From 2ce69ec44ddad431e0800b07215f002795fa8f4c Mon Sep 17 00:00:00 2001 From: Alan Meeus Date: Thu, 19 Jan 2017 09:14:56 -0800 Subject: [PATCH 01/22] Update windows-10-mobile-and-mdm.md Corrected an error in the servicing options table. --- windows/manage/windows-10-mobile-and-mdm.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/manage/windows-10-mobile-and-mdm.md b/windows/manage/windows-10-mobile-and-mdm.md index 24514e3416..cc517ce971 100644 --- a/windows/manage/windows-10-mobile-and-mdm.md +++ b/windows/manage/windows-10-mobile-and-mdm.md @@ -713,8 +713,8 @@ Microsoft aspires to update Windows 10 Mobile devices with the latest updates au Cellular Device is only connected to a cellular network (standard data charges apply) Will skip a daily scan if scan was successfully completed in the last 5 days -Will only occur if update package is small and does not exceed the mobile operator data limit or the user clicks “download now”. -Yes, if the user clicked “download now” +Will only occur if update package is small and does not exceed the mobile operator data limit. +Yes Idem From 9f3c0ebe6b009b254b075ac2c77bc2815f4976af Mon Sep 17 00:00:00 2001 From: LizRoss Date: Thu, 19 Jan 2017 13:06:37 -0800 Subject: [PATCH 02/22] Updated with RMS and Work Folders info --- windows/keep-secure/limitations-with-wip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/limitations-with-wip.md b/windows/keep-secure/limitations-with-wip.md index c95ae45458..bb91f92bde 100644 --- a/windows/keep-secure/limitations-with-wip.md +++ b/windows/keep-secure/limitations-with-wip.md @@ -27,7 +27,7 @@ This table provides info about the most common problems you might encounter whil Enterprise data on USB drives is tied to the device it was protected on. Data in the new location remains encrypted, but becomes inaccessible on other devices and for other users. For example, the file won't open or the file opens, but doesn't contain readable text. - Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.

We strongly recommend educating employees about how to limit or eliminate the need for this decryption. + Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.

We strongly recommend educating employees about how to limit or eliminate the need for this decryption.

Important
If you're running WIP with Azure Rights Management (Azure RMS), you'll only be able to open protected files from a USB drive on computers running Windows 10, version 1703 and greater. Direct Access is incompatible with WIP. From c87e4998511b2751e1d2d5f733bf7b293bc7e800 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Thu, 19 Jan 2017 13:12:33 -0800 Subject: [PATCH 03/22] Fixing formatting --- windows/keep-secure/limitations-with-wip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/limitations-with-wip.md b/windows/keep-secure/limitations-with-wip.md index bb91f92bde..ed21652e85 100644 --- a/windows/keep-secure/limitations-with-wip.md +++ b/windows/keep-secure/limitations-with-wip.md @@ -67,7 +67,7 @@ This table provides info about the most common problems you might encounter whil Redirected folders with Client Side Caching are not compatible with WIP. Apps might encounter access errors while attempting to read a cached, offline file. - Migrate to use another file synchronization method, such as Work Folders or OneDrive for Business. + Migrate to use another file synchronization method, such as Work Folders or OneDrive for Business.

Note
For more info about Work Folders and Offline Files, see the blog, [Work Folders and Offline Files support for Windows Information Protection](https://blogs.technet.microsoft.com/filecab/2016/08/29/work-folders-and-offline-files-support-for-windows-information-protection/). If you're having trouble opening files offline while using Offline Files and WIP, see the support article, [Can't open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/en-us/kb/3187045). You can't upload an enterprise file to a personal location using Microsoft Edge or Internet Explorer. From eb7de812eac255d41a7e89ecf8a43ab068751766 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Thu, 19 Jan 2017 13:14:03 -0800 Subject: [PATCH 04/22] Changed version info --- windows/keep-secure/limitations-with-wip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/limitations-with-wip.md b/windows/keep-secure/limitations-with-wip.md index ed21652e85..6854c45883 100644 --- a/windows/keep-secure/limitations-with-wip.md +++ b/windows/keep-secure/limitations-with-wip.md @@ -27,7 +27,7 @@ This table provides info about the most common problems you might encounter whil Enterprise data on USB drives is tied to the device it was protected on. Data in the new location remains encrypted, but becomes inaccessible on other devices and for other users. For example, the file won't open or the file opens, but doesn't contain readable text. - Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.

We strongly recommend educating employees about how to limit or eliminate the need for this decryption.

Important
If you're running WIP with Azure Rights Management (Azure RMS), you'll only be able to open protected files from a USB drive on computers running Windows 10, version 1703 and greater. + Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.

We strongly recommend educating employees about how to limit or eliminate the need for this decryption.

