources. Check the co
|
||||
| Display | Super VGA (800 x 600) or higher-resolution monitor with 256 colors |
|
||||
| Graphics card | Microsoft DirectX 9 or later with Windows Display Driver Model (WDDM) 1.0 driver |
|
||||
| Peripherals | Internet connection and a compatible pointing device |
|
||||
|
||||
---
|
||||
|
||||
|
||||
## Supported languages
|
||||
|
||||
You can use the [Microsoft Translator extension](https://www.microsoft.com/en-us/p/translator-for-microsoft-edge/9nblggh4n4n3) with Microsoft Edge to translate foreign language webpages and text selections for 60+ languages.
|
||||
|
||||
If the extension does not work after install, please restart Microsoft Edge. If the extension still is not working, please provide feedback through the Feedback Hub.
|
||||
|
||||
Microsoft Edge supports all of the same languages as Windows 10, including:
|
||||
|
||||
|
||||
60
browsers/edge/emie-to-improve-compatibility.md
Normal file
60
browsers/edge/emie-to-improve-compatibility.md
Normal file
@ -0,0 +1,60 @@
|
||||
---
|
||||
description: If you're having problems with Microsoft Edge, this topic tells how to use the Enterprise Mode site list to automatically open sites using IE11.
|
||||
ms.assetid: 89c75f7e-35ca-4ca8-96fa-b3b498b53bE4
|
||||
author: shortpatti
|
||||
ms.author: pashort
|
||||
ms.manager: dougkim
|
||||
ms.prod: browser-edge
|
||||
ms.mktglfcycl: support
|
||||
ms.sitesec: library
|
||||
ms.pagetype: appcompat
|
||||
title: Use Enterprise Mode to improve compatibility (Microsoft Edge for IT Pros)
|
||||
ms.localizationpriority: high
|
||||
ms.date: 10/09/2018
|
||||
---
|
||||
|
||||
# Use Enterprise Mode to improve compatibility
|
||||
|
||||
> Applies to: Windows 10
|
||||
|
||||
If you have specific web sites and apps that have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites open in Internet Explorer 11 automatically. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11 with the **Send all intranet sites to IE** group policy.
|
||||
|
||||
Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.
|
||||
|
||||
|
||||
[!INCLUDE [interoperability-goals-enterprise-guidance](../includes/interoperability-goals-enterprise-guidance.md)]
|
||||
|
||||
## Enterprise guidance
|
||||
Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that need ActiveX controls, we recommend that you continue to use Internet Explorer 11 for them. If you don't have IE11 installed anymore, you can download it from the Microsoft Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956).
|
||||
|
||||
We also recommend that you upgrade to IE11 if you're running any earlier versions of Internet Explorer. IE11 is supported on Windows 7, Windows 8.1, and Windows 10. So any legacy apps that work with IE11 will continue to work even as you migrate to Windows 10.
|
||||
|
||||
If you're having trouble deciding whether Microsoft Edge is good for your organization, you can take a look at this infographic about the potential impact of using Microsoft Edge in an organization.
|
||||
|
||||
<br>
|
||||
[Click to enlarge](img-microsoft-edge-infographic-lg.md)<br>
|
||||
[Click to download image](https://www.microsoft.com/download/details.aspx?id=53892)
|
||||
|
||||
|
||||
|Microsoft Edge |IE11 |
|
||||
|---------|---------|
|
||||
|Microsoft Edge takes you beyond just browsing to actively engaging with the web through features like Web Note, Reading View, and Cortana.<ul><li>**Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on webpages.</li><li>**Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout that's optimized for your screen size. While in reading view, you can also save webpages or PDF files to your reading list, for later viewing.</li><li>**Cortana.** Cortana is automatically enabled on Microsoft Edge. Microsoft Edge lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage.</li><li>**Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.</li></ul> |IE11 offers enterprises additional security, manageability, performance, backward compatibility, and modern standards support.<ul><li>**Backward compatibility.** IE11 supports 9 document modes that include high-fidelity emulations for older versions of IE.</li><li>**Modern web standards.** IE11 supports modern web technologies like HTML5, CSS3, and WebGL, which help to ensure today's modern websites and apps work just as well as your old, legacy websites and apps.</li><li>**More secure.** IE11 was designed with security in mind and is more secure than older versions. Using security features like SmartScreen and Enhanced Protected Mode can help IE11 reduce your risk.</li><li>**Faster.** IE11 is significantly faster than previous versions of Internet Explorer, taking advantage of network optimization and hardware-accelerated text, graphics, and JavaScript rendering.</li><li>**Easier migration to Windows 10.** IE11 is the only version of IE that runs on Windows 7, Windows 8.1, and Windows 10. Upgrading to IE11 on Windows 7 can also help your organization support the next generation of software, services, and devices.</li><li>**Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment, and includes more than 1,600 Group Policies and preferences for granular control.</li></ul> |
|
||||
|
||||
|
||||
## Configure the Enterprise Mode Site List
|
||||
[Available policy options](includes/configure-enterprise-mode-site-list-include.md)
|
||||
|
||||
|
||||
## Related topics
|
||||
* [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](https://go.microsoft.com/fwlink/p/?LinkID=624035)
|
||||
* [Enterprise Mode Site List Manager for Windows 10 download](https://go.microsoft.com/fwlink/?LinkId=746562)
|
||||
* [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377)
|
||||
- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
|
||||
- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
|
||||
- [Use the Enterprise Mode Site List Manager](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager)
|
||||
- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/browser/mt612809.aspx)
|
||||
- [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956)
|
||||
- [Microsoft Edge - Deployment Guide for IT Pros](https://technet.microsoft.com/itpro/microsoft-edge/index)
|
||||
- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760644)
|
||||
- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](https://go.microsoft.com/fwlink/p/?LinkId=760646)
|
||||
- [Internet Explorer 11 - FAQ for IT Pros](https://technet.microsoft.com/itpro/internet-explorer/ie11-faq/faq-for-it-pros-ie11)
|
||||
@ -202,7 +202,7 @@ sections:
|
||||
|
||||
- href: https://docs.microsoft.com/en-us/microsoft-edge/deploy/group-policies/sync-browser-settings-gp
|
||||
|
||||
html: <p>Learn how to you can prevent the "browser" group from syncing and prevent users from turning on the the Sync your Settings toggle.</p>
|
||||
html: <p>Learn how to you can prevent the "browser" group from syncing and prevent users from turning on the Sync your Settings toggle.</p>
|
||||
|
||||
image:
|
||||
|
||||
@ -228,4 +228,4 @@ sections:
|
||||
|
||||
src: https://docs.microsoft.com/media/common/i_policy.svg
|
||||
|
||||
title: All group policies
|
||||
title: All group policies
|
||||
|
||||
BIN
browsers/edge/images/microsoft-edge-infographic-sm.png
Normal file
BIN
browsers/edge/images/microsoft-edge-infographic-sm.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 13 KiB |
11
browsers/edge/img-microsoft-edge-infographic-lg.md
Normal file
11
browsers/edge/img-microsoft-edge-infographic-lg.md
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
description: A full-sized view of the Microsoft Edge infographic.
|
||||
title: Full-sized view of the Microsoft Edge infographic
|
||||
ms.date: 11/10/2016
|
||||
---
|
||||
|
||||
Return to: [Browser: Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md)<br>
|
||||
Download image: [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/en-us/download/details.aspx?id=53892)
|
||||
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.prod: edge
|
||||
ms.sitesec: library
|
||||
title: Deploy Microsoft Edge kiosk mode
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 10/08/2018
|
||||
ms.date: 10/10/2018
|
||||
---
|
||||
|
||||
# Deploy Microsoft Edge kiosk mode
|
||||
@ -20,7 +20,7 @@ Microsoft Edge kiosk mode supports four configurations types. For example, you c
|
||||
|
||||
In addition to digital/interactive signage, you can configure Microsoft Edge kiosk mode for public browsing either on a single or multi-app kiosk device. The public browsing kiosk types run Microsoft Edge InPrivate mode to protect user data with a browsing experience designed for public kiosks. For example, the Microsoft Edge Settings are disabled, favorites, extensions, and books are unavailable to prevent users from customizing Microsoft Edge.
|
||||
|
||||
In single-app public browsing, there is an “End session” button and reset after an idle timeout. Both restart Microsoft Edge and clear the user’s session. The reset after the idle timer is set to 5 minutes by default, but you can choose a value of your own.
|
||||
In single-app public browsing, there is an “End session” button and reset after an idle timeout option. Both restart Microsoft Edge and clear the user’s session. The reset after the idle timer is set to 5 minutes by default, but you can choose a value of your own.
|
||||
|
||||
In this topic, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device. You also learn how to set up your Microsoft Edge kiosk mode experience. Learn more about [Configuring kiosk and shared devices running Windows desktop editions](https://docs.microsoft.com/en-us/windows/configuration/kiosk-shared-pc).
|
||||
|
||||
@ -40,7 +40,7 @@ The single-app Microsoft Edge kiosk mode types are:
|
||||
|
||||
- **Interactive signage**, on the other hand, requires user interaction within the page but doesn’t allow for any other uses, such as browsing the internet. Use interactive signage for things like a building business directory or restaurant order/pay station.
|
||||
|
||||
2. **Public browsing** runs Microsoft Edge InPrivate mode to protect user data with a browsing experience designed for publicly accessible kiosk devices. For example, the Microsoft Edge Settings are disabled, favorites, extensions, and books are unavailable to prevent users from customizing Microsoft Edge. Users can’t minimize, close or open a new Microsoft Window. Microsoft Edge is the only app users can use on the device.<p>The single-app public browsing mode is the only kiosk mode that has an ‘End session’ button that users click to end the browsing session and an idle timer that resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session, including any downloads. Use the “Configure kiosk reset after idle timeout” policy to set the idle timer, which is set to 5 minutes by default.<p>A public library or hotel concierge desk are two examples of public browsing that restricts access to only Microsoft Edge.
|
||||
2. **Public browsing** runs Microsoft Edge InPrivate mode to protect user data with a browsing experience designed for publicly accessible kiosk devices. For example, the Microsoft Edge Settings are disabled, favorites, extensions, and books are unavailable to prevent users from customizing Microsoft Edge. Users can’t minimize, close or open a new Microsoft Window. Microsoft Edge is the only app users can use on the device.<p>The single-app public browsing mode is the only kiosk mode that has an ‘End session’ button that users click to end the browsing session and an idle timer that resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session, including any downloads.<p>A public library or hotel concierge desk are two examples of public browsing that restricts access to only Microsoft Edge.
|
||||
|
||||
|
||||
|
||||
@ -66,22 +66,21 @@ Before you can configure Microsoft Edge kiosk mode, you must set up Microsoft Ed
|
||||
|
||||
- **Windows Settings.** Use to set up a couple of single-app kiosk devices. If you hit the Windows key and type “kiosk” you can setup Microsoft Edge kiosk mode for a single-app (Digital / Interactive signage or Public browsing) expereince and define a single URL for the Home button, Start page, and New Tab page. You can also set the reset after an idle timeout.
|
||||
|
||||
IMPORTANT: Do not use the Windows 10 Settings to configure multi-app kiosks.
|
||||
>[!IMPORTANT]
|
||||
>Do not use the Windows 10 Settings to configure multi-app kiosks.
|
||||
|
||||
- **Microsoft Intune or other MDM service.** Use to set up several single-app and multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge kiosk mode experience by using the [supported or available] Microsoft Edge policies. For a list of supported polices see [Supported policies for kiosk mode]().
|
||||
- **Microsoft Intune or other MDM service.** Use to set up several single-app and multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge kiosk mode experience by using the [supported or available] Microsoft Edge policies. For a list of supported polices see [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode).
|
||||
|
||||
>[!NOTE]
|
||||
>For other MDM service, check with your provider for instructions.
|
||||
|
||||
- **Windows PowerShell.** Best for setting up multiple devices as a kiosk. With this method, you can set up single-app or multi-app assigned access using a PowerShell script. For details, see For details, see [Set up a kiosk or digital sign using Windows PowerShell](https://docs.microsoft.com/en-us/windows/configuration/setup-kiosk-digital-signage#set-up-a-kiosk-or-digital-sign-using-windows-powershell).
|
||||
|
||||
- **Windows Configuration Designer.** Best for setting up multiple kiosk devices. Download and install both the latest version of the [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) and [Windows Configuration Manager](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-install-icd#install-windows-configuration-designer-1).
|
||||
|
||||
### Prerequisites
|
||||
|
||||
- Microsoft Edge on Windows 10, version 1809 (Professional, Enterprise, and Education).
|
||||
|
||||
- Configuration and deployment service, such as Windows PowerShell, Microsoft Intune or other MDM service, or Windows Configuration Designer. With these methods, you must have the AppUserModelID (AUMID) to set up Microsoft Edge:<p>Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
|
||||
- Configuration and deployment service, such as Microsoft Intune or other MDM service. With these methods, you must have the AppUserModelID (AUMID) to set up Microsoft Edge:<p>Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
|
||||
|
||||
|
||||
### Use Windows Settings
|
||||
@ -124,7 +123,7 @@ When you set up a single-app kiosk device using Windows Settings, you must first
|
||||
|
||||
11. Once you've configured the policies, restart the kiosk device and sign in with the local kiosk account to validate the configuration.
|
||||
|
||||
*Congratulations!* You’ve just finished setting up Microsoft Edge in assigned access, a kiosk or digital sign, and configured Microsoft Edge kiosk mode.
|
||||
**_Congratulations!_** You’ve just finished setting up Microsoft Edge in assigned access, a kiosk or digital sign, and configured Microsoft Edge kiosk mode.
|
||||
|
||||
**_Next steps._**
|
||||
|
||||
@ -141,60 +140,25 @@ With this method, you can use Microsoft Intune or other MDM services to configur
|
||||
>[!IMPORTANT]
|
||||
>If you are using a local account as a kiosk account in Microsoft Intune or a provisioning package, make sure to sign into this account and then sign out before configuring the assigned access single-app kiosk.
|
||||
|
||||
1. In Microsoft Intune or other MDM service, configure [AssignedAccess](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) to prevent users from accessing the file system, running executables, or other apps.
|
||||
1. In Microsoft Intune or other MDM service, configure [AssignedAccess](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) to prevent users from accessing the file system, running executables, or other apps.
|
||||
|
||||
2. Configure the following MDM settings to setup Microsoft Edge kiosk mode on the kiosk device and then restart the device.
|
||||
2. Configure the following MDM settings to setup Microsoft Edge kiosk mode on the kiosk device and then restart the device.
|
||||
|
||||
| | |
|
||||
|---|---|
|
||||
| **[ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**<p> | Configure the display mode for Microsoft Edge as a kiosk app.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**Single-app kiosk experience**<ul><li>**0** - Digital signage and interactive display</li><li>**1** - InPrivate Public browsing</li></ul></li><li>**Multi-app kiosk experience**<ul><li>**0** - Normal Microsoft Edge running in assigned access</li><li>**1** - InPrivate public browsing with other apps</li></ul></li></ul> |
|
||||
| **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)**<p> | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**0** - No idle timer</li><li>**1-1440 (5 minutes is the default)** - Set reset on idle timer</li></ul> |
|
||||
| **[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages)**<p> | Set one or more start pages, URLs, to load when Microsoft Edge launches.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages<p>**Data type:** String<p>**Allowed values:**<p>Enter one or more URLs, for example,<br> \<https://www.msn.com\>\<https:/www.bing.com\> |
|
||||
| **[ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)**<p> | Configure how the Home Button behaves.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton<p>**Data type:** Integer<p> **Allowed values:**<ul><li>**0 (default)** - Not configured. Show home button, and load the default Start page.</li><li>**1** - Enabled. Show home button and load New Tab page</li><li>**2** - Enabled. Show home button & set a specific page.</li><li>**3** - Enabled. Hide the home button.</li></ul> |
|
||||
| **[SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**<p> | If you set ConfigureHomeButton to 2, configure the home button URL.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.bing.com |
|
||||
| **[SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**<p> | Set a custom URL for the New Tab page.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.msn.com |
|
||||
| | |
|
||||
|---|---|
|
||||
| **[ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**<p> | Configure the display mode for Microsoft Edge as a kiosk app.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**Single-app kiosk experience**<ul><li>**0** - Digital signage and interactive display</li><li>**1** - InPrivate Public browsing</li></ul></li><li>**Multi-app kiosk experience**<ul><li>**0** - Normal Microsoft Edge running in assigned access</li><li>**1** - InPrivate public browsing with other apps</li></ul></li></ul> |
|
||||
| **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)**<p> | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**0** - No idle timer</li><li>**1-1440 (5 minutes is the default)** - Set reset on idle timer</li></ul> |
|
||||
| **[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages)**<p> | Set one or more start pages, URLs, to load when Microsoft Edge launches.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages<p>**Data type:** String<p>**Allowed values:**<p>Enter one or more URLs, for example,<br> \<https://www.msn.com\>\<https:/www.bing.com\> |
|
||||
| **[ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)**<p> | Configure how the Home Button behaves.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton<p>**Data type:** Integer<p> **Allowed values:**<ul><li>**0 (default)** - Not configured. Show home button, and load the default Start page.</li><li>**1** - Enabled. Show home button and load New Tab page</li><li>**2** - Enabled. Show home button & set a specific page.</li><li>**3** - Enabled. Hide the home button.</li></ul> |
|
||||
| **[SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**<p> | If you set ConfigureHomeButton to 2, configure the home button URL.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.bing.com |
|
||||
| **[SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**<p> | Set a custom URL for the New Tab page.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.msn.com |
|
||||
---
|
||||
<br>
|
||||
|
||||
|
||||
**_Congratulations!_** You’ve just finished setting up a kiosk or digital signage and configuring group policies for Microsoft Edge kiosk mode using Microsoft Intune or other MDM service.
