[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619091)| -|Ralink|Wireless-G PCI Adapter|pci\ven_1814&dev_0301&subsys_00551737&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619092)
[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619093)| -|Ralink|Turbo Wireless LAN Card|pci\ven_1814&dev_0301&subsys_25611814&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619094)
[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619095)| -|Ralink|Wireless LAN Card V1|pci\ven_1814&dev_0302&subsys_3a711186&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619097)
[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619098)| -|Ralink|D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C)|pci\ven_1814&dev_0302&subsys_3c091186&rev_00|[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619099)
[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619100)|
-
-IT administrators that want to target Windows To Go images for specific systems should test their images to ensure that the necessary system drivers are in the image, especially for critical functionality like Wi-Fi that isn't supported by class drivers. Some consumer devices require OEM-specific driver packages, which may not be available on Windows Update. For more information on how to add a driver to a Windows Image, please refer to the [Basic Windows Deployment Step-by-Step Guide](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825212(v=win.10)).
-
-### Application installation and domain join
-
-Unless you're using a customized Windows image that includes unattended installation settings, the initial Windows To Go workspace won't be domain joined and won't contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications
-
-### Management of Windows To Go using Group Policy
-
-In general, management of Windows To Go workspaces is same as that for desktop and laptop computers. There are Windows To Go specific Group Policy settings that should be considered as part of Windows To Go deployment. Windows To Go Group Policy settings are located at `\\Computer Configuration\Administrative Templates\Windows Components\Portable Operating System\` in the Local Group Policy Editor.
-
-The use of the Store on Windows To Go workspaces that are running Windows 8 can also be controlled by Group Policy. This policy setting is located at `\\Computer Configuration\Administrative Templates\Windows Components\Store\` in the Local Group Policy Editor. The policy settings have specific implications for Windows To Go that you should be aware of when planning your deployment:
-
-**Settings for workspaces**
-
-- **Allow hibernate (S4) when started from a Windows To Go workspace**
-
- This policy setting specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace. By default, hibernation is disabled when using Windows To Go workspace, so enabling this setting explicitly turns this ability back on. When a computer enters hibernation, the contents of memory are written to disk. When the disk is resumed, it's important that the hardware attached to the system, and the disk itself, are unchanged. This is inherently incompatible with roaming between PC hosts. Hibernation should only be used when the Windows To Go workspace isn't being used to roam between host PCs.
-
- > [!IMPORTANT]
- > For the host-PC to resume correctly when hibernation is enabled the Windows To Go workspace must continue to use the same USB port.
-
-- **Disallow standby sleep states (S1-S3) when starting from a Windows To Go workspace**
-
- This policy setting specifies whether the PC can use standby sleep states (S1–S3) when started from a Windows To Go workspace. The Sleep state also presents a unique challenge to Windows To Go users. When a computer goes to sleep, it appears as if it's shut down. It could be easy for a user to think that a Windows To Go workspace in sleep mode was actually shut down and they could remove the Windows To Go drive and take it home. Removing the Windows To Go drive in this scenario is equivalent to an unclean shutdown, which may result in the loss of unsaved user data or the corruption on the drive. Moreover, if the user now boots the drive on another PC and brings it back to the first PC, which still happens to be in the sleep state, it will lead to an arbitrary crash and eventually corruption of the drive and result in the workspace becoming unusable. If you enable this policy setting, the Windows To Go workspace can't use the standby states to cause the PC to enter sleep mode. If you disable or don't configure this policy setting, the Windows To Go workspace can place the PC in sleep mode.
-
-**Settings for host PCs**
-
-- **Windows To Go Default Startup Options**
-
- This policy setting controls whether the host computer will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the **Windows To Go Startup Options** settings dialog. If you enable this policy setting, booting to Windows To Go when a USB device is connected will be enabled and users won't be able to make changes using the **Windows To Go Startup Options** settings dialog. If you disable this policy setting, booting to Windows To Go when a USB device is connected won't be enabled unless a user configures the option manually in the firmware. If you don't configure this policy setting, users who are members of the local Administrators group can enable or disable booting from USB using the **Windows To Go Startup Options** settings dialog.
-
- > [!IMPORTANT]
- > Enabling this policy setting will cause PCs running Windows to attempt to boot from any USB device that is inserted into the PC before it is started.
-
-## Supporting booting from USB
-
-The biggest hurdle for a user wanting to use Windows To Go is configuring their computer to boot from USB. This is traditionally done by entering the firmware and configuring the appropriate boot order options. To ease the process of making the firmware modifications required for Windows To Go, Windows includes a feature named **Windows To Go Startup Options** that allows a user to configure their computer to boot from USB from within Windows—without ever entering their firmware, as long as their firmware supports booting from USB.
-
-> [!NOTE]
-> Enabling a system to always boot from USB first has implications that you should consider. For example, a USB device that includes malware could be booted inadvertently to compromise the system, or multiple USB drives could be plugged in to cause a boot conflict. For this reason, the Windows To Go startup options are disabled by default. In addition, administrator privileges are required to configure Windows To Go startup options.
-
-If you're going to be using a Windows 7 computer as a host-PC, see the wiki article [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951).
-
-### Roaming between different firmware types
-
-Windows supports two types of PC firmware: Unified Extensible Firmware Interface (UEFI), which is the new standard, and legacy BIOS firmware, which was used in most PCs shipping with Windows 7 or earlier version of Windows. Each firmware type has completely different Windows boot components that are incompatible with each other. Beyond the different boot components, Windows supports different partition styles and layout requirements for each type of firmware as shown in the following diagrams.
-
-
-
-This presented a unique challenge for Windows To Go because the firmware type isn't easily determined by end users—a UEFI computer looks just like a legacy BIOS computer and Windows To Go must boot on both types of firmware.
-
-To enable booting Windows To Go on both types of firmware, a new disk layout is provided for Windows 8 or later that contains both sets of boot components on a FAT32 system partition and a new command-line option was added to bcdboot.exe to support this configuration. The **/f** option is used with the **bcdboot /s** command to specify the firmware type of the target system partition by appending either **UEFI**, **BIOS** or **ALL**. When creating Windows To Go drives manually, you must use the **ALL** parameter to provide the Windows To Go drive the ability to boot on both types of firmware. For example, on volume H: (your Windows To Go USB drive letter), you would use the command **bcdboot C:\\windows /s H: /f ALL**. The following diagram illustrates the disk layout that results from that command:
-
-
-
-This is the only supported disk configuration for Windows To Go. With this disk configuration, a single Windows To Go drive can be booted on computers with UEFI and legacy BIOS firmware.
-
-### Configure Windows To Go startup options
-
-Windows To Go Startup Options is a setting available on Windows 10-based PCs that enables the computer to be booted from a USB without manually changing the firmware settings of the PC. To configure Windows To Go Startup Options, you must have administrative rights on the computer and the **Windows To Go Default Startup Options** Group Policy setting must not be configured.
-
-**To configure Windows To Go startup options**
-
-1. On the Start screen, type, type **Windows To Go Startup Options**, click **Settings** and, then press Enter.
-
- 
-
-2. Select **Yes** to enable the startup options.
-
- > [!TIP]
- > If your computer is part of a domain, the Group Policy setting can be used to enable the startup options instead of the dialog.
-
-3. Click **Save Changes**. If the User Account Control dialog box is displayed, confirm that the action it displays is what you want, and then click **Yes**.
-
-### Change firmware settings
-
-If you choose to not use the Windows To Go startup options or are using a PC running Windows 7 as your host computer, you'll need to manually configure the firmware settings. The process used to accomplish this will depend on the firmware type and manufacturer. If your host computer is protected by BitLocker and running Windows 7, you should suspend BitLocker before making the change to the firmware settings. After the firmware settings have been successfully reconfigured, resume BitLocker protection. If you don't suspend BitLocker first, BitLocker will assume that the computer has been tampered with and will boot into BitLocker recovery mode.
-
-## Related topics
-
-[Windows To Go: feature overview](windows-to-go-overview.md)
-[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
-[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
-[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.yml)
diff --git a/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md b/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
index a6299026c3..e37786a9a6 100644
--- a/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
+++ b/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
@@ -3,10 +3,10 @@ title: Enabling and Disabling Compatibility Fixes in Compatibility Administrator
description: You can disable and enable individual compatibility fixes in your customized databases for testing and troubleshooting purposes.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
index a39866b132..7155581ea8 100644
--- a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
+++ b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
@@ -3,11 +3,11 @@ title: Fixing Applications by Using the SUA Tool (Windows 10)
description: On the user interface for the Standard User Analyzer (SUA) tool, you can apply fixes to an application.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Fixing Applications by Using the SUA Tool
diff --git a/windows/deployment/planning/images/wtg-first-boot-home.gif b/windows/deployment/planning/images/wtg-first-boot-home.gif
deleted file mode 100644
index 46cd605a2e..0000000000
Binary files a/windows/deployment/planning/images/wtg-first-boot-home.gif and /dev/null differ
diff --git a/windows/deployment/planning/images/wtg-first-boot-work.gif b/windows/deployment/planning/images/wtg-first-boot-work.gif
deleted file mode 100644
index c1a9a9d31d..0000000000
Binary files a/windows/deployment/planning/images/wtg-first-boot-work.gif and /dev/null differ
diff --git a/windows/deployment/planning/images/wtg-gpt-uefi.gif b/windows/deployment/planning/images/wtg-gpt-uefi.gif
deleted file mode 100644
index 2ff2079a3c..0000000000
Binary files a/windows/deployment/planning/images/wtg-gpt-uefi.gif and /dev/null differ
diff --git a/windows/deployment/planning/images/wtg-image-deployment.gif b/windows/deployment/planning/images/wtg-image-deployment.gif
deleted file mode 100644
index d622911f3e..0000000000
Binary files a/windows/deployment/planning/images/wtg-image-deployment.gif and /dev/null differ
diff --git a/windows/deployment/planning/images/wtg-mbr-bios.gif b/windows/deployment/planning/images/wtg-mbr-bios.gif
deleted file mode 100644
index b93796944a..0000000000
Binary files a/windows/deployment/planning/images/wtg-mbr-bios.gif and /dev/null differ
diff --git a/windows/deployment/planning/images/wtg-mbr-firmware-roaming.gif b/windows/deployment/planning/images/wtg-mbr-firmware-roaming.gif
deleted file mode 100644
index f21592c310..0000000000
Binary files a/windows/deployment/planning/images/wtg-mbr-firmware-roaming.gif and /dev/null differ
diff --git a/windows/deployment/planning/images/wtg-startup-options.gif b/windows/deployment/planning/images/wtg-startup-options.gif
deleted file mode 100644
index 302da78ea6..0000000000
Binary files a/windows/deployment/planning/images/wtg-startup-options.gif and /dev/null differ
diff --git a/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md b/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
index 2cf46ee778..a50feb249b 100644
--- a/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
+++ b/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
@@ -3,11 +3,11 @@ title: Install/Uninstall Custom Databases (Windows 10)
description: The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator
diff --git a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
index 9c90b3ca24..69b7bd6cd3 100644
--- a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
+++ b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
@@ -3,11 +3,11 @@ title: Managing Application-Compatibility Fixes and Custom Fix Databases (Window
description: Learn why you should use compatibility fixes, and how to deploy and manage custom-compatibility fix databases.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Managing Application-Compatibility Fixes and Custom Fix Databases
diff --git a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md b/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md
deleted file mode 100644
index 5f5b94be3f..0000000000
--- a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md
+++ /dev/null
@@ -1,106 +0,0 @@
----
-title: Prepare your organization for Windows To Go (Windows 10)
-description: Though Windows To Go is no longer being developed, you can find info here about the what, why, and when of deployment.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-author: frankroj
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 10/28/2022
----
-
-# Prepare your organization for Windows To Go
-
-**Applies to**
-
-- Windows 10
-
-> [!IMPORTANT]
-> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
-
-The following information is provided to help you plan and design a new deployment of a Windows To Go in your production environment. It provides answers to the "what", "why", and "when" questions an IT professional might have when planning to deploy Windows To Go.
-
-## What is Windows To Go?
-
-Windows To Go is a feature of Windows 10 Enterprise and Windows 10 Education that enables users to boot Windows from a USB-connected external drive. Windows To Go drives can use the same image that enterprises use for their desktops and laptops, and can be managed the same way. A Windows To Go workspace isn't intended to replace desktops or laptops, or supplant other mobility offerings.
-
-Enterprise customers utilizing Volume Activation Windows licensing will be able to deploy USB drives provisioned with Windows To Go workspace. These drives will be bootable on multiple compatible host computers. Compatible host computers are computers that are:
-
-- USB boot capable
-- Have USB boot enabled in the firmware
-- Meet Windows 7 minimum system requirements
-- Have compatible processor architectures (for example, x86 or AMD64) as the image used to create the Windows To Go workspace. ARM isn't a supported processor for Windows To Go.
-- Have firmware architecture that is compatible with the architecture of the image used for the Windows To Go workspace
-
-Booting a Windows To Go workspace requires no specific software on the host computer. PCs certified for Windows 7 and later can host Windows To Go.
-
-The following articles will familiarize you with how you can use a Windows To Go workspace. They also give you an overview of some of the things you should consider in your design.
-
-## Usage scenarios
-
-
-The following scenarios are examples of situations in which Windows To Go workspaces provide a solution for an IT implementer:
-
-- **Continuance of operations (COO).** In this scenario, selected employees receive a USB drive with a Windows To Go workspace, which includes all of the applications that the employees use at work. The employees can keep the device at home, in a briefcase, or wherever they want to store it until needed. When the users boot their home computer from the USB drive, it will create a corporate desktop experience so that they can quickly start working. On the first boot, the employee sees that Windows is installing devices; after that one time, the Windows To Go drive boots like a normal computer. If they have enterprise network access, employees can use a virtual private network (VPN) connection, or DirectAccess to access corporate resources. If the enterprise network is available, the Windows To Go workspace will automatically be updated using your standard client management processes.
-
-- **Contractors and temporary workers.** In this situation, an enterprise IT pro or manager would distribute the Windows To Go drive directly to the worker. Then they can be assisted with any necessary other user education needs or address any possible compatibility issues. While the worker is on assignment, they can boot their computer exclusively from the Windows To Go drive. And run all applications in that environment until the end of the assignment when the device is returned. No installation of software is required on the worker's personal computer.
-
-- **Managed free seating.** The employee is issued a Windows To Go drive. This drive is then used with the host computer assigned to that employee for a given session (this could be a vehicle, workspace, or standalone laptop). When the employee leaves the session, the next time they return, they use the same USB flash drive but use a different host computer.
-
-- **Work from home.** In this situation, the Windows To Go drive can be provisioned for employees using various methods including Microsoft Configuration Manager or other deployment tools and then distributed to employees. The employee is instructed to boot the Windows To Go drive initially at work. This boot caches the employee's credentials on the Windows To Go workspace and allows the initial data synchronization between the enterprise network and the Windows To Go workspace. The user can then bring the Windows To Go drive home where it can be used with their home computer, with or without enterprise network connectivity.
-
-- **Travel lightly.** In this situation, you have employees who are moving from site to site, but who always will have access to a compatible host computer on site. Using Windows To Go workspaces allows them to travel without the need to pack their PC.
-
-> [!NOTE]
-> If the employee wants to work offline for the majority of the time, but still maintain the ability to use the drive on the enterprise network, they should be informed of how often the Windows To Go workspace needs to be connected to the enterprise network. Doing so will ensure that the drive retains its access privileges and the workspace's computer object isn't potentially deleted from Active Directory Domain Services (AD DS).
-
- ## Infrastructure considerations
-
-Because Windows To Go requires no other software and minimal configuration, the same tools used to deploy images to other PCs can be used by an enterprise to install Windows To Go on a large group of USB devices. Moreover, because Windows To Go is compatible with connectivity and synchronization solutions already in use—such as Remote Desktop, DirectAccess and Folder Redirection—no other infrastructure or management is necessary for this deployment. A Windows To Go image can be created on a USB drive that is identical to the hard drive inside a desktop. However, you may wish to consider making some modifications to your infrastructure to help make management of Windows To Go drives easier and to be able to identify them as a distinct device group.
-
-## Activation considerations
-
-Windows To Go uses volume activation. You can use either Active Directory-based activation or KMS activation with Windows To Go. The Windows To Go workspace counts as another installation when assessing compliance with application licensing agreements.
-
-Microsoft software, such as Microsoft Office, distributed to a Windows To Go workspace must also be activated. Office deployment is fully supported on Windows To Go. Due to the retail subscription activation method associated with Microsoft 365 Apps for enterprise, Microsoft 365 Apps for enterprise subscribers are provided volume licensing activation rights for Office Professional Plus 2013 MSI for local installation on the Windows To Go drive. This method is available to organizations who purchase Microsoft 365 Apps for enterprise or Office 365 Enterprise SKUs containing Microsoft 365 Apps for enterprise via volume licensing channels. For more information about activating Microsoft Office, see [Volume activation methods in Office 2013](/DeployOffice/vlactivation/plan-volume-activation-of-office).
-
-You should investigate other software manufacturer's licensing requirements to ensure they're compatible with roaming usage before deploying them to a Windows To Go workspace.
-
-> [!NOTE]
-> Using Multiple Activation Key (MAK) activation isn't a supported activation method for Windows To Go as each different PC-host would require separate activation. MAK activation should not be used for activating Windows, Office, or any other application on a Windows To Go drive.
-
- For more information about these activation methods and how they can be used in your organization, see [Plan for Volume Activation](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134042(v=ws.11)).