Important
If you're running WIP with Azure Rights Management (Azure RMS), you'll only be able to open protected files from a USB drive on computers running the latest version from the Windows Insider Program. Direct Access is incompatible with WIP. From fb1459a8c8ce59deb02965cc40c234d2c1ec511e Mon Sep 17 00:00:00 2001 From: Justinha Date: Fri, 20 Jan 2017 09:54:14 -0800 Subject: [PATCH 05/22] fixed Important note formatting --- windows/keep-secure/credential-guard.md | 2 +- ...ments-and-deployment-planning-guidelines-for-device-guard.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/keep-secure/credential-guard.md b/windows/keep-secure/credential-guard.md index bdf1e9d9d1..eaabf72651 100644 --- a/windows/keep-secure/credential-guard.md +++ b/windows/keep-secure/credential-guard.md @@ -61,7 +61,7 @@ The following tables provide more information about the hardware, firmware, and | Hardware: **Trusted Platform Module (TPM)** | **Requirement**: TPM 1.2 or TPM 2.0, either discrete or firmware.

**Security benefits**: A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access. | | Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)

**Security benefits**: UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots. | | Firmware: **Secure firmware update process** | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).

**Security benefits**: UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. | -| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows 2016 Server, or Windows Enterprise IoT

**! Important**:
Windows Server 2016 running as a domain controller does not support Credential Guard. Only Device Guard is supported in this configuration.

**Security benefits**: Support for VBS and for management features that simplify configuration of Credential Guard. | +| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows 2016 Server, or Windows Enterprise IoT

Important:
Windows Server 2016 running as a domain controller does not support Credential Guard. Only Device Guard is supported in this configuration.


**Security benefits**: Support for VBS and for management features that simplify configuration of Credential Guard. | > [!IMPORTANT] > The preceding table lists requirements for baseline protections. The following tables list requirements for improved security. You can use Credential Guard with hardware, firmware, and software that support baseline protections, even if they do not support protections for improved security. However, we strongly recommend meeting the requirements for improved security, to significantly strengthen the level of security that Credential Guard can provide. diff --git a/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md b/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md index 82bfc43574..5de3da4f21 100644 --- a/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md +++ b/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md @@ -54,7 +54,7 @@ The following tables provide more information about the hardware, firmware, and | Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)

**Security benefits**: UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots. | | Firmware: **Secure firmware update process** | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).

**Security benefits**: UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. | | Software: **HVCI compatible drivers** | **Requirements**: See the Windows Hardware Compatibility Program requirements under [Filter.Driver.DeviceGuard.DriverCompatibility](https://msdn.microsoft.com/library/windows/hardware/mt589732(v=vs.85).aspx).

**Security benefits**: [HVCI Compatible](https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10/) drivers help ensure that VBS can maintain appropriate memory permissions. This increases resistance to bypassing vulnerable kernel drivers and helps ensure that malware cannot run in kernel. Only code verified through code integrity can run in kernel mode. | -| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows 2016 Server, or Windows Enterprise IoT

**! Important*:*
Windows Server 2016 running as a domain controller does not support Credential Guard. Only Device Guard is supported in this configuration.

**Security benefits**: Support for VBS and for management features that simplify configuration of Device Guard. | +| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows 2016 Server, or Windows Enterprise IoT

Important:
Windows Server 2016 running as a domain controller does not support Credential Guard. Only Device Guard is supported in this configuration.