|
||||
|
||||
**_Next steps._** Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app.
|
||||
|
||||
### Use a provisioning package
|
||||
|
||||
With this method, you can use a provisioning package to configure Microsoft Edge kiosk mode in assigned access. After you set up the provisioning package for configuring Microsoft Edge in assigned access, you configure how Microsoft Edge behaves on a kiosk device.
|
||||
|
||||
>[!IMPORTANT]
|
||||
>If you are using a local account as a kiosk account in Intune or a provisioning package, make sure to sign into this account and then sign out before configuring the assigned access single-app kiosk.
|
||||
|
||||
1. Open Windows Configuration Designer and select **Provision Kiosk devices**.
|
||||
|
||||
2. Name your project, and click **Next**.
|
||||
|
||||
3. [Set up a kiosk](https://docs.microsoft.com/en-us/windows/configuration/kiosk-single-app#set-up-a-kiosk-using-the-kiosk-wizard-in-windows-configuration-designer).
|
||||
|
||||
4. Switch to the advanced editor and navigate to **Runtime settings \> Policies \> Browser** and set the following policies:
|
||||
|
||||
| | |
|
||||
|---|---|
|
||||
| **[ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**<p> | Configure the display mode for Microsoft Edge as a kiosk app.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**Single-app kiosk experience**<ul><li>**0** - Digital signage and interactive display</li><li>**1** - InPrivate Public browsing</li></ul></li><li>**Multi-app kiosk experience**<ul><li>**0** - Normal Microsoft Edge running in assigned access</li><li>**1** - InPrivate public browsing with other apps</li></ul></li></ul> |
|
||||
| **[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)**<p> | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout<p>**Data type:** Integer<p>**Allowed values:**<ul><li>**0** - No idle timer</li><li>**1-1440 (5 minutes is the default)** - Set reset on idle timer</li></ul> |
|
||||
| **[HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages)**<p> | Set one or more start pages, URLs, to load when Microsoft Edge launches.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages<p>**Data type:** String<p>**Allowed values:**<p>Enter one or more URLs, for example,<br> \<https://www.msn.com\>\<https:/www.bing.com\> |
|
||||
| **[ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)**<p> | Configure how the Home Button behaves.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton<p>**Data type:** Integer<p> **Allowed values:**<ul><li>**0 (default)** - Not configured. Show home button, and load the default Start page.</li><li>**1** - Enabled. Show home button and load New Tab page</li><li>**2** - Enabled. Show home button & set a specific page.</li><li>**3** - Enabled. Hide the home button.</li></ul> |
|
||||
| **[SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**<p> | If you set ConfigureHomeButton to 2, configure the home button URL.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.bing.com |
|
||||
| **[SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**<p> | Set a custom URL for the New Tab page.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.msn.com |
|
||||
---
|
||||
|
||||
5. After you’ve configured the Microsoft Edge kiosk mode policies, including any of the related policies, it’s time to [build the package](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-create-package#build-package).
|
||||
|
||||
6. Click **Finish**.<p>The wizard closes and takes you back to the Customizations page.
|
||||
|
||||
7. [Apply the provisioning package](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-apply-package) to the device, which you can do during the first-run experience (out-of-box experience or OOBE) and after (runtime).
|
||||
|
||||
**_Congratulations!_** You’ve finished creating your provisioning package for Microsoft Edge kiosk mode.
|
||||
|
||||
**_Next steps._** Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app.
|
||||
|
||||
---
|
||||
|
||||
## Microsoft Edge kiosk mode policies
|
||||
@ -213,69 +177,69 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie
|
||||
|
||||
| **MDM Setting** | **Digital /<br>Interactive signage** | **Public browsing<br>single-app** | **Public browsing<br>multi-app** | **Normal<br>mode** |
|
||||
|------------------|:---------:|:---------:|:---------:|:---------:|
|
||||
| [AllowAddressBarDropdown](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowaddressbardropdown) |  |  |  |  |
|
||||
| [AllowAutofill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) |  |  |  |  |
|
||||
| [AllowBrowser](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowbrowser) |  |  |  |  |
|
||||
| [AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) |  |  |  |  |
|
||||
| [AllowCookies](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowcookies) |  |  |  |  |
|
||||
| [AllowDeveloperTools](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdevelopertools) |  |  |  |  |
|
||||
| [AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) |  |  |  |  |
|
||||
| [AllowExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowextensions) |  |  |  |  |
|
||||
| [AllowFlash](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash) |  |  |  |  |
|
||||
| [AllowFlashClickToRun](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) | <sup>2</sup> |  |  |  |
|
||||
| [AllowFullscreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowfullscreenmode)\* |  |  |  |  |
|
||||
| [AllowInPrivate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowinprivate) |  |  |  |  |
|
||||
| [AllowMicrosoftCompatibilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) |  |  | <sup>1</sup> |  |
|
||||
| [AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) |  |  |  |  |
|
||||
| [AllowPopups](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpopups) |  |  |  |  |
|
||||
| [AllowPrelaunch](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch)\* |  |  |  |  |
|
||||
| [AllowPrinting](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprinting)\* |  |  |  |  |
|
||||
| [AllowSavingHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory)\* |  |  |  |  |
|
||||
| [AllowSearchEngineCustomization](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) |  |  |  |  |
|
||||
| [AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) |  |  |  |  |
|
||||
| [AllowSideloadingExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions)\* |  |  |  |  |
|
||||
| [AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) |  |  |  |  |
|
||||
| [AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) |  |  |  |  |
|
||||
| [AllowTabPreloading](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading)\* |  |  |  |  |
|
||||
| [AllowWebContentOnNewTabPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage)\* |  |  |  |  |
|
||||
| [AlwaysEnabledBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) |  |  |  |  |
|
||||
| [ClearBrowsingDataOnExit](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-clearbrowsingdataonexit) |  |  |  |  |
|
||||
| [ConfigureAdditionalSearchEngines](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines) |  |  |  |  |
|
||||
| [ConfigureFavoritesBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar)\* |  |  |  |  |
|
||||
| [ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)\* |  |  |  |  |
|
||||
| [ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)\* |  |  |  |  |
|
||||
| [ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)\* |  |  |  |  |
|
||||
| [ConfigureOpenEdgeWith](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith)\* |  |  |  |  |
|
||||
| [ConfigureTelemetryForMicrosoft365Analytics](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics)\* |  |  |  |  |
|
||||
| [DisableLockdownOfStartPages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages) |  |  |  |  |
|
||||
| [AllowAddressBarDropdown](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowaddressbardropdown) |  |  |  |  |
|
||||
| [AllowAutofill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) |  |  |  |  |
|
||||
| [AllowBrowser](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowbrowser) |  |  |  |  |
|
||||
| [AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) |  |  |  |  |
|
||||
| [AllowCookies](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowcookies) |  |  |  |  |
|
||||
| [AllowDeveloperTools](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdevelopertools) |  |  |  |  |
|
||||
| [AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) |  |  |  |  |
|
||||
| [AllowExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowextensions) |  |  |  |  |
|
||||
| [AllowFlash](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash) |  |  |  |  |
|
||||
| [AllowFlashClickToRun](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) | <sup>2</sup> |  |  |  |
|
||||
| [AllowFullscreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowfullscreenmode)\* |  |  |  |  |
|
||||
| [AllowInPrivate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowinprivate) |  |  |  |  |
|
||||
| [AllowMicrosoftCompatibilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) |  |  | <sup>1</sup> |  |
|
||||
| [AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) |  |  |  |  |
|
||||
| [AllowPopups](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpopups) |  |  |  |  |
|
||||
| [AllowPrelaunch](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch)\* |  |  |  |  |
|
||||
| [AllowPrinting](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowprinting)\* |  |  |  |  |
|
||||
| [AllowSavingHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory)\* |  |  |  |  |
|
||||
| [AllowSearchEngineCustomization](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) |  |  |  |  |
|
||||
| [AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization) |  |  |  |  |
|
||||
| [AllowSideloadingExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions)\* |  |  |  |  |
|
||||
| [AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) |  |  |  |  |
|
||||
| [AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) |  |  |  |  |
|
||||
| [AllowTabPreloading](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading)\* |  |  |  |  |
|
||||
| [AllowWebContentOnNewTabPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage)\* |  |  |  |  |
|
||||
| [AlwaysEnabledBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) |  |  |  |  |
|
||||
| [ClearBrowsingDataOnExit](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-clearbrowsingdataonexit) |  |  |  |  |
|
||||
| [ConfigureAdditionalSearchEngines](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines) |  |  |  |  |
|
||||
| [ConfigureFavoritesBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar)\* |  |  |  |  |
|
||||
| [ConfigureHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)\* |  |  |  |  |
|
||||
| [ConfigureKioskMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)\* |  |  |  |  |
|
||||
| [ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)\* |  |  |  |  |
|
||||
| [ConfigureOpenEdgeWith](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith)\* |  |  |  |  |
|
||||
| [ConfigureTelemetryForMicrosoft365Analytics](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics)\* |  |  |  |  |
|
||||
| [DisableLockdownOfStartPages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages) |  |  |  |  |
|
||||
| [Experience/DoNotSyncBrowserSettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-donotsyncbrowsersetting)\* and [Experience/PreventTurningOffRequiredExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)\* |  |  |  |  |
|
||||
| [EnableExtendedBooksTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) |  |  |  |  |
|
||||
| [EnterpriseModeSiteList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) |  |  | <sup>1</sup> |  |
|
||||
| [FirstRunURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-firstrunurl) |  |  |  |  |
|
||||
| [HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages) |  |  |  |  |
|
||||
| [LockdownFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) |  |  |  |  |
|
||||
| [PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventaccesstoaboutflagsinmicrosoftedge) |  |  |  |  |
|
||||
| [PreventCertErrorOverrides](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides)\* |  |  |  |  |
|
||||
| [PreventFirstRunPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventfirstrunpage) |  | |  |  |
|
||||
| [PreventLiveTileDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection) |  |  |  |  |
|
||||
| [PreventSmartScreenPromptOverride](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverride) |  |  |  |  |
|
||||
| [PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverrideforfiles) |  |  |  |  |
|
||||
| [PreventTurningOffRequiredExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)\* |  |  |  |  |
|
||||
| [PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventusinglocalhostipaddressforwebrtc) |  |  |  |  |
|
||||
| [ProvisionFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) |  |  |  |  |
|
||||
| [SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer) |  |  | <sup>1</sup> |  |
|
||||
| [SetDefaultSearchEngine](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setdefaultsearchengine) |  |  |  |  |
|
||||
| [SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)\* |  |  |  |  |
|
||||
| [SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)\* |  |  |  |  |
|
||||
| [ShowMessageWhenOpeningInteretExplorerSites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) |  |  | <sup>1</sup> |  |
|
||||
| [SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-syncfavoritesbetweenieandmicrosoftedge) |  |  | <sup>1</sup> |  |
|
||||
| [UnlockHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton)\* |  |  |  |  |
|
||||
| [UseSharedFolderForBooks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) |  |  |  |  |
|
||||
| [EnableExtendedBooksTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) |  |  |  |  |
|
||||
| [EnterpriseModeSiteList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) |  |  | <sup>1</sup> |  |
|
||||
| [FirstRunURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-firstrunurl) |  |  |  |  |
|
||||
| [HomePages](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-homepages) |  |  |  |  |
|
||||
| [LockdownFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) |  |  |  |  |
|
||||
| [PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventaccesstoaboutflagsinmicrosoftedge) |  |  |  |  |
|
||||
| [PreventCertErrorOverrides](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides)\* |  |  |  |  |
|
||||
| [PreventFirstRunPage](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventfirstrunpage) |  | |  |  |
|
||||
| [PreventLiveTileDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection) |  |  |  |  |
|
||||
| [PreventSmartScreenPromptOverride](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverride) |  |  |  |  |
|
||||
| [PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverrideforfiles) |  |  |  |  |
|
||||
| [PreventTurningOffRequiredExtensions](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventturningoffrequiredextensions)\* |  |  |  |  |
|
||||
| [PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-preventusinglocalhostipaddressforwebrtc) |  |  |  |  |
|
||||
| [ProvisionFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) |  |  |  |  |
|
||||
| [SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer) |  |  | <sup>1</sup> |  |
|
||||
| [SetDefaultSearchEngine](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setdefaultsearchengine) |  |  |  |  |
|
||||
| [SetHomeButtonURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)\* |  |  |  |  |
|
||||
| [SetNewTabPageURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)\* |  |  |  |  |
|
||||
| [ShowMessageWhenOpeningInteretExplorerSites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer) |  |  | <sup>1</sup> |  |
|
||||
| [SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-syncfavoritesbetweenieandmicrosoftedge) |  |  | <sup>1</sup> |  |
|
||||
| [UnlockHomeButton](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton)\* |  |  |  |  |
|
||||
| [UseSharedFolderForBooks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) |  |  |  |  |
|
||||
---
|
||||
|
||||
*\* New policy as of Windows 10, version 1809.*<p>
|
||||
*1) For multi-app assigned access, you must configure Internet Explorer 11.*<br>
|
||||
*2) For digital/interactive signage to enable Flash, set [AllowFlashClickToRun].(https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) to 0.*
|
||||
*2) For digital/interactive signage to enable Flash, set [AllowFlashClickToRun](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun) to 0.*
|
||||
|
||||
**Legend:**<p>
|
||||
 = Not applicable or not supported <br>
|
||||
@ -301,7 +265,6 @@ Use any of the Microsoft Edge policies listed below to enhance the kiosk experie
|
||||
|
||||
- **[AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/en-us/windows/client-management/mdm/assignedaccess-csp):** The AssignedAccess configuration service provider (CSP) sets the device to run in kiosk mode. Once the CSP has executed, then the next user login associated with the kiosk mode puts the device into the kiosk mode running the application specified in the CSP configuration.
|
||||
|
||||
- **[Create a provisioning page for Windows 10](https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-create-package):** Learn to use Windows Configuration Designer (WCD) to create a provisioning package (.ppkg) for configuring devices running Windows 10. The WCD wizard options provide a simple interface to configure desktop, mobile, and kiosk device settings.
|
||||
|
||||
---
|
||||
|
||||
@ -316,19 +279,20 @@ To provide feedback on Microsoft Edge kiosk mode in Feedback Hub, select **Micro
|
||||
## Feature comparison of kiosk mode and kiosk browser app
|
||||
In the following table, we show you the features available in both Microsoft Edge kiosk mode and Kiosk Browser app available in Microsoft Store. Both kiosk mode and kiosk browser app work in assigned access.
|
||||
|
||||
| **Feature** | **Microsoft Edge kiosk mode** | **Kiosk Browser** |
|
||||
| **Feature** | **Microsoft Edge kiosk mode** | **Kiosk Browser** |
|
||||
|---------------|:----------------:|:---------------:|
|
||||
| Print support |  |  |
|
||||
| Multi-tab support |  |  |
|
||||
| Allow URL support |  <p>*\*For Microsoft Edge kiosk mode use* [Windows Defender Firewall](#_*Windows_Defender_Firewall)*. Microsoft kiosk browser has custom policy support.* |  |
|
||||
| Block URL support | <p>*\*For Microsoft Edge kiosk mode use* [Windows Defender Firewall](#_*Windows_Defender_Firewall)*. Microsoft kiosk browser has custom policy support.* |  |
|
||||
| Configure Home Button |  |  |
|
||||
| Set Start page(s) URL |  |  <p>*Same as Home button URL* |
|
||||
| Set New Tab page URL |  |  |
|
||||
| Favorites management |  |  |
|
||||
| End session button |  | <p>*In Intune, must create custom URI to enable. Dedicated UI configuration targeted for 1808.* |
|
||||
| Multi-tab support |  |  |
|
||||
| Allow URL support |  <p>*\*For Microsoft Edge kiosk mode use* [Windows Defender Firewall](#_*Windows_Defender_Firewall)*. Microsoft kiosk browser has custom policy support.* |  |
|
||||
| Block URL support | <p>*\*For Microsoft Edge kiosk mode use* [Windows Defender Firewall](#_*Windows_Defender_Firewall)*. Microsoft kiosk browser has custom policy support.* |  |
|
||||
| Configure Home Button |  |  |
|
||||
| Set Start page(s) URL |  |  <p>*Same as Home button URL* |
|
||||
| Set New Tab page URL |  |  |
|
||||
| Favorites management |  |  |
|
||||
| End session button |  | <p>*In Microsoft Intune, you must create a custom URI to enable. Dedicated UI configuration targeted for 1808.* |
|
||||
| Reset on inactivity |  |  |
|
||||
| Internet Explorer integration (Enterprise Mode site list) | <p>*Multi-app mode only* |  |
|
||||
| Internet Explorer integration (Enterprise Mode site list) | <p>*Multi-app mode only* |  |
|
||||
| Available in Microsoft Store |  |  |
|
||||
---
|
||||
|
||||
**\*Windows Defender Firewall**<p>
|
||||
|
||||
@ -10,8 +10,5 @@
|
||||
## [Share HoloLens with multiple people](hololens-multiple-users.md)
|
||||
## [Configure HoloLens using a provisioning package](hololens-provisioning.md)
|
||||
## [Install apps on HoloLens](hololens-install-apps.md)
|
||||
## [Preview new mixed reality apps for HoloLens](hololens-public-preview-apps.md)
|
||||
### [Microsoft Remote Assist app](hololens-microsoft-remote-assist-app.md)
|
||||
### [Microsoft Dynamics 365 Layout app](hololens-microsoft-dynamics-365-layout-app.md)
|
||||
## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md)
|
||||
## [Change history for Microsoft HoloLens documentation](change-history-hololens.md)
|
||||
@ -9,13 +9,21 @@ author: jdeckerms
|
||||
ms.author: jdecker
|
||||
ms.topic: article
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 07/27/2018
|
||||
ms.date: 10/08/2018
|
||||
---
|
||||
|
||||
# Change history for Microsoft HoloLens documentation
|
||||
|
||||
This topic lists new and updated topics in the [Microsoft HoloLens documentation](index.md).