-
-## Organizational unit structure and use of Group Policy Objects
-
-You may find it beneficial to create other Active Directory organizational unit (OU) structures to support your Windows To Go deployment: one for host computer accounts and one for Windows To Go workspace computer accounts. Creating an organizational unit for host computers allows you to enable the Windows To Go Startup Options using Group Policy for only the computers that will be used as Windows To Go hosts. Setting this policy helps to prevent computers from being accidentally configured to automatically boot from USB devices and allows closer monitoring and control of those computers that can boot from a USB device. The organizational unit for Windows To Go workspaces allows you to apply specific policy controls to them, such as the ability to use the Store application, power state controls, and line-of-business application installation.
-
-If you're deploying Windows To Go workspaces for a scenario in which they're not going to be roaming, but are instead being used on the same host computer, such as with temporary or contract employees, you might wish to enable hibernation or the Windows Store.
-
-For more information about Group Policy settings that can be used with Windows To Go, see [Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
-
-## Computer account management
-
-If you configure Windows To Go drives for scenarios where drives may remain unused for extended periods of time such as used in continuance of operations scenarios, the AD DS computer account objects that correspond to Windows To Go drives have the potential to become stale and be pruned during maintenance operations. To address this issue, you should either have users log on regularly according to a schedule, or modify any maintenance scripts to not clean computer accounts in the Windows To Go device organizational unit.
-
-## User account and data management
-
-People use computers to work with data and consume content - that is their core function. The data must be stored and retrievable for it to be useful. When users are working in a Windows To Go workspace, they need to be able to get to the data that they work with, and to keep it accessible when the workspace isn't being used. For this reason, we recommend that you use folder redirection and offline files to redirect the path of local folders (such as the Documents folder) to a network location, while caching the contents locally for increased speed and availability. We also recommend that you use roaming user profiles to synchronize user specific settings so that users receive the same operating system and application settings when using their Windows To Go workspace and their desktop computer. When a user signs in using a domain account that is set up with a file share as the profile path, the user's profile is downloaded to the local computer and merged with the local profile (if present). When the user logs off the computer, the local copy of their profile, including any changes, is merged with the server copy of the profile. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh848267(v=ws.11)).
-
-Windows To Go is fully integrated with your Microsoft account. Setting synchronization is accomplished by connecting a Microsoft account to a user account. Windows To Go devices fully support this feature and can be managed by Group Policy so that the customization and configurations you prefer will be applied to your Windows To Go workspace.
-
-## Remote connectivity
-
-If you want Windows To Go to be able to connect back to organizational resources when it's being used off-premises a remote connectivity solution must be enabled. Windows Server 2012 DirectAccess can be used as can a virtual private network (VPN) solution. For more information about configuring a remote access solution, see the [Remote Access (DirectAccess, Routing and Remote Access) Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn636119(v=ws.11)).
-
-## Related articles
-
-
-[Windows To Go: feature overview](windows-to-go-overview.md)
-
-[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
-
-[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
-
-[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.yml)
diff --git a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md
index 826f2dfc4c..aa27616363 100644
--- a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md
+++ b/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md
@@ -3,11 +3,11 @@ title: Searching for Fixed Applications in Compatibility Administrator (Windows
description: Compatibility Administrator can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Searching for Fixed Applications in Compatibility Administrator
diff --git a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
index 4c0f2e2689..847fb0731b 100644
--- a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
+++ b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
@@ -3,10 +3,10 @@ title: Searching for Installed Compatibility Fixes with the Query Tool in Compat
description: You can access the Query tool from within Compatibility Administrator. The Query tool provides the same functionality as using the Search feature.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md
deleted file mode 100644
index b376163521..0000000000
--- a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md
+++ /dev/null
@@ -1,68 +0,0 @@
----
-title: Security and data protection considerations for Windows To Go (Windows 10)
-description: Ensure that the data, content, and resources you work with in the Windows To Go workspace are protected and secure.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-author: frankroj
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 12/31/2017
----
-
-# Security and data protection considerations for Windows To Go
-
-**Applies to**
-
-- Windows 10
-
-> [!IMPORTANT]
-> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
-
-One of the most important requirements to consider when you plan your Windows To Go deployment is to ensure that the data, content, and resources you work with in the Windows To Go workspace is protected and secure.
-
-## Backup and restore
-
-When you don't save data on the Windows To Go drive, you don't need for a backup and restore solution for Windows To Go. If you're saving data on the drive and aren't using folder redirection and offline files, you should back up all of your data to a network location such as cloud storage or a network share, after each work session. Review the new and improved features described in [Supporting Information Workers with Reliable File Services and Storage](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831495(v=ws.11)) for different solutions you could implement.
-
-If the USB drive fails for any reason, the standard process to restore the drive to working condition is to reformat and reprovision the drive with Windows To Go, so all data and customization on the drive will be lost. This result is another reason why using roaming user profiles, folder redirection, and offline files with Windows To Go is recommended. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh848267(v=ws.11)).
-
-## BitLocker
-
-We recommend that you use BitLocker with your Windows To Go drives to protect the drive from being compromised if the drive is lost or stolen. When BitLocker is enabled, the user must provide a password to unlock the drive and boot the Windows To Go workspace. This password requirement helps prevent unauthorized users from booting the drive and using it to gain access to your network resources and confidential data. Because Windows To Go drives are meant to be roamed between computers, the Trusted Platform Module (TPM) can't be used by BitLocker to protect the drive. Instead, you'll be specifying a password that BitLocker will use for disk encryption and decryption. By default, this password must be eight characters in length and can enforce more strict requirements depending on the password complexity requirements defined by your organizations domain controller.
-
-You can enable BitLocker while using the Windows To Go Creator wizard as part of the drive provisioning process before first use; or it can be enabled afterward by the user from within the Windows To Go workspace.
-
-> [!Tip]
-> If the Windows To Go Creator wizard isn't able to enable BitLocker, see [Why can't I enable BitLocker from Windows To Go Creator?](windows-to-go-frequently-asked-questions.yml#why-can-t-i-enable-bitlocker-from-windows-to-go-creator-)
-
-When you use a host computer running Windows 7 that has BitLocker enabled, suspend BitLocker before changing the BIOS settings to boot from USB and then resume BitLocker protection. If BitLocker isn't suspended first, the next boot of the computer is in recovery mode.
-
-## Disk discovery and data leakage
-
-We recommend that you use the **NoDefaultDriveLetter** attribute when provisioning the USB drive to help prevent accidental data leakage. **NoDefaultDriveLetter** will prevent the host operating system from assigning a drive letter if a user inserts it into a running computer. This prevention means the drive won't appear in Windows Explorer and an Auto-Play prompt won't be displayed to the user. This non-display of the drive and the prompt reduces the likelihood that an end user will access the offline Windows To Go disk directly from another computer. If you use the Windows To Go Creator to provision a workspace, this attribute will automatically be set for you.
-
-To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - "4" to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It's recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and, therefore, user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted.
-
-For more information, see [How to Configure Storage Area Network (SAN) Policy in Windows PE](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825063(v=win.10)).
-
-## Security certifications for Windows To Go
-
-Windows to Go is a core capability of Windows when it's deployed on the drive and is configured following the guidance for the applicable security certification. Solutions built using Windows To Go can be submitted for more certifications by the solution provider that cover the solution provider's specific hardware environment. For more information about Windows security certifications, see the following articles.
-
-- [Windows Platform Common Criteria Certification](/windows/security/threat-protection/windows-platform-common-criteria)
-
-- [FIPS 140 Evaluation](/windows/security/threat-protection/fips-140-validation)
-
-## Related articles
-
-[Windows To Go: feature overview](windows-to-go-overview.md)
-
-[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
-
-[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
-
-[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.yml)
-
-
-
diff --git a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
index 25850695fc..cb8a3ebc82 100644
--- a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
+++ b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
@@ -3,11 +3,11 @@ title: Showing Messages Generated by the SUA Tool (Windows 10)
description: On the user interface for the Standard User Analyzer (SUA) tool, you can show the messages that the tool has generated.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Showing Messages Generated by the SUA Tool
diff --git a/windows/deployment/planning/sua-users-guide.md b/windows/deployment/planning/sua-users-guide.md
index 4f53104c76..47b4ffba5c 100644
--- a/windows/deployment/planning/sua-users-guide.md
+++ b/windows/deployment/planning/sua-users-guide.md
@@ -3,11 +3,11 @@ title: SUA User's Guide (Windows 10)
description: Learn how to use Standard User Analyzer (SUA). SUA can test your apps and monitor API calls to detect compatibility issues related to the Windows User Account Control (UAC) feature.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# SUA User's Guide
diff --git a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
index a2dff7087c..c6af910322 100644
--- a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
+++ b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
@@ -3,11 +3,11 @@ title: Tabs on the SUA Tool Interface (Windows 10)
description: The tabs in the Standard User Analyzer (SUA) tool show the User Account Control (UAC) issues for the applications that you analyze.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Tabs on the SUA Tool Interface
diff --git a/windows/deployment/planning/testing-your-application-mitigation-packages.md b/windows/deployment/planning/testing-your-application-mitigation-packages.md
index b2ff9f8850..481d2ce883 100644
--- a/windows/deployment/planning/testing-your-application-mitigation-packages.md
+++ b/windows/deployment/planning/testing-your-application-mitigation-packages.md
@@ -3,11 +3,11 @@ title: Testing Your Application Mitigation Packages (Windows 10)
description: Learn how to test your application-mitigation packages, including how to report your information and how to resolve any outstanding issues.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Testing Your Application Mitigation Packages
diff --git a/windows/deployment/planning/understanding-and-using-compatibility-fixes.md b/windows/deployment/planning/understanding-and-using-compatibility-fixes.md
index ee6976fca5..7327ff75b9 100644
--- a/windows/deployment/planning/understanding-and-using-compatibility-fixes.md
+++ b/windows/deployment/planning/understanding-and-using-compatibility-fixes.md
@@ -3,10 +3,10 @@ title: Understanding and Using Compatibility Fixes (Windows 10)
description: As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/using-the-compatibility-administrator-tool.md b/windows/deployment/planning/using-the-compatibility-administrator-tool.md
index cb156708b7..d3c2f77b38 100644
--- a/windows/deployment/planning/using-the-compatibility-administrator-tool.md
+++ b/windows/deployment/planning/using-the-compatibility-administrator-tool.md
@@ -3,11 +3,11 @@ title: Using the Compatibility Administrator Tool (Windows 10)
description: This section provides information about using the Compatibility Administrator tool.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Using the Compatibility Administrator Tool
diff --git a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
index f6e1a6fbee..2ae090b3f3 100644
--- a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
+++ b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
@@ -3,11 +3,11 @@ title: Using the Sdbinst.exe Command-Line Tool (Windows 10)
description: Learn how to deploy customized database (.sdb) files using the Sdbinst.exe Command-Line Tool. Review a list of command-line options.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Using the Sdbinst.exe Command-Line Tool
diff --git a/windows/deployment/planning/using-the-sua-tool.md b/windows/deployment/planning/using-the-sua-tool.md
index 5b72bfbc4b..043d002305 100644
--- a/windows/deployment/planning/using-the-sua-tool.md
+++ b/windows/deployment/planning/using-the-sua-tool.md
@@ -3,11 +3,11 @@ title: Using the SUA Tool (Windows 10)
description: The Standard User Analyzer (SUA) tool can test applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Using the SUA Tool
diff --git a/windows/deployment/planning/using-the-sua-wizard.md b/windows/deployment/planning/using-the-sua-wizard.md
index ce121c5440..8f7ed9170b 100644
--- a/windows/deployment/planning/using-the-sua-wizard.md
+++ b/windows/deployment/planning/using-the-sua-wizard.md
@@ -3,11 +3,11 @@ title: Using the SUA wizard (Windows 10)
description: The Standard User Analyzer (SUA) wizard, although it doesn't offer deep analysis, works much like the SUA tool to test for User Account Control (UAC) issues.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.date: 10/28/2022
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Using the SUA wizard
diff --git a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md b/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
index 44cf622430..38b8b8cf10 100644
--- a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
+++ b/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
@@ -3,10 +3,10 @@ title: Viewing the Events Screen in Compatibility Administrator (Windows 10)
description: You can use the Events screen to record and view activities in the Compatibility Administrator tool.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/windows-10-compatibility.md b/windows/deployment/planning/windows-10-compatibility.md
index e444794da2..83227970dd 100644
--- a/windows/deployment/planning/windows-10-compatibility.md
+++ b/windows/deployment/planning/windows-10-compatibility.md
@@ -3,11 +3,11 @@ title: Windows 10 compatibility (Windows 10)
description: Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/windows-10-deployment-considerations.md b/windows/deployment/planning/windows-10-deployment-considerations.md
index b3911601ff..434b7da17f 100644
--- a/windows/deployment/planning/windows-10-deployment-considerations.md
+++ b/windows/deployment/planning/windows-10-deployment-considerations.md
@@ -3,11 +3,11 @@ title: Windows 10 deployment considerations (Windows 10)
description: There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml b/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
index 853855b43b..3dee852942 100644
--- a/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
+++ b/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
@@ -3,8 +3,8 @@ metadata:
title: Windows 10 Enterprise FAQ for IT pros (Windows 10)
description: Get answers to common questions around compatibility, installation, and support for Windows 10 Enterprise.
keywords: Windows 10 Enterprise, download, system requirements, drivers, appcompat, manage updates, Windows as a service, servicing channels, deployment tools
- ms.prod: windows-client
- ms.technology: itpro-deploy
+ ms.service: windows-client
+ ms.subservice: itpro-deploy
ms.mktglfcycl: plan
ms.localizationpriority: medium
ms.sitesec: library
diff --git a/windows/deployment/planning/windows-10-infrastructure-requirements.md b/windows/deployment/planning/windows-10-infrastructure-requirements.md
index 7341f4b302..06a835b0ba 100644
--- a/windows/deployment/planning/windows-10-infrastructure-requirements.md
+++ b/windows/deployment/planning/windows-10-infrastructure-requirements.md
@@ -3,11 +3,11 @@ title: Windows 10 infrastructure requirements (Windows 10)
description: Review the infrastructure requirements for deployment and management of Windows 10, prior to significant Windows 10 deployments within your organization.
manager: aaroncz
ms.author: frankroj
-ms.prod: windows-client
+ms.service: windows-client
ms.localizationpriority: medium
author: frankroj
ms.topic: article
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
ms.date: 10/28/2022
---
diff --git a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml b/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml
deleted file mode 100644
index 4907345be4..0000000000
--- a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml
+++ /dev/null
@@ -1,455 +0,0 @@
-### YamlMime:FAQ
-metadata:
- title: Windows To Go frequently asked questions (Windows 10)
- description: Though Windows To Go is no longer being developed, these frequently asked questions (FAQ) can provide answers about the feature.
- ms.assetid: bfdfb824-4a19-4401-b369-22c5e6ca9d6e
- ms.reviewer:
- author: frankroj
- ms.author: frankroj
- manager: aaroncz
- keywords: FAQ, mobile, device, USB
- ms.prod: windows-client
- ms.technology: itpro-deploy
- ms.mktglfcycl: deploy
- ms.pagetype: mobility
- ms.sitesec: library
- audience: itpro
- ms.topic: faq
- ms.date: 10/28/2022
-title: 'Windows To Go: frequently asked questions'
-summary: |
- **Applies to**
-
- - Windows 10
-
- > [!IMPORTANT]
- > Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature doesn't support feature updates and therefore doesn't enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
-
- The following list identifies some commonly asked questions about Windows To Go.