**Security benefits**: Support for VBS and for management features that simplify configuration of Device Guard. | > **Important**  The preceding table lists requirements for baseline protections. The following tables list requirements for improved security. You can use Device Guard with hardware, firmware, and software that support baseline protections, even if they do not support protections for improved security. However, we strongly recommend meeting the requirements for improved security, to significantly strengthen the level of security that Device Guard can provide. From 95ed9932204e54fa096d72135faa99ed32fd11e6 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 20 Jan 2017 10:22:24 -0800 Subject: [PATCH 06/22] fix note tagging --- ...re-arcsight-windows-defender-advanced-threat-protection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md index 1c36768862..89b4b13d30 100644 --- a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md @@ -35,12 +35,12 @@ You'll need to configure HP ArcSight so that it can consume Windows Defender ATP - **client_secret**: OAuth 2 Client secret - **auth_url**: ```https://login.microsoftonline.com/?resource=https%3A%2F%2FWDATPAlertExport.Seville.onmicrosoft.com ``` - >!NOTE + >[!NOTE] >Replace *tenantID* with your tenant ID. - **token_url**: `https://login.microsoftonline.com//oauth2/token` - >!NOTE + >[!NOTE] >Replace the *tenantID* value with your tenant ID. - **redirect_uri**: ```https://localhost:44300/wdatpconnector``` From dd9a51acecf4bdfd1166e5e3b9890ee135ac4895 Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Fri, 20 Jan 2017 10:44:00 -0800 Subject: [PATCH 07/22] Fixed redundance - GP-Intune --- windows/manage/waas-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/manage/waas-overview.md b/windows/manage/waas-overview.md index 1d04eb0c3a..160f38bcad 100644 --- a/windows/manage/waas-overview.md +++ b/windows/manage/waas-overview.md @@ -136,7 +136,7 @@ Microsoft recommends that all organizations have at least a few PCs enrolled in There are many tools with which IT pros can service Windows as a service. Each option has its pros and cons, ranging from capabilities and control to simplicity and low administrative requirements. The following are examples of the servicing tools available to manage Windows as a service updates: - **Windows Update (stand-alone)** provides limited control over feature updates, with IT pros manually configuring the device to be in the CBB servicing branch. Organizations can control which devices defer updates and stay in the CBB servicing branch or remain in CB by selecting the Defer upgrades check box in Start\Settings\Update & Security\Advanced Options on a Windows 10 client. -- **Windows Update for Business** is the second option for servicing Windows as a service. This servicing tool includes a little more control over update deferment and provides centralized management using Group Policy. In Windows 10 version 1511, Windows Update for Business can be used to defer feature updates for up to 8 months and quality updates for up to 4 weeks. Also, these deferment options were available only to clients in the CBB servicing branch. In Windows 10 version 1607 and later, Windows Update for Business can be used to defer feature updates for up to 180 days and quality updates for up to 30 days. These deployment options are available to clients in either the CB or CBB servicing branch. In addition to being able to use Group Policy to manage Windows Update for Business, either option can be configured without requiring any on-premises infrastructure by using Intune. In addition to Intune, organizations can use Group Policy to manage Windows Update for Business. +- **Windows Update for Business** is the second option for servicing Windows as a service. This servicing tool includes a little more control over update deferment and provides centralized management using Group Policy. In Windows 10 version 1511, Windows Update for Business can be used to defer feature updates for up to 8 months and quality updates for up to 4 weeks. Also, these deferment options were available only to clients in the CBB servicing branch. In Windows 10 version 1607 and later, Windows Update for Business can be used to defer feature updates for up to 180 days and quality updates for up to 30 days. These deployment options are available to clients in either the CB or CBB servicing branch. In addition to being able to use Group Policy to manage Windows Update for Business, either option can be configured without requiring any on-premises infrastructure by using Intune. - **Windows Server Update Services (WSUS)** provides extensive control over Windows 10 updates and is natively available in the Windows Server operating system. In addition to the ability to defer updates, organizations can add an approval layer for updates and choose to deploy them to specific computers or groups of computers whenever ready. - **System Center Configuration Manager** provides the greatest control over servicing Windows as a service. IT pros can defer updates, approve them, and have multiple options for targeting deployments and managing bandwidth usage and deployment times. From 19e9acec1eefa4e321c6018afef39c0ea2547f1f Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 20 Jan 2017 11:39:37 -0800 Subject: [PATCH 08/22] change history --- windows/deploy/change-history-for-deploy-windows-10.