|
||||
|
||||
## October 2018
|
||||
|
||||
New or changed topic | Description
|
||||
--- | ---
|
||||
[Preview new mixed reality apps for HoloLens](hololens-public-preview-apps.md) | Removed, and redirected to [Mixed reality apps](https://docs.microsoft.com/dynamics365/#pivot=mixed-reality-apps)
|
||||
[Microsoft Remote Assist app](hololens-microsoft-remote-assist-app.md) | Removed, and redirected to [Overview of Dynamics 365 Remote Assist](https://docs.microsoft.com/dynamics365/mixed-reality/remote-assist/)
|
||||
[Microsoft Dynamics 365 Layout app](hololens-microsoft-dynamics-365-layout-app.md) | Removed, and redirected to [Overview of Dynamics 365 Layout](https://docs.microsoft.com/dynamics365/mixed-reality/layout/)
|
||||
|
||||
## July 2018
|
||||
|
||||
New or changed topic | Description
|
||||
|
||||
@ -1,73 +0,0 @@
|
||||
---
|
||||
title: Microsoft Dynamics 365 Layout
|
||||
description: How to get and deploy the Microsoft Dynamics 365 Layout app throughout your organization
|
||||
ms.prod: hololens
|
||||
ms.sitesec: library
|
||||
author: alhopper-msft
|
||||
ms.author: alhopper
|
||||
ms.topic: article
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 05/21/2018
|
||||
---
|
||||
# Microsoft Dynamics 365 Layout
|
||||
|
||||
Bring designs from concept to completion with confidence and speed. Import 3D models to easily create room layouts in real-world scale. Experience designs as high-quality holograms in physical space or virtual reality and edit with stakeholders in real time. With Dynamics 365 Layout, see ideas in context, saving valuable time and money.
|
||||
|
||||
## Device options and technical requirements
|
||||
|
||||
Below are the device options, and technical requirements, to use and deploy Dynamics 365 Layout throughout your organization.
|
||||
|
||||
### Device options
|
||||
|
||||
Dynamics 365 Layout works with a HoloLens, or with a Windows Mixed Reality headset with motion controllers.
|
||||
|
||||
#### HoloLens requirements
|
||||
|
||||
| OS requirements | Details |
|
||||
|:----------------------------------|:-----------------------------------------------------------|
|
||||
| Build 10.0.17134.77 or above | See [Update HoloLens](https://support.microsoft.com/help/12643/hololens-update-hololens) for instructions on upgrading to this build. |
|
||||
|
||||
#### Windows Mixed Reality headset requirements
|
||||
|
||||
| Requirements | Details |
|
||||
|:----------------------------------------------|:-----------------------------------------------------------|
|
||||
| Windows 10 PC with build 16299.0 or higher | The Windows 10 PC hardware must be able to support the headset. See [Windows Mixed Reality PC hardware guidelines](https://support.microsoft.com/en-us/help/4039260/windows-10-mixed-reality-pc-hardware-guidelines) for specific hardware requirements. We recommend following the **Windows Mixed Reality Ultra** hardware guidelines. |
|
||||
| Motion controllers | Motion controllers are hardware accessories that allow users to take action in mixed reality. See [Motion controllers](https://docs.microsoft.com/en-us/windows/mixed-reality/motion-controllers) to learn more. |
|
||||
|
||||
### Technical requirements
|
||||
|
||||
Have the following technical requirements in place to start using Dynamics 365 Layout.
|
||||
|
||||
| Requirement | Details | Learn more |
|
||||
|:----------------------------------|:------------------|:------------------|
|
||||
| Azure Active Directory (Azure AD) | Required for app distribution through the [Microsoft Store for Business](https://docs.microsoft.com/en-us/microsoft-store/sign-up-microsoft-store-for-business). If you choose not to distribute the app through the Microsoft Store for Business, users can also install Layout on a HoloLens or PC from the [Microsoft Store](https://www.microsoft.com/en-us/store/apps). | [Get started with Azure AD](https://docs.microsoft.com/en-us/azure/active-directory/get-started-azure-ad) |
|
||||
| Network connectivity | Internet access is required to download the app, and utilize all of its features. There are no bandwidth requirements. | |
|
||||
| Apps for sharing | Video calling or screen sharing requires a separate app, such as Microsoft Remote Assist on HoloLens, or Skype or Skype for Business on Windows Mixed Reality headsets.<br/><br/>A Windows 10 PC that meets the Windows Mixed Reality Ultra specifications is also required for video calling or screen sharing when using Layout with a Windows Mixed Reality headset. | [Remote Assist](hololens-microsoft-remote-assist-app.md) <br/><br/>[Windows Mixed Reality PC hardware guidelines](https://support.microsoft.com/en-us/help/4039260/windows-10-mixed-reality-pc-hardware-guidelines) |
|
||||
| Import Tool for Dynamics 365 Layout | The Import Tool for Dynamics 365 Layout is a companion app for Layout that makes model optimization and management easy. The Import Tool runs on Windows 10 PCs, and is required to transfer existing 3D models from your PC to Dynamics 365 Layout, so they can be viewed and edited from the HoloLens or mixed reality headset. The Import Tool is also required to transfer Visio space dimensions to the HoloLens or Windows Mixed Reality headset. | [Import Tool for Dynamics 365 Layout](#get-and-deploy-the-import-tool-for-microsoft-layout) |
|
||||
|
||||
## Get and deploy Dynamics 365 Layout
|
||||
|
||||
Dynamics 365 Layout is available from the Microsoft Store for Business for free for a limited time:
|
||||
|
||||
1. Go to the [Dynamics 365 Layout](https://businessstore.microsoft.com/en-us/store/details/microsoft-dynamics-365-layout/9N20MQ2V3XCW) app in the Microsoft Store for Business.
|
||||
1. Click **Get the app**. Dynamics 365 Layout is added to the **Products and Services** tab for your private store.
|
||||
1. Users can open the **Products and Services** tab to install the app to their device, or you can deploy the app throughout your organization using MDM. See [Install apps on HoloLens](hololens-install-apps.md) for further instructions on deploying apps.
|
||||
|
||||
For a limited time, users can also [Get Dynamics 365 Layout from the Microsoft Store](https://www.microsoft.com/store/productId/9n20mq2v3xcw) for free.
|
||||
|
||||
### Get and deploy the Import Tool for Dynamics 365 Layout
|
||||
|
||||
The **Import Tool for Dynamics 365 Layout** is a companion app for Layout that makes model optimization and management easy. The Import Tool runs on Windows 10 PCs, and is required to transfer existing 3D models from your PC to Dynamics 365 Layout, for viewing and editing on Microsoft HoloLens or a Windows Mixed Reality headset.
|
||||
|
||||
The companion app is available in both the Microsoft Store for Business, and the Microsoft Store, for free for a limited time:
|
||||
|
||||
* [Get the Dynamics 365 Layout Import Tool](https://businessstore.microsoft.com/en-us/store/details/app/9N88Q3RXPLP0) from the Microsoft Store for Business. See [Distribute apps to your employees from Microsoft Store for Business](https://docs.microsoft.com/en-us/microsoft-store/distribute-apps-to-your-employees-microsoft-store-for-business) for instructions on using the Microsoft Store for Business, and/or MDM, to deploy Windows 10 apps throughout your organization.
|
||||
* Alternately, have your users [Get the Dynamics 365 Layout Import Tool](https://www.microsoft.com/store/productId/9N88Q3RXPLP0) from the Microsoft Store to install the app on their Windows 10 PC.
|
||||
|
||||
## Use Dynamics 365 Layout
|
||||
|
||||
For guidance on using the features of the Dynamics 365 Layout app, please see [Set up and use Dynamics 365 Layout](https://support.microsoft.com/help/4294437).
|
||||
|
||||
## Questions and support
|
||||
|
||||
You can ask questions and engage with our team in the [Mixed Reality Tech Community](https://techcommunity.microsoft.com/t5/Mixed-Reality/ct-p/MixedReality).
|
||||
@ -1,64 +0,0 @@
|
||||
---
|
||||
title: Microsoft Remote Assist
|
||||
description: How to get and deploy the Microsoft Remote Assist app throughout your organization
|
||||
ms.prod: hololens
|
||||
ms.sitesec: library
|
||||
author: alhopper-msft
|
||||
ms.author: alhopper
|
||||
ms.topic: article
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 05/22/2018
|
||||
---
|
||||
# Microsoft Remote Assist
|
||||
|
||||
Collaborate remotely with heads-up, hands-free video calling, image sharing, and mixed reality annotations. Firstline workers can share what they see with any expert on Microsoft Teams, while staying hands on to solve problems and complete tasks together, faster. Backed by enterprise-level security, Microsoft Remote Assist enables communication with peace of mind.
|
||||
|
||||
## Technical requirements
|
||||
|
||||
Below are the technical requirements to deploy and use Microsoft Remote Assist throughout your organization.
|
||||
|
||||
### Device requirements
|
||||
|
||||
| Device | OS requirements | Details |
|
||||
|:---------------------------|:----------------------------------|:-----------------------------------------------------------|
|
||||
| HoloLens | Build 10.0.14393.0 or above | See [Manage updates to HoloLens](https://docs.microsoft.com/en-us/HoloLens/hololens-updates) for instructions on using Windows Update for Business, MDM, and Windows Server Update Service (WSUS) to deploy updates to HoloLens. |
|
||||
| Windows 10 PC (optional) | Any Windows 10 build | A Windows 10 PC can collaborate with the HoloLens using Microsoft Teams. |
|
||||
|
||||
> [!Note]
|
||||
> HoloLens build 10.0.14393.0 is the minimum that supports Remote Assist. We recommend updating the HoloLens to newer versions when they are available.
|
||||
|
||||
### Licensing & product requirements
|
||||
|
||||
| Product required | Details | Learn more |
|
||||
|:----------------------------------|:------------------|:------------------|
|
||||
| Azure Active Directory (Azure AD) | Required to log users into the Remote Assist app through Microsoft Teams. Also required for app distribution through the [Microsoft Store for Business](https://docs.microsoft.com/en-us/microsoft-store/sign-up-microsoft-store-for-business). If you choose not to distribute the app through the Microsoft Store for Business, users can alternately install Remote Assist on a HoloLens or PC from the [Microsoft Store](https://www.microsoft.com/en-us/store/apps). | [Get started with Azure AD](https://docs.microsoft.com/en-us/azure/active-directory/get-started-azure-ad) |
|
||||
| Microsoft Teams | Microsoft Teams facilitates communication in Remote Assist. Microsoft Teams must be installed on any device that will make calls to the HoloLens. | [Overview of Microsoft Teams](https://docs.microsoft.com/en-us/MicrosoftTeams/teams-overview) |
|
||||
| Microsoft Office 365 | Because Microsoft Teams is part of Office 365, each user who will make calls from their PC/phone to the HoloLens will need an Office 365 license. | [Office 365 licensing for Microsoft Teams](https://docs.microsoft.com/en-us/MicrosoftTeams/office-365-licensing) |
|
||||
|
||||
### Network requirements
|
||||
|
||||
1.5 MB/s is the recommended bandwidth for optimal performance of Microsoft Remote Assist. Though audio/video calls may be possible in environments with reduced bandwidth, you may experience HoloLens feature degradation, limiting the user experience. To test your company’s network bandwidth, follow these steps:
|
||||
|
||||
1. Have a Teams user video call another Teams user.
|
||||
2. Add another separate video call between a 3rd and 4th user, and another for a 5th and 6th user.
|
||||
3. Continue adding video callers to stress test your network bandwidth until confident that multiple users can successfully connect on video calls at the same time.
|
||||
|
||||
See [Preparing your organization's network for Microsoft Teams](https://docs.microsoft.com/en-us/MicrosoftTeams/prepare-network) to learn more.
|
||||
|
||||
## Get and deploy Microsoft Remote Assist
|
||||
|
||||
Microsoft Remote Assist is available from the Microsoft Store for Business for free for a limited time:
|
||||
|
||||
1. Go to the [Microsoft Remote Assist](https://businessstore.microsoft.com/en-us/store/details/app/9PPJSDMD680S) app in the Microsoft Store for Business.
|
||||
1. Click **Get the app**. Microsoft Remote Assist is added to the **Products and Services** tab for your private store.
|
||||
1. Users can open the **Products and Services** tab to install the app to their device, or you can deploy the app throughout your organization using MDM. See [Install apps on HoloLens](hololens-install-apps.md) for further instructions on deploying apps.
|
||||
|
||||
For a limited time, users can also [Get Microsoft Remote Assist from the Microsoft Store](https://www.microsoft.com/store/productId/9PPJSDMD680S) for free.
|
||||
|
||||
## Use Microsoft Remote Assist
|
||||
|
||||
For guidance on using the features of the Microsoft Remote Assist app, please see [Set up and use Microsoft Remote Assist](https://support.microsoft.com/en-us/help/4294812).
|
||||
|
||||
## Questions and support
|
||||
|
||||
You can ask questions and engage with our team in the [Mixed Reality Tech Community](https://techcommunity.microsoft.com/t5/Mixed-Reality/ct-p/MixedReality).
|
||||
@ -1,31 +0,0 @@
|
||||
---
|
||||
title: Preview new mixed reality apps for HoloLens
|
||||
description: Here's how to download and distribute new mixed reality apps for HoloLens, free for a limited time during public preview
|
||||
ms.prod: hololens
|
||||
ms.sitesec: library
|
||||
author: alhopper
|
||||
ms.author: alhopper
|
||||
ms.topic: article
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 05/21/2018
|
||||
---
|
||||
# Preview new mixed reality apps for HoloLens
|
||||
|
||||
Microsoft has just announced two new mixed reality apps coming to HoloLens: Microsoft Remote Assist and Microsoft Dynamics 365 Layout.
|
||||
|
||||
The gap between the real and digital world limits our ability to take advantage of new technologies and transform how we work, learn, create, communicate, and live. **Mixed reality is here to close that gap**.
|
||||
|
||||
Mixed reality has the potential to help customers and businesses across the globe do things that until now, have never been possible. Mixed reality helps businesses and employees complete crucial tasks faster, safer, more efficiently, and create new ways to connect to customers and partners.
|
||||
|
||||
Ready to get started? Check out the links below to learn more about how you can download and deploy Microsoft's new commercial-focused mixed reality apps.
|
||||
|
||||
## In this section
|
||||
|
||||
| Topic | Description |
|
||||
| --- | --- |
|
||||
| [Microsoft Remote Assist](hololens-microsoft-remote-assist-app.md) | Microsoft Remote Assist enables collaboration in mixed reality to solve problems faster. Firstline workers can collaborate remotely with heads-up, hands-free video calling, image sharing, and mixed reality annotations. They can share what they see with an expert on Microsoft Teams, while staying hands-on to solve problems and complete tasks together, faster. |
|
||||
| [Microsoft Dynamics 365 Layout](hololens-microsoft-dynamics-365-layout-app.md ) | Bring designs from concept to completion with confidence and speed using Microsoft Dynamics 365Layout. Import 3D models to easily create room layouts in real-world scale. Experience designs as high-quality holograms in physical or virtual space and edit in real time. With Microsoft Layout, you can see ideas in context, saving valuable time and money. |
|
||||
|
||||
## Questions and support
|
||||
|
||||
You can ask questions and engage with our team in the [Mixed Reality Tech Community](https://techcommunity.microsoft.com/t5/Mixed-Reality/ct-p/MixedReality).
|
||||
@ -32,7 +32,6 @@ ms.date: 07/27/2018
|
||||
[Share HoloLens with multiple people](hololens-multiple-users.md) | Multiple users can shared a HoloLens device by using their Azure Active Directory accounts. |
|
||||
| [Configure HoloLens using a provisioning package](hololens-provisioning.md) | Provisioning packages make it easy for IT administrators to configure HoloLens devices without imaging |
|
||||
| [Install apps on HoloLens](hololens-install-apps.md) | Use Microsoft Store for Business, mobile device management (MDM), or the Windows Device Portal to install apps on HoloLens |
|
||||
| [Preview new mixed reality apps for HoloLens](hololens-public-preview-apps.md) | Download and deploy new mixed reality apps for HoloLens, free for a limited time during public preview |
|
||||
| [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) | Learn how to use Bitlocker device encryption to protect files and information stored on the HoloLens |
|
||||
| [Change history for Microsoft HoloLens documentation](change-history-hololens.md) | See new and updated topics in the HoloLens documentation library. |
|
||||
|
||||
|
||||
@ -24,9 +24,9 @@ Use the following procedure to configure the App-V 5.0 client configuration.
|
||||
|
||||
`$config = Get-AppvClientConfiguration`
|
||||
|
||||
`Set-AppcClientConfiguration $config`
|
||||
`Set-AppvClientConfiguration $config`
|
||||
|
||||
`Set-AppcClientConfiguration –Name1 MyConfig –Name2 “xyz”`
|
||||
`Set-AppvClientConfiguration –AutoLoad 2`
|
||||
|
||||
**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
|
||||
|
||||
|
||||
@ -24,9 +24,9 @@ Use the following procedure to configure the App-V 5.1 client configuration.
|
||||
|
||||
`$config = Get-AppvClientConfiguration`
|
||||
|
||||
`Set-AppcClientConfiguration $config`
|
||||
`Set-AppvClientConfiguration $config`
|
||||
|
||||
`Set-AppcClientConfiguration –Name1 MyConfig –Name2 “xyz”`
|
||||
`Set-AppvClientConfiguration –AutoLoad 2`
|
||||
|
||||
**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
|
||||
|
||||
|
||||
@ -51,7 +51,7 @@ After installing Microsoft BitLocker Administration and Monitoring (MBAM) with C
|
||||
|
||||
To view the configuration baselines with System Center 2012 Configuration Manager: Click the **Assets and Compliance** workspace, **Compliance Settings**, **Configuration Baselines**.