-
- - [What is Windows To Go?](#what-is-windows-to-go-)
-
- - [Does Windows To Go rely on virtualization?](#does-windows-to-go-rely-on-virtualization-)
-
- - [Who should use Windows To Go?](#who-should-use-windows-to-go-)
-
- - [How can Windows To Go be deployed in an organization?](#how-can-windows-to-go-be-deployed-in-an-organization-)
-
- - [Is Windows To Go supported on both USB 2.0 and USB 3.0 drives?](#is-windows-to-go-supported-on-both-usb-2-0-and-usb-3-0-drives-)
-
- - [Is Windows To Go supported on USB 2.0 and USB 3.0 ports?](#is-windows-to-go-supported-on-usb-2-0-and-usb-3-0-ports-)
-
- - [How do I identify a USB 3.0 port?](#how-do-i-identify-a-usb-3-0-port-)
-
- - [Does Windows To Go run faster on a USB 3.0 port?](#does-windows-to-go-run-faster-on-a-usb-3-0-port-)
-
- - [Can the user self-provision Windows To Go?](#can-the-user-self-provision-windows-to-go-)
-
- - [How can Windows To Go be managed in an organization?](#how-can-windows-to-go-be-managed-in-an-organization-)
-
- - [How do I make my computer boot from USB?](#how-do-i-make-my-computer-boot-from-usb-)
-
- - [Why isn't my computer booting from USB?](#why-isn-t-my-computer-booting-from-usb-)
-
- - [What happens if I remove my Windows To Go drive while it's running?](#what-happens-if-i-remove-my-windows-to-go-drive-while-it-s-running-)
-
- - [Can I use BitLocker to protect my Windows To Go drive?](#can-i-use-bitlocker-to-protect-my-windows-to-go-drive-)
-
- - [Why can't I enable BitLocker from Windows To Go Creator?](#why-can-t-i-enable-bitlocker-from-windows-to-go-creator-)
-
- - [What power states do Windows To Go support?](#what-power-states-does-windows-to-go-support-)
-
- - [Why is hibernation disabled in Windows To Go?](#why-is-hibernation-disabled-in-windows-to-go-)
-
- - [Does Windows To Go support crash dump analysis?](#does-windows-to-go-support-crash-dump-analysis-)
-
- - [Do "Windows To Go Startup Options" work with dual boot computers?](#do--windows-to-go-startup-options--work-with-dual-boot-computers-)
-
- - [I plugged my Windows To Go drive into a running computer and I can't see the partitions on the drive. Why not?](#i-plugged-my-windows-to-go-drive-into-a-running-computer-and-i-can-t-see-the-partitions-on-the-drive--why-not-)
-
- - [I'm booted into Windows To Go, but I can't browse to the internal hard drive of the host computer. Why not?](#i-m-booted-into-windows-to-go--but-i-can-t-browse-to-the-internal-hard-drive-of-the-host-computer--why-not-)
-
- - [Why does my Windows To Go drive have an MBR disk format with a FAT32 system partition?](#why-does-my-windows-to-go-drive-have-an-mbr-disk-format-with-a-fat32-system-partition-)
-
- - [Is Windows To Go secure if I use it on an untrusted machine?](#is-windows-to-go-secure-if-i-use-it-on-an-untrusted-computer-)
-
- - [Does Windows To Go work with ARM processors?](#does-windows-to-go-work-with-arm-processors-)
-
- - [Can I synchronize data from Windows To Go with my other computer?](#can-i-synchronize-data-from-windows-to-go-with-my-other-computer-)
-
- - [What size USB Flash Drive do I need to make a Windows To Go drive?](#what-size-usb-flash-drive-do-i-need-to-make-a-windows-to-go-drive-)
-
- - [Do I need to activate Windows To Go every time I roam?](#do-i-need-to-activate-windows-to-go-every-time-i-roam-)
-
- - [Can I use all Windows features on Windows To Go?](#can-i-use-all-windows-features-on-windows-to-go-)
-
- - [Can I use all my applications on Windows To Go?](#can-i-use-all-my-applications-on-windows-to-go-)
-
- - [Does Windows To Go work slower than standard Windows?](#does-windows-to-go-work-slower-than-standard-windows-)
-
- - [If I lose my Windows To Go drive, will my data be safe?](#if-i-lose-my-windows-to-go-drive--will-my-data-be-safe-)
-
- - [Can I boot Windows To Go on a Mac?](#can-i-boot-windows-to-go-on-a-mac-)
-
- - [Are there any APIs that allow applications to identify a Windows To Go workspace?](#are-there-any-apis-that-allow-applications-to-identify-a-windows-to-go-workspace-)
-
- - [How is Windows To Go licensed?](#how-is-windows-to-go-licensed-)
-
- - [Does Windows Recovery Environment work with Windows To Go? What's the guidance for recovering a Windows To Go drive?](#does-windows-recovery-environment-work-with-windows-to-go--what-s-the-guidance-for-recovering-a-windows-to-go-drive-)
-
- - [Why won't Windows To Go work on a computer running Windows XP or Windows Vista?](#why-won-t-windows-to-go-work-on-a-computer-running-windows-xp-or-windows-vista-)
-
- - [Why does the operating system on the host computer matter?](#why-does-the-operating-system-on-the-host-computer-matter-)
-
- - [My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go?](#my-host-computer-running-windows-7-is-protected-by-bitlocker-drive-encryption--why-did-i-need-to-use-the-recovery-key-to-unlock-and-reboot-my-host-computer-after-using-windows-to-go-)
-
- - [I decided to stop using a drive for Windows To Go and reformatted it – why it doesn't have a drive letter assigned and how can I fix it?](#i-decided-to-stop-using-a-drive-for-windows-to-go-and-reformatted-it---why-it-doesn-t-have-a-drive-letter-assigned-and-how-can-i-fix-it-)
-
- - [Why do I keep on getting the message "Installing devices…" when I boot Windows To Go?](#why-do-i-keep-on-getting-the-message--installing-devices---when-i-boot-windows-to-go-)
-
- - [How do I upgrade the operating system on my Windows To Go drive?](#how-do-i-upgrade-the-operating-system-on-my-windows-to-go-drive-)
-
-
-sections:
- - name: Ignored
- questions:
- - question: |
- What is Windows To Go?
- answer: |
- Windows To Go is a feature for users of Windows 10 Enterprise and Windows 10 Education that enables users to boot a full version of Windows from external USB drives on host PCs.
-
- - question: |
- Does Windows To Go rely on virtualization?
- answer: |
- No. Windows To Go is a native instance of Windows 10 that runs from a USB device. It's just like a laptop hard drive with Windows 8 that has been put into a USB enclosure.
-
- - question: |
- Who should use Windows To Go?
- answer: |
- Windows To Go was designed for enterprise usage and targets scenarios such as continuance of operations, contractors, managed free seating, traveling workers, and work from home.
-
- - question: |
- How can Windows To Go be deployed in an organization?
- answer: |
- Windows To Go can be deployed using standard Windows deployment tools like Diskpart and DISM. The prerequisites for deploying Windows To Go are:
-
- - A Windows To Go recommended USB drive to provision; See the list of currently available USB drives at [Hardware considerations for Windows To Go](windows-to-go-overview.md#wtg-hardware)
-
- - A Windows 10 Enterprise or Windows 10 Education image
-
- - A Windows 10 Enterprise, Windows 10 Education or Windows 10 Professional host PC that can be used to provision new USB keys
-
- You can use a Windows PowerShell script to target several drives and scale your deployment for a large number of Windows To Go drives. You can also use a USB duplicator to duplicate a Windows To Go drive after it has been provisioned if you're creating a large number of drives. See the [Windows To Go Step by Step](https://go.microsoft.com/fwlink/p/?LinkId=618950) article on the TechNet wiki for a walkthrough of the drive creation process.
-
- - question: |
- Is Windows To Go supported on both USB 2.0 and USB 3.0 drives?
- answer: |
- No. Windows To Go is supported on USB 3.0 drives that are certified for Windows To Go.
-
- - question: |
- Is Windows To Go supported on USB 2.0 and USB 3.0 ports?
- answer: |
- Yes. Windows To Go is fully supported on either USB 2.0 ports or USB 3.0 ports on PCs certified for Windows 7 or later.
-
- - question: |
- How do I identify a USB 3.0 port?
- answer: |
- USB 3.0 ports are usually marked blue or carry an SS marking on the side.
-
- - question: |
- Does Windows To Go run faster on a USB 3.0 port?
- answer: |
- Yes. Because USB 3.0 offers significantly faster speeds than USB 2.0, a Windows To Go drive running on a USB 3.0 port will operate considerably faster. This speed increase applies to both drive provisioning and when the drive is being used as a workspace.
-
- - question: |
- Can the user self-provision Windows To Go?
- answer: |
- Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise, Windows 10 Education and Windows 10 Professional. Additionally, Configuration Manager SP1 and later releases include support for user self-provisioning of Windows To Go drives.
-
- - question: |
- How can Windows To Go be managed in an organization?
- answer: |
- Windows To Go can be deployed and managed like a traditional desktop PC using standard Windows enterprise software distribution tools like Microsoft Configuration Manager. Computer and user settings for Windows To Go workspaces can be managed using Group Policy setting also in the same manner that you manage Group Policy settings for other PCs in your organization. Windows To Go workspaces can be configured to connect to the organizational resources remotely using DirectAccess or a virtual private network connection so that they can connect securely to your network.
-
- - question: |
- How do I make my computer boot from USB?
- answer: |
- For host computers running Windows 10
-
- - Using Cortana, search for **Windows To Go startup options**, and then press Enter.
- - In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB.
-
- For host computers running Windows 8 or Windows 8.1:
-
- Press **Windows logo key+W** and then search for **Windows To Go startup options** and then press Enter.
-
- In the **Windows To Go Startup Options** dialog box select **Yes** and then click **Save Changes** to configure the computer to boot from USB.
-
- > [!NOTE]
- > Your IT department can use Group Policy to configure Windows To Go Startup Options in your organization.
-
-
-
- If the host computer is running an earlier version of the Windows operating system need to configure the computer to boot from USB manually.
-
- To do this, early during boot time (usually when you see the manufacturer's logo), enter your firmware/BIOS setup. (This method to enter firmware/BIOS setup differs with different computer manufacturers, but is usually entered by pressing one of the function keys, such as F12, F2, F1, Esc, and so forth. You should check the manufacturer's site to be sure if you don't know which key to use to enter firmware setup.)
-
- After you have entered firmware setup, make sure that boot from USB is enabled. Then change the boot order to boot from USB drives first.
-
- Alternatively, if your computer supports it, you can try to use the one-time boot menu (often F12), to select USB boot on a per-boot basis.
-
- For more detailed instructions, see the wiki article, [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951).
-
- **Warning**
- Configuring a computer to boot from USB will cause your computer to attempt to boot from any bootable USB device connected to your computer. This potentially includes malicious devices. Users should be informed of this risk and instructed to not have any bootable USB storage devices plugged in to their computers except for their Windows To Go drive.
-
-
-
- - question: |
- Why isn't my computer booting from USB?
- answer: |
- Computers certified for Windows 7 and later are required to have support for USB boot. Check to see if any of the following items apply to your situation:
-
- 1. Ensure that your computer has the latest BIOS installed and the BIOS is configured to boot from a USB device.
-
- 2. Ensure that the Windows To Go drive is connected directly to a USB port on the computer. Many computers don't support booting from a device connected to a USB 3 PCI add-on card or external USB hubs.
-
- 3. If the computer isn't booting from a USB 3.0 port, try to boot from a USB 2.0 port.
-
- If none of these items enable the computer to boot from USB, contact the hardware manufacturer for additional support.
-
- - question: |
- What happens if I remove my Windows To Go drive while it's running?
- answer: |
- If the Windows To Go drive is removed, the computer will freeze and the user will have 60 seconds to reinsert the Windows To Go drive. If the Windows To Go drive is reinserted into the same port it was removed from, Windows will resume at the point where the drive was removed. If the USB drive isn't reinserted, or is reinserted into a different port, the host computer will turn off after 60 seconds.
-
- **Warning**
- You should never remove your Windows To Go drive when your workspace is running. The computer freeze is a safety measure to help mitigate the risk of accidental removal. Removing the Windows To Go drive without shutting down the Windows To Go workspace could result in corruption of the Windows To Go drive.
-
-
-
- - question: |
- Can I use BitLocker to protect my Windows To Go drive?
- answer: |
- Yes. In Windows 8 and later, BitLocker has added support for using a password to protect operating system drives. This means that you can use a password to secure your Windows To Go workspace and you'll be prompted to enter this password every time you use the Windows To Go workspace.
-
- - question: |
- Why can't I enable BitLocker from Windows To Go Creator?
- answer: |
- Several different Group Policies control the use of BitLocker on your organizations computers. These policies are located in the **Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption** folder of the local Group Policy editor. The folder contains three subfolders for fixed, operating system and removable data drive types.
-
- When you're using Windows To Go Creator, the Windows To Go drive is considered a removable data drive by BitLocker. Review the following setting to see if these settings apply in your situation:
-
- 1. **Control use of BitLocker on removable drives**
-
- If this setting is disabled BitLocker can't be used with removable drives, so the Windows To Go Creator wizard will fail if it attempts to enable BitLocker on the Windows To Go drive.
-
- 2. **Configure use of smart cards on removable data drives**
-
- If this setting is enabled and the option **Require use of smart cards on removable data drives** is also selected the creator wizard might fail if you haven't already signed on using your smart card credentials before starting the Windows To Go Creator wizard.
-
- 3. **Configure use of passwords for removable data drives**
-
- If this setting is enabled and the **Require password complexity option** is selected the computer must be able to connect to the domain controller to verify that the password specified meets the password complexity requirements. If the connection isn't available, the Windows To Go Creator wizard will fail to enable BitLocker.
-
- Additionally, the Windows To Go Creator will disable the BitLocker option if the drive doesn't have any volumes. In this situation, you should initialize the drive and create a volume using the Disk Management console before provisioning the drive with Windows To Go.
-
- - question: |
- What power states does Windows To Go support?
- answer: |
- Windows To Go supports all power states except the hibernate class of power states, which include hybrid boot, hybrid sleep, and hibernate. This default behavior can be modified by using Group Policy settings to enable hibernation of the Windows To Go workspace.
-
- - question: |
- Why is hibernation disabled in Windows To Go?
- answer: |
- When a Windows To Go workspace is hibernated, it will only successfully resume on the exact same hardware. Therefore, if a Windows To Go workspace is hibernated on one computer and roamed to another, the hibernation state (and therefore user state) will be lost. To prevent this from happening, the default settings for a Windows To Go workspace disable hibernation. If you're confident that you'll only attempt to resume on the same computer, you can enable hibernation using the Windows To Go Group Policy setting, **Allow hibernate (S4) when started from a Windows To Go workspace** that is located at **\\\\Computer Configuration\\Administrative Templates\\Windows Components\\Portable Operating System\\** in the Local Group Policy Editor (gpedit.msc).
-
- - question: |
- Does Windows To Go support crash dump analysis?
- answer: |
- Yes. Windows 8 and later support crash dump stack analysis for both USB 2.0 and 3.0.
-
- - question: |
- Do "Windows To Go Startup Options" work with dual boot computers?
- answer: |
- Yes, if both operating systems are running the Windows 8 operating system. Enabling "Windows To Go Startup Options" should cause the computer to boot from the Windows To Go workspace when the drive is plugged in before the computer is turned on.
-
- If you have configured a dual boot computer with a Windows operating system and another operating system, it might work occasionally and fail occasionally. Using this configuration is unsupported.
-
- - question: |
- I plugged my Windows To Go drive into a running computer and I can't see the partitions on the drive. Why not?
- answer: |
- Windows To Go Creator and the recommended deployment steps for Windows To Go set the NO\_DEFAULT\_DRIVE\_LETTER flag on the Windows To Go drive. This flag prevents Windows from automatically assigning drive letters to the partitions on the Windows To Go drive. That's why you can't see the partitions on the drive when you plug your Windows To Go drive into a running computer. This helps prevent accidental data leakage between the Windows To Go drive and the host computer. If you really need to access the files on the Windows To Go drive from a running computer, you can use diskmgmt.msc or diskpart to assign a drive letter.
-
- **Warning**
- It's strongly recommended that you don't plug your Windows To Go drive into a running computer. If the computer is compromised, your Windows To Go workspace can also be compromised.
-
-
-
- - question: |
- I'm booted into Windows To Go, but I can't browse to the internal hard drive of the host computer. Why not?
- answer: |
- Windows To Go Creator and the recommended deployment steps for Windows To Go set SAN Policy 4 on Windows To Go drive. This policy prevents Windows from automatically mounting internal disk drives. That's why you can't see the internal hard drives of the host computer when you're booted into Windows To Go. This is done to prevent accidental data leakage between Windows To Go and the host system. This policy also prevents potential corruption on the host drives or data loss if the host operating system is in a hibernation state. If you really need to access the files on the internal hard drive, you can use diskmgmt.msc to mount the internal drive.
-
- **Warning**
- It is strongly recommended that you do not mount internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 or later operating system, mounting the drive will lead to loss of hibernation state and therefore user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted.
-
-
-
- - question: |
- Why does my Windows To Go drive have an MBR disk format with a FAT32 system partition?
- answer: |
- This is done to allow Windows To Go to boot from UEFI and legacy systems.
-
- - question: |
- Is Windows To Go secure if I use it on an untrusted computer?
- answer: |
- While you are more secure than if you use a completely untrusted operating system, you are still vulnerable to attacks from the firmware or anything that runs before Windows To Go starts. If you plug your Windows To Go drive into a running untrusted computer, your Windows To Go drive can be compromised because any malicious software that might be active on the computer can access the drive.
-
- - question: |
- Does Windows To Go work with ARM processors?
- answer: |
- No. Windows RT is a specialized version of Windows designed for ARM processors. Windows To Go is currently only supported on PCs with x86 or x64-based processors.
-
- - question: |
- Can I synchronize data from Windows To Go with my other computer?
- answer: |
- To get your data across all your computers, we recommend using folder redirection and client side caching to store copies of your data on a server while giving you offline access to the files you need.
-
- - question: |
- What size USB flash drive do I need to make a Windows To Go drive?
- answer: |
- The size constraints are the same as full Windows. To ensure that you have enough space for Windows, your data, and your applications, we recommend USB drives that are a minimum of 20 GB in size.
-
- - question: |
- Do I need to activate Windows To Go every time I roam?
- answer: |
- No, Windows To Go requires volume activation; either using the [Key Management Service](/previous-versions/tn-archive/ff793434(v=technet.10)) (KMS) server in your organization or using [Active Directory](/previous-versions/windows/hh852637(v=win.10)) based volume activation. The Windows To Go workspace won't need to be reactivated every time you roam. KMS activates Windows on a local network, eliminating the need for individual computers to connect to Microsoft. To remain activated, KMS client computers must renew their activation by connecting to the KMS host on periodic basis. This typically occurs as soon as the user has access to the corporate network (either through a direct connection on-premises or through a remote connection using DirectAccess or a virtual private network connection), once activated the machine won't need to be activated again until the activation validity interval has passed. In a KMS configuration, the activation validity interval is 180 days.
-
- - question: |
- Can I use all Windows features on Windows To Go?
- answer: |
- Yes, with some minor exceptions, you can use all Windows features with your Windows To Go workspace. The only currently unsupported features are using the Windows Recovery Environment and PC Reset & Refresh.
-
- - question: |
- Can I use all my applications on Windows To Go?
- answer: |
- Yes. Because your Windows To Go workspace is a full Windows 10 environment, all applications that work with Windows 10 should work in your Windows To Go workspace. However, any applications that use hardware binding (usually for licensing and/or digital rights management reasons) may not run when you roam your Windows To Go drive between different host computers, and you may have to use those applications on the same host computer every time.