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/deploy/change-history-for-deploy-windows-10.md b/windows/deploy/change-history-for-deploy-windows-10.md index f7174c7785..88557fd56f 100644 --- a/windows/deploy/change-history-for-deploy-windows-10.md +++ b/windows/deploy/change-history-for-deploy-windows-10.md @@ -14,6 +14,9 @@ This topic lists new and updated topics in the [Deploy Windows 10](index.md) doc ## January 2017 | New or changed topic | Description | |----------------------|-------------| +| [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md) | New | +| [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) | New | +| [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md) | New | | [Apply a provisioning package](provisioning-apply-package.md) | New (previously published in other topics) | | [Create a provisioning package for Windows 10](provisioning-create-package.md) | New (previously published in Hardware Dev Center on MSDN) | | [Create a provisioning package with multivariant settings](provisioning-multivariant.md) | New (previously published in Hardware Dev Center on MSDN) | From ae0c837b179c7ba0db3c91c7358034940cc2a7da Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Fri, 20 Jan 2017 12:32:12 -0800 Subject: [PATCH 09/22] add video --- .../manage/change-history-for-manage-and-update-windows-10.md | 1 + windows/manage/waas-quick-start.md | 2 ++ windows/manage/waas-update-windows-10.md | 4 +++- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/windows/manage/change-history-for-manage-and-update-windows-10.md b/windows/manage/change-history-for-manage-and-update-windows-10.md index 26af07a521..c9e8313b65 100644 --- a/windows/manage/change-history-for-manage-and-update-windows-10.md +++ b/windows/manage/change-history-for-manage-and-update-windows-10.md @@ -21,6 +21,7 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in | [Cortana integration in your business or enterprise](cortana-at-work-overview.md) | New | | [Start layout XML for desktop editions of Windows 10](start-layout-xml-desktop.md) | New (previously published in Hardware Dev Center on MSDN) | | [Start layout XML for mobile editions of Windows 10](start-layout-xml-mobile.md) | New (previously published in Hardware Dev Center on MSDN) | +| [Quick guide to Windows as a service](waas-quick-start.md) | Added video that explains how Windows as a service works. | diff --git a/windows/manage/waas-quick-start.md b/windows/manage/waas-quick-start.md index 5c19c64019..440689866a 100644 --- a/windows/manage/waas-quick-start.md +++ b/windows/manage/waas-quick-start.md @@ -52,7 +52,9 @@ Additional technologies such as BranchCache and Delivery Optimization, both peer See [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) and [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) for more information. +## Video: An overview of Windows as a service + ## Related topics diff --git a/windows/manage/waas-update-windows-10.md b/windows/manage/waas-update-windows-10.md index 8fc28b33a7..c87ec80caf 100644 --- a/windows/manage/waas-update-windows-10.md +++ b/windows/manage/waas-update-windows-10.md @@ -21,7 +21,9 @@ localizationpriority: high Windows as a service provides a new way to think about building, deploying, and servicing the Windows operating system. The Windows as a service model is focused on continually providing new capabilities and updates while maintaining a high level of hardware and software compatibility. Deploying new versions of Windows is simpler than ever before: Microsoft releases new features two to three times per year rather than the traditional upgrade cycle where new features are only made available every few years. Ultimately, this model replaces the need for traditional Windows deployment projects, which can be disruptive and costly, and spreads the required effort out into a continuous updating process, reducing the overall effort required to maintain Windows 10 devices in your environment. In addition, with the Windows 10 operating system, organizations have the chance to try out “flighted” builds of Windows as Microsoft develops them, gaining insight into new features and the ability to provide continual feedback about them. >[!TIP] ->See [Windows 10 update history](https://support.microsoft.com/help/12387/windows-10-update-history) for details about each Windows 10 update released to date. +>See [Windows 10 update history](https://support.microsoft.com/help/12387/windows-10-update-history) for details about each Windows 10 update released to date. + + ## In this section From 7ad8ce788d2853fb8739792230ec2041c9d0337f Mon Sep 17 00:00:00 2001 From: LizRoss Date: Fri, 20 Jan 2017 12:39:46 -0800 Subject: [PATCH 10/22] Updated with final text --- windows/keep-secure/limitations-with-wip.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/keep-secure/limitations-with-wip.md b/windows/keep-secure/limitations-with-wip.md index 6854c45883..39aaeb8dc5 100644 --- a/windows/keep-secure/limitations-with-wip.md +++ b/windows/keep-secure/limitations-with-wip.md @@ -25,9 +25,9 @@ This table provides info about the most common problems you might encounter whil Workaround - Enterprise data on USB drives is tied to the device it was protected on. - Data in the new location remains encrypted, but becomes inaccessible on other devices and for other users. For example, the file won't open or the file opens, but doesn't contain readable text. - Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.