|
||||
|
||||
5. Use the Configuration Manager console to confirm that that the following new configuration items are displayed:
|
||||
5. Use the Configuration Manager console to confirm that the following new configuration items are displayed:
|
||||
|
||||
- BitLocker Fixed Data Drives Protection
|
||||
|
||||
|
||||
@ -5,7 +5,6 @@
|
||||
## [Understand apps in Windows 10](apps-in-windows-10.md)
|
||||
## [Add apps and features in Windows 10](add-apps-and-features.md)
|
||||
## [Repackage win32 apps in the MSIX format](msix-app-packaging-tool.md)
|
||||
### [Learn how to repackage win32 apps in the MSIX format](msix-app-packaging-tool-walkthrough.md)
|
||||
## [Application Virtualization (App-V) for Windows](app-v/appv-for-windows.md)
|
||||
### [Getting Started with App-V](app-v/appv-getting-started.md)
|
||||
#### [What's new in App-V for Windows 10, version 1703 and earlier](app-v/appv-about-appv.md)
|
||||
|
||||
@ -1,160 +0,0 @@
|
||||
---
|
||||
title: Learn how to repackage your existing win32 applications to the MSIX format. This walkthrough provides in-depth detail on how the MSIX app packaging tool can be used.
|
||||
description: Learn how to use the MSIX packaging tool with this in-depth walkthrough.
|
||||
keywords: ["MSIX", "application", "app", "win32", "packaging tool"]
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.localizationpriority: medium
|
||||
ms.author: mikeblodge
|
||||
ms.topic: article
|
||||
ms.date: 08/027/2018
|
||||
---
|
||||
|
||||
# MSIX Packaging tool walkthrough
|
||||
|
||||
Learn how to repackage your legacy win32 application installers to MSIX, without the need for making code changes to your apps. The MSIX Packaging Tool allows you to modernize your app to take adavantage of Microsoft Store or Microsoft Store for Business to deploy apps on Windows 10 in S mode.
|
||||
|
||||
## Terminology
|
||||
|
||||
|
||||
|Term |Definition |
|
||||
|---------|---------|
|
||||
|MPT | MSIX Packaging Tool. An enterprise grade tool that allows to package apps in the enterprise easily as MSIX without app code changes. |
|
||||
|PSF | Package Support Framework. An open source framework to allow the packaging tool and the IT Admin to apply targeted fixes to the app in order to bypass some of the modern environment constrains. Some fixes will be added automatically by the tool and some will be added manually. |
|
||||
|Modification Package | MSIX package to stores app preferences/settings and add-ins, decoupled from the main package. |
|
||||
|Installer | Application installer can be an MSI, EXE, App-V , ClickOnce. |
|
||||
|Project template file | Template file that saves the settings and parameters used for a certain package conversion. Information captured in the template includes general Tooling packaging options, settings in the options menus like exclusion lists, package deployment settings, application install location, package manifest information like Package Family Name, publisher, version and package properties like capabilities and advanced enterprise features. |
|
||||
|
||||
## Creating an Application package
|
||||
|
||||
|
||||
|
||||
When the tool is first launched, you will be prompted to provide consent to sending telemtry data. It's important to note that the diagnostic data you share only comes from the app and is never used to identify or contact you. This just helps us fix things faster for you.
|
||||
|
||||
|
||||
|
||||
Creating an Application package is the most commonly used option. This is where you will create an MSIX package from an installer, or by manual installation of application payload.
|
||||
- If an installer is being used, browse to and select the desired application installer and click **Next**.
|
||||
- This field accepts a valid existing file path.
|
||||
- The field can be empty if you are manually packaging.
|
||||
- If there is no installer (manual packaging) click **Next**.
|
||||
|
||||
*Optionally*
|
||||
- Check the box under "Use Existing MSIX Package", browse, and select an existing MSIX package you'd like to update.
|
||||
- Check the box under "Use installer Preferences" and enter the desired argument in the provided field. This field accepts any string.
|
||||
|
||||
### Packaging method
|
||||
|
||||
- Select the packaging environment by selecting one of the radio buttons:
|
||||
- "Create package on an existing virtual machine" if you plan to do the package creation on a VM. Click **Next**. (You will be presented with user and password fields to provide credentials for the VM if there are any).
|
||||
- "Create package on this computer" if you plan to package the application on the current machine where the tool is installed. Click **Next**.
|
||||
|
||||
### Create package on this computer
|
||||
|
||||
|
||||
|
||||
You've selected to package your application on the current machine where the tool is installed. Nice job! Provide the information pertaining to the app. The tool will try to auto-fill these fields based on the information available from the installer. You will always have a choice to update the entries as needed. If the field as an asterisk*, it's required, but you already knew that. Inline help is provided if the entry is not valid.
|
||||
|
||||
- Package name:
|
||||
- Required and corresponds to package identity Name in the manifest to describe the contents of the package.
|
||||
- Must match the Name subject information of the certificate used to sign a package.
|
||||
- Is not shown to the end user.
|
||||
- Is case-sensitive and cannot have a space.
|
||||
- Can accept string between 3 and 50 characters in length that consists of alpha-numeric, period, and dash characters.
|
||||
- Cannot end with a period and be one of these: "CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", and "LPT9."
|
||||
- Package display name:
|
||||
- Required and corresponds to package <DisplayName> in the manifest to display a friendly package name to the user, in start menu and settings pages.
|
||||
- Field accepts A string between 1 and 256 characters in length and is localizable.
|
||||
- Publisher name
|
||||
- Required and corresponds to package <Publisher Name> that describes the publisher information.
|
||||
- The Publisher attribute must match the publisher subject information of the certificate used to sign a package.
|
||||
- This field accepts a string between 1 and 8192 characters in length that fits the regular expression of a distinguished name : "(CN | L | O | OU | E | C | S | STREET | T | G | I | SN | DC | SERIALNUMBER | Description | PostalCode | POBox | Phone | X21Address | dnQualifier | (OID.(0 | [1-9][0-9])(.(0 | [1-9][0-9]))+))=(([^,+="<>#;])+ | ".")(, ((CN | L | O | OU | E | C | S | STREET | T | G | I | SN | DC | SERIALNUMBER | Description | PostalCode | POBox | Phone | X21Address | dnQualifier | (OID.(0 | [1-9][0-9])(.(0 | [1-9][0-9]))+))=(([^,+="<>#;])+ | ".")))*".
|
||||
- Publisher display name
|
||||
- Reuqired and corresponds to package <PublisherDisplayName> in the manifest to display a friendly publisher name to the user, in App installer and settings pages.
|
||||
- Field accepts A string between 1 and 256 characters in length and is localizable.
|
||||
- Version
|
||||
- Required and corresponds to package <Identity Version> in the manifest to describe the The version number of the package.
|
||||
- This field accepts a version string in quad notation, "Major.Minor.Build.Revision".
|
||||
- Install location
|
||||
- This is the location that the installer is going to copy the application payload to (usually Programs Files folder).
|
||||
- This field is optional but recommended.
|
||||
- Browse to and select a folder path.
|
||||
- Make sure this filed matches Installers Install location while you go through the application install operation.
|
||||
|
||||
### Prepare computer
|
||||
|
||||
|
||||
|
||||
- You are provided with options to prepare the computer for packaging.
|
||||
- MSIX Packaging Tool Driver is required and the tool will automatically try to enable it if it is not enabled.
|
||||
> [!NOTE]
|
||||
> MSIX Packaging tool driver monitors the system to capture the changes that an installer is making on the system which allows MSIX Packaging Tool to create a package based on those changes.
|
||||
- The tool will first check with DISM to see if the driver is installed.
|
||||
- [Optional] Check the box for “Windows Search is Active” and select “disable selected” if you choose to disable the search service.
|
||||
- This is not required, only recommended.
|
||||
- Once disabled, the tool will update the status field to “disabled”
|
||||
- [Optional] Check the box for “Windows Update is Active” and select “disable selected” if you choose to disable the Update service.
|
||||
- This is not required, only recommended.
|
||||
- Once disabled, the tool will update the status field to “disabled”
|
||||
- “Pending reboot” checkbox is disabled by default. You'll need to manually restart the machine and then launch the tool again if you are prompted that pending operations need a reboot.
|
||||
- This not required, only recommended.
|
||||
When you're done preparing the machine, click **Next**.
|
||||
|
||||
### Installation
|
||||
|
||||
|
||||
|
||||
- This is installation phase where the tool is monitoring and capturing the application install operations.
|
||||
- If you've provided an installer, the tool will launch the installer and you'll need to go through the installer wizard to install the application.
|
||||
- Make sure the installation path matches what was defined earlier in the package information page.
|
||||
- You'll need to create a shortcut in desktop for the newly installed application.
|
||||
- Once you're done with the application installation wizard, make sure you finish or close on the installation wizard.
|
||||
- If you need to run multiple installers you can do that manually at this point.
|
||||
- If the app needs other pre-reqs, you need to install them now.
|
||||
- If the application needs .Net 3.5/20, add the optional feature to Windows.
|
||||
- If installer was not provided, manually copy the application binaries to the install location that you've defined earlier in package information.
|
||||
- When you've completed installing the application, click **Next**.
|
||||
|
||||
### Manage first launch tasks
|
||||
|
||||
|
||||
|
||||
- This page shows application executables that the tool captured.
|
||||
- We recommended launching the application at least once to capture any first launch tasks.
|
||||
- If there are multiple applications, check the box that corresponds to the main entry point.
|
||||
- If you don't see the application .exe here, manually browse to and run it.
|
||||
- Click **Next**
|
||||
|
||||
|
||||
|
||||
You'll be prompted with a pop up asking for confirmation that you're finished with application installation and managing first launch tasks.
|
||||
- If you're done, click **Yes, move on**.
|
||||
- If you're not done, click **No, I'm not done**. You'll be taken back to the last page to where you can launch applications, install or copy other files, and dlls/executables.
|
||||
|
||||
### Package support report
|
||||
|
||||
|
||||
|
||||
- Here you'll have a chance to add PSF runtime fixes that might be applicable to the application. *(not supported in preview)*
|
||||
- The tool will make some suggestions and apply fixes that it thinks are applicable.
|
||||
- You'll have the opportunity to add, remove or edit PSF runtime fixes
|
||||
- You can see a list of PSFs provided by the community from Github.
|
||||
- You'll also see a packaging report on this page. The report will call out noteworthy items for example:
|
||||
- If certain restricted capabilities like allowElevation is added
|
||||
- If certain files were excluded from the package.
|
||||
- Etc
|
||||
Once done, click **Next**.
|
||||
|
||||
## Create package
|
||||
|
||||
|
||||
|
||||
- Provide a location to save the MSIX package.
|
||||
- By default, packages are saved in local app data folder.
|
||||
- You can define the default save location in Settings menu.
|
||||
- If you'd like to continue to edit the content and properties of the package before saving the MSIX package, you can select “Package editor” and be taken to package editor.
|
||||
- If you prefer to sign the package with a pre-made certificate for testing, browse to and select the certificate.
|
||||
- Click **Create** to create the MSIX package.
|
||||
|
||||
You'll be presented with the pop up when the package is created. This pop up will include the name, publisher, and save location of the newly created package. You can close this pop up and get redirected to the welcome page. You can also select package editor to see and modify the package content and properties.
|
||||
@ -90,7 +90,7 @@ The following image shows the ClientCertificateInstall configuration service pro
|
||||
<p style="margin-left: 20px">Supported operations are Get, Add, and Replace.
|
||||
|
||||
<a href="" id="clientcertificateinstall-pfxcertinstall-uniqueid-pfxcertpasswordencryptiontype"></a>**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPasswordEncryptionType**
|
||||
<p style="margin-left: 20px">Optional. Used to specify whtether the PFX certificate password is encrypted with the MDM certificate by the MDM server.
|
||||
<p style="margin-left: 20px">Optional. Used to specify whether the PFX certificate password is encrypted with the MDM certificate by the MDM server.
|
||||
|
||||
<p style="margin-left: 20px">The data type is int. Valid values:
|
||||
|
||||
|
||||
@ -2744,11 +2744,17 @@ The following list shows the configuration service providers supported in Window
|
||||
- [DMAcc CSP](dmacc-csp.md)
|
||||
- [DMClient CSP](dmclient-csp.md)
|
||||
- [EnterpriseAppManagement CSP](enterpriseappmanagement-csp.md)
|
||||
- [HealthAttestation CSP](healthattestation-csp.md)
|
||||
- [NetworkProxy CSP](networkproxy-csp.md)
|
||||
- [Policy CSP](policy-configuration-service-provider.md)
|
||||
- [Provisioning CSP (Provisioning only)](provisioning-csp.md)
|
||||
- [Reboot CSP](reboot-csp.md)
|
||||
- [RemoteWipe CSP](remotewipe-csp.md) 1
|
||||
- [RootCATrustedCertificates CSP](rootcacertificates-csp.md)
|
||||
- [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md)
|
||||
- [Update CSP](update-csp.md)
|
||||
- [VPNv2 CSP](vpnv2-csp.md)
|
||||
- [WiFi CSP](wifi-csp.md)
|
||||
|
||||
|
||||
Footnotes:
|
||||
- 1 - Added in Windows 10, version 1809
|
||||
|
||||
@ -332,11 +332,11 @@ Sample syncxml to provision the firewall settings to evaluate
|
||||
<p style="margin-left: 20px">Value type is bool. Supported operations are Add, Get, Replace, and Delete.</p>
|
||||
|
||||
<a href="" id="localuserauthorizedlist"></a>**FirewallRules/_FirewallRuleName_/LocalUserAuthorizationList**
|
||||
<p style="margin-left: 20px">Specifies the list of authorized local users for the app container. This is a string in Security Descriptor Definition Language (SDDL) format.</p>
|
||||
<p style="margin-left: 20px">Specifies the list of authorized local users for this rule. This is a string in Security Descriptor Definition Language (SDDL) format.</p>
|
||||
<p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Replace, and Delete.</p>
|
||||
|
||||
<a href="" id="status"></a>**FirewallRules/_FirewallRuleName_/Status**
|
||||
<p style="margin-left: 20px">Provides information about the specific verrsion of the rule in deployment for monitoring purposes.</p>
|
||||
<p style="margin-left: 20px">Provides information about the specific version of the rule in deployment for monitoring purposes.</p>
|
||||
<p style="margin-left: 20px">Value type is string. Supported operation is Get.</p>
|
||||
|
||||
<a href="" id="name"></a>**FirewallRules/_FirewallRuleName_/Name**
|
||||
|
||||
@ -1055,7 +1055,7 @@ If you choose to completely wipe a device when lost or when an employee leaves t
|
||||
|
||||
A better option than wiping the entire device is to use Windows Information Protection to clean corporate-only data from a personal device. As explained in the Apps chapter, all corporate data will be tagged and when the device is unenrolled from your MDM system of your choice, all enterprise encrypted data, apps, settings and profiles will immediately be removed from the device without affecting the employee’s existing personal data. A user can initiate unenrollment via the settings screen or unenrollment action can be taken by IT from within the MDM management console. Unenrollment is a management event and will be reported to the MDM system.
|
||||
|
||||
**Corporate device:** You can certainly remotely expire the user’s encryption key in case of device theft, but please remember that that will also make the encrypted data on other Windows devices unreadable for the user. A better approach for retiring a discarded or lost device is to execute a full device wipe. The help desk or device users can initiate a full device wipe. When the wipe is complete, Windows 10 Mobile returns the device to a clean state and restarts the OOBE process.
|
||||
**Corporate device:** You can certainly remotely expire the user’s encryption key in case of device theft, but please remember that will also make the encrypted data on other Windows devices unreadable for the user. A better approach for retiring a discarded or lost device is to execute a full device wipe. The help desk or device users can initiate a full device wipe. When the wipe is complete, Windows 10 Mobile returns the device to a clean state and restarts the OOBE process.
|
||||
|
||||
**Settings for personal or corporate device retirement**
|
||||
- **Allow manual MDM unenrollment** Whether users are allowed to delete the workplace account (i.e., unenroll the device from the MDM system)
|
||||
|
||||
@ -6,7 +6,7 @@ keywords: ["group policy", "start menu", "start screen"]
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
author: coreyp
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
ms.topic: article
|
||||
ms.localizationpriority: medium
|
||||
|
||||
@ -25,6 +25,9 @@ ms.date: 4/16/2018
|
||||
|
||||
IT pros can configure access to Microsoft Store for client computers in their organization. For some organizations, business policies require blocking access to Microsoft Store.
|
||||
|
||||
> [!Important]
|
||||
> All executable code including Microsoft Store applications should have an update and maintenance plan. Organizations that use Microsoft Store applications should ensure that the applications can be updated through the Microsoft Store over the internet, through the [Private Store](/microsoft-store/distribute-apps-from-your-private-store), or [distributed offline](/microsoft-store/distribute-offline-apps) to keep the applications up to date.
|
||||
|
||||
## Options to configure access to Microsoft Store
|
||||
|
||||
|
||||
@ -80,8 +83,7 @@ You can also use Group Policy to manage access to Microsoft Store.
|
||||
4. On the **Turn off Store application** setting page, click **Enabled**, and then click **OK**.
|
||||
|
||||
> [!Important]
|
||||
> Enabling **Turn off Store application** policy turns off app updates from Microsoft Store.
|
||||
|
||||
> Enabling **Turn off Store application** policy turns off app updates from Microsoft Store.