-
- - question: |
- Does Windows To Go work slower than standard Windows?
- answer: |
- If you're using a USB 3.0 port and a Windows To Go certified device, there should be no perceivable difference between standard Windows and Windows To Go. However, if you're booting from a USB 2.0 port, you may notice some slowdown since USB 2.0 transfer speeds are slower than SATA speeds.
-
- - question: |
- If I lose my Windows To Go drive, will my data be safe?
- answer: |
- Yes! If you enable BitLocker on your Windows To Go drive, all your data will be encrypted and protected and a malicious user won't be able to access your data without your password. If you don't enable BitLocker, your data will be vulnerable if you lose your Windows To Go drive.
-
- - question: |
- Can I boot Windows To Go on a Mac?
- answer: |
- We're committed to give customers a consistent and quality Windows 10 experience with Windows To Go. Windows To Go supports host devices certified for use with Windows 7 or later. Because Mac computers aren't certified for use with Windows 7 or later, using Windows To Go isn't supported on a Mac.
-
- - question: |
- Are there any APIs that allow applications to identify a Windows To Go workspace?
- answer: |
- Yes. You can use a combination of identifiers to determine if the currently running operating system is a Windows To Go workspace. First, check if the **PortableOperatingSystem** property is true. When that value is true, it means that the operating system was booted from an external USB device.
-
- Next, check if the **OperatingSystemSKU** property is equal to **4** (for Windows 10 Enterprise) or **121** (for Windows 10 Education). The combination of those two properties represents a Windows To Go workspace environment.
-
- For more information, see the MSDN article on the [Win32\_OperatingSystem class](/windows/win32/cimwin32prov/win32-operatingsystem).
-
- - question: |
- How is Windows To Go licensed?
- answer: |
- Windows To Go allows organization to support the use of privately owned PCs at the home or office with more secure access to their organizational resources. With Windows To Go use rights under [Software Assurance](https://go.microsoft.com/fwlink/p/?LinkId=619062), an employee will be able to use Windows To Go on any company PC licensed with Software Assurance as well as from their home PC.
-
- - question: |
- Does Windows Recovery Environment work with Windows To Go? What's the guidance for recovering a Windows To Go drive?
- answer: |
- No, use of Windows Recovery Environment isn't supported on Windows To Go. It's recommended that you implement user state virtualization technologies like Folder Redirection to centralize and back up user data in the data center. If any corruption occurs on a Windows To Go drive, you should reprovision the workspace.
-
- - question: |
- Why won't Windows To Go work on a computer running Windows XP or Windows Vista?
- answer: |
- Actually it might. If you've purchased a computer certified for Windows 7 or later and then installed an older operating system, Windows To Go will boot and run as expected as long as you've configured the firmware to boot from USB. However, if the computer was certified for Windows XP or Windows Vista, it might not meet the hardware requirements for Windows To Go to run. Typically computers certified for Windows Vista and earlier operating systems have less memory, less processing power, reduced video rendering, and slower USB ports.
-
- - question: |
- Why does the operating system on the host computer matter?
- answer: |
- It doesn't other than to help visually identify if the PC has compatible hardware. For a PC to be certified for Windows 7 or later it had to support booting from USB. If a computer can't boot from USB there's no way that it can be used with Windows To Go. The Windows To Go workspace is a full Windows 10 environment, so all of the hardware requirements of Windows 10 with respect to processing speed, memory usage, and graphics rendering need to be supported to be assured that it will work as expected.
-
- - question: |
- My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go?
- answer: |
- The default BitLocker protection profile in Windows 7 monitors the host computer for changes to the boot order as part of protecting the computer from tampering. When you change the boot order of the host computer to enable it to boot from the Windows To Go drive, the BitLocker system measurements will reflect that change and boot into recovery mode so that the computer can be inspected if necessary.
-
- You can reset the BitLocker system measurements to incorporate the new boot order using the following steps:
-
- 1. Sign in to the host computer using an account with administrator privileges.
-
- 2. Click **Start**, click **Control Panel**, click **System and Security**, and then click **BitLocker Drive Encryption**.
-
- 3. Click **Suspend Protection** for the operating system drive.
-
- A message is displayed, informing you that your data won't be protected while BitLocker is suspended and asking if you want to suspend BitLocker Drive Encryption. Click **Yes** to continue and suspend BitLocker on the drive.
-
- 4. Restart the computer and enter the firmware settings to reset the boot order to boot from USB first. For more information on changing the boot order in the BIOS, see [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951) on the TechNet wiki.
-
- 5. Restart the computer again and then sign in to the host computer using an account with administrator privileges. (Neither your Windows To Go drive nor any other USB drive should be inserted.)
-
- 6. Click **Start**, click **Control Panel**, click **System and Security**, and then click **BitLocker Drive Encryption**.
-
- 7. Click **Resume Protection** to re-enable BitLocker protection.
-
- The host computer will now be able to be booted from a USB drive without triggering recovery mode.
-
- > [!NOTE]
- > The default BitLocker protection profile in Windows 8 or later doesn't monitor the boot order.
-
-
-
- - question: |
- I decided to stop using a drive for Windows To Go and reformatted it – why it doesn't have a drive letter assigned and how can I fix it?
- answer: |
- Reformatting the drive erases the data on the drive, but doesn't reconfigure the volume attributes. When a drive is provisioned for use as a Windows To Go drive the NODEFAULTDRIVELETTER attribute is set on the volume. To remove this attribute, use the following steps:
-
- 1. Open a command prompt with full administrator permissions.
-
- > [!NOTE]
- > If your user account is a member of the Administrators group, but isn't the Administrator account itself, then, by default, the programs that you run only have standard user permissions unless you explicitly choose to elevate them.
-
-
-
- 2. Start the [diskpart](/windows-server/administration/windows-commands/diskpart) command interpreter, by typing `diskpart` at the command prompt.
-
- 3. Use the `select disk` command to identify the drive. If you don't know the drive number, use the `list` command to display the list of disks available.
-
- 4. After selecting the disk, run the `clean` command to remove all data, formatting, and initialization information from the drive.
-
- - question: |
- Why do I keep on getting the message "Installing devices…" when I boot Windows To Go?
- answer: |
- One of the challenges involved in moving the Windows To Go drive between PCs while seamlessly booting Windows with access to all of their applications and data is that for Windows to be fully functional, specific drivers need to be installed for the hardware in each machine that runs Windows. Windows 8 or later has a process called respecialize which will identify new drivers that need to be loaded for the new PC and disable drivers that aren't present on the new configuration. In general, this feature is reliable and efficient when roaming between PCs of widely varying hardware configurations.
-
- In certain cases, third-party drivers for different hardware models or versions can reuse device IDs, driver file names, registry keys (or any other operating system constructs that don't support side-by-side storage) for similar hardware. For example, Touchpad drivers on different laptops often reuse the same device ID's, and video cards from the same manufacturer may often reuse service names. Windows handles these situations by marking the non-present device node with a flag that indicates the existing driver needs to be reinstalled before continuing to install the new driver.
-
- This process will occur on any boot that a new driver is found and a driver conflict is detected. In some cases that will result in a respecialize progress message "Installing devices…" displaying every time that a Windows to Go drive is roamed between two PCs that require conflicting drivers.
-
- - question: |
- How do I upgrade the operating system on my Windows To Go drive?
- answer: |
- There's no support in Windows for upgrading a Windows To Go drive. Deployed Windows To Go drives with older versions of Windows will need to be reimaged with a new version of Windows in order to transition to the new operating system version.
-
-additionalContent: |
-
- ## Additional resources
-
- - [Windows 10 forums](https://go.microsoft.com/fwlink/p/?LinkId=618949)
- - [Windows To Go Step by Step Wiki](https://go.microsoft.com/fwlink/p/?LinkId=618950)
- - [Windows To Go: feature overview](windows-to-go-overview.md)
- - [Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
- - [Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
- - [Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
-
diff --git a/windows/deployment/planning/windows-to-go-overview.md b/windows/deployment/planning/windows-to-go-overview.md
deleted file mode 100644
index 4332f5785a..0000000000
--- a/windows/deployment/planning/windows-to-go-overview.md
+++ /dev/null
@@ -1,155 +0,0 @@
----
-title: Windows To Go feature overview (Windows 10)
-description: Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that lets you create a workspace that can be booted from a USB-connected drive.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-author: frankroj
-ms.topic: overview
-ms.technology: itpro-deploy
-ms.collection:
- - highpri
- - tier2
-ms.date: 10/28/2022
----
-
-# Windows To Go: feature overview
-
-**Applies to**
-
-- Windows 10
-
-> [!IMPORTANT]
-> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
-
-Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs.
-
-PCs that meet the Windows 7 or later [certification requirements](/previous-versions/windows/hardware/cert-program/) can run Windows 10 in a Windows To Go workspace, regardless of the operating system running on the PC. Windows To Go workspaces can use the same image enterprises use for their desktops and laptops and can be managed the same way. Windows To Go isn't intended to replace desktops, laptops or supplant other mobility offerings. Rather, it provides support for efficient use of resources for alternative workplace scenarios. There are some other considerations that you should keep in mind before you start to use Windows To Go:
-
-- [Windows To Go: feature overview](#windows-to-go-feature-overview)
- - [Differences between Windows To Go and a typical installation of Windows](#differences-between-windows-to-go-and-a-typical-installation-of-windows)
- - [Roaming with Windows To Go](#roaming-with-windows-to-go)
- - [Prepare for Windows To Go](#prepare-for-windows-to-go)
- - [Hardware considerations for Windows To Go](#hardware-considerations-for-windows-to-go)
-
-> [!NOTE]
-> Windows To Go isn't supported on Windows RT.
-
-## Differences between Windows To Go and a typical installation of Windows
-
-Windows To Go workspace operates just like any other installation of Windows with a few exceptions. These exceptions are:
-
-- **Internal disks are offline.** To ensure data isn't accidentally disclosed, internal hard disks on the host computer are offline by default when booted into a Windows To Go workspace. Similarly if a Windows To Go drive is inserted into a running system, the Windows To Go drive won't be listed in Windows Explorer.
-- **Trusted Platform Module (TPM) is not used.** When using BitLocker Drive Encryption, a pre-operating system boot password will be used for security rather than the TPM since the TPM is tied to a specific computer and Windows To Go drives will move between computers.
-- **Hibernate is disabled by default.** To ensure that the Windows To Go workspace is able to move between computers easily, hibernation is disabled by default. Hibernation can be re-enabled by using Group Policy settings.
-- **Windows Recovery Environment is not available.** In the rare case that you need to recover your Windows To Go drive, you should re-image it with a fresh image of Windows.
-- **Refreshing or resetting a Windows To Go workspace is not supported.** Resetting to the manufacturer's standard for the computer doesn't apply when running a Windows To Go workspace, so the feature was disabled.
-- **Upgrading a Windows To Go workspace is not supported.** Older Windows 8 or Windows 8.1 Windows To Go workspaces can't be upgraded to Windows 10 workspaces, nor can Windows 10 Windows To Go workspaces be upgraded to future versions of Windows 10. For new versions, the workspace needs to be re-imaged with a fresh image of Windows.
-
-## Roaming with Windows To Go
-
-Windows To Go drives can be booted on multiple computers. When a Windows To Go workspace is first booted on a host computer, it will detect all hardware on the computer and install any needed drivers. When the Windows To Go workspace is next booted on that host computer, it will be able to identify the host computer and load the correct set of drivers automatically.
-
-The applications that you want to use from the Windows To Go workspace should be tested to make sure they also support roaming. Some applications bind to the computer hardware, which will cause difficulties if the workspace is being used with multiple host computers.
-
-## Prepare for Windows To Go
-
-Enterprises install Windows on a large group of computers either by using configuration management software (such as Microsoft Configuration Manager), or by using standard Windows deployment tools such as DiskPart and the Deployment Image Servicing and Management (DISM) tool.
-
-These same tools can be used to provision Windows To Go drive, just as if you were planning for provisioning a new class of mobile PCs. You can use the [Windows Assessment and Deployment Kit](/windows-hardware/get-started/adk-install) to review deployment tools available.
-
-> [!IMPORTANT]
-> Make sure you use the versions of the deployment tools provided for the version of Windows you are deploying. There have been many enhancements made to support Windows To Go. Using versions of the deployment tools released for earlier versions of Windows to provision a Windows To Go drive is not supported.
-
-As you decide what to include in your Windows To Go image, be sure to consider the following questions:
-
-Are there any drivers that you need to inject into the image?
-
-How will data be stored and synchronized to appropriate locations from the USB device?
-
-Are there any applications that are incompatible with Windows To Go roaming that shouldn't be included in the image?
-
-What should be the architecture of the image - 32bit/64bit?
-
-What remote connectivity solution should be supported in the image if Windows To Go is used outside the corporate network?
-
-For more information about designing and planning your Windows To Go deployment, see [Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md).
-
-## Hardware considerations for Windows To Go
-
-**For USB drives**
-
-The devices listed in this section have been specially optimized and certified for Windows To Go and meet the necessary requirements for booting and running a full version of Windows 10 from a USB drive. The optimizations for Windows To Go include the following items:
-
-- Windows To Go certified USB drives are built for high random read/write speeds and support the thousands of random access I/O operations per second required for running normal Windows workloads smoothly.
-- Windows To Go certified USB drives have been tuned to ensure they boot and run on hardware certified for use with Windows 7 and later.
-- Windows To Go certified USB drives are built to last. Certified USB drives are backed with manufacturer warranties and should continue operating under normal usage. Refer to the manufacturer websites for warranty details.
-
-As of the date of publication, the following are the USB drives currently certified for use as Windows To Go drives:
-
-> [!WARNING]
-> Using a USB drive that has not been certified is not supported.
-
-- IronKey Workspace W700 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w700.html](https://www.kingston.com/support/technical/products?model=dtws))
-- IronKey Workspace W500 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w500.html](https://www.kingston.com/support/technical/products?model=dtws))
-- IronKey Workspace W300 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w300.html](https://www.kingston.com/support/technical/products?model=dtws))
-- Kingston DataTraveler Workspace for Windows To Go ([http://www.kingston.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618719))
-
-- Super Talent Express RC4 for Windows To Go
-
- -and-
-
- Super Talent Express RC8 for Windows To Go
-
- ([http://www.supertalent.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618721))
-
-- Western Digital My Passport Enterprise ([http://www.wd.com/wtg](https://go.microsoft.com/fwlink/p/?LinkId=618722))
-
- We recommend that you run the WD Compass utility to prepare the Western Digital My Passport Enterprise drive for provisioning with Windows To Go. For more information about the WD Compass utility, see [http://www.wd.com/wtg](https://go.microsoft.com/fwlink/p/?LinkId=618722)
-
-**For host computers**
-
-When assessing the use of a PC as a host for a Windows To Go workspace, you should consider the following criteria:
-
-- Hardware that has been certified for use with Windows 7 or later operating systems will work well with Windows To Go.
-- Running a Windows To Go workspace from a computer that is running Windows RT isn't a supported scenario.
-- Running a Windows To Go workspace on a Mac computer isn't a supported scenario.
-
-The following table details the characteristics that the host computer must have to be used with Windows To Go:
-
-|Item|Requirement|
-|--- |--- |
-|Boot process|Capable of USB boot|
-|Firmware|USB boot enabled. (PCs certified for use with Windows 7 or later can be configured to boot directly from USB, check with the hardware manufacturer if you're unsure of the ability of your PC to boot from USB)|
-|Processor architecture|Must support the image on the Windows To Go drive|
-|External USB Hubs|Not supported; connect the Windows To Go drive directly to the host machine|
-|Processor|1 GHz or faster|
-|RAM|2 GB or greater|
-|Graphics|DirectX 9 graphics device with WDDM 1.2 or greater driver|
-|USB port|USB 2.0 port or greater|
-
-**Checking for architectural compatibility between the host PC and the Windows To Go drive**
-
-In addition to the USB boot support in the BIOS, the Windows 10 image on your Windows To Go drive must be compatible with the processor architecture and the firmware of the host PC as shown in the table below.