We strongly recommend educating employees about how to limit or eliminate the need for this decryption.

Important
If you're running WIP with Azure Rights Management (Azure RMS), you'll only be able to open protected files from a USB drive on computers running the latest version from the Windows Insider Program. + Your enterprise data on USB drives might be tied to the device it was protected on, based on your Azure RMS configuration. + If you’re using Azure RMS: Authenticated users can open enterprise data on USB drives, on computers running the latest build from the Windows Insider Program.

If you’re not using Azure RMS: Data in the new location remains encrypted, but becomes inaccessible on other devices and for other users. For example, the file won't open or the file opens, but doesn't contain readable text. + Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.

We strongly recommend educating employees about how to limit or eliminate the need for this decryption. Direct Access is incompatible with WIP. From 855f8b6fce1a027a25fd74df70f371ee3c35d99c Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Fri, 20 Jan 2017 13:15:16 -0800 Subject: [PATCH 11/22] sync --- windows/manage/.vscode/settings.json | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 windows/manage/.vscode/settings.json diff --git a/windows/manage/.vscode/settings.json b/windows/manage/.vscode/settings.json new file mode 100644 index 0000000000..20af2f68a6 --- /dev/null +++ b/windows/manage/.vscode/settings.json @@ -0,0 +1,3 @@ +// Place your settings in this file to overwrite default and user settings. +{ +} \ No newline at end of file From f861293656a71176a8e6268c90a5a20ec97d44e2 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Fri, 20 Jan 2017 13:19:39 -0800 Subject: [PATCH 12/22] fix format --- windows/manage/start-layout-xml-desktop.md | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/windows/manage/start-layout-xml-desktop.md b/windows/manage/start-layout-xml-desktop.md index aa6a1bd126..356f06b523 100644 --- a/windows/manage/start-layout-xml-desktop.md +++ b/windows/manage/start-layout-xml-desktop.md @@ -158,33 +158,31 @@ You can use the **start:DesktopApplicationTile** tag to pin a Windows desktop ap The following example shows how to pin the Command Prompt: -```XML - -``` - + ``` You must set the **DesktopApplicationLinkPath** attribute to the .lnk file that points to the Windows desktop application. The path also supports environment variables. If you are pointing to a third-party Windows desktop application, you must put the .lnk file in a legacy Start Menu directory before first boot; for example, "%APPDATA%\Microsoft\Windows\Start Menu\Programs\" or the all users profile "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\". - - By using the application's application user model ID, if this is known. If the Windows desktop application doesn't have one, use the shortcut link option. To pin a Windows desktop application through this method, you must set the **DesktopApplicationID** attribute to the application user model ID that's associated with the corresponding app. The following example shows how to pin the Internet Explorer Windows desktop application: -```XML - -``` + ``` You can also use the **start:DesktopApplicationTile** tag as one of the methods for pinning a Web link to Start. The other method is to use a Microsoft Edge secondary tile. From 1ed91f9c5445593ab941b5fd88e87410b8e65269 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 20 Jan 2017 13:19:58 -0800 Subject: [PATCH 13/22] updated hard drive space requirement --- windows/deploy/windows-10-poc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index 6156ac502d..27d9c03e3c 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -109,7 +109,7 @@ Harware requirements are displayed below: **Disk** - 50 GB available hard disk space (100 GB recommended), any format. + 200 GB available hard disk space, any format. Any size, MBR formatted. From 28a3368a946a50a54b0a88ad9a2d239797dcfead Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Fri, 20 Jan 2017 13:30:21 -0800 Subject: [PATCH 14/22] Fix Type and Rephrase due to duplicate. --- windows/manage/waas-manage-updates-wufb.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/manage/waas-manage-updates-wufb.md b/windows/manage/waas-manage-updates-wufb.md index 5abdf4a34b..a61fbb1548 100644 --- a/windows/manage/waas-manage-updates-wufb.md +++ b/windows/manage/waas-manage-updates-wufb.md @@ -18,7 +18,7 @@ localizationpriority: high > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) -Windows Update for Business enables information technology administrators to keep the Windows 10 devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service. You can use Group Policy or MDM solutions such as Intune to configure the Windows Update for Business settings. Using Group Policy or MDM solutions such as Intune, you can control how and when Windows 10 devices are updated. In addition, by using Intune, organizations can manage devices that are not joined to a domain at all or are joined to Microsoft Azure Active Directory (Azure AD) alongside your on-premises domain-joined machines. +Windows Update for Business enables information technology administrators to keep the Windows 10 devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service. You can use Group Policy or MDM solutions such as Intune to configure the Windows Update for Business settings that control how and when Windows 10 devices are updated. In addition, by using Intune, organizations can manage devices that are not joined to a domain at all or are joined to Microsoft Azure Active Directory (Azure AD) alongside your on-premises domain-joined machines. Specifically, Windows Update for Business allows for: From 60e1053b8e113170d6626b1515bf2429d3e93100 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Fri, 20 Jan 2017 13:49:29 -0800 Subject: [PATCH 15/22] Update troubleshoot-windows-defender-in-windows-10.md --- .../keep-secure/troubleshoot-windows-defender-in-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md b/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md index df382bc1fe..bca131bc9f 100644 --- a/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md +++ b/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md @@ -2222,7 +2222,7 @@ Description of the error.

The support for your operating system has expired. Windows Defender is no longer supported on your operating system, has stopped functioning, and is not protecting against malware threats.

- +Event ID: 2050

Symbolic name:

MALWAREPROTECTION_SAMPLESUBMISSION_UPLOADED

Message:

%1 has uploaded a suspicious file for further analysis.
Filename <uploaded filename>
Sha256: <file SHA>

Description:

A file was uploaded to the Windows Defender Antimalware cloud for further analysis or processing.