|
||||
|
||||
## <a href="" id="block-store-mdm"></a>Block Microsoft Store using management tool
|
||||
|
||||
|
||||
@ -20,7 +20,7 @@ ms.date: 06/19/2018
|
||||
|
||||
- Windows 10
|
||||
|
||||
> **Looking for consumer information?** See [Customize the Start menu](https://windows.microsoft.com/windows-10/getstarted-see-whats-on-the-menu)
|
||||
> **Looking for consumer information?** [See what's on the Start menu](https://support.microsoft.com/help/17195/windows-10-see-whats-on-the-menu)
|
||||
|
||||
Organizations might want to deploy a customized Start and taskbar configuration to devices running Windows 10 Pro, Enterprise, or Education. A standard, customized Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes. Configuring the taskbar allows the organization to pin useful apps for their employees and to remove apps that are pinned by default.
|
||||
|
||||
|
||||
@ -57,7 +57,7 @@ Clicking the header of the Frequently Crashing Devices blade opens a reliability
|
||||
Notice the filters in the left pane; they allow you to filter the crash rate shown to a particular operating system version, device model, or other parameter.
|
||||
|
||||
>[!NOTE]
|
||||
>Use caution when interpreting results filtered by model or operating system version. This is very useful for troubleshooting, but might not be accurate for *comparisons* because the crashes displayed could be of different types. The overall goal for working with crash data is to ensure that most devices have the same driver versions and that that version has a low crash rate.
|
||||
>Use caution when interpreting results filtered by model or operating system version. This is very useful for troubleshooting, but might not be accurate for *comparisons* because the crashes displayed could be of different types. The overall goal for working with crash data is to ensure that most devices have the same driver versions and that the version has a low crash rate.
|
||||
|
||||
>[!TIP]
|
||||
>Once you've applied a filter (for example setting OSVERSION=1607) you will see the query in the text box change to append the filter (for example, with “(OSVERSION=1607)”). To undo the filter, remove that part of the query in the text box and click the search button to the right of the text box to run the adjusted query.”
|
||||
|
||||
@ -8,7 +8,7 @@ ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: jaimeo
|
||||
ms.author: jaimeo
|
||||
ms.date: 09/26/2018
|
||||
ms.date: 10/10/2018
|
||||
ms.localizationpriority: medium
|
||||
---
|
||||
|
||||
@ -45,7 +45,7 @@ Upgrade Readiness is offered as a *solution* which you link to a new or existing
|
||||
1. Sign in to the [Azure Portal](https://portal.azure.com) with your work or school account or a Microsoft account. If you don't already have an Azure subscription you can create one (including free trial options) through the portal.
|
||||
|
||||
>[!NOTE]
|
||||
> Upgrade Readiness is included at no additional cost with Windows 10 [education and enterprise licensing](https://docs.microsoft.com/en-us/windows/deployment/update/device-health-monitor#device-health-licensing). An Azure subscription is required for managing and using Upgrade Readiness, but no Azure charges are expected to accrue to the subscription as a result of using Upgrade Readiness.
|
||||
> Upgrade Readiness is included at no additional cost with Windows 10 Professional, Education, and Enterprise editions. An Azure subscription is required for managing and using Upgrade Readiness, but no Azure charges are expected to accrue to the subscription as a result of using Upgrade Readiness.
|
||||
|
||||
2. In the Azure portal select **Create a resource**, search for "Upgrade Readiness", and then select **Create** on the **Upgrade Readiness** solution.
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: medium
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/18
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: medium
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/18
|
||||
---
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: medium
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 07/13/18
|
||||
---
|
||||
|
||||
@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype:
|
||||
ms.localizationpriority: medium
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -1,19 +1,19 @@
|
||||
---
|
||||
title: Rip and Replace
|
||||
description: Listing of Autopilot scenarios
|
||||
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: low
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
# Rip and replace
|
||||
|
||||
**Applies to: Windows 10**
|
||||
|
||||
DO NOT PUBLISH. Just a placeholder for now, coming with 1809.
|
||||
---
|
||||
title: Autopilot for existing devices
|
||||
description: Listing of Autopilot scenarios
|
||||
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: low
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 10/11/2018
|
||||
---
|
||||
|
||||
# Autopilot for existing devices
|
||||
|
||||
**Applies to: Windows 10**
|
||||
|
||||
Placeholder. Content coming.
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: medium
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/18
|
||||
---
|
||||
|
||||
|
||||
@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype:
|
||||
ms.localizationpriority: medium
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: medium
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,13 +7,13 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: low
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
ms.date: 06/01/2018
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 10/11/2018
|
||||
---
|
||||
|
||||
# Windows Autopilot user-driven mode for Azure Active Directory
|
||||
|
||||
**Applies to: Windows 10**
|
||||
|
||||
DO NOT PUBLISH. This eventually will contain the AAD-specific instuctions currently in user-driven.md.
|
||||
Placeholder. Content coming.
|
||||
|
||||
@ -7,9 +7,9 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: low
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
ms.date: 06/01/2018
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 10/11/2018
|
||||
---
|
||||
|
||||
|
||||
@ -17,4 +17,4 @@ ms.date: 06/01/2018
|
||||
|
||||
**Applies to: Windows 10**
|
||||
|
||||
DO NOT PUBLISH. This eventually will contain the AD-specific (hybrid) instuctions. This will be in preview at a later point in time.
|
||||
Placeholder. Content coming.
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: medium
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: medium
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 08/22/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: medium
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: high
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: high
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: high
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype:
|
||||
ms.localizationpriority: medium
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype:
|
||||
ms.localizationpriority: medium
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype:
|
||||
ms.localizationpriority: medium
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: medium
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: high
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: coreyp-at-msft
|
||||
ms.author: coreyp
|
||||
author: greg-lindsay
|
||||
ms.author: greglin
|
||||
ms.date: 06/01/2018
|
||||
---
|
||||
|
||||
|
||||
@ -71,10 +71,12 @@ The Windows 10 operating system introduces a new way to build, deploy, and servi
|
||||
These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time.
|
||||
|
||||
- [Read more about Windows as a Service](/windows/deployment/update/waas-overview)
|
||||
- [Read how much space does Windows 10 take](https://www.microsoft.com/en-us/windows/windows-10-specifications)
|
||||
|
||||
## Related topics
|
||||
[Windows 10 TechCenter](https://go.microsoft.com/fwlink/?LinkId=620009)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@ -334,7 +334,7 @@ The following fields are available:
|
||||
|
||||
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
|
||||
|
||||
This event indicates Indicates that the DecisionApplicationFile object is no longer present.
|
||||
This event indicates that the DecisionApplicationFile object is no longer present.
|
||||
|
||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||
|
||||
@ -670,7 +670,7 @@ The following fields are available:
|
||||
|
||||
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
|
||||
|
||||
This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
||||
This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
||||
|
||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||
|
||||
@ -4388,7 +4388,7 @@ The following fields are available:
|
||||
- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
|
||||
- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
|
||||
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
|
||||
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
|
||||
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
|
||||
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
|
||||
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
|
||||
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
|
||||
|
||||
@ -9,7 +9,7 @@ ms.pagetype: security
|
||||
localizationpriority: high
|
||||
author: brianlic-msft
|
||||
ms.author: brianlic
|
||||
ms.date: 09/10/2018
|
||||
ms.date: 10/10/2018
|
||||
---
|
||||
|
||||
|
||||
@ -28,6 +28,7 @@ Use this article to learn about diagnostic events, grouped by event area, and th
|
||||
|
||||
You can learn more about Windows functional and diagnostic data through these articles:
|
||||
|
||||
|
||||
- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md)
|
||||
- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md)
|
||||
- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
|
||||
@ -76,9 +77,9 @@ The following fields are available:
|
||||
- **SystemProcessorNx** The count of the number of this particular object type present on this device.
|
||||
- **SystemProcessorPrefetchW** The count of SystemProcessorPrefetchW objects present on this machine.
|
||||
- **SystemProcessorSse2** The count of SystemProcessorSse2 objects present on this machine.
|
||||
- **SystemTouch** The count of SystemTouch objects present on this machine.
|
||||
- **SystemTouch** The count of the number of this particular object type present on this device.
|
||||
- **SystemWim** The count of SystemWim objects present on this machine.
|
||||
- **SystemWindowsActivationStatus** The count of SystemWindowsActivationStatus objects present on this machine.
|
||||
- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device.
|
||||
- **SystemWlan** The count of the number of this particular object type present on this device.
|
||||
- **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers.
|
||||
- **Wmdrm_RS4** The total Wmdrm objects targeting Windows 10, version 1803 present on this device.
|
||||
@ -358,7 +359,7 @@ The following fields are available:
|
||||
|
||||
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
|
||||
|
||||
This event indicates Indicates that the DecisionApplicationFile object is no longer present.
|
||||
This event indicates that the DecisionApplicationFile object is no longer present.
|
||||
|
||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||
|
||||
@ -705,7 +706,7 @@ The following fields are available:
|
||||
|
||||
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
|
||||
|
||||
This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
||||
This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
||||
|
||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||
|
||||
@ -1544,14 +1545,14 @@ This event provides information on about security settings used to help keep Win
|
||||
The following fields are available:
|
||||
|
||||
- **AvailableSecurityProperties** This field helps to enumerate and report state on the relevant security properties for Device Guard.
|
||||
- **CGRunning** Credential Guard isolates and hardens key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector. This field tells if Credential Guard is running.
|
||||
- **CGRunning** Is Credential Guard running?
|
||||
- **DGState** This field summarizes the Device Guard state.
|
||||
- **HVCIRunning** Is HVCI running?
|
||||
- **IsSawGuest** Indicates whether the device is running as a Secure Admin Workstation Guest.
|
||||
- **IsSawHost** Indicates whether the device is running as a Secure Admin Workstation Host.
|
||||
- **RequiredSecurityProperties** Describes the required security properties to enable virtualization-based security.
|
||||
- **SecureBootCapable** Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting.
|
||||
- **VBSState** Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation. VBS has a tri-state that can be Disabled, Enabled, or Running.
|
||||
- **SecureBootCapable** Is this device capable of running Secure Boot?
|
||||
- **VBSState** Is virtualization-based security enabled, disabled, or running?
|
||||
|
||||
|
||||
### Census.Speech
|
||||
@ -2956,6 +2957,19 @@ The following fields are available:
|
||||
|
||||
## Sediment events
|
||||
|
||||
### Microsoft.Windows.Sediment.Info.DetailedState
|
||||
|
||||
This event is sent when detailed state information is needed from an update trial run.
|
||||
|
||||
The following fields are available:
|
||||
|
||||
- **Data** Data relevant to the state, such as what percent of disk space the directory takes up.
|
||||
- **Id** Identifies the trial being run, such as a disk related trial.
|
||||
- **ReleaseVer** The version of the component.
|
||||
- **State** The state of the reporting data from the trial, such as the top-level directory analysis.
|
||||
- **Time** The time the event was fired.
|
||||
|
||||
|
||||
### Microsoft.Windows.Sediment.OSRSS.UrlState
|
||||
|
||||
This event indicates the state the Operating System Remediation System Service (OSRSS) is in while attempting a download from the URL.
|
||||
@ -3579,14 +3593,14 @@ The following fields are available:
|
||||
- **BIOSVendor** The vendor of the BIOS.
|
||||
- **BiosVersion** The version of the BIOS.
|
||||
- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found.
|
||||
- **BundleRepeatFailFlag** Has this particular update bundle previously failed to install?
|
||||
- **BundleRepeatFailFlag** Indicates whether this particular update bundle previously failed to install.
|
||||
- **BundleRevisionNumber** Identifies the revision number of the content bundle.
|
||||
- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null.
|
||||
- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client.
|
||||
- **ClientVersion** The version number of the software distribution client.
|
||||
- **CSIErrorType** The stage of CBS installation where it failed.
|
||||
- **CurrentMobileOperator** Mobile operator that device is currently connected to.
|
||||
- **DeviceModel** What is the device model.
|
||||
- **CurrentMobileOperator** The mobile operator to which the device is currently connected.
|
||||
- **DeviceModel** The device model.
|
||||
- **DriverPingBack** Contains information about the previous driver and system state.
|
||||
- **EventInstanceID** A globally unique identifier for event instance.
|
||||
- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed.
|
||||
@ -3602,21 +3616,21 @@ The following fields are available:
|
||||
- **HardwareId** If this install was for a driver targeted to a particular device model, this ID indicates the model of the device.
|
||||
- **HomeMobileOperator** The mobile operator that the device was originally intended to work with.
|
||||
- **IntentPFNs** Intended application-set metadata for atomic update scenarios.
|
||||
- **IsDependentSet** Is the driver part of a larger System Hardware/Firmware update?
|
||||
- **IsFinalOutcomeEvent** Does this event signal the end of the update/upgrade process?
|
||||
- **IsFirmware** Is this update a firmware update?
|
||||
- **IsSuccessFailurePostReboot** Did it succeed and then fail after a restart?
|
||||
- **IsDependentSet** Indicates whether the driver is part of a larger System Hardware/Firmware update.
|
||||
- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process.
|
||||
- **IsFirmware** Indicates whether this update is a firmware update.
|
||||
- **IsSuccessFailurePostReboot** Indicates whether the update succeeded and then failed after a restart.
|
||||
- **IsWUfBDualScanEnabled** Is Windows Update for Business dual scan enabled on the device?
|
||||
- **IsWUfBEnabled** Indicates whether Windows Update for Business is enabled on the device.
|
||||
- **MergedUpdate** Was the OS update and a BSP update merged for installation?
|
||||
- **MergedUpdate** Indicates whether the OS update and a BSP update merged for installation.
|
||||
- **MsiAction** The stage of MSI installation where it failed.
|
||||
- **MsiProductCode** The unique identifier of the MSI installer.
|
||||
- **PackageFullName** The package name of the content being installed.
|
||||
- **PhonePreviewEnabled** Indicates whether a phone was getting preview build, prior to flighting being introduced.
|
||||
- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided.
|
||||
- **QualityUpdatePause** Are quality OS updates paused on the device?
|
||||
- **ProcessName** The process name of the caller who initiated API calls, in the event that CallerApplicationName was not provided.
|
||||
- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device.
|
||||
- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one
|
||||
- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to install.
|
||||
- **RepeatFailFlag** Indicates whether this specific piece of content previously failed to install.
|
||||
- **RevisionNumber** The revision number of this specific piece of content.
|
||||
- **ServiceGuid** An ID which represents which service the software distribution client is installing content for (Windows Update, Windows Store, etc.).
|
||||
- **Setup360Phase** If the install is for an operating system upgrade, indicates which phase of the upgrade is underway.
|
||||
@ -3626,8 +3640,8 @@ The following fields are available:
|
||||
- **SystemBIOSMinorRelease** Minor version of the BIOS.
|
||||
- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
|
||||
- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
|
||||
- **TransactionCode** The ID which represents a given MSI installation
|
||||
- **UpdateId** Unique update ID
|
||||
- **TransactionCode** The ID that represents a given MSI installation.
|
||||
- **UpdateId** Unique update ID.
|
||||
- **UpdateID** An identifier associated with the specific piece of content.
|
||||
- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional.
|
||||
- **UsedSystemVolume** Indicates whether the content was downloaded and then installed from the device's main system storage drive, or an alternate storage drive.
|
||||
@ -3995,7 +4009,7 @@ The following fields are available:
|
||||
- **ScenarioId** Indicates the update scenario.
|
||||
- **SessionId** Unique value for each update attempt.
|
||||
- **SetupMode** Mode of setup to be launched.
|
||||
- **UpdateId** Unique ID for each update.
|
||||
- **UpdateId** Unique ID for each Update.
|
||||
- **UserSession** Indicates whether install was invoked by user actions.
|
||||
|
||||
|
||||
@ -4014,7 +4028,7 @@ The following fields are available:
|
||||
- **CV** Correlation vector.
|
||||
- **DetectorVersion** Most recently run detector version for the current campaign.
|
||||
- **GlobalEventCounter** Client side counter that indicates the ordering of events sent by this user.
|
||||
- **key1** Interaction data for the UI
|
||||
- **key1** UI interaction data
|
||||
- **key10** UI interaction data
|
||||
- **key11** UI interaction data
|
||||
- **key12** UI interaction data
|
||||
@ -4025,7 +4039,7 @@ The following fields are available:
|
||||
- **key17** UI interaction data
|
||||
- **key18** UI interaction data
|
||||
- **key19** UI interaction data
|
||||
- **key2** Interaction data for the UI
|
||||
- **key2** UI interaction data
|
||||
- **key20** UI interaction data
|
||||
- **key21** Interaction data for the UI
|
||||
- **key22** UI interaction data
|
||||
@ -4036,13 +4050,13 @@ The following fields are available:
|
||||
- **key27** UI interaction data
|
||||
- **key28** UI interaction data
|
||||
- **key29** UI interaction data
|
||||
- **key3** Interaction data for the UI
|
||||
- **key3** UI interaction data
|
||||
- **key30** UI interaction data
|
||||
- **key4** Interaction data for the UI
|
||||
- **key4** UI interaction data
|
||||
- **key5** UI interaction data
|
||||
- **key6** UI interaction data
|
||||
- **key7** Interaction data for the UI
|
||||
- **key8** Interaction data for the UI
|
||||
- **key7** UI interaction data
|
||||
- **key8** UI interaction data
|
||||
- **key9** UI interaction data
|
||||
- **PackageVersion** Current package version of the update notification.
|
||||
- **schema** UI interaction type.
|
||||
@ -4194,9 +4208,9 @@ The following fields are available:
|
||||
- **Setup360Extended** Detailed information about the phase or action when the potential failure occurred.
|
||||
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
|
||||
- **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors.
|
||||
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT
|
||||
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
|
||||
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
|
||||
- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
|
||||
- **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled
|
||||
- **TestId** A string to uniquely identify a group of events.
|
||||
- **WuId** Windows Update client ID.