-
-|Host PC Firmware Type|Host PC Processor Architecture|Compatible Windows To Go Image Architecture|
-|--- |--- |--- |
-|Legacy BIOS|32-bit|32-bit only|
-|Legacy BIOS|64-bit|32-bit and 64-bit|
-|UEFI BIOS|32-bit|32-bit only|
-|UEFI BIOS|64-bit|64-bit only|
-
-## Other resources
-
-- [Windows 10 forums](https://go.microsoft.com/fwlink/p/?LinkId=618949)
-- [Windows To Go Step by Step Wiki](https://go.microsoft.com/fwlink/p/?LinkId=618950)
-- [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951)
-
-## Related articles
-
-[Deploy Windows To Go in your organization](../deploy-windows-to-go.md)
-[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.yml)
-[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
-[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
-[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
-[Best practice recommendations for Windows To Go](best-practice-recommendations-for-windows-to-go.md)
diff --git a/windows/deployment/s-mode.md b/windows/deployment/s-mode.md
index f49339b0fd..8e5e27c8df 100644
--- a/windows/deployment/s-mode.md
+++ b/windows/deployment/s-mode.md
@@ -2,13 +2,13 @@
title: Windows Pro in S mode
description: Overview of Windows Pro and Enterprise in S mode.
ms.localizationpriority: high
-ms.prod: windows-client
+ms.service: windows-client
manager: aaroncz
author: frankroj
ms.author: frankroj
ms.topic: conceptual
ms.date: 04/26/2023
-ms.technology: itpro-deploy
+ms.subservice: itpro-deploy
---
# Windows Pro in S mode
diff --git a/windows/deployment/update/PSFxWhitepaper.md b/windows/deployment/update/PSFxWhitepaper.md
index 72d37a8849..c8ea253ee3 100644
--- a/windows/deployment/update/PSFxWhitepaper.md
+++ b/windows/deployment/update/PSFxWhitepaper.md
@@ -1,8 +1,8 @@
---
title: Windows Updates using forward and reverse differentials
description: A technique to produce compact software updates optimized for any origin and destination revision pair
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/check-release-health.md b/windows/deployment/update/check-release-health.md
index ba7b6d264d..164a2970b3 100644
--- a/windows/deployment/update/check-release-health.md
+++ b/windows/deployment/update/check-release-health.md
@@ -1,8 +1,8 @@
---
title: How to check Windows release health
description: Check the release health status of Microsoft 365 services before you call support to see if there's an active service interruption.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.author: mstewart
author: mestew
diff --git a/windows/deployment/update/create-deployment-plan.md b/windows/deployment/update/create-deployment-plan.md
index f5f57bd6c5..d1b6ebd87e 100644
--- a/windows/deployment/update/create-deployment-plan.md
+++ b/windows/deployment/update/create-deployment-plan.md
@@ -1,8 +1,8 @@
---
title: Create a deployment plan
description: Devise the number of deployment rings you need and how you want to populate each of the deployment rings.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/deployment-service-drivers.md b/windows/deployment/update/deployment-service-drivers.md
index 4373f59f58..ca104fce34 100644
--- a/windows/deployment/update/deployment-service-drivers.md
+++ b/windows/deployment/update/deployment-service-drivers.md
@@ -2,8 +2,8 @@
title: Deploy drivers and firmware updates
titleSuffix: Windows Update for Business deployment service
description: Use Windows Update for Business deployment service to deploy driver and firmware updates to devices.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/deployment-service-expedited-updates.md b/windows/deployment/update/deployment-service-expedited-updates.md
index 9279a5e9d4..0b59cbea9e 100644
--- a/windows/deployment/update/deployment-service-expedited-updates.md
+++ b/windows/deployment/update/deployment-service-expedited-updates.md
@@ -2,8 +2,8 @@
title: Deploy expedited updates
titleSuffix: Windows Update for Business deployment service
description: Learn how to use Windows Update for Business deployment service to deploy expedited updates to devices in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.author: mstewart
author: mestew
@@ -32,7 +32,11 @@ In this article, you will:
## Prerequisites
-All of the [prerequisites for the Windows Update for Business deployment service](deployment-service-prerequisites.md) must be met.
+All of the [prerequisites for the Windows Update for Business deployment service](deployment-service-prerequisites.md) must be met, including ensuring that the *Update Health Tools* is installed on the clients.
+- The *Update Health Tools* are installed starting with [KB4023057](https://support.microsoft.com/kb/4023057). To confirm the presence of the Update Health Tools on a device, use one of the following methods:
+ - Run a [readiness test for expedited updates](#readiness-test-for-expediting-updates)
+ - Look for the folder **C:\Program Files\Microsoft Update Health Tools** or review *Add Remove Programs* for **Microsoft Update Health Tools**.
+ - Example PowerShell script to verify tools installation: `Get-CimInstance -ClassName Win32_Product \| Where-Object {$_.Name -match "Microsoft Update Health Tools"}`
### Permissions
@@ -213,8 +217,8 @@ The request returns a 201 Created response code and a [deployment](/graph/api/re
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/deployments/$entity",
"id": "de910e12-3456-7890-abcd-ef1234567890",
- "createdDateTime": "2023-02-09T22:55:04.8547517Z",
- "lastModifiedDateTime": "2023-02-09T22:55:04.8547524Z",
+ "createdDateTime": "2024-01-30T19:43:37.1672634Z",
+ "lastModifiedDateTime": "2024-01-30T19:43:37.1672644Z",
"state": {
"effectiveValue": "offering",
"requestedValue": "none",
@@ -222,15 +226,19 @@ The request returns a 201 Created response code and a [deployment](/graph/api/re
},
"content": {
"@odata.type": "#microsoft.graph.windowsUpdates.catalogContent",
- "catalogEntry@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/deployments('de910e12-3456-7890-abcd-ef1234567890')/content/microsoft.graph.windowsUpdates.catalogContent/catalogEntry/$entity",
+ "catalogEntry@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/deployments('073fb534-5cdd-4326-8aa2-a4d29037b60f')/content/microsoft.graph.windowsUpdates.catalogContent/catalogEntry/$entity",
"catalogEntry": {
"@odata.type": "#microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry",
- "id": "693fafea03c24cca819b3a15123a8880f217b96a878b6d6a61be021d476cc432",
+ "id": "e317aa8a0455ca604de95329b524ec921ca57f2e6ed3ff88aac757a7468998a5",
"displayName": null,
"deployableUntilDateTime": null,
- "releaseDateTime": "2023-01-10T00:00:00Z",
+ "releaseDateTime": "2023-08-08T00:00:00Z",
"isExpeditable": false,
- "qualityUpdateClassification": "security"
+ "qualityUpdateClassification": "security",
+ "catalogName": null,
+ "shortName": null,
+ "qualityUpdateCadence": "monthly",
+ "cveSeverityInformation": null
}
},
"settings": {
@@ -238,10 +246,12 @@ The request returns a 201 Created response code and a [deployment](/graph/api/re
"monitoring": null,
"contentApplicability": null,
"userExperience": {
- "daysUntilForcedReboot": 2
+ "daysUntilForcedReboot": 2,
+ "offerAsOptional": null
},
"expedite": {
- "isExpedited": true
+ "isExpedited": true,
+ "isReadinessTest": false
}
},
"audience@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/deployments('de910e12-3456-7890-abcd-ef1234567890')/audience/$entity",
@@ -293,6 +303,48 @@ The following example deletes the deployment with a **Deployment ID** of `de910e
DELETE https://graph.microsoft.com/beta/admin/windows/updates/deployments/de910e12-3456-7890-abcd-ef1234567890
```
+## Readiness test for expediting updates
+
+You can verify the readiness of clients to receive expedited updates by using [isReadinessTest](/graph/api/resources/windowsupdates-expeditesettings). Create a deployment that specifies it's an expedite readiness test, then add members to the deployment audience. The service will check to see if the clients meet the prerequisites for expediting updates. The results of the test are displayed in the [Windows Update for Business reports workbook](wufb-reports-workbook.md#quality-updates-tab). Under the **Quality updates** tab, select the **Expedite status** tile, which opens a flyout with a **Readiness** tab with the readiness test results.
+
+```msgraph-interactive
+POST https://graph.microsoft.com/beta/admin/windows/updates/deployments
+content-type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.windowsUpdates.deployment",
+ "content": {
+ "@odata.type": "#microsoft.graph.windowsUpdates.catalogContent",
+ "catalogEntry": {
+ "@odata.type": "#microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry",
+ "id": "317aa8a0455ca604de95329b524ec921ca57f2e6ed3ff88aac757a7468998a5"
+ }
+ },
+ "settings": {
+ "@odata.type": "microsoft.graph.windowsUpdates.deploymentSettings",
+ "expedite": {
+ "isExpedited": true,
+ "isReadinessTest": true
+ }
+ }
+}
+```
+
+The truncated response displays that **isReadinessTest** is set to `true` and gives you a **DeploymentID** of `de910e12-3456-7890-abcd-ef1234567890`. You can then [add members to the deployment audience](#add-members-to-the-deployment-audience) to have the service check that the devices meet the preresquites then review the results in the [Windows Update for Business reports workbook](wufb-reports-workbook.md#quality-updates-tab).
+
+```json
+ "expedite": {
+ "isExpedited": true,
+ "isReadinessTest": true
+ }
+ },
+ "audience@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/deployments('6a6c03b5-008e-4b4d-8acd-48144208f179_Readiness')/audience/$entity",
+ "audience": {
+ "id": "de910e12-3456-7890-abcd-ef1234567890",
+ "applicableContent": []
+ }
+
+```
[!INCLUDE [Windows Update for Business deployment service permissions using Graph Explorer](./includes/wufb-deployment-update-health-tools-logs.md)]
diff --git a/windows/deployment/update/deployment-service-feature-updates.md b/windows/deployment/update/deployment-service-feature-updates.md
index 070ecd8914..99d6c26f7c 100644
--- a/windows/deployment/update/deployment-service-feature-updates.md
+++ b/windows/deployment/update/deployment-service-feature-updates.md
@@ -2,8 +2,8 @@
title: Deploy feature updates
titleSuffix: Windows Update for Business deployment service
description: Use Windows Update for Business deployment service to deploy feature updates to devices in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.author: mstewart
author: mestew
diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md
index b3fa2680c5..adf8bfe314 100644
--- a/windows/deployment/update/deployment-service-overview.md
+++ b/windows/deployment/update/deployment-service-overview.md
@@ -2,8 +2,8 @@
title: Overview of the deployment service
titleSuffix: Windows Update for Business deployment service
description: Overview of deployment service to control approval, scheduling, and safeguarding of Windows updates with the deployment service.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.author: mstewart
author: mestew
diff --git a/windows/deployment/update/deployment-service-prerequisites.md b/windows/deployment/update/deployment-service-prerequisites.md
index d4dbc2e5e1..1f24cbfe24 100644
--- a/windows/deployment/update/deployment-service-prerequisites.md
+++ b/windows/deployment/update/deployment-service-prerequisites.md
@@ -2,8 +2,8 @@
title: Prerequisites for the deployment service
titleSuffix: Windows Update for Business deployment service
description: Prerequisites for using the Windows Update for Business deployment service for updating devices in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.author: mstewart
author: mestew
@@ -14,7 +14,7 @@ ms.localizationpriority: medium
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 02/14/2023
+ms.date: 01/29/2024
---
# Windows Update for Business deployment service prerequisites
@@ -48,9 +48,9 @@ Windows Update for Business deployment service supports Windows client devices o
### Windows operating system updates
-- Expediting updates requires the *Update Health Tools* on the clients. The tools are installed starting with [KB 4023057](https://support.microsoft.com/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a). To confirm the presence of the Update Health Tools on a device:
+- Expediting updates requires the *Update Health Tools* on the clients. The tools are installed starting with [KB4023057](https://support.microsoft.com/kb/4023057). To confirm the presence of the Update Health Tools on a device:
- Look for the folder **C:\Program Files\Microsoft Update Health Tools** or review *Add Remove Programs* for **Microsoft Update Health Tools**.
- - As an Admin, run the following PowerShell script: `Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -match "Microsoft Update Health Tools"}`
+ - As an Admin, run the following PowerShell script: `Get-CimInstance -ClassName Win32_Product | Where-Object {$_.Name -match "Microsoft Update Health Tools"}`
- For [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data), installing the January 2023 release preview cumulative update, or a later equivalent update, is recommended
diff --git a/windows/deployment/update/deployment-service-troubleshoot.md b/windows/deployment/update/deployment-service-troubleshoot.md
index 65a6b7777a..da9f167b83 100644
--- a/windows/deployment/update/deployment-service-troubleshoot.md
+++ b/windows/deployment/update/deployment-service-troubleshoot.md
@@ -2,8 +2,8 @@
title: Troubleshoot the deployment service
titleSuffix: Windows Update for Business deployment service
description: Solutions to commonly encountered problems when using the Windows Update for Business deployment service.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: troubleshooting
ms.author: mstewart
author: mestew
diff --git a/windows/deployment/update/eval-infra-tools.md b/windows/deployment/update/eval-infra-tools.md
index 9352455d20..d12a78f404 100644
--- a/windows/deployment/update/eval-infra-tools.md
+++ b/windows/deployment/update/eval-infra-tools.md
@@ -1,8 +1,8 @@
---
title: Evaluate infrastructure and tools
description: Review the steps to ensure your infrastructure is ready to deploy updates to clients in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: article
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/feature-update-user-install.md b/windows/deployment/update/feature-update-user-install.md
index 41a21d5d7c..51371de0c7 100644
--- a/windows/deployment/update/feature-update-user-install.md
+++ b/windows/deployment/update/feature-update-user-install.md
@@ -1,8 +1,8 @@
---
title: Best practices - user-initiated feature update installation
description: Learn recommendations and best practices for manually deploying a feature update for a user-initiated installation.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: best-practice
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/fod-and-lang-packs.md b/windows/deployment/update/fod-and-lang-packs.md
index 972dd73a69..f7968c1ebc 100644
--- a/windows/deployment/update/fod-and-lang-packs.md
+++ b/windows/deployment/update/fod-and-lang-packs.md
@@ -1,8 +1,8 @@
---
title: FoD and language packs for WSUS and Configuration Manager
description: Learn how to make FoD and language packs available to clients when you're using WSUS or Configuration Manager.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.author: mstewart
author: mestew
diff --git a/windows/deployment/update/get-started-updates-channels-tools.md b/windows/deployment/update/get-started-updates-channels-tools.md
index 5dc206f1aa..46dca308f1 100644
--- a/windows/deployment/update/get-started-updates-channels-tools.md
+++ b/windows/deployment/update/get-started-updates-channels-tools.md
@@ -1,8 +1,8 @@
---
title: Windows client updates, channels, and tools
description: Brief summary of the kinds of Windows updates, the channels they're served through, and the tools for managing them
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md
index ef02459999..70f2c18280 100644
--- a/windows/deployment/update/how-windows-update-works.md
+++ b/windows/deployment/update/how-windows-update-works.md
@@ -1,8 +1,8 @@
---
title: How Windows Update works
description: In this article, learn about the process Windows Update uses to download and install updates on Windows client devices.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/includes/update-history.md b/windows/deployment/update/includes/update-history.md
index 9963e0b8b6..cc5fb9bb9f 100644
--- a/windows/deployment/update/includes/update-history.md
+++ b/windows/deployment/update/includes/update-history.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/24/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-audience-graph-explorer.md b/windows/deployment/update/includes/wufb-deployment-audience-graph-explorer.md
index 24da4ab44e..572d549362 100644
--- a/windows/deployment/update/includes/wufb-deployment-audience-graph-explorer.md
+++ b/windows/deployment/update/includes/wufb-deployment-audience-graph-explorer.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md b/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
index d8c96ee718..cc46da849e 100644
--- a/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
+++ b/windows/deployment/update/includes/wufb-deployment-driver-policy-considerations.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-enroll-device-graph-explorer.md b/windows/deployment/update/includes/wufb-deployment-enroll-device-graph-explorer.md
index ed62f731f1..f84dd43e0a 100644
--- a/windows/deployment/update/includes/wufb-deployment-enroll-device-graph-explorer.md
+++ b/windows/deployment/update/includes/wufb-deployment-enroll-device-graph-explorer.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-find-device-name-graph-explorer.md b/windows/deployment/update/includes/wufb-deployment-find-device-name-graph-explorer.md
index 336236ee43..9cfcff85ad 100644
--- a/windows/deployment/update/includes/wufb-deployment-find-device-name-graph-explorer.md
+++ b/windows/deployment/update/includes/wufb-deployment-find-device-name-graph-explorer.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-graph-explorer-permissions.md b/windows/deployment/update/includes/wufb-deployment-graph-explorer-permissions.md
index 23bbb2b2d9..40f67810ab 100644
--- a/windows/deployment/update/includes/wufb-deployment-graph-explorer-permissions.md
+++ b/windows/deployment/update/includes/wufb-deployment-graph-explorer-permissions.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-graph-explorer.md b/windows/deployment/update/includes/wufb-deployment-graph-explorer.md
index 8d869d1f69..8250bc9e1d 100644
--- a/windows/deployment/update/includes/wufb-deployment-graph-explorer.md
+++ b/windows/deployment/update/includes/wufb-deployment-graph-explorer.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-graph-unenroll.md b/windows/deployment/update/includes/wufb-deployment-graph-unenroll.md
index 682134eb32..d4681b40c2 100644
--- a/windows/deployment/update/includes/wufb-deployment-graph-unenroll.md
+++ b/windows/deployment/update/includes/wufb-deployment-graph-unenroll.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-limitations.md b/windows/deployment/update/includes/wufb-deployment-limitations.md
index 34e70ba899..a57711bffd 100644
--- a/windows/deployment/update/includes/wufb-deployment-limitations.md
+++ b/windows/deployment/update/includes/wufb-deployment-limitations.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-deployment-update-health-tools-logs.md b/windows/deployment/update/includes/wufb-deployment-update-health-tools-logs.md
index 4e0d5caaff..cd39b4dd7e 100644
--- a/windows/deployment/update/includes/wufb-deployment-update-health-tools-logs.md
+++ b/windows/deployment/update/includes/wufb-deployment-update-health-tools-logs.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 02/14/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-reports-admin-center-permissions.md b/windows/deployment/update/includes/wufb-reports-admin-center-permissions.md
index da738e8991..a698c7f33b 100644
--- a/windows/deployment/update/includes/wufb-reports-admin-center-permissions.md
+++ b/windows/deployment/update/includes/wufb-reports-admin-center-permissions.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 04/26/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-reports-endpoints.md b/windows/deployment/update/includes/wufb-reports-endpoints.md
index 88fd5d146e..a3bfb9b575 100644
--- a/windows/deployment/update/includes/wufb-reports-endpoints.md