Event ID: 3002 From d3bfdd63e7c155659eb5b68c3e5c608f697fc6c0 Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Fri, 20 Jan 2017 14:10:31 -0800 Subject: [PATCH 16/22] Fixed a typo - rage->range --- windows/manage/waas-manage-updates-wufb.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/manage/waas-manage-updates-wufb.md b/windows/manage/waas-manage-updates-wufb.md index a61fbb1548..7f290e895c 100644 --- a/windows/manage/waas-manage-updates-wufb.md +++ b/windows/manage/waas-manage-updates-wufb.md @@ -37,7 +37,7 @@ Windows Update for Business provides three types of updates to Windows 10 device - **Quality Updates**: these are traditional operating system updates, typically released the second Tuesday of each month (though they can be released at any time). These include security, critical, and driver updates. Windows Update for Business also treats non-Windows updates (such as those for Microsoft Office or Visual Studio) as Quality Updates. These non-Windows Updates are known as *Microsoft Updates* and devices can be optionally configured to receive such updates along with their Windows Updates. - **Non-deferrable updates**: Currently, antimalware and antispyware Definition Updates from Windows Update cannot be deferred. -Both Feature and Quality Updates can be deferred from deploying to client devices by a Windows Update for Business administrator within a bounded rage of time from when those updates are first made available on the Windows Update Service. This deferral capability allows administrators to validate deployments as they are pushed to all client devices configured for Windows Update for Business. +Both Feature and Quality Updates can be deferred from deploying to client devices by a Windows Update for Business administrator within a bounded range of time from when those updates are first made available on the Windows Update Service. This deferral capability allows administrators to validate deployments as they are pushed to all client devices configured for Windows Update for Business. From e4749a11aeeb1b99d1875b7dc06a8be8f023d78e Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Fri, 20 Jan 2017 14:50:31 -0800 Subject: [PATCH 17/22] Update troubleshoot-windows-defender-in-windows-10.md --- .../keep-secure/troubleshoot-windows-defender-in-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md b/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md index bca131bc9f..ac8772f7b7 100644 --- a/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md +++ b/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md @@ -2222,7 +2222,7 @@ Description of the error. - +

The support for your operating system has expired. Windows Defender is no longer supported on your operating system, has stopped functioning, and is not protecting against malware threats.

Event ID: 2050

Symbolic name:

MALWAREPROTECTION_SAMPLESUBMISSION_UPLOADED

Message:

%1 has uploaded a suspicious file for further analysis.
Filename <uploaded filename>
Sha256: <file SHA>

Description:

A file was uploaded to the Windows Defender Antimalware cloud for further analysis or processing.

Event ID: 2050

Symbolic name:

MALWAREPROTECTION_SAMPLESUBMISSION_UPLOADED

Message:

The antimalware engine has uploaded a file for further analysis.
Filename <uploaded filename>
Sha256: <file SHA>

Description:

A file was uploaded to the Windows Defender Antimalware cloud for further analysis or processing.