|
||||
|
||||
@ -4352,7 +4366,7 @@ The following fields are available:
|
||||
- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
|
||||
- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
|
||||
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
|
||||
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
|
||||
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
|
||||
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
|
||||
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
|
||||
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
|
||||
@ -4388,17 +4402,17 @@ This event provides the results from the WaaSMedic engine
|
||||
The following fields are available:
|
||||
|
||||
- **detectionSummary** Result of each applicable detection that was run.
|
||||
- **featureAssessmentImpact** WaaS Assessment impact for feature updates.
|
||||
- **featureAssessmentImpact** Windows as a Service (WaaS) Assessment impact on feature updates
|
||||
- **hrEngineResult** Indicates the WaaSMedic engine operation error codes
|
||||
- **insufficientSessions** Device not eligible for diagnostics.
|
||||
- **isManaged** Device is managed for updates.
|
||||
- **isWUConnected** Device is connected to Windows Update.
|
||||
- **noMoreActions** No more applicable diagnostics.
|
||||
- **qualityAssessmentImpact** WaaS Assessment impact for quality updates.
|
||||
- **insufficientSessions** True, if the device has enough activity to be eligible for update diagnostics. False, if otherwise
|
||||
- **isManaged** Indicates the device is managed for updates
|
||||
- **isWUConnected** Indicates the device is connected to Windows Update
|
||||
- **noMoreActions** All available WaaSMedic diagnostics have run. There are no pending diagnostics and corresponding actions
|
||||
- **qualityAssessmentImpact** Windows as a Service (WaaS) Assessment impact for quality updates
|
||||
- **remediationSummary** Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn the it back on.
|
||||
- **usingBackupFeatureAssessment** Relying on backup feature assessment.
|
||||
- **usingBackupQualityAssessment** Relying on backup quality assessment.
|
||||
- **versionString** Version of the WaaSMedic engine.
|
||||
- **usingBackupFeatureAssessment** The WaaSMedic engine contacts Windows as a Service (WaaS) Assessment to determine whether the device is up-to-date. If WaaS Assessment isn't available, the engine falls back to backup feature assessments, which are determined programmatically on the client
|
||||
- **usingBackupQualityAssessment** The WaaSMedic engine contacts Windows as a Service (WaaS) Assessment to determine whether the device is up-to-date. If WaaS Assessment isn't available, the engine falls back to backup quality assessments, which are determined programmatically on the client
|
||||
- **versionString** Installed version of the WaaSMedic engine
|
||||
|
||||
|
||||
## Windows Store events
|
||||
@ -4667,9 +4681,9 @@ FulfillmentComplete event is fired at the end of an app install or update. We us
|
||||
The following fields are available:
|
||||
|
||||
- **FailedRetry** Tells us if the retry for an install or update was successful or not.
|
||||
- **HResult** Resulting HResult error/success code of this call
|
||||
- **PFN** Package Family Name of the app that being installed or updated
|
||||
- **ProductId** Product Id of the app that is being updated or installed
|
||||
- **HResult** The HResult code of the operation.
|
||||
- **PFN** The Package Family Name of the app that is being installed or updated.
|
||||
- **ProductId** The product ID of the app that is being updated or installed.
|
||||
|
||||
|
||||
### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate
|
||||
@ -5028,14 +5042,14 @@ This event collects information regarding the install phase of the new device ma
|
||||
|
||||
The following fields are available:
|
||||
|
||||
- **errorCode** The error code returned for the current install phase
|
||||
- **flightId** The unique identifier for each flight
|
||||
- **objectId** Unique value for each Update Agent mode
|
||||
- **relatedCV** Correlation vector value generated from the latest scan
|
||||
- **result** Result of the install phase of update. 0 = Succeeded 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled
|
||||
- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
|
||||
- **sessionId** Unique value for each Update Agent mode attempt
|
||||
- **updateId** Unique ID for each update
|
||||
- **errorCode** The error code returned for the current install phase.
|
||||
- **flightId** Unique ID for each flight.
|
||||
- **objectId** Unique value for each diagnostics session.
|
||||
- **relatedCV** Correlation vector value generated from the latest USO scan.
|
||||
- **result** Outcome of the install phase of the update.
|
||||
- **scenarioId** Indicates the update scenario.
|
||||
- **sessionId** Unique value for each update session.
|
||||
- **updateId** Unique ID for each Update.
|
||||
|
||||
|
||||
### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentModeStart
|
||||
@ -5108,7 +5122,7 @@ The following fields are available:
|
||||
- **interactive** Indicates whether the session was user initiated.
|
||||
- **revisionNumber** Update revision number.
|
||||
- **updateId** Update ID.
|
||||
- **updateScenarioType** Device ID
|
||||
- **updateScenarioType** Update Session type
|
||||
- **wuDeviceid** Device ID
|
||||
|
||||
|
||||
|
||||
@ -369,7 +369,7 @@ The following fields are available:
|
||||
|
||||
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
|
||||
|
||||
This event indicates Indicates that the DecisionApplicationFile object is no longer present.
|
||||
This event indicates that the DecisionApplicationFile object is no longer present.
|
||||
|
||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||
|
||||
@ -701,7 +701,7 @@ The following fields are available:
|
||||
|
||||
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
|
||||
|
||||
This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
||||
This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
||||
|
||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||
|
||||
@ -4538,7 +4538,7 @@ The following fields are available:
|
||||
- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim.
|
||||
- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred.
|
||||
- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback.
|
||||
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors.
|
||||
- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors.
|
||||
- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT.
|
||||
- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS).
|
||||
- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled.
|
||||
|
||||
@ -666,7 +666,7 @@ The following fields are available:
|
||||
|
||||
### Microsoft.Windows.Appraiser.General.DecisionApplicationFileRemove
|
||||
|
||||
This event indicates Indicates that the DecisionApplicationFile object is no longer present.
|
||||
This event indicates that the DecisionApplicationFile object is no longer present.
|
||||
|
||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||
|
||||
@ -1013,7 +1013,7 @@ The following fields are available:
|
||||
|
||||
### Microsoft.Windows.Appraiser.General.InventoryApplicationFileStartSync
|
||||
|
||||
This event indicates indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
||||
This event indicates that a new set of InventoryApplicationFileAdd events will be sent.
|
||||
|
||||
This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange).
|
||||
|
||||
|
||||
@ -123,7 +123,7 @@ This setting determines whether a device shows notifications about Windows diagn
|
||||
|
||||
### Configure telemetry opt-in setting user interface
|
||||
|
||||
This setting determines whether people can change their own Windows diagnostic data level in in *Start > Settings > Privacy > Diagnostics & feedback*.
|
||||
This setting determines whether people can change their own Windows diagnostic data level in *Start > Settings > Privacy > Diagnostics & feedback*.
|
||||
|
||||
#### Group Policy
|
||||
|
||||
|
||||
@ -131,7 +131,7 @@ In the Windows 10, version 1703, the PIN complexity Group Policy settings have m
|
||||
## Review
|
||||
|
||||
Before you continue with the deployment, validate your deployment progress by reviewing the following items:
|
||||
* Confirm you authored Group Policy settings using the latest ADMX/ADML files (from the Widows 10 Creators Editions)
|
||||
* Confirm you authored Group Policy settings using the latest ADMX/ADML files (from the Windows 10 Creators Editions)
|
||||
* Confirm you configured the Enable Windows Hello for Business to the scope that matches your deployment (Computer vs. User)
|
||||
* Confirm you configure the Use Certificate enrollment for on-premises authentication policy setting.
|
||||
* Confirm you configure automatic certificate enrollment to the scope that matches your deployment (Computer vs. User)
|
||||
|
||||
@ -104,7 +104,7 @@ In the Windows 10, version 1703, the PIN complexity Group Policy settings have m
|
||||
## Review
|
||||
|
||||
Before you continue with the deployment, validate your deployment progress by reviewing the following items:
|
||||
* Confirm you authored Group Policy settings using the latest ADMX/ADML files (from the Widows 10 Creators Editions)
|
||||
* Confirm you authored Group Policy settings using the latest ADMX/ADML files (from the Windows 10 Creators Editions)
|
||||
* Confirm you configured the Enable Windows Hello for Business to the scope that matches your deployment (Computer vs. User)
|
||||
* Confirm you configure the Use Certificate enrollment for on-premises authentication policy setting.
|
||||
* Confirm you configure automatic certificate enrollment to the scope that matches your deployment (Computer vs. User)
|
||||
|
||||
@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: brianlic-msft
|
||||
ms.date: 09/17/2018
|
||||
ms.date: 10/10/2018
|
||||
---
|
||||
|
||||
# Information protection
|
||||
@ -16,7 +16,7 @@ Learn more about how to secure documents and other data across your organization
|
||||
| Section | Description |
|
||||
|-|-|
|
||||
| [BitLocker](bitlocker/bitlocker-overview.md)| Provides information about BitLocker, which is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. |
|
||||
| [Encrypted Hard Drive](bitlocker/bitlocker-overview.md)| Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. |
|
||||
| [Encrypted Hard Drive](encrypted-hard-drive.md)| Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. |
|
||||
| [Kernel DMA Protection for Thunderbolt™ 3](kernel-dma-protection-for-thunderbolt.md)| Kernel DMA Protection protects PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to Thunderbolt™ 3 ports. |
|
||||
| [Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection/protect-enterprise-data-using-wip.md)|Provides info about how to create a Windows Information Protection policy that can help protect against potential corporate data leakage.|
|
||||
| [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)| Windows 10 supports features to help prevent rootkits and bootkits from loading during the startup process. |
|
||||
|
||||
@ -75,7 +75,7 @@ The adoption of new authentication technology requires that identity providers a
|
||||
|
||||
Identity providers have flexibility in how they provision credentials on client devices. For example, an organization might provision only those devices that have a TPM so that the organization knows that a TPM protects the credentials. The ability to distinguish a TPM from malware acting like a TPM requires the following TPM capabilities (see Figure 1):
|
||||
|
||||
• **Endorsement key**. The TPM manufacturer can create a special key in the TPM called an *endorsement key*. An endorsement key certificate, signed by the manufacturer, says that the endorsement key is present in a TPM that that manufacturer made. Solutions can use the certificate with the TPM containing the endorsement key to confirm a scenario really involves a TPM from a specific TPM manufacturer (instead of malware acting like a TPM.
|
||||
• **Endorsement key**. The TPM manufacturer can create a special key in the TPM called an *endorsement key*. An endorsement key certificate, signed by the manufacturer, says that the endorsement key is present in a TPM that the manufacturer made. Solutions can use the certificate with the TPM containing the endorsement key to confirm a scenario really involves a TPM from a specific TPM manufacturer (instead of malware acting like a TPM.
|
||||
|
||||
• **Attestation identity key**. To protect privacy, most TPM scenarios do not directly use an actual endorsement key. Instead, they use attestation identity keys, and an identity certificate authority (CA) uses the endorsement key and its certificate to prove that one or more attestation identity keys actually exist in a real TPM. The identity CA issues attestation identity key certificates. More than one identity CA will generally see the same endorsement key certificate that can uniquely identify the TPM, but any number of attestation identity key certificates can be created to limit the information shared in other scenarios.
|
||||
|
||||
|
||||
@ -9,7 +9,7 @@ ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: justinha
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 10/05/2018
|
||||
ms.date: 10/11/2018
|
||||
---
|
||||
|
||||
# List of enlightened Microsoft apps for use with Windows Information Protection (WIP)
|
||||
@ -32,7 +32,7 @@ Apps can be enlightened or unenlightened:
|
||||
|
||||
- Windows **Save As** experiences only allow you to save your files as enterprise.
|
||||
|
||||
- **WIP-work only apps** are unenlightened line-of-business apps that have been tested and deemed safe for use in an enterprise with WIP and Mobile App Management (MAM) solutions.
|
||||
- **WIP-work only apps** are unenlightened line-of-business apps that have been tested and deemed safe for use in an enterprise with WIP and Mobile App Management (MAM) solutions without device enrollment. Unenlightened apps that are targeted by WIP without enrollment run under personal mode.
|
||||
|
||||
## List of enlightened Microsoft apps
|
||||
Microsoft has made a concerted effort to enlighten several of our more popular apps, including the following:
|
||||
|
||||
@ -8,7 +8,7 @@ ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: justinha
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 10/04/2018
|
||||
ms.date: 10/10/2018
|
||||
---
|
||||
|
||||
# How Windows Information Protection protects files with a sensitivity label
|
||||
@ -29,7 +29,7 @@ Microsoft information protection technologies include:
|
||||
|
||||
- [Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) is built in to Windows 10 and protects data at rest on endpoint devices, and manages apps to protect data in use.
|
||||
|
||||
- [Office 365 Information Protection](https://docs.microsoft.com/office365/securitycompliance/office-365-info-protection-for-gdpr-overview) is a solution to classify, protect, and monitor personal data in Office 365 and other Software-as-a-Service (SaaS) apps.
|
||||
- [Office 365 Information Protection](https://docs.microsoft.com/office365/securitycompliance/office-365-info-protection-for-gdpr-overview) is a solution to classify, protect, and monitor personal data in Office 365 and other first-party or third-party Software-as-a-Service (SaaS) apps.
|
||||
|
||||
- [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/what-is-information-protection) is a cloud-based solution that can be purchased either standalone or as part of Microsoft 365 Enterprise. It helps an organization classify and protect its documents and emails by applying labels. End users can choose and apply sensitivity labels from a bar that appears below the ribbon in Office apps:
|
||||
|
||||
@ -50,7 +50,7 @@ For more information about labels, see [Overview of labels](https://docs.microso
|
||||
|
||||
## Use cases
|
||||
|
||||
This sections covers how WIP works with sensitivity labels in specific use cases.
|
||||
This section covers how WIP works with sensitivity labels in specific use cases.
|
||||
|
||||
### User downloads from or creates a document on a work site
|
||||
|
||||
@ -60,7 +60,7 @@ If the document also has a sensitivity label, which can be Office or PDF files,
|
||||
|
||||
### User downloads a confidential Office or PDF document from a personal site
|
||||
|
||||
Windows Defender ATP scans for any file that gets modified or created, including files that were created on a personal site.
|
||||
Windows Defender Advanced Threat Protection (Windows Defender ATP) scans for any file that gets modified or created, including files that were created on a personal site.
|
||||
If the file has a sensitivity label, the corresponding WIP protection gets applied even though the file came from a personal site.
|
||||
For example:
|
||||
|
||||
@ -74,7 +74,7 @@ The PDF file doesn't need any work context beyond the sensitivity label.
|
||||
## Prerequisites
|
||||
|
||||
- Windows 10, version 1809
|
||||
- [Windows Defender Advanced Threat Protection (WDATP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) scans content for a label and applies corresponding WIP protection
|
||||
- [Windows Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) scans content for a label and applies corresponding WIP protection
|
||||
- [Sensitivity labels](https://docs.microsoft.com/office365/securitycompliance/labels) need to be configured in the Office 365 Security & Compliance Center
|
||||
- [WIP policy](create-wip-policy-using-intune-azure.md) needs to be applied to endpoint devices.
|
||||
|
||||
|
||||
@ -8,7 +8,8 @@ ms.prod: w10
|
||||
ms.mktglfcycl:
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: coreyp-at-msft
|
||||
author: justinha
|
||||
ms.author: justinha
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 08/08/2018
|
||||
---
|
||||
|
||||
@ -17,10 +17,6 @@
|
||||
#### [Endpoint detection and response](windows-defender-atp/overview-endpoint-detection-response.md)
|
||||
##### [Security operations dashboard](windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
##### [Incidents queue](windows-defender-atp/incidents-queue.md)
|
||||
###### [View and organize the Incidents queue](windows-defender-atp/view-incidents-queue.md)
|
||||
###### [Manage incidents](windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md)
|
||||
###### [Investigate incidents](windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
|
||||
|
||||
@ -96,11 +92,11 @@
|
||||
####### [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
|
||||
####### [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
|
||||
####### [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
|
||||
#######Domain
|
||||
######## [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
|
||||
######## [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
|
||||
######Domain
|
||||
####### [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
####### [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
####### [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
|
||||
####### [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
######File
|
||||
####### [Block file API](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md)
|
||||
@ -136,6 +132,10 @@
|
||||
####### [Restrict app execution API](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md)
|
||||
####### [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md)
|
||||
####### [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md)
|
||||
######Machines Security States
|
||||
####### [Get MachineSecurityStates collection](windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md)
|
||||
######Machine Groups
|
||||
####### [Get MachineGroups collection](windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
######User
|
||||
####### [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
|
||||
@ -143,6 +143,10 @@
|
||||
####### [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
####### [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
######Windows updates (KB) info
|
||||
####### [Get KbInfo collection](windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md)
|
||||
######Common Vulnerabilities and Exposures (CVE) to KB map
|
||||
####### [Get CVE-KB map](windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
##### [Managed security service provider support](windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
|
||||
@ -21,6 +21,8 @@ Safety Scanner only scans when manually triggered and is available for use 10 da
|
||||
|
||||
> **NOTE:** This tool does not replace your antimalware product. For real-time protection with automatic updates, use [Windows Defender Antivirus on Windows 10 and Windows 8](https://www.microsoft.com/en-us/windows/windows-defender) or [Microsoft Security Essentials on Windows 7](https://support.microsoft.com/en-us/help/14210/security-essentials-download). These antimalware products also provide powerful malware removal capabilities. If you are having difficulties removing malware with these products, you can refer to our help on [removing difficult threats](https://www.microsoft.com/en-us/wdsi/help/troubleshooting-infection).
|
||||
|
||||
> **NOTE:** Safety scanner is a portable executable and does not appear in the Windows Start menu or as an icon on the desktop. Note where you saved this download.