+++ b/windows/deployment/update/includes/wufb-reports-endpoints.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 12/15/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-reports-onboard-admin-center.md b/windows/deployment/update/includes/wufb-reports-onboard-admin-center.md
index 70c1948c7a..f0f14e2a67 100644
--- a/windows/deployment/update/includes/wufb-reports-onboard-admin-center.md
+++ b/windows/deployment/update/includes/wufb-reports-onboard-admin-center.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 08/18/2022
ms.localizationpriority: medium
diff --git a/windows/deployment/update/includes/wufb-reports-script-error-codes.md b/windows/deployment/update/includes/wufb-reports-script-error-codes.md
index 479b5a9eff..7057d0789c 100644
--- a/windows/deployment/update/includes/wufb-reports-script-error-codes.md
+++ b/windows/deployment/update/includes/wufb-reports-script-error-codes.md
@@ -2,8 +2,8 @@
author: mestew
ms.author: mstewart
manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
+ms.subservice: itpro-updates
+ms.service: windows-client
ms.topic: include
ms.date: 07/11/2023
ms.localizationpriority: medium
diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md
index baae39d605..080e86b6ad 100644
--- a/windows/deployment/update/media-dynamic-update.md
+++ b/windows/deployment/update/media-dynamic-update.md
@@ -1,8 +1,8 @@
---
title: Update Windows installation media with Dynamic Update
description: Learn how to acquire and apply Dynamic Update packages to existing Windows images prior to deployment
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/optional-content.md b/windows/deployment/update/optional-content.md
index 1245ce7f59..7f6fffc7b4 100644
--- a/windows/deployment/update/optional-content.md
+++ b/windows/deployment/update/optional-content.md
@@ -1,8 +1,8 @@
---
title: Migrating and acquiring optional Windows content
description: How to keep language resources and Features on Demand during operating system updates for your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/plan-define-readiness.md b/windows/deployment/update/plan-define-readiness.md
index 3116459b20..dcc9544f7e 100644
--- a/windows/deployment/update/plan-define-readiness.md
+++ b/windows/deployment/update/plan-define-readiness.md
@@ -1,8 +1,8 @@
---
title: Define readiness criteria
description: Identify important roles and figure out how to classify apps so you can plan and manage your deployment
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/plan-define-strategy.md b/windows/deployment/update/plan-define-strategy.md
index 9f3f2e92b7..e2175c7b40 100644
--- a/windows/deployment/update/plan-define-strategy.md
+++ b/windows/deployment/update/plan-define-strategy.md
@@ -1,8 +1,8 @@
---
title: Define update strategy
description: Example of using a calendar-based approach to achieve consistent update installation in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/plan-determine-app-readiness.md b/windows/deployment/update/plan-determine-app-readiness.md
index 735e5a3095..6801a4cca8 100644
--- a/windows/deployment/update/plan-determine-app-readiness.md
+++ b/windows/deployment/update/plan-determine-app-readiness.md
@@ -1,8 +1,8 @@
---
title: Determine application readiness
description: How to test your apps to identify which need attention prior to deploying an update in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
ms.author: mstewart
author: mestew
diff --git a/windows/deployment/update/prepare-deploy-windows.md b/windows/deployment/update/prepare-deploy-windows.md
index ad9ebeff3a..a9af4519db 100644
--- a/windows/deployment/update/prepare-deploy-windows.md
+++ b/windows/deployment/update/prepare-deploy-windows.md
@@ -1,8 +1,8 @@
---
title: Prepare to deploy Windows
description: Final steps to get ready to deploy Windows, including preparing infrastructure, environment, applications, devices, network, capability, and users
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/release-cycle.md b/windows/deployment/update/release-cycle.md
index bb6949ca8e..2d4e8ecb19 100644
--- a/windows/deployment/update/release-cycle.md
+++ b/windows/deployment/update/release-cycle.md
@@ -1,8 +1,8 @@
---
title: Update release cycle for Windows clients
description: Learn about the release cycle for updates so Windows clients in your organization stay productive and protected.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/safeguard-holds.md b/windows/deployment/update/safeguard-holds.md
index 86232917dd..104400de70 100644
--- a/windows/deployment/update/safeguard-holds.md
+++ b/windows/deployment/update/safeguard-holds.md
@@ -1,8 +1,8 @@
---
title: Safeguard holds for Windows
description: What are safeguard holds? How to can you tell if a safeguard hold is in effect, and what to do about it.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/safeguard-opt-out.md b/windows/deployment/update/safeguard-opt-out.md
index 30227f3553..0e0a112ae1 100644
--- a/windows/deployment/update/safeguard-opt-out.md
+++ b/windows/deployment/update/safeguard-opt-out.md
@@ -1,8 +1,8 @@
---
title: Opt out of safeguard holds
description: How to install an update in your organization even when a safeguard hold for a known issue has been applied to it.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md
index 7aa9bf3ff1..85af66e440 100644
--- a/windows/deployment/update/servicing-stack-updates.md
+++ b/windows/deployment/update/servicing-stack-updates.md
@@ -1,8 +1,8 @@
---
title: Servicing stack updates
description: In this article, learn how servicing stack updates improve the code that installs the other updates.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/update-baseline.md b/windows/deployment/update/update-baseline.md
index b534f09c0c..28b05bb90e 100644
--- a/windows/deployment/update/update-baseline.md
+++ b/windows/deployment/update/update-baseline.md
@@ -1,8 +1,8 @@
---
title: Windows 10 Update Baseline
description: Use an update baseline to optimize user experience and meet monthly update goals in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md
index b7fa2d5094..50b404df35 100644
--- a/windows/deployment/update/update-policies.md
+++ b/windows/deployment/update/update-policies.md
@@ -1,8 +1,8 @@
---
title: Policies for update compliance and user experience
description: Explanation and recommendations for update compliance, activity, and user experience for your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-branchcache.md b/windows/deployment/update/waas-branchcache.md
index 7856c98348..11732bc1ca 100644
--- a/windows/deployment/update/waas-branchcache.md
+++ b/windows/deployment/update/waas-branchcache.md
@@ -1,8 +1,8 @@
---
title: Configure BranchCache for Windows client updates
description: In this article, learn how to use BranchCache to optimize network bandwidth during update deployment.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md
index 2a1baa5255..4a74fbe288 100644
--- a/windows/deployment/update/waas-configure-wufb.md
+++ b/windows/deployment/update/waas-configure-wufb.md
@@ -2,12 +2,12 @@
title: Configure Windows Update for Business
manager: aaroncz
description: You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices.
-ms.prod: windows-client
+ms.service: windows-client
author: mestew
ms.localizationpriority: medium
ms.author: mstewart
ms.topic: conceptual
-ms.technology: itpro-updates
+ms.subservice: itpro-updates
ms.collection:
- tier1
appliesto:
diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md
index d94af9011d..54a680ab36 100644
--- a/windows/deployment/update/waas-integrate-wufb.md
+++ b/windows/deployment/update/waas-integrate-wufb.md
@@ -1,8 +1,8 @@
---
title: Integrate Windows Update for Business
description: Use Windows Update for Business deployments with management tools such as Windows Server Update Services (WSUS) and Microsoft Configuration Manager.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md
index b1aee2ba14..6506f11e90 100644
--- a/windows/deployment/update/waas-manage-updates-wsus.md
+++ b/windows/deployment/update/waas-manage-updates-wsus.md
@@ -1,8 +1,8 @@
---
title: Deploy updates using Windows Server Update Services
description: WSUS allows companies to defer, selectively approve, choose when delivered, and determine which devices receive updates.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: how-to
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md
index 6f20706c2e..59aa615d29 100644
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@@ -1,8 +1,8 @@
---
title: Overview of Windows as a service
description: Windows as a service is a way to build, deploy, and service Windows. Learn how Windows as a service works.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: overview
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md
index f027e7d657..fce23e0310 100644
--- a/windows/deployment/update/waas-quick-start.md
+++ b/windows/deployment/update/waas-quick-start.md
@@ -1,8 +1,8 @@
---
title: Quick guide to Windows as a service (Windows 10)
description: In Windows 10, Microsoft has streamlined servicing to make operating system updates simpler to test, manage, and deploy.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md
index 18b0aa011f..6fd7172197 100644
--- a/windows/deployment/update/waas-restart.md
+++ b/windows/deployment/update/waas-restart.md
@@ -1,8 +1,8 @@
---
title: Manage device restarts after updates
description: Use Group Policy settings, mobile device management (MDM), or Registry to configure when devices will restart after a Windows update is installed.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: how-to
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
index 894cb7361b..78cf2b2e50 100644
--- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
@@ -1,8 +1,8 @@
---
title: Assign devices to servicing channels for updates
description: Learn how to assign devices to servicing channels for Windows 10 updates locally, by using Group Policy, and by using MDM
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
index 31038c9fc0..fa5ee150d4 100644
--- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
@@ -1,8 +1,8 @@
---
title: Prepare a servicing strategy for Windows client updates
description: A strong Windows client deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md
index b370409adb..84c4092f53 100644
--- a/windows/deployment/update/waas-wu-settings.md
+++ b/windows/deployment/update/waas-wu-settings.md
@@ -1,8 +1,8 @@
---
title: Manage additional Windows Update settings
description: In this article, learn about additional settings to control the behavior of Windows Update in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-wufb-csp-mdm.md b/windows/deployment/update/waas-wufb-csp-mdm.md
index c696ffee5d..23e561ea09 100644
--- a/windows/deployment/update/waas-wufb-csp-mdm.md
+++ b/windows/deployment/update/waas-wufb-csp-mdm.md
@@ -1,8 +1,8 @@
---
title: Configure Windows Update for Business by using CSPs and MDM
description: Walk through demonstration of how to configure Windows Update for Business settings using Configuration Service Providers and MDM.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md
index 22c937a71a..6b757b2706 100644
--- a/windows/deployment/update/waas-wufb-group-policy.md
+++ b/windows/deployment/update/waas-wufb-group-policy.md
@@ -1,8 +1,8 @@
---
title: Configure Windows Update for Business via Group Policy
description: Walk through of how to configure Windows Update for Business settings using Group Policy to update devices.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
manager: aaroncz
ms.topic: conceptual
author: mestew
diff --git a/windows/deployment/update/windows-update-error-reference.md b/windows/deployment/update/windows-update-error-reference.md
index c37d7cc3d2..b6dbfb03a0 100644
--- a/windows/deployment/update/windows-update-error-reference.md
+++ b/windows/deployment/update/windows-update-error-reference.md
@@ -1,8 +1,8 @@
---
title: Windows Update error code list by component
description: Learn about reference information for Windows Update error codes, including automatic update errors, UI errors, and reporter errors.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/windows-update-logs.md b/windows/deployment/update/windows-update-logs.md
index b75a881dc0..80f4dcb167 100644
--- a/windows/deployment/update/windows-update-logs.md
+++ b/windows/deployment/update/windows-update-logs.md
@@ -1,8 +1,8 @@
---
title: Windows Update log files
description: Learn about the Windows Update log files and how to merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: troubleshooting
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/windows-update-overview.md b/windows/deployment/update/windows-update-overview.md
index 7965aa2782..c81a8e7319 100644
--- a/windows/deployment/update/windows-update-overview.md
+++ b/windows/deployment/update/windows-update-overview.md
@@ -1,8 +1,8 @@
---
title: Get started with Windows Update
description: An overview of learning resources for Windows Update, including documents on architecture, log files, and common errors.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/windows-update-security.md b/windows/deployment/update/windows-update-security.md
index ab1ed81b28..1d7ec557b6 100644
--- a/windows/deployment/update/windows-update-security.md
+++ b/windows/deployment/update/windows-update-security.md
@@ -2,8 +2,8 @@
title: Windows Update security
manager: aaroncz
description: Overview of the security for Windows Update including security for the metadata exchange and content download.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md
index 714ea509f5..d58ab72657 100644
--- a/windows/deployment/update/wufb-compliancedeadlines.md
+++ b/windows/deployment/update/wufb-compliancedeadlines.md
@@ -2,8 +2,8 @@
title: Enforce compliance deadlines with policies
titleSuffix: Windows Update for Business
description: This article contains information on how to enforce compliance deadlines using Windows Update for Business.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.localizationpriority: medium
diff --git a/windows/deployment/update/wufb-reports-admin-center.md b/windows/deployment/update/wufb-reports-admin-center.md
index 0e0b313437..9d93702ea9 100644
--- a/windows/deployment/update/wufb-reports-admin-center.md
+++ b/windows/deployment/update/wufb-reports-admin-center.md
@@ -3,8 +3,8 @@ title: Microsoft 365 admin center software updates page
titleSuffix: Windows Update for Business reports
manager: aaroncz
description: Microsoft admin center populates Windows Update for Business reports data into the software updates page.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md
index 395856651d..94e36fa723 100644
--- a/windows/deployment/update/wufb-reports-configuration-intune.md
+++ b/windows/deployment/update/wufb-reports-configuration-intune.md
@@ -2,8 +2,8 @@
title: Configure devices using Microsoft Intune
titleSuffix: Windows Update for Business reports
description: How to configure devices to use Windows Update for Business reports from Microsoft Intune.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-configuration-manual.md b/windows/deployment/update/wufb-reports-configuration-manual.md
index 7c76c5ad32..545ebbed48 100644
--- a/windows/deployment/update/wufb-reports-configuration-manual.md
+++ b/windows/deployment/update/wufb-reports-configuration-manual.md
@@ -2,8 +2,8 @@
title: Manually configure devices to send data
titleSuffix: Windows Update for Business reports
description: How to manually configure devices for Windows Update for Business reports using a PowerShell script.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: how-to
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-configuration-script.md b/windows/deployment/update/wufb-reports-configuration-script.md
index 10af47e205..e216694bc7 100644
--- a/windows/deployment/update/wufb-reports-configuration-script.md
+++ b/windows/deployment/update/wufb-reports-configuration-script.md
@@ -2,8 +2,8 @@
title: Configure clients with a script
titleSuffix: Windows Update for Business reports
description: How to get and use the Windows Update for Business reports configuration script to configure devices for Windows Update for Business reports.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-do.md b/windows/deployment/update/wufb-reports-do.md
index d71d76d0be..a02d0d0993 100644
--- a/windows/deployment/update/wufb-reports-do.md
+++ b/windows/deployment/update/wufb-reports-do.md
@@ -2,8 +2,8 @@
title: Delivery Optimization data in reports
titleSuffix: Windows Update for Business reports
description: This article provides information about Delivery Optimization data in Windows Update for Business reports.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-enable.md b/windows/deployment/update/wufb-reports-enable.md
index 27a5b5ad14..1502d549d2 100644
--- a/windows/deployment/update/wufb-reports-enable.md
+++ b/windows/deployment/update/wufb-reports-enable.md
@@ -2,8 +2,8 @@
title: Enable Windows Update for Business reports
titleSuffix: Windows Update for Business reports
description: How to enable the Windows Update for Business reports service through the Azure portal or the Microsoft 365 admin center.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-faq.yml b/windows/deployment/update/wufb-reports-faq.yml
index fe8f250ece..99fee1bb21 100644
--- a/windows/deployment/update/wufb-reports-faq.yml
+++ b/windows/deployment/update/wufb-reports-faq.yml
@@ -3,13 +3,13 @@ metadata:
title: Frequently Asked Questions (FAQ)
titleSuffix: Windows Update for Business reports
description: Answers to frequently asked questions about Windows Update for Business reports.
- ms.prod: windows-client
- ms.technology: itpro-updates
+ ms.service: windows-client
+ ms.subservice: itpro-updates
ms.topic: faq
manager: aaroncz
author: mestew
ms.author: mstewart
- ms.date: 06/20/2023
+ ms.date: 01/26/2024
title: Frequently Asked Questions about Windows Update for Business reports
summary: |
This article answers frequently asked questions about Windows Update for Business reports.
@@ -32,6 +32,7 @@ summary: |
- [Why am I missing devices in reports?](#why-am-i-missing-devices-in-reports)
- [What is the difference between OS version and target version?](#what-is-the-difference-between-os-version-and-target-version)
- [Why are there multiple records for the same device?](#why-are-there-multiple-records-for-the-same-device)
+ - [Why are devices showing an unknown state?](#why-are-devices-showing-an-unknown-state)
- [When should I use the UCClient, UCClientUpdateStatus, or UCUpdateAlert tables?](#when-should-i-use-the-ucclient--ucclientupdatestatus--or-ucupdatealert-tables)
- [What is the difference between quality and security updates?](#what-is-the-difference-between-quality-and-security-updates)
- [How do I confirm that devices are sending data?](#how-do-i-confirm-that-devices-are-sending-data)
@@ -108,7 +109,10 @@ sections:
- **The workbook has limited the results**: The default limit for rows in Azure workbooks is set to 1000. This limit is to avoid any delay in the load time for the interface. If you noticed that you can't find a specific device, you can export the output in Excel, or open the results in the logs view for the full result by selecting the three dots beside each component.
- question: Why are there multiple records for the same device?
answer: |
- Devices have multiple records when the `UCClientUpdateStatus` or `UCClientServiceStatus` tables are queried. These tables contain multiple records because they have the history for all devices that have discovered applicable updates within the past 28 days. For example, it's possible that a device has discovered multiple security updates, each with different update states, at various times over the past 28 days. It's also possible that a device can be in multiple deployments, so multiple records are displayed.
+ Devices have multiple records when the `UCClientUpdateStatus` or `UCClientServiceStatus` tables are queried. These tables contain multiple records because they have the history for all devices that have discovered applicable updates within the past 28 days. For example, it's possible that a device has discovered multiple security updates, each with different update states, at various times over the past 28 days. It's also possible that a device can be in multiple deployments, so multiple records are displayed.
+ - question: Why are devices showing an unknown state?
+ answer: |
+ An unknown client state is displayed if there isn't an update record for the device. This state can happen for many reasons, like the device not being active, not being able to scan Windows Update, or it doesn't currently have any update related activity occurring.