Event ID: 3002 From 3e9de6474455fbb5d2aeb4a0b01e1ef4645ab70c Mon Sep 17 00:00:00 2001 From: loosus456 Date: Sat, 21 Jan 2017 11:41:18 -0500 Subject: [PATCH 18/22] Update configure-windows-10-taskbar.md --- .../manage/configure-windows-10-taskbar.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/manage/configure-windows-10-taskbar.md b/windows/manage/configure-windows-10-taskbar.md index 50576b01ad..c655dea92f 100644 --- a/windows/manage/configure-windows-10-taskbar.md +++ b/windows/manage/configure-windows-10-taskbar.md @@ -10,21 +10,21 @@ localizationpriority: high --- # Configure Windows 10 taskbar -Starting in Windows 10, version 1607, administrators can pin additional apps to the taskbar and remove default pinned apps from the taskbar by adding a `` section to a layout modification XML file. This method never removes user-pinned apps from the taskbar. +Starting in Windows 10, version 1607, administrators can pin additional apps to the taskbar and remove default pinned apps from the taskbar by adding a `` section to a layout-modification XML file. This method never removes user-pinned apps from the taskbar. > [!NOTE] > The only aspect of the taskbar that can currently be configured by the layout modification XML file is the layout. You can specify different taskbar configurations based on device locale and region. There is no limit on the number of apps that you can pin. You specify apps using the [Application User Model ID (AUMID)](https://go.microsoft.com/fwlink/p/?LinkId=614867) or Desktop Application Link Path (the local path to the application). -If you specify an app to be pinned that is not installed on the computer, it won't appear on the taskbar. +If you specify an app to be pinned that is not provisioned for the user on the computer, the pinned icon won't appear on the taskbar. -The order of apps in the xml file dictates order of apps on taskbar from left to right, to the right of any existing apps pinned by user. +The order of apps in the XML file dictates the order of pinned apps on the taskbar from left to right, to the right of any existing apps pinned by the user. > [!NOTE] > In operating systems configured to use a right-to-left language, the taskbar order will be reversed. -The following example shows how apps will be pinned: Windows default apps to the left (blue circle), apps pinned by the user in the center (orange triangle), and apps that you pin using XML to the right (green square). +The following example shows how apps will be pinned: Windows default apps to the left (blue circle), apps pinned by the user in the center (orange triangle), and apps that you pin using the XML file to the right (green square). ![Windows left, user center, enterprise to the right](images/taskbar-generic.png) @@ -34,28 +34,28 @@ The following example shows how apps will be pinned: Windows default apps to the To configure the taskbar: 1. Create the XML file. * If you are also [customizing the Start layout](customize-and-export-start-layout.md), use `Export-StartLayout` to create the XML, and then add the `` section from the following sample to the file. - * If you are only configuring the taskbar, use the following sample to create a layout modification XML file. + * If you are only configuring the taskbar, use the following sample to create a layout-modification XML file. 2. Edit and save the XML file. You can use [AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867) or Desktop Application Link Path to identify the apps to pin to the taskbar. * Use `` and [AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867) to pin Universal Windows Platform apps. * Use `` and Desktop Application Link Path to pin desktop applications. -3. Apply the layout modification XML file to devices using [Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) or a [provisioning package created in Windows Imaging and Configuration Designer (Windows ICD)](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md). +3. Apply the layout-modification XML file to devices using [Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) or a [provisioning package created in Windows Imaging and Configuration Designer (Windows ICD)](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md). >[!IMPORTANT] ->If you use a provisioning package to configure the taskbar, your configuration will be reapplied each time the explorer.exe process restarts. If your configuration pins an app and the user unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration and allow users to make changes that will persist, apply your configuration by using Group Policy. +>If you use a provisioning package to configure the taskbar, your configuration will be reapplied each time the explorer.exe process restarts. If your configuration pins an app and the user then unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration that allows users to make changes that will persist, apply your configuration using Group Policy. ### Tips for finding AUMID and Desktop Application Link Path -In the layout modification XML file, you will need to add entries for applications in the XML markup. In order to pin an application, you need either its AUMID or Desktop Application Link Path. +In the layout-modification XML file, you will need to add entries for applications in the XML markup. In order to pin an application, you need either its AUMID or Desktop Application Link Path. The easiest way to find this data for an application is to: -1. Pin the application to the Start menu +1. Pin the application to the Start menu on a reference/testing machine. 2. Open Windows PowerShell and run the `Export-StartLayout` cmdlet. 3. Open the generated XML file. -4. Look for an entry corresponding to the app you pinned . +4. Look for an entry corresponding to the app you pinned. 5. Look for a property labeled `AppUserModelID` or `DesktopApplicationLinkPath`. -### Sample taskbar configuration XML +### Sample taskbar configuration XML file ```xml @@ -75,7 +75,7 @@ The easiest way to find this data for an application is to: ``` -### Sample taskbar configuration added to Start layout XML +### Sample taskbar configuration added to Start-layout XML file ```xml @@ -218,7 +218,7 @@ The following example shows you how to configure taskbars by country or region. ``` -When the preceding example XML is applied, the resulting taskbar for computers in the US or UK: +When the preceding example XML file is applied, the resulting taskbar for computers in the US or UK: ![taskbar for US and UK locale](images/taskbar-region-usuk.png) From 70bce19d623f0f51331be4e024194cd98f82494f Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Mon, 23 Jan 2017 07:27:46 -0800 Subject: [PATCH 19/22] sync --- windows/manage/start-layout-xml-desktop.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/manage/start-layout-xml-desktop.md b/windows/manage/start-layout-xml-desktop.md index 356f06b523..1a48aaad33 100644 --- a/windows/manage/start-layout-xml-desktop.md +++ b/windows/manage/start-layout-xml-desktop.md @@ -183,6 +183,7 @@ You can use the **start:DesktopApplicationTile** tag to pin a Windows desktop ap Row="0" Column="2"/> ``` + You can also use the **start:DesktopApplicationTile** tag as one of the methods for pinning a Web link to Start. The other method is to use a Microsoft Edge secondary tile. From 8c023e708d5dbcfd7a06bc6ecd63ca752c4f2063 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Mon, 23 Jan 2017 08:09:27 -0800 Subject: [PATCH 20/22] revert some changes --- windows/manage/configure-windows-10-taskbar.