|
||||
|
||||
## System requirements
|
||||
Safety Scanner helps remove malicious software from computers running Windows 10, Windows 10 Tech Preview, Windows 8.1, Windows 8, Windows 7, Windows Server 2016, Windows Server Tech Preview, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008. Please refer to the [Microsoft Lifecycle Policy](https://support.microsoft.com/en-us/lifecycle).
|
||||
|
||||
|
||||
@ -40,7 +40,7 @@ It is also important to keep the following in mind:
|
||||
|
||||
* Use [Microsoft Edge](https://www.microsoft.com/windows/microsoft-edge) when browsing the internet. It blocks known support scam sites using Windows Defender SmartScreen (which is also used by Internet Explorer). Furthermore, Microsoft Edge can stop pop-up dialogue loops used by these sites.
|
||||
|
||||
* Enable Enable [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It detects and removes known support scam malware.
|
||||
* Enable [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It detects and removes known support scam malware.
|
||||
|
||||
## What to do if information has been given to a tech support person
|
||||
|
||||
@ -60,4 +60,4 @@ Help Microsoft stop scammers, whether they claim to be from Microsoft or from an
|
||||
|
||||
**www.microsoft.com/reportascam**
|
||||
|
||||
You can also report any **unsafe website** that you suspect is a phishing website or contains malicious content directly to Microsoft by filling out a [Report an unsafe site form](https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site) or using built in web browser functionality.
|
||||
You can also report any **unsafe website** that you suspect is a phishing website or contains malicious content directly to Microsoft by filling out a [Report an unsafe site form](https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site) or using built in web browser functionality.
|
||||
|
||||
@ -8,7 +8,7 @@ ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: brianlic-msft
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 10/11/2018
|
||||
---
|
||||
|
||||
# Account Lockout Policy
|
||||
@ -22,6 +22,9 @@ Someone who attempts to use more than a few unsuccessful passwords while trying
|
||||
|
||||
The following topics provide a discussion of each policy setting's implementation and best practices considerations, policy location, default values for the server type or Group Policy Object (GPO), relevant differences in operating system versions, and security considerations (including the possible vulnerabilities of each policy setting), countermeasures that you can implement, and the potential impact of implementing the countermeasures.
|
||||
|
||||
>[!NOTE]
|
||||
>Account lockout settings for remote access clients can be configured separately by editing the Registry on the server that manages the remote access. For more information, see [How to configure remote access client account lockout](https://support.microsoft.com/help/816118/how-to-configure-remote-access-client-account-lockout-in-windows-serve).
|
||||
|
||||
## In this section
|
||||
|
||||
| Topic | Description |
|
||||
|
||||
@ -84,11 +84,11 @@ A user who is assigned this user right could increase the scheduling priority of
|
||||
|
||||
### Countermeasure
|
||||
|
||||
Verify that only Administrators and and Window Manager/Window Manager Group have the **Increase scheduling priority** user right assigned to them.
|
||||
Verify that only Administrators and Window Manager/Window Manager Group have the **Increase scheduling priority** user right assigned to them.
|
||||
|
||||
### Potential impact
|
||||
|
||||
None. Restricting the **Increase scheduling priority** user right to members of the Administrators group and and Window Manager/Window Manager Group is the default configuration.
|
||||
None. Restricting the **Increase scheduling priority** user right to members of the Administrators group and Window Manager/Window Manager Group is the default configuration.
|
||||
|
||||
## Related topics
|
||||
|
||||
|
||||
@ -11,7 +11,7 @@ ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: andreabichsel
|
||||
ms.author: v-anbic
|
||||
ms.date: 09/03/2018
|
||||
ms.date: 10/08/2018
|
||||
---
|
||||
|
||||
# Configure and validate Windows Defender Antivirus network connections
|
||||
@ -60,8 +60,9 @@ The following table lists the services and their associated URLs that your netwo
|
||||
Used by Windows Defender Antivirus to provide cloud-delivered protection
|
||||
</td>
|
||||
<td>
|
||||
*.wdcp.microsoft.com*<br />
|
||||
*.wdcpalt.microsoft.com*
|
||||
*.wdcp.microsoft.com<br />
|
||||
*.wdcpalt.microsoft.com<br />
|
||||
*.wd.microsoft.com
|
||||
</td>
|
||||
</tr>
|
||||
<tr style="vertical-align:top">
|
||||
|
||||
@ -16,10 +16,6 @@
|
||||
#### [Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
|
||||
#### [Incidents queue](incidents-queue.md)
|
||||
##### [View and organize the Incidents queue](view-incidents-queue.md)
|
||||
##### [Manage incidents](manage-incidents-windows-defender-advanced-threat-protection.md)
|
||||
##### [Investigate incidents](investigate-incidents-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
|
||||
|
||||
@ -96,11 +92,12 @@
|
||||
###### [Get alert related file information](get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get alert related IP information](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get alert related machine information](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
|
||||
######Domain
|
||||
####### [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
####### [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
####### [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md)
|
||||
####### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
#####Domain
|
||||
###### [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md)
|
||||
###### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
#####File
|
||||
###### [Block file API](block-file-windows-defender-advanced-threat-protection.md)
|
||||
@ -136,12 +133,19 @@
|
||||
###### [Restrict app execution API](restrict-code-execution-windows-defender-advanced-threat-protection.md)
|
||||
###### [Run antivirus scan API](run-av-scan-windows-defender-advanced-threat-protection.md)
|
||||
###### [Stop and quarantine file API](stop-quarantine-file-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
#####Machines Security States
|
||||
###### [Get MachineSecurityStates collection](get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md)
|
||||
#####Machine Groups
|
||||
###### [Get MachineGroups collection](get-machinegroups-collection-windows-defender-advanced-threat-protection.md)
|
||||
#####User
|
||||
###### [Get alert related user information](get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get user information](get-user-information-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
#####Windows updates (KB) info
|
||||
###### [Get KbInfo collection](get-kbinfo-collection-windows-defender-advanced-threat-protection.md)
|
||||
#####Common Vulnerabilities and Exposures (CVE) to KB map
|
||||
###### [Get CVE-KB map](get-cvekbmap-collection-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
|
||||
#### [Managed security service provider support](mssp-support-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -10,14 +10,12 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 07/16/2018
|
||||
ms.date: 10/08/2018
|
||||
---
|
||||
|
||||
# Configure alert notifications in Windows Defender ATP
|
||||
|
||||
**Applies to:**
|
||||
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
|
||||
@ -20,7 +20,7 @@ ms.date: 09/03/2018
|
||||
|
||||
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-mssp-support-abovefoldlink)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
You'll need to take the following configuration steps to enable the managed security service provider (MSSP) integration.
|
||||
|
||||
@ -58,7 +58,7 @@ This action is taken by the MSSP. It allows MSSPs to fetch alerts using APIs.
|
||||
|
||||
>[!NOTE]
|
||||
> These set of steps are directed towards the MSSP customer. <br>
|
||||
> Access to the portal can can only be done by the MSSP customer.
|
||||
> Access to the portal can only be done by the MSSP customer.
|
||||
|
||||
As a MSSP customer, you'll need to take the following configuration steps to grant the MSSP access to Windows Defender Security Center.
|
||||
|
||||
@ -269,7 +269,7 @@ You'll need to have **Manage portal system settings** permission to whitelist th
|
||||
|
||||
You can now download the relevant configuration file for your SIEM and connect to the Windows Defender ATP API. For more information see, [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md).
|
||||
|
||||
- In the ArcSight configuration file / Splunk Authentication Properties file – you will have to write your application key manually by settings the secret value.
|
||||
- In the ArcSight configuration file / Splunk Authentication Properties file you will have to write your application key manually by settings the secret value.
|
||||
- Instead of acquiring a refresh token in the portal, use the script from the previous step to acquire a refresh token (or acquire it by other means).
|
||||
|
||||
## Fetch alerts from MSSP customer's tenant using APIs
|
||||
|
||||
@ -9,7 +9,7 @@ ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 09/06/2018
|
||||
ms.date: 10/09/2018
|
||||
---
|
||||
|
||||
# Onboard servers to the Windows Defender ATP service
|
||||
@ -133,6 +133,9 @@ To onboard Windows Server, version 1803 or Windows Server 2019, use the same met
|
||||
## Integration with Azure Security Center
|
||||
Windows Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Windows Defender ATP to provide improved threat detection for Windows Servers.
|
||||
|
||||
>[!NOTE]
|
||||
>You'll need to have the appropriate license to enable this feature.
|
||||
|
||||
The following capabilities are included in this integration:
|
||||
- Automated onboarding - Windows Defender ATP sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/en-us/azure/security-center/security-center-onboarding).
|
||||
|
||||
|
||||
@ -10,14 +10,12 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 04/24/2018
|
||||
ms.date: 10/08/2018
|
||||
---
|
||||
|
||||
# Enable SIEM integration in Windows Defender ATP
|
||||
|
||||
**Applies to:**
|
||||
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
@ -54,7 +52,8 @@ Enable security information and event management (SIEM) integration so you can p
|
||||
|
||||
You can now proceed with configuring your SIEM solution or connecting to the alerts REST API through programmatic access. You'll need to use the tokens when configuring your SIEM solution to allow it to receive alerts from Windows Defender Security Center.
|
||||
|
||||
|
||||
## Integrate Windows Defender ATP with IBM QRadar
|
||||
You can configure IBM QRadar to collect alerts from Windows Defender ATP. For more information, see [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/c_dsm_guide_MS_Win_Defender_ATP_overview.html?cp=SS42VS_7.3.1).
|
||||
|
||||
## Related topics
|
||||
- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -0,0 +1,77 @@
|
||||
---
|
||||
title: Get CVE-KB map API
|
||||
description: Retrieves a map of CVE's to KB's.
|
||||
keywords: apis, graph api, supported apis, get, cve, kb
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: leonidzh
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 10/07/2018
|
||||
---
|
||||
|
||||
# Get CVE-KB map API
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
Retrieves a map of CVE's to KB's and CVE details.
|
||||
|
||||
## Permissions
|
||||
User needs read permissions.
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /testwdatppreview/cvekbmap
|
||||
```
|
||||
|
||||
## Request headers
|
||||
|
||||
Header | Value
|
||||
:---|:---
|
||||
Authorization | Bearer {token}. **Required**.
|
||||
Content type | application/json
|
||||
|
||||
## Request body
|
||||
Empty
|
||||
|
||||
## Response
|
||||
If successful and map exists - 200 OK.
|
||||
|
||||
## Example
|
||||
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
```
|
||||
GET https://graph.microsoft.com/testwdatppreview/CveKbMap
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
```
|
||||
HTTP/1.1 200 OK
|
||||
Content-type: application/json
|
||||
{
|
||||
"@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#CveKbMap",
|
||||
"@odata.count": 4168,
|
||||
"value": [
|
||||
{
|
||||
"cveKbId": "CVE-2015-2482-3097617",
|
||||
"cveId": "CVE-2015-2482",
|
||||
"kbId":"3097617",
|
||||
"title": "Cumulative Security Update for Internet Explorer",
|
||||
"severity": "Critical"
|
||||
},
|
||||
…
|
||||
}
|
||||
|
||||
```
|
||||
@ -0,0 +1,76 @@
|
||||
---
|
||||
title: Get KB collection API
|
||||
description: Retrieves a collection of KB's.
|
||||
keywords: apis, graph api, supported apis, get, kb
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: leonidzh
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 10/07/2018
|
||||
---
|
||||
|
||||
# Get KB collection API
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
Retrieves a collection of KB's and KB details.
|
||||
|
||||
## Permissions
|
||||
User needs read permissions.
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /testwdatppreview/kbinfo
|
||||
```
|
||||
|
||||
## Request headers
|
||||
|
||||
Header | Value
|
||||
:---|:---
|
||||
Authorization | Bearer {token}. **Required**.
|
||||
Content type | application/json
|
||||
|
||||
## Request body
|
||||
Empty
|
||||
|
||||
## Response
|
||||
If successful - 200 OK.
|
||||
|
||||
## Example
|
||||
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
```
|
||||
GET https://graph.microsoft.com/testwdatppreview/KbInfo
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
```
|
||||
HTTP/1.1 200 OK
|
||||
Content-type: application/json
|
||||
{
|
||||
"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#KbInfo",
|
||||
"@odata.count": 271,
|
||||
"value":[
|
||||
{
|
||||
"id": "KB3097617 (10240.16549) Amd64",
|
||||
"release": "KB3097617 (10240.16549)",
|
||||
"publishingDate": "2015-10-16T21:00:00Z",
|
||||
"version": "10.0.10240.16549",
|
||||
"architecture": "Amd64"
|
||||
},
|
||||
…
|
||||
}
|
||||
```
|
||||
@ -0,0 +1,76 @@
|
||||
---
|
||||
title: Get RBAC machine groups collection API
|
||||
description: Retrieves a collection of RBAC machine groups.
|
||||
keywords: apis, graph api, supported apis, get, RBAC, group
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: leonidzh
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 10/07/2018
|
||||
---
|
||||
|
||||
# Get KB collection API
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
Retrieves a collection of RBAC machine groups.
|
||||
|
||||
## Permissions
|
||||
User needs read permissions.
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /testwdatppreview/machinegroups
|
||||
```
|
||||
|
||||
## Request headers
|
||||
|
||||
Header | Value
|
||||
:---|:---
|
||||
Authorization | Bearer {token}. **Required**.
|
||||
Content type | application/json
|
||||
|
||||
## Request body
|
||||
Empty
|
||||
|
||||
## Response
|
||||
If successful - 200 OK.
|
||||
|
||||
## Example
|
||||
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
```
|
||||
GET https://graph.microsoft.com/testwdatppreview/machinegroups
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
Field id contains machine group **id** and equal to field **rbacGroupId** in machines info.
|
||||
Field **ungrouped** is true only for one group for all machines that have not been assigned to any group. This group as usual has name "UnassignedGroup".
|
||||
|
||||
```
|
||||
HTTP/1.1 200 OK
|
||||
Content-type: application/json
|
||||
{
|
||||
"@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineGroups",
|
||||
"@odata.count":7,
|
||||
"value":[
|
||||
{
|
||||
"id":86,
|
||||
"name":"UnassignedGroup",
|
||||
"description":"",
|
||||
"ungrouped":true},
|
||||
…
|
||||
}
|
||||
```
|
||||
@ -0,0 +1,83 @@
|
||||
---
|
||||
title: Get machines security states collection API
|
||||
description: Retrieves a collection of machines security states.
|
||||
keywords: apis, graph api, supported apis, get, machine, security, state
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: leonidzh
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 10/07/2018
|
||||
---
|
||||
|
||||
# Get Machines security states collection API
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
Retrieves a collection of machines security states.
|
||||
|
||||
## Permissions
|
||||
User needs read permissions.
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /testwdatppreview/machinesecuritystates
|
||||
```
|
||||
|
||||
## Request headers
|
||||
|
||||
Header | Value
|
||||
:---|:---
|
||||
Authorization | Bearer {token}. **Required**.
|
||||
Content type | application/json
|
||||
|
||||
## Request body
|
||||
Empty
|
||||
|
||||
## Response
|
||||
If successful - 200 OK.
|
||||
|
||||
## Example
|
||||
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
```
|
||||
GET https://graph.microsoft.com/testwdatppreview/machinesecuritystates
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
Field *id* contains machine id and equal to the field *id** in machines info.
|
||||
|
||||
```
|
||||
HTTP/1.1 200 OK
|
||||
Content-type: application/json
|
||||
{
|
||||
"@odata.context":"https://graph.microsoft.com/testwdatppreview/$metadata#MachineSecurityStates",
|
||||
"@odata.count":444,
|
||||
"@odata.nextLink":"https://graph.microsoft.com/testwdatppreview/machinesecuritystates?$skiptoken=[continuation token]",
|
||||
"value":[
|
||||
{
|
||||
"id":"000050e1b4afeee3742489ede9ad7a3e16bbd9c4",
|
||||
"build":14393,
|
||||
"revision":2485,
|
||||
"architecture":"Amd64",
|
||||
"osVersion":"10.0.14393.2485.amd64fre.rs1_release.180827-1809",
|
||||
"propertiesRequireAttention":[
|
||||
"AntivirusNotReporting",
|
||||
"EdrImpairedCommunications"
|
||||
]
|
||||
},
|
||||
…
|
||||
]
|
||||
}
|
||||
```
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 97 KiB After Width: | Height: | Size: 189 KiB |
@ -1,35 +0,0 @@
|
||||
---
|
||||
title: Incidents queue in Windows Defender ATP
|
||||
description:
|
||||
keywords: incidents, aggregate, investigations, queue, ttp
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 10/08/2018
|
||||
---
|
||||
|
||||
# Incidents queue in Windows Defender ATP
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
When a cybersecurity threat is emerging, or a potential attacker is deploying its tactics, techniques/tools, and procedures (TTPs) on the network, Windows Defender ATP will quickly trigger alerts and launch matching automatic investigations.
|
||||
|
||||
Windows Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network.
|
||||
|
||||
|
||||
## In this section
|
||||
|
||||
Topic | Description
|
||||
:---|:---
|
||||
[View and organize the Incidents queue](view-incidents-queue.md)| See the list of incidents and learn how to apply filters to limit the list and get a more focused view.
|
||||
[Manage incidents](manage-incidents-windows-defender-advanced-threat-protection.md) | Learn how to manage incidents by assigning it, updating its status, or setting its classification and other actions.
|
||||
[Investigate incidents](investigate-incidents-windows-defender-advanced-threat-protection.md)| See associated alerts, manage the incident, see alert metadata, and visualizations to help you investigate an incident.
|
||||
|
||||
|
||||
@ -1,78 +0,0 @@
|
||||
---
|
||||
title: Investigate incidents in Windows Defender ATP
|
||||
description: See associated alerts, manage the incident, and see alert metadata to help you investigate an incident
|
||||
keywords: investigate, incident, alerts, metadata, risk, detection source, affected machines, patterns, correlation
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 10/08/2018
|
||||
---
|
||||
|
||||
# Investigate incidents in Windows Defender ATP
|
||||
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
Investigate incidents that affect your network, understand what they mean, and collate evidence to resolve them.