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/manage/configure-windows-10-taskbar.md b/windows/manage/configure-windows-10-taskbar.md index c655dea92f..bd5e26f4ba 100644 --- a/windows/manage/configure-windows-10-taskbar.md +++ b/windows/manage/configure-windows-10-taskbar.md @@ -10,7 +10,7 @@ localizationpriority: high --- # Configure Windows 10 taskbar -Starting in Windows 10, version 1607, administrators can pin additional apps to the taskbar and remove default pinned apps from the taskbar by adding a `` section to a layout-modification XML file. This method never removes user-pinned apps from the taskbar. +Starting in Windows 10, version 1607, administrators can pin additional apps to the taskbar and remove default pinned apps from the taskbar by adding a `` section to a layout modification XML file. This method never removes user-pinned apps from the taskbar. > [!NOTE] > The only aspect of the taskbar that can currently be configured by the layout modification XML file is the layout. @@ -34,21 +34,21 @@ The following example shows how apps will be pinned: Windows default apps to the To configure the taskbar: 1. Create the XML file. * If you are also [customizing the Start layout](customize-and-export-start-layout.md), use `Export-StartLayout` to create the XML, and then add the `` section from the following sample to the file. - * If you are only configuring the taskbar, use the following sample to create a layout-modification XML file. + * If you are only configuring the taskbar, use the following sample to create a layout modification XML file. 2. Edit and save the XML file. You can use [AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867) or Desktop Application Link Path to identify the apps to pin to the taskbar. * Use `` and [AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867) to pin Universal Windows Platform apps. * Use `` and Desktop Application Link Path to pin desktop applications. -3. Apply the layout-modification XML file to devices using [Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) or a [provisioning package created in Windows Imaging and Configuration Designer (Windows ICD)](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md). +3. Apply the layout modification XML file to devices using [Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) or a [provisioning package created in Windows Imaging and Configuration Designer (Windows ICD)](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md). >[!IMPORTANT] ->If you use a provisioning package to configure the taskbar, your configuration will be reapplied each time the explorer.exe process restarts. If your configuration pins an app and the user then unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration that allows users to make changes that will persist, apply your configuration using Group Policy. +>If you use a provisioning package to configure the taskbar, your configuration will be reapplied each time the explorer.exe process restarts. If your configuration pins an app and the user then unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration that allows users to make changes that will persist, apply your configuration by using Group Policy. ### Tips for finding AUMID and Desktop Application Link Path -In the layout-modification XML file, you will need to add entries for applications in the XML markup. In order to pin an application, you need either its AUMID or Desktop Application Link Path. +In the layout modification XML file, you will need to add entries for applications in the XML markup. In order to pin an application, you need either its AUMID or Desktop Application Link Path. The easiest way to find this data for an application is to: -1. Pin the application to the Start menu on a reference/testing machine. +1. Pin the application to the Start menu on a reference or testing PC. 2. Open Windows PowerShell and run the `Export-StartLayout` cmdlet. 3. Open the generated XML file. 4. Look for an entry corresponding to the app you pinned. @@ -75,7 +75,7 @@ The easiest way to find this data for an application is to: ``` -### Sample taskbar configuration added to Start-layout XML file +### Sample taskbar configuration added to Start layout XML file ```xml @@ -139,7 +139,7 @@ The `` section will append listed apps to the tas ![additional apps pinned to taskbar](images/taskbar-default-plus.png) -##Remove default apps and add your own +## Remove default apps and add your own By adding `PinListPlacement="Replace"` to ``, you remove all default pinned apps; only the apps that you specify will be pinned to the taskbar. From 7813481df3c40b24fef679c94bcd30729983ccef Mon Sep 17 00:00:00 2001 From: LizRoss Date: Mon, 23 Jan 2017 08:38:09 -0800 Subject: [PATCH 21/22] Updated for changes made to the limitations topic --- windows/keep-secure/change-history-for-keep-windows-10-secure.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md index 900762eca3..eeed8b7292 100644 --- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md +++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md @@ -15,6 +15,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md ## January 2017 |New or changed topic |Description | |---------------------|------------| +|[Limitations while using Windows Information Protection (WIP)](keep-secure/limitations-with-wip.md) |Updated to include info about USB drives and Azure RMS (Windows Insider Program only) and to add more info about Work Folders and Offline files. | |[Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP)](recommended-network-definitions-for-wip.md) |New | |[Using Outlook Web Access with Windows Information Protection (WIP)](using-owa-with-wip.md) |New | From 34ad2c7321f6f366d8696c70b5bfa354fe5e8d59 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Mon, 23 Jan 2017 08:46:44 -0800 Subject: [PATCH 22/22] Fixed broken link --- .../keep-secure/change-history-for-keep-windows-10-secure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md index eeed8b7292..923a810e4e 100644 --- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md +++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md @@ -15,7 +15,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md ## January 2017 |New or changed topic |Description | |---------------------|------------| -|[Limitations while using Windows Information Protection (WIP)](keep-secure/limitations-with-wip.md) |Updated to include info about USB drives and Azure RMS (Windows Insider Program only) and to add more info about Work Folders and Offline files. | +|[Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md) |Updated to include info about USB drives and Azure RMS (Windows Insider Program only) and to add more info about Work Folders and Offline files. | |[Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP)](recommended-network-definitions-for-wip.md) |New | |[Using Outlook Web Access with Windows Information Protection (WIP)](using-owa-with-wip.md) |New |