|
||||
|
||||
## Analyze incident details
|
||||
Click an incident to see the **Incident pane**. Select **Open incident page** to see the incident details and related information (alerts, machines, investigations, evidence, graph).
|
||||
|
||||
|
||||
|
||||
### Alerts
|
||||
You can investigate the alerts and see how they were linked together in an incident.
|
||||
Alerts are grouped into incidents based on the following reasons:
|
||||
- Automated investigation - The automated investigation triggered the linked alert while investigating the original alert
|
||||
- File characteristics - The files associated with the alert have similar characteristics
|
||||
- Manual association - A user manually linked the alerts
|
||||
- Proximate time - The alerts were triggered on the same machine within a certain timeframe
|
||||
- Same file - The files associated with the alert are exactly the same
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
You can also manage an alert and see alert metadata along with other information. For more information, see [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md).
|
||||
|
||||
### Machines
|
||||
You can also investigate the machines that are part of, or related to, a given incident. For more information, see [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md).
|
||||
|
||||
|
||||
|
||||
### Investigations
|
||||
Select **Investigations** to see all the automatic investigations launched by the system in response to the incident alerts.
|
||||
|
||||
|
||||
|
||||
## Going through the evidence
|
||||
Windows Defender Advanced Threat Protection automatically investigates all the incidents' supported events and suspicious entities in the alerts, providing you with auto-response and information about the important files, processes, services, and more. This helps quickly detect and block potential threats in the incident.
|
||||
Each of the analyzed entities will be marked as infected, remediated, or suspicious.
|
||||
|
||||
|
||||
|
||||
## Visualizing associated cybersecurity threats
|
||||
Windows Defender Advanced Threat Protection aggregates the threat information into an incident so you can see the patterns and correlations coming in from various data points. You can view such correlation through the incident graph.
|
||||
|
||||
### Incident graph
|
||||
The **Graph** tells the story of the cybersecurity attack. For example, it shows you what was the entry point, which indicator of compromise or activity was observed on which machine. etc.
|
||||
|
||||
|
||||
|
||||
You can click the circles on the incident graph to view the details of the malicious files, associated file detections, how many instances has there been worldwide, whether it’s been observed in your organization, if so, how many instances.
|
||||
|
||||
|
||||
|
||||
## Related topics
|
||||
- [Incidents queue](incidents-queue.md)
|
||||
- [View and organize the Incidents queue](view-incidents-queue.md)
|
||||
- [Manage incidents](manage-incidents-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
|
||||
@ -88,4 +88,5 @@ Machines that are not matched to any groups are added to Ungrouped machines (def
|
||||
|
||||
|
||||
## Related topic
|
||||
- [Manage portal access using role-based based access control](rbac-windows-defender-advanced-threat-protection.md)
|
||||
- [Manage portal access using role-based based access control](rbac-windows-defender-advanced-threat-protection.md)
|
||||
- [Get list of tenant machine groups using Graph API](get-machinegroups-collection-windows-defender-advanced-threat-protection.md)
|
||||
@ -1,61 +0,0 @@
|
||||
---
|
||||
title: Manage Windows Defender ATP incidents
|
||||
description: Manage incidents by assigning it, updating its status, or setting its classification.
|
||||
keywords: incidents, manage, assign, status, classification, true alert, false alert
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 010/08/2018
|
||||
---
|
||||
|
||||
# Manage Windows Defender ATP incidents
|
||||
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
|
||||
Managing incidents is an important part of every cybersecurity operation. You can manage incidents by selecting an incident from the **Incidents queue** or the **Incidents management pane**. You can assign incidents to yourself, change the status, classify, rename, or comment on them to keep track of their progress.
|
||||
|
||||
|
||||
|
||||
Selecting an incident from the **Incidents queue** brings up the **Incident management pane** where you can open the incident page for details.
|
||||
|
||||
|
||||
|
||||
|
||||
## Assign incidents
|
||||
If an incident has not been assigned yet, you can select **Assign to me** to assign the incident to yourself. Doing so assumes ownership of not just the incident, but also all the alerts associated with it.
|
||||
|
||||
## Change the incident status
|
||||
You can categorize incidents (as **Active**, or **Resolved**) by changing their status as your investigation progresses. This helps you organize and manage how your team can respond to incidents.
|
||||
|
||||
For example, your SoC analyst can review the urgent **Active** incidents for the day, and decide to assign them to himself for investigation.
|
||||
|
||||
Alternatively, your SoC analyst might set the incident as **Resolved** if the incident has been remediated.
|
||||
|
||||
## Classify the incident
|
||||
You can choose not to set a classification, or decide to specify whether an incident is true or false. Doing so helps the team see patterns and learn from them.
|
||||
|
||||
## Rename incident
|
||||
By default, incidents are assigned with numbers. You can rename the incident if your organization uses a naming convention for easier cybersecurity threat identification.
|
||||
|
||||
|
||||
|
||||
## Add comments and view the history of an incident
|
||||
You can add comments and view historical events about an incident to see previous changes made to it.
|
||||
|
||||
Whenever a change or comment is made to an alert, it is recorded in the Comments and history section.
|
||||
|
||||
Added comments instantly appear on the pane.
|
||||
|
||||
## Related topics
|
||||
- [Incidents queue](incidents-queue.md)
|
||||
- [View and organize the Incidents queue](view-incidents-queue.md)
|
||||
- [Investigate incidents](investigate-incidents-windows-defender-advanced-threat-protection.md)
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 06/18/2018
|
||||
ms.date: 10/10/2018
|
||||
---
|
||||
|
||||
# Onboard previous versions of Windows
|
||||
@ -50,7 +50,7 @@ The following steps are required to enable this integration:
|
||||
|
||||
### Before you begin
|
||||
Review the following details to verify minimum system requirements:
|
||||
- Install the [February monthly update rollout](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598)
|
||||
- Install the [February monthly update rollup](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598) or a later monthly update rollup.
|
||||
|
||||
>[!NOTE]
|
||||
>Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
|
||||
@ -60,6 +60,14 @@ Review the following details to verify minimum system requirements:
|
||||
>[!NOTE]
|
||||
>Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
|
||||
|
||||
- Install either [.NET framework 4.5](https://www.microsoft.com/en-us/download/details.aspx?id=30653) (or later) or [KB3154518](https://support.microsoft.com/en-us/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework)
|
||||
|
||||
>[NOTE]
|
||||
>Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
|
||||
>Don't install .NET framework 4.0.x, since it will negate the above installation.
|
||||
|
||||
|
||||
|
||||
- Meet the Azure Log Analytics agent minimum system requirements. For more information, see [Collect data from computers in your environment with Log Analytics](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-concept-hybrid#prerequisites)
|
||||
|
||||
1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603) or [Windows 32-bit agent](https://go.microsoft.com/fwlink/?LinkId=828604).
|
||||
|
||||
@ -19,7 +19,7 @@ ms.date: 09/03/2018
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
The Widows Defender ATP endpoint detection and response capabilities provides near real-time actionable advance attacks detections, enables security analysts to effectively prioritize alerts, unfold the full scope of a breach and take response actions to remediate the threat.
|
||||
The Windows Defender ATP endpoint detection and response capabilities provides near real-time actionable advance attacks detections, enables security analysts to effectively prioritize alerts, unfold the full scope of a breach and take response actions to remediate the threat.
|
||||
|
||||
|
||||
When a threat is detected, alerts are be created in the system for an analyst to investigate. Alerts with the same attack techniques or attributed to the same attacker are aggregated into an entity called _incident_. Aggregating alerts in this manner makes it easy for analysts to collectively investigate and respond to threats.
|
||||
|
||||
@ -41,9 +41,6 @@ The following features are included in the preview release:
|
||||
- [Threat analytics](threat-analytics.md)<br>
|
||||
Threat Analytics is a set of interactive reports published by the Windows Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
|
||||
|
||||
- [Incidents](incidents-queue.md)<br>
|
||||
Windows Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network.
|
||||
|
||||
|
||||
- [Custom detection](overview-custom-detections.md)<br>
|
||||
With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. This can be done by leveraging the power of Advanced hunting through the creation of custom detection rules.
|
||||
|
||||
@ -34,4 +34,8 @@ File | Run API calls such as get file information, file related alerts, file rel
|
||||
IP | Run API calls such as get IP related alerts, IP related machines, IP statistics, and check if and IP is seen in your organization.
|
||||
Machines | Run API calls such as find machine information by IP, get machines, get machines by ID, information about logged on users, and alerts related to a given machine ID.
|
||||
User | Run API calls such as get alert related user information, user information, user related alerts, and user related machines.
|
||||
KbInfo | Run API call that gets list of Windows KB's information
|
||||
CveKbMap | Run API call that gets mapping of CVE's to corresponding KB's
|
||||
MachineSecurityStates | Run API call that gets list of machines with their security properties and versions
|
||||
MachineGroups | Run API call that gets list of machine group definitions
|
||||
|
||||
|
||||
@ -1,74 +0,0 @@
|
||||
---
|
||||
title: View and organize the Incidents queue
|
||||
description: See the list of incidents and learn how to apply filters to limit the list and get a more focused view.
|
||||
keywords: view, organize, incidents, aggregate, investigations, queue, ttp
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 10/08/2018
|
||||
---
|
||||
|
||||
# View and organize the Windows Defender Advanced Threat Protection Incidents queue
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
The **Incidents queue** shows a collection of incidents that were flagged from machines in your network. It helps you sort through incidents to prioritize and create an informed cybersecurity response decision.
|
||||
|
||||
By default, the queue displays incidents seen in the last 30 days, with the most recent incident showing at the top of the list, helping you see the most recent incidents first.
|
||||
|
||||
There are several options you can choose from to customize the Incidents queue view.
|
||||
|
||||
On the top navigation you can:
|
||||
- Customize columns to add or remove columns
|
||||
- Modify the number of items to view per page
|
||||
- Select the items to show per page
|
||||
- Batch-select the incidents to assign
|
||||
- Navigate between pages
|
||||
- Apply filters
|
||||
|
||||
|
||||
|
||||
## Sort and filter the incidents queue
|
||||
You can apply the following filters to limit the list of incidents and get a more focused view.
|
||||
|
||||
Incident severity | Description
|
||||
:---|:---
|
||||
High </br>(Red) | Threats often associated with advanced persistent threats (APT). These incidents indicate a high risk due to the severity of damage they can inflict on machines.
|
||||
Medium </br>(Orange) | Threats rarely observed in the organization, such as anomalous registry change, execution of suspicious files, and observed behaviors typical of attack stages.
|
||||
Low </br>(Yellow) | Threats associated with prevalent malware and hack-tools that do not necessarily indicate an advanced threat targeting the organization.
|
||||
Informational </br>(Grey) | Informational incidents are those that might not be considered harmful to the network but might be good to keep track of.
|
||||
|
||||
### Category
|
||||
Incidents are categorized based on the description of the stage by which the cybersecurity kill chain is in. This view helps the threat analyst to determine priority, urgency, and corresponding response strategy to deploy based on context.
|
||||
|
||||
### Alerts
|
||||
Indicates the number of alerts associated with or part of the incidents.
|
||||
|
||||
|
||||
### Machines
|
||||
You can limit to show only the machines at risk which are associated with incidents.
|
||||
|
||||
### Users
|
||||
You can limit to show only the users of the machines at risk which are associated with incidents.
|
||||
|
||||
### Assigned to
|
||||
You can choose to show between unassigned incidents or those which are assigned to you.
|
||||
|
||||
### Status
|
||||
You can choose to limit the list of incidents shown based on their status to see which ones are active or resolved
|
||||
|
||||
### Classification
|
||||
Use this filter to choose between focusing on incidents flagged as true or false incidents.
|
||||
|
||||
## Related topics
|
||||
- [Incidents queue](incidents-queue.md)
|
||||
- [Manage incidents](manage-incidents-windows-defender-advanced-threat-protection.md)
|
||||
- [Investigate incidents](investigate-incidents-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -1,14 +1,14 @@
|
||||
---
|
||||
title: Windows Platform Common Criteria Certification
|
||||
title: Common Criteria Certifications
|
||||
description: This topic details how Microsoft supports the Common Criteria certification program.
|
||||
ms.prod: w10
|
||||
ms.localizationpriority: medium
|
||||
ms.author: daniha
|
||||
author: danihalfin
|
||||
ms.date: 04/03/2018
|
||||
ms.date: 10/8/2018
|
||||
---
|
||||
|
||||
# Windows Platform Common Criteria Certification
|
||||
# Common Criteria Certifications
|
||||
|
||||
Microsoft is committed to optimizing the security of its products and services. As part of that commitment, Microsoft supports the Common Criteria certification program, continues to ensure that products incorporate the features and functions required by relevant Common Criteria protection profiles, and completes Common Criteria certifications of Microsoft Windows products.
|
||||
|
||||
@ -18,7 +18,8 @@ Microsoft is committed to optimizing the security of its products and services.
|
||||
|
||||
The Security Target describes security functionality and assurance measures used to evaluate Windows.
|
||||
|
||||
- [Microsoft Window 10 (Creators Update)](http://download.microsoft.com/download/e/8/b/e8b8c42a-a0b6-4ba1-9bdc-e704e8289697/windows%2010%20version%201703%20gp%20os%20security%20target%20-%20public%20\(january%2016,%202018\)\(final\)\(clean\).pdf)
|
||||
- [Microsoft Windows 10 (Fall Creators Update)](http://download.microsoft.com/download/B/6/A/B6A5EC2C-6351-4FB9-8FF1-643D4BD5BE6E/Windows%2010%201709%20GP%20OS%20Security%20Target.pdf)
|
||||
- [Microsoft Windows 10 (Creators Update)](http://download.microsoft.com/download/e/8/b/e8b8c42a-a0b6-4ba1-9bdc-e704e8289697/windows%2010%20version%201703%20gp%20os%20security%20target%20-%20public%20\(january%2016,%202018\)\(final\)\(clean\).pdf)
|
||||
- [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/1/c/3/1c3b5ab0-e064-4350-a31f-48312180d9b5/st_vid10823-st.pdf)
|
||||
- [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/1/5/e/15eee6d3-f2a8-4441-8cb1-ce8c2ab91c24/windows%2010%20anniversary%20update%20mdf%20security%20target%20-%20public%20\(april%203%202017\).docx)
|
||||
- [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/f/8/c/f8c1c2a4-719c-48ae-942f-9fd3ce5b238f/windows%2010%20au%20and%20server%202016%20gp%20os%20security%20target%20-%20public%20\(december%202%202016\)%20\(clean\).docx)
|
||||
@ -52,7 +53,9 @@ These documents describe how to configure Windows to replicate the configuration
|
||||
|
||||
**Windows 10, Windows 10 Mobile, Windows Server 2016, Windows Server 2012 R2**
|
||||
|
||||
- [Microsoft Window 10 (Creators Update)](http://download.microsoft.com/download/e/9/7/e97f0c7f-e741-4657-8f79-2c0a7ca928e3/windows%2010%20cu%20gp%20os%20operational%20guidance%20\(jan%208%202017%20-%20public\).pdf)
|
||||
|
||||
- [Microsoft Windows 10 (Fall Creators Update)](http://download.microsoft.com/download/5/D/2/5D26F473-0FCE-4AC4-9065-6AEC0FE5B693/Windows%2010%201709%20GP%20OS%20Administrative%20Guide.pdf)
|
||||
- [Microsoft Windows 10 (Creators Update)](http://download.microsoft.com/download/e/9/7/e97f0c7f-e741-4657-8f79-2c0a7ca928e3/windows%2010%20cu%20gp%20os%20operational%20guidance%20\(jan%208%202017%20-%20public\).pdf)
|
||||
- [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/d/c/4/dc40b5c8-49c2-4587-8a04-ab3b81eb6fc4/st_vid10823-agd.pdf)
|
||||
- [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/4/c/1/4c1f4ea4-2d66-4232-a0f5-925b2bc763bc/windows%2010%20au%20operational%20guidance%20\(16%20mar%202017\)\(clean\).docx)
|
||||
- [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/b/5/2/b52e9081-05c6-4895-91a3-732bfa0eb4da/windows%2010%20au%20and%20server%202016%20gp%20os%20operational%20guidance%20\(final\).docx)
|
||||
@ -127,7 +130,8 @@ These documents describe how to configure Windows to replicate the configuration
|
||||
|
||||
An Evaluation Technical Report (ETR) is a report submitted to the Common Criteria certification authority for how Windows complies with the claims made in the Security Target. A Certification / Validation Report provides the results of the evaluation by the validation team.
|
||||
|
||||
- [Microsoft Window 10 (Creators Update)](http://download.microsoft.com/download/3/2/c/32cdf627-dd23-4266-90ff-2f9685fd15c0/2017-49%20inf-2218%20cr.pdf)
|
||||
- [Microsoft Windows 10 (Fall Creators Update)](http://download.microsoft.com/download/2/C/2/2C20D013-0610-4047-B2FA-516819DFAE0A/Windows%2010%201709%20GP%20OS%20Certification%20Report.pdf)
|
||||
- [Microsoft Windows 10 (Creators Update)](http://download.microsoft.com/download/3/2/c/32cdf627-dd23-4266-90ff-2f9685fd15c0/2017-49%20inf-2218%20cr.pdf)
|
||||
- [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/a/3/3/a336f881-4ac9-4c79-8202-95289f86bb7a/st_vid10823-vr.pdf)
|
||||
- [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/f/2/f/f2f7176e-34f4-4ab0-993c-6606d207bb3c/st_vid10752-vr.pdf)
|
||||
- [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/5/4/8/548cc06e-c671-4502-bebf-20d38e49b731/2016-36-inf-1779.pdf)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user