- question: What is the difference between OS version and target version?
answer: |
The word *target* in data labels refers to the update version, build or KB the client intends to update to. Typically, the fields starting with *OS*, such as OSbuild and OSversion, represents what the device is currently running.
diff --git a/windows/deployment/update/wufb-reports-help.md b/windows/deployment/update/wufb-reports-help.md
index 49268fb5a7..3580a4810a 100644
--- a/windows/deployment/update/wufb-reports-help.md
+++ b/windows/deployment/update/wufb-reports-help.md
@@ -2,8 +2,8 @@
title: Feedback, support, and troubleshooting
titleSuffix: Windows Update for Business reports
description: Windows Update for Business reports support, feedback, and troubleshooting information.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: article
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-overview.md b/windows/deployment/update/wufb-reports-overview.md
index a38066595f..080f273243 100644
--- a/windows/deployment/update/wufb-reports-overview.md
+++ b/windows/deployment/update/wufb-reports-overview.md
@@ -2,8 +2,8 @@
title: Windows Update for Business reports overview
titleSuffix: Windows Update for Business reports
description: Overview of Windows Update for Business reports to explain what it's used for and the cloud services it relies on.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: overview
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-prerequisites.md b/windows/deployment/update/wufb-reports-prerequisites.md
index c81cd3c96b..30f7ecac00 100644
--- a/windows/deployment/update/wufb-reports-prerequisites.md
+++ b/windows/deployment/update/wufb-reports-prerequisites.md
@@ -2,8 +2,8 @@
title: Prerequisites for Windows Update for Business reports
titleSuffix: Windows Update for Business reports
description: List of prerequisites for enabling and using Windows Update for Business reports in your organization.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-schema-enumerated-types.md b/windows/deployment/update/wufb-reports-schema-enumerated-types.md
index af84c4b582..ec7e675fd1 100644
--- a/windows/deployment/update/wufb-reports-schema-enumerated-types.md
+++ b/windows/deployment/update/wufb-reports-schema-enumerated-types.md
@@ -2,8 +2,8 @@
title: Enumerated types
titleSuffix: Windows Update for Business reports
description: Enumerated types for Windows Update for Business reports.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-schema-ucclient.md b/windows/deployment/update/wufb-reports-schema-ucclient.md
index b5383c4ad8..b4c113ef71 100644
--- a/windows/deployment/update/wufb-reports-schema-ucclient.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclient.md
@@ -2,8 +2,8 @@
title: UCClient data schema
titleSuffix: Windows Update for Business reports
description: UCClient schema for Windows Update for Business reports. UCClient acts as an individual device's record.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md b/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md
index 59208c8193..e531090eff 100644
--- a/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md
@@ -2,8 +2,8 @@
title: UCClientReadinessStatus data schema
titleSuffix: Windows Update for Business reports
description: UCClientReadinessStatus schema for Windows Update for Business reports. UCClientReadinessStatus is an individual device's record about Windows 11 readiness.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md b/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
index 058a649dd6..e75f3bed7e 100644
--- a/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
@@ -2,8 +2,8 @@
title: UCClientUpdateStatus data schema
titleSuffix: Windows Update for Business reports
description: UCClientUpdateStatus schema for Windows Update for Business reports. UCClientUpdateStatus combines the latest client-based data with the latest service data.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-schema-ucdevicealert.md b/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
index e5dfa88144..c6f38d89f3 100644
--- a/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
+++ b/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
@@ -2,8 +2,8 @@
title: UCDeviceAlert data schema
titleSuffix: Windows Update for Business reports
description: UCDeviceAlert schema for Windows Update for Business reports. UCDeviceAlert is an individual device's record about an alert.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md b/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md
index 33540428e2..834c5a0b29 100644
--- a/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md
@@ -2,8 +2,8 @@
title: UCDOAggregatedStatus data schema
titleSuffix: Windows Update for Business reports
description: UCDOAggregatedStatus schema for Windows Update for Business reports. UCDOAggregatedStatus is an aggregation of all UDDOStatus records across the tenant.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md b/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
index c78b2c076d..f01a18f679 100644
--- a/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
@@ -2,8 +2,8 @@
title: UCServiceUpdateStatus data schema
titleSuffix: Windows Update for Business reports
description: UCServiceUpdateStatus schema for Windows Update for Business reports. UCServiceUpdateStatus has service-side information for one device and one update.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-schema-ucupdatealert.md b/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
index 588cbd8cb6..331547385e 100644
--- a/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
+++ b/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
@@ -2,8 +2,8 @@
title: UCUpdateAlert data schema
titleSuffix: Windows Update for Business reports
description: UCUpdateAlert schema for Windows Update for Business reports. UCUpdateAlert is an alert for both client and service updates.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-schema.md b/windows/deployment/update/wufb-reports-schema.md
index 75cdcb5587..d87b64907c 100644
--- a/windows/deployment/update/wufb-reports-schema.md
+++ b/windows/deployment/update/wufb-reports-schema.md
@@ -2,8 +2,8 @@
title: Windows Update for Business reports data schema
titleSuffix: Windows Update for Business reports
description: An overview of Windows Update for Business reports data schema to power additional dashboards and data analysis tools.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: reference
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-use.md b/windows/deployment/update/wufb-reports-use.md
index 2b4f1b8b1a..7fb8613fcf 100644
--- a/windows/deployment/update/wufb-reports-use.md
+++ b/windows/deployment/update/wufb-reports-use.md
@@ -2,8 +2,8 @@
title: Use the Windows Update for Business reports data
titleSuffix: Windows Update for Business reports
description: How to use the Windows Update for Business reports data for custom solutions using tools like Azure Monitor Logs.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/wufb-reports-workbook.md b/windows/deployment/update/wufb-reports-workbook.md
index d024ceda0d..a8e2e42be7 100644
--- a/windows/deployment/update/wufb-reports-workbook.md
+++ b/windows/deployment/update/wufb-reports-workbook.md
@@ -2,8 +2,8 @@
title: Use the workbook for Windows Update for Business reports
titleSuffix: Windows Update for Business reports
description: How to use the Windows Update for Business reports workbook from the Azure portal.
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.service: windows-client
+ms.subservice: itpro-updates
ms.topic: conceptual
author: mestew
ms.author: mstewart
@@ -11,7 +11,7 @@ manager: aaroncz
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 06/23/2023
+ms.date: 01/29/2024
---
# Windows Update for Business reports workbook
@@ -36,6 +36,8 @@ To access the Windows Update for Business reports workbook:
1. When the gallery opens, select the **Windows Update for Business reports** workbook. If needed, you can filter workbooks by name in the gallery.
1. When the workbook opens, you may need to specify which **Subscription** and **Workspace** you used when [enabling Windows Update for Business reports](wufb-reports-enable.md).
+> [!Important]
+> Don't pin the Windows Update for Business reports workbook to an Azure dashboard. Using a pinned report loads an older copy of the report and it won't display any updates to the report template.
## Summary tab
@@ -72,7 +74,8 @@ The **Quality updates** tab displays generalized data at the top by using tiles.
|**Latest security update**| Count of devices that have reported successful installation of the latest security update. | - Select **View details** to display a flyout with a chart that displays the first 1000 items. - Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). |
| **Missing one security update** | Count of devices that haven't installed the latest security update.| - Select **View details** to display a flyout with a chart that displays the first 1000 items. - Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).|
| **Missing multiple security updates** | Count of devices that are missing two or more security updates. | - Select **View details** to display a flyout with a chart that displays the first 1000 items. - Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). |
-| **Expedite performance** | Overview of the progress for the expedited deployments of the latest security update. | - Select **View details** to display a flyout with a chart that displays the total progress of each deployment, number of alerts, and count of devices. - Select the count from the **Alerts** column to display the alerts, by name, for the deployment. Selecting the device count for the alert name displays a list of devices with the alert. - Select the count in the **TotalDevices** column to display a list of clients and their information for the deployment. |
+| **Active alerts** | Count of active update and device alerts for quality updates. | |
+| **Expedite status** | Overview of the progress for the expedited deployments of the latest security update. | Select **View details** to display a flyout with two tabs: **Deployments** and **Readiness** - The **Deployments** tab contins a chart that displays the total progress of each deployment, number of alerts, and count of devices.
[#1278][component-1278] and [#1281][component-1281]); DRBG (Cert. [#1555][drbg-1555]); DSA (Cert. [#1223][dsa-1223]); ECDSA (Cert. [#1133][ecdsa-1133]); HMAC (Cert. [#3061][hmac-3061]); KAS (Cert. [#127][kas-127]); KBKDF (Cert. [#140][kdf-140]); KTS (AES Cert. [#4626][aes-4626]; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2521][rsa-2521] and [#2522][rsa-2522]); SHS (Cert. [#3790][shs-3790]); Triple-DES (Cert. [#2459][tdes-2459]
Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#1133][component-1133]); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#2521][component-2521]); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#1281][component-1281]); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. [#1278][component-1278])| -|Kernel Mode Cryptographic Primitives Library (cng.sys)|[10.0.15063][sp-3094]|[#3094][certificate-3094]|[#3094][certificate-3094]
FIPS approved algorithms: AES (Certs. [#4624][aes-4624] and [#4626][aes-4626]); CKG (vendor affirmed); CVL (Certs. [#1278][component-1278] and [#1281][component-1281]); DRBG (Cert. [#1555][drbg-1555]); DSA (Cert. [#1223][dsa-1223]); ECDSA (Cert. [#1133][ecdsa-1133]); HMAC (Cert. [#3061][hmac-3061]); KAS (Cert. [#127][kas-127]); KBKDF (Cert. [#140][kdf-140]); KTS (AES Cert. [#4626][aes-4626]; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2521][rsa-2521] and [#2523][rsa-2523]); SHS (Cert. [#3790][shs-3790]); Triple-DES (Cert. [#2459][tdes-2459]
Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
[Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages ([Cert. [#3094]][certificate-3094])
[#1133][component-1133][); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert.][certificate-3094][#2521][component-2521][); FIPS186-4 RSA; RSADP - RSADP Primitive [Cert.][certificate-3094]
[#1281][component-1281][Cert. #3094][certificate-3094]| -|Boot Manager|[10.0.15063][sp-3089]|[#3089][certificate-3089]|FIPS approved algorithms: AES (Certs. [#4624][aes-4624] and [#4625][aes-4625]); CKG (vendor affirmed); HMAC (Cert. [#3061][hmac-3061]); PBKDF (vendor affirmed); RSA (Cert. [#2523][rsa-2523]); SHS (Cert. [#3790][shs-3790]
Other algorithms: PBKDF (vendor affirmed); VMK KDF (vendor affirmed)| -|Windows OS Loader|[10.0.15063][sp-3090]|[#3090][certificate-3090]|FIPS approved algorithms: AES (Certs. [#4624][aes-4624] and [#4625][aes-4625]); RSA (Cert. [#2523][rsa-2523]); SHS (Cert. [#3790][shs-3790]
[Other algorithms: NDRNG][certificate-3090]| -|Windows Resume [1]|[10.0.15063][sp-3091]|[#3091][certificate-3091]|FIPS approved algorithms: AES (Certs. [#4624][aes-4624] and [#4625][aes-4625]); RSA (Cert. [#2523][rsa-2523]); SHS (Cert. [#3790][shs-3790])| -|BitLocker® Dump Filter [2]|[10.0.15063][sp-3092]|[#3092][certificate-3092]|FIPS approved algorithms: AES (Certs. [#4624][aes-4624] and [#4625][aes-4625]); RSA (Cert. [#2522][rsa-2522]); SHS (Cert. [#3790][shs-3790])| -|Code Integrity (ci.dll)|[10.0.15063][sp-3093]|[#3093][certificate-3093]|FIPS approved algorithms: AES (Cert. [#4624][aes-4624]); RSA (Certs. [#2522][rsa-2522] and [#2523][rsa-2523]); SHS (Cert. [#3790][shs-3790]
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. [#1282][component-1282])| -|Secure Kernel Code Integrity (skci.dll)[3]|[10.0.15063][sp-3096]|[#3096][certificate-3096]|FIPS approved algorithms: AES (Cert. [#4624][aes-4624]); RSA (Certs. [#2522][rsa-2522] and [#2523][rsa-2523]); SHS (Cert. [#3790][shs-3790]
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. [#1282][component-1282])| - - -\[1\] Applies only to Home, Pro, Enterprise, Education, and S. - -\[2\] Applies only to Pro, Enterprise, Education, S, Mobile, and Surface Hub - -\[3\] Applies only to Pro, Enterprise, Education, and S - -
Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#922][component-922]); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#888][component-888]); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#887][component-887]); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. [#886][component-886])| -|Kernel Mode Cryptographic Primitives Library (cng.sys)|[10.0.14393][sp-2936]|[#2936][certificate-2936]|FIPS approved algorithms: AES (Cert. [#4064][aes-4064]); DRBG (Cert. [#1217][drbg-1217]); DSA (Cert. [#1098][dsa-1098]); ECDSA (Cert. [#911][ecdsa-911]); HMAC (Cert. [#2651][hmac-2651]); KAS (Cert. [#92][kas-92]); KBKDF (Cert. [#101][kdf-101]); KTS (AES Cert. [#4062][aes-4062]; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2192][rsa-2192], [#2193, and #2195][rsa-2193]); SHS (Cert. [#3347][shs-3347]); Triple-DES (Cert. [#2227][tdes-2227])
Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#922][component-922]); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#888][component-888]); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#887][component-887])| -|Boot Manager|[10.0.14393][sp-2931]|[#2931][certificate-2931]|FIPS approved algorithms: AES (Certs. [#4061][aes-4061] and [#4064][aes-4064]); HMAC (Cert. [#2651][hmac-2651]); PBKDF (vendor affirmed); RSA (Cert. [#2193][rsa-2193]); SHS (Cert. [#3347][shs-3347])
Other algorithms: MD5; PBKDF (non-compliant); VMK KDF| -|BitLocker® Windows OS Loader (winload)|[10.0.14393][sp-2932]|[#2932][certificate-2932]|FIPS approved algorithms: AES (Certs. [#4061][aes-4061] and [#4064][aes-4064]); RSA (Cert. [#2193][rsa-2193]); SHS (Cert. [#3347][shs-3347])
Other algorithms: NDRNG; MD5| -|BitLocker® Windows Resume (winresume)[1]|[10.0.14393][sp-2933]|[#2933][certificate-2933]|FIPS approved algorithms: AES (Certs. [#4061][aes-4061] and [#4064][aes-4064]); RSA (Cert. [#2193][rsa-2193]); SHS (Cert. [#3347][shs-3347])
Other algorithms: MD5| -|BitLocker® Dump Filter (dumpfve.sys)[2]|[10.0.14393][sp-2934]|[#2934][certificate-2934]|FIPS approved algorithms: AES (Certs. [#4061][aes-4061] and [#4064][aes-4064])| -|Code Integrity (ci.dll)|[10.0.14393][sp-2935]|[#2935][certificate-2935]|FIPS approved algorithms: RSA (Cert. [#2193][rsa-2193]); SHS (Cert. [#3347][shs-3347])
Other algorithms: AES (non-compliant); MD5
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#888][component-888])| -|Secure Kernel Code Integrity (skci.dll)[3]|[10.0.14393][sp-2938]|[#2938][certificate-2938]|FIPS approved algorithms: RSA (Certs. [#2193][rsa-2193]); SHS (Certs. [#3347][shs-3347])
Other algorithms: MD5
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#888][component-888])| - -\[1\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB - -\[2\] Applies only to Pro, Enterprise, Enterprise LTSB, and Mobile - -\[3\] Applies only to Pro, Enterprise, and Enterprise LTSB - -
Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#666][component-666]); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#665][component-665]); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#663][component-663]); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. [#664][component-664])| -|Kernel Mode Cryptographic Primitives Library (cng.sys)|[10.0.10586][sp-2605]|[#2605][certificate-2605]|FIPS approved algorithms: AES (Certs. [#3629][aes-3629]); DRBG (Certs. [#955][drbg-955]); DSA (Certs. [#1024][dsa-1024]); ECDSA (Certs. [#760][ecdsa-760]); HMAC (Certs. [#2381][hmac-2381]); KAS (Certs. [#72][kas-72]; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. [#72][kdf-72]); KTS (AES Certs. [#3653][aes-3653]; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#1887][rsa-1887], [#1888, and #1889][rsa-1888]); SHS (Certs. [#3047][shs-3047]); Triple-DES (Certs. [#2024][tdes-2024])
Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#666][component-666]); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#665][component-665]); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#663][component-663])| -|Boot Manager [4]|[10.0.10586][sp-2700]|[#2700][certificate-2700]|FIPS approved algorithms: AES (Certs. [#3653][aes-3653]); HMAC (Cert. [#2381][hmac-2381]); PBKDF (vendor affirmed); RSA (Cert. [#1871][rsa-1871]); SHS (Certs. [#3047][shs-3047] and [#3048][shs-3048])
Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)| -|BitLocker® Windows OS Loader (winload)[5]|[10.0.10586][sp-2701]|[#2701][certificate-2701]|FIPS approved algorithms: AES (Certs. [#3629][aes-3629] and [#3653][aes-3653]); RSA (Cert. [#1871][rsa-1871]); SHS (Cert. [#3048][shs-3048])
Other algorithms: MD5; NDRNG| -|BitLocker® Windows Resume (winresume)[6]|[10.0.10586][sp-2702]|[#2702][certificate-2702]|FIPS approved algorithms: AES (Certs. [#3653][aes-3653]); RSA (Cert. [#1871][rsa-1871]); SHS (Cert. [#3048][shs-3048])
Other algorithms: MD5| -|BitLocker® Dump Filter (dumpfve.sys)[7]|[10.0.10586][sp-2703]|[#2703][certificate-2703]|FIPS approved algorithms: AES (Certs. [#3653][aes-3653])| -|Code Integrity (ci.dll)|[10.0.10586][sp-2604]|[#2604][certificate-2604]|FIPS approved algorithms: RSA (Certs. [#1871][rsa-1871]); SHS (Certs. [#3048][shs-3048])
Other algorithms: AES (non-compliant); MD5
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#665][component-665])| -|Secure Kernel Code Integrity (skci.dll)[8]|[10.0.10586][sp-2607]|[#2607][certificate-2607]|FIPS approved algorithms: RSA (Certs. [#1871][rsa-1871]); SHS (Certs. [#3048][shs-3048])
Other algorithms: MD5
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#665][component-665])| - -\[4\] Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub - -\[5\] Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub - -\[6\] Applies only to Home, Pro, and Enterprise - -\[7\] Applies only to Pro, Enterprise, Mobile, and Surface Hub - -\[8\] Applies only to Enterprise and Enterprise LTSB - -
Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#572][component-572]); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#576][component-576]); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. [#575][component-575])| -|Kernel Mode Cryptographic Primitives Library (cng.sys)|[10.0.10240][sp-2605]|[#2605][certificate-2605]|FIPS approved algorithms: AES (Certs. [#3497][aes-3497]); DRBG (Certs. [#868][drbg-868]); DSA (Certs. [#983][dsa-983]); ECDSA (Certs. [#706][ecdsa-706]); HMAC (Certs. [#2233][hmac-2233]); KAS (Certs. [#64][kas-64]; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. [#66][kdf-66]); KTS (AES Certs. [#3507][aes-3507]; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#1783][rsa-1783], [#1798][rsa-1798], and [#1802][rsa-1802]); SHS (Certs. [#2886][shs-2886]); Triple-DES (Certs. [#1969][tdes-1969])
Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#572][component-572]); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#576][component-576])| -|Boot Manager[9]|[10.0.10240][sp-2600]|[#2600][certificate-2600]|FIPS approved algorithms: AES (Cert. [#3497][aes-3497]); HMAC (Cert. [#2233][hmac-2233]); KTS (AES Cert. [#3498][aes-3498]); PBKDF (vendor affirmed); RSA (Cert. [#1784][rsa-1784]); SHS (Certs. [#2871][shs-2871] and [#2886][shs-2886])
Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)| -|BitLocker® Windows OS Loader (winload)[10]|[10.0.10240][sp-2601]|[#2601][certificate-2601]|FIPS approved algorithms: AES (Certs. [#3497][aes-3497] and [#3498][aes-3498]); RSA (Cert. [#1784][rsa-1784]); SHS (Cert. [#2871][shs-2871])
Other algorithms: MD5; NDRNG| -|BitLocker® Windows Resume (winresume)[11]|[10.0.10240][sp-2602]|[#2602][certificate-2602]|FIPS approved algorithms: AES (Certs. [#3497][aes-3497] and [#3498][aes-3498]); RSA (Cert. [#1784][rsa-1784]); SHS (Cert. [#2871][shs-2871])
Other algorithms: MD5| -|BitLocker® Dump Filter (dumpfve.sys)[12]|[10.0.10240][sp-2603]|[#2603][certificate-2603]|FIPS approved algorithms: AES (Certs. [#3497][aes-3497] and [#3498][aes-3498])| -|Code Integrity (ci.dll)|[10.0.10240][sp-2604]|[#2604][certificate-2604]|FIPS approved algorithms: RSA (Certs. [#1784][rsa-1784]); SHS (Certs. [#2871][shs-2871])
Other algorithms: AES (non-compliant); MD5
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#572][component-572])| -|Secure Kernel Code Integrity (skci.dll)[13]|[10.0.10240][sp-2607]|[#2607][certificate-2607]|FIPS approved algorithms: RSA (Certs. [#1784][rsa-1784]); SHS (Certs. [#2871][shs-2871])
Other algorithms: MD5
Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#572][component-572])| - - -\[9\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB - -\[10\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB - -\[11\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB - -\[12\] Applies only to Pro, Enterprise, and Enterprise LTSB - -\[13\] Applies only to Enterprise and Enterprise LTSB - -
Other algorithms: AES (Cert. [#2832][aes-2832], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#288][component-288]); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#289][component-289]); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. [#323][component-323])| -|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.3.9600 6.3.9600.17042][sp-2356]|[#2356][certificate-2356]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832]); DRBG (Certs. [#489][drbg-489]); ECDSA (Cert. [#505][ecdsa-505]); HMAC (Cert. [#1773][hmac-1773]); KAS (Cert. [#47][kas-47]); KBKDF (Cert. [#30][kdf-30]); PBKDF (vendor affirmed); RSA (Certs. [#1487][rsa-1487], [#1493, and #1519][rsa-1493]); SHS (Cert. [# 2373][shs-2373]); Triple-DES (Cert. [#1692][tdes-1692])
Other algorithms: AES (Cert. [#2832][aes-2832], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)
Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#288][component-288]); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#289][component-289])| -|Boot Manager|[6.3.9600 6.3.9600.17031][sp-2351]|[#2351][certificate-2351]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832]); HMAC (Cert. [#1773][hmac-1773]); PBKDF (vendor affirmed); RSA (Cert. [#1494][rsa-1494]); SHS (Certs. [# 2373][shs-2373] and [#2396][shs-2396])
Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)| -|BitLocker® Windows OS Loader (winload)|[6.3.9600 6.3.9600.17031][sp-2352]|[#2352][certificate-2352]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832]); RSA (Cert. [#1494][rsa-1494]); SHS (Cert. [#2396][shs-2396])
Other algorithms: MD5; NDRNG| -|BitLocker® Windows Resume (winresume)[14]|[6.3.9600 6.3.9600.17031][sp-2353]|[#2353][certificate-2353]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832]); RSA (Cert. [#1494][rsa-1494]); SHS (Certs. [# 2373][shs-2373] and [#2396][shs-2396])
Other algorithms: MD5| -|BitLocker® Dump Filter (dumpfve.sys)|[6.3.9600 6.3.9600.17031][sp-2354]|[#2354][certificate-2354]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832])
Other algorithms: N/A| -|Code Integrity (ci.dll)|[6.3.9600 6.3.9600.17031][sp-2355]|[#2355][certificate-2355]|FIPS approved algorithms: RSA (Cert. [#1494][rsa-1494]); SHS (Cert. [# 2373][shs-2373])
Other algorithms: MD5
Validated Component Implementations: PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#289][component-289])| - -\[14\] Applies only to Pro, Enterprise, and Embedded 8. - -
Other algorithms: AES (Cert. [#2197][aes-2197], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert.); ECDSA (Cert.); HMAC (Cert.); KAS (Cert); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)| -|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.2.9200][sp-1891]|[#1891][certificate-1891]|FIPS approved algorithms: AES (Certs. [#2197][aes-2197] and [#2216][aes-2216]); DRBG (Certs. [#258][drbg-258] and [#259][drbg-259]); ECDSA (Cert. [#341][ecdsa-341]); HMAC (Cert. [#1345][hmac-1345]); KAS (Cert. [#36][kas-36]); KBKDF (Cert. [#3][kdf-3]); PBKDF (vendor affirmed); RNG (Cert. [#1110][rng-1110]); RSA (Certs. [#1133][rsa-1133] and [#1134][rsa-1134]); SHS (Cert. [#1903][shs-1903]); Triple-DES (Cert. [#1387][tdes-1387])
Other algorithms: AES (Cert. [#2197][aes-2197], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and); ECDSA (Cert.); HMAC (Cert.); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RNG (Cert.); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)| -|Boot Manager|[6.2.9200][sp-1895]|[#1895][sp-1895]|FIPS approved algorithms: AES (Certs. [#2196][aes-2196] and [#2198][aes-2198]); HMAC (Cert. #[1347][hmac-1347]); RSA (Cert. [#1132][rsa-1132]); SHS (Cert. [#1903][shs-1903])
Other algorithms: MD5| -|BitLocker® Windows OS Loader (WINLOAD)|[6.2.9200][sp-1896]|[#1896][sp-1896]|FIPS approved algorithms: AES (Certs. [#2196][aes-2196] and [#2198][aes-2198]); RSA (Cert. [#1132][rsa-1132]); SHS (Cert. [#1903][shs-1903])
Other algorithms: AES (Cert. [#2197][aes-2197]; non-compliant); MD5; Non-Approved RNG| -|BitLocker® Windows Resume (WINRESUME)[15]|[6.2.9200][sp-1898]|[#1898][sp-1898]|FIPS approved algorithms: AES (Certs. [#2196][aes-2196] and [#2198][aes-2198]); RSA (Cert. [#1132][rsa-1132]); SHS (Cert. [#1903][shs-1903])
Other algorithms: MD5| -|BitLocker® Dump Filter (DUMPFVE.SYS)|[6.2.9200][sp-1899]|[#1899][sp-1899]|FIPS approved algorithms: AES (Certs. [#2196][aes-2196] and [#2198][aes-2198])
Other algorithms: N/A| -|Code Integrity (CI.DLL)|[6.2.9200][sp-1897]|[#1897][sp-1897]|FIPS approved algorithms: RSA (Cert. [#1132][rsa-1132]); SHS (Cert. [#1903][shs-1903])
Other algorithms: MD5| -|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)|[6.2.9200][sp-1893]|[#1893][sp-1893]|FIPS approved algorithms: DSA (Cert. [#686][dsa-686]); SHS (Cert. [#1902][shs-1902]); Triple-DES (Cert. [#1386][tdes-1386]); Triple-DES MAC (Triple-DES Cert. [#1386][tdes-1386], vendor affirmed)
Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. [#1386][tdes-1386], key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert.); Triple-DES MAC (Triple-DES Certificate, vendor affirmed)
Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Certificate, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)| -|Enhanced Cryptographic Provider (RSAENH.DLL)|[6.2.9200][sp-1894]|[#1894][sp-1894]|FIPS approved algorithms: AES (Cert. [#2196][aes-2196]); HMAC (Cert. #1346); RSA (Cert. [#1132][rsa-1132]); SHS (Cert. [#1902][shs-1902]); Triple-DES (Cert. [#1386][tdes-1386])
Other algorithms: AES (Cert. [#2196][aes-2196], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. [#1386][tdes-1386], key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)| - -\[15\] Applies only to Home and Pro - -
[6.1.7601.17514][sp-1329]|[1329][certificate-1329]|FIPS approved algorithms: AES (Certs. [#1168][aes-1168] and [#1178][aes-1178]); AES GCM (Cert. [#1168][aes-1168], vendor-affirmed); AES GMAC (Cert. [#1168][aes-1168], vendor-affirmed); DRBG (Certs. [#23][drbg-23] and [#24][drbg-24]); DSA (Cert. [#386][dsa-386]); ECDSA (Cert. [#141][ecdsa-141]); HMAC (Cert. [#677][hmac-677]); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. [#649][rng-649]); RSA (Certs. [#559][rsa-559] and [#560][rsa-560]); SHS (Cert. [#1081][shs-1081]); Triple-DES (Cert. [#846][tdes-846])
Other algorithms: AES (Cert. [#1168][aes-1168], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and); SHS (Cert.); Triple-DES (Cert.)
Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4| -|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.1.7600.16385][sp-1328]
[6.1.7600.16915][sp-1328]
[6.1.7600.21092][sp-1328]
[6.1.7601.17514][sp-1328]
[6.1.7601.17725][sp-1328]
[6.1.7601.17919][sp-1328]
[6.1.7601.21861][sp-1328]
[6.1.7601.22076][sp-1328]|[1328][certificate-1328]|FIPS approved algorithms: AES (Certs. [#1168][aes-1168] and [#1178][aes-1178]); AES GCM (Cert. [#1168][aes-1168], vendor-affirmed); AES GMAC (Cert. [#1168][aes-1168], vendor-affirmed); DRBG (Certs. [#23][drbg-23] and [#24][drbg-24]); ECDSA (Cert. [#141][ecdsa-141]); HMAC (Cert. [#677][hmac-677]); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. [#649][rng-649]); RSA (Certs. [#559][rsa-559] and [#560][rsa-560]); SHS (Cert. [#1081][shs-1081]); Triple-DES (Cert. [#846][tdes-846])
Other algorithms: AES (Cert. [#1168][aes-1168], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4| -|Boot Manager|[6.1.7600.16385][sp-1319]
[6.1.7601.17514][sp-1319]|[1319][certificate-1319]|FIPS approved algorithms: AES (Certs. [#1168][aes-1168] and [#1177][aes-1177]); HMAC (Cert. [#675][hmac-675]); RSA (Cert. [#557][rsa-557]); SHS (Cert. [#1081][shs-1081])
Other algorithms: MD5#1168 and); HMAC (Cert.); RSA (Cert.); SHS (Cert.)
Other algorithms: MD5| -|Winload OS Loader (winload.exe)|[6.1.7600.16385][sp-1326]
[6.1.7600.16757][sp-1326]
[6.1.7600.20897][sp-1326]
[6.1.7600.20916][sp-1326]
[6.1.7601.17514][sp-1326]
[6.1.7601.17556][sp-1326]
[6.1.7601.21655][sp-1326]
[6.1.7601.21675][sp-1326]|[1326][certificate-1326]|FIPS approved algorithms: AES (Certs. [#1168][aes-1168] and [#1177][aes-1177]); RSA (Cert. [#557][rsa-557]); SHS (Cert. [#1081][shs-1081])
Other algorithms: MD5| -|BitLocker™ Drive Encryption|[6.1.7600.16385][sp-1332]
[6.1.7600.16429][sp-1332]
[6.1.7600.16757][sp-1332]
[6.1.7600.20536][sp-1332]
[6.1.7600.20873][sp-1332]
[6.1.7600.20897][sp-1332]
[6.1.7600.20916][sp-1332]
[6.1.7601.17514][sp-1332]
[6.1.7601.17556][sp-1332]
[6.1.7601.21634][sp-1332]
[6.1.7601.21655][sp-1332]
[6.1.7601.21675][sp-1332]|[1332][certificate-1332]|FIPS approved algorithms: AES (Certs. [#1168][aes-1168] and [#1177][aes-1177]); HMAC (Cert. [#675][hmac-675]); SHS (Cert. [#1081][shs-1081])
Other algorithms: Elephant Diffuser| -|Code Integrity (CI.DLL)|[6.1.7600.16385][sp-1327]
[6.1.7600.17122][sp-1327]v[6.1.7600.21320][sp-1327]
[6.1.7601.17514][sp-1327]
[6.1.7601.17950][sp-1327]v[6.1.7601.22108][sp-1327]|[1327][certificate-1327]|FIPS approved algorithms: RSA (Cert. [#557][rsa-557]); SHS (Cert. [#1081][shs-1081])
Other algorithms: MD5| -|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)|[6.1.7600.16385][sp-1331]
(no change in SP1)|[1331][certificate-1331]|FIPS approved algorithms: DSA (Cert. [#385][dsa-385]); RNG (Cert. [#649][rng-649]); SHS (Cert. [#1081][shs-1081]); Triple-DES (Cert. [#846][tdes-846]); Triple-DES MAC (Triple-DES Cert. [#846][tdes-846], vendor affirmed)
Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4| -|Enhanced Cryptographic Provider (RSAENH.DLL)|[6.1.7600.16385][sp-1330]
(no change in SP1)|[1330][certificate-1330]|FIPS approved algorithms: AES (Cert. [#1168][aes-1168]); DRBG (Cert. [#23][drbg-23]); HMAC (Cert. [#673][hmac-673]); SHS (Cert. [#1081][shs-1081]); RSA (Certs. [#557][rsa-557] and [#559][rsa-559]); Triple-DES (Cert. [#846][tdes-846])
Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)| - -
Other algorithms: MD5| -|Code Integrity (ci.dll)|[6.0.6001.18000, 6.0.6001.18023, 6.0.6001.22120, and 6.0.6002.18005][sp-980]|[980][certificate-980]|FIPS approved algorithms: RSA (Cert. [#354][rsa-354]); SHS (Cert. [#753][shs-753])
Other algorithms: MD5| -|Kernel Mode Security Support Provider Interface (ksecdd.sys)|[6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.22869][sp-1000]|[1000][certificate-1000]|FIPS approved algorithms: AES (Certs. [#739][aes-739] and [#756][aes-756]); ECDSA (Cert. [#82][ecdsa-82]); HMAC (Cert. [#412][hmac-412]); RNG (Cert. [#435][rng-435] and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. [#353][rsa-353] and [#357][rsa-357]); SHS (Cert. [#753][shs-753]); Triple-DES (Cert. [#656][tdes-656])#739 and); ECDSA (Cert.); HMAC (Cert.); RNG (Cert. and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)| -|Cryptographic Primitives Library (bcrypt.dll)|[6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.22872][sp-1002]|[1001][certificate-1001]|FIPS approved algorithms: AES (Certs. [#739][aes-739] and [#756][aes-756]); DSA (Cert. [#283][dsa-283]); ECDSA (Cert. [#82][ecdsa-82]); HMAC (Cert. [#412][hmac-412]); RNG (Cert. [#435][rng-435] and SP 800-90, vendor affirmed); RSA (Certs. [#353][rsa-353] and [#357][rsa-357]); SHS (Cert. [#753][shs-753]); Triple-DES (Cert. [#656][tdes-656])
Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)| -|Enhanced Cryptographic Provider (RSAENH)|[6.0.6001.22202 and 6.0.6002.18005][sp-1002]|[1002][certificate-1002]|FIPS approved algorithms: AES (Cert. [#739][aes-739]); HMAC (Cert. [#407][hmac-407]); RNG (SP 800-90, vendor affirmed); RSA (Certs. [#353][rsa-353] and [#354][rsa-354]); SHS (Cert. [#753][shs-753]); Triple-DES (Cert. [#656][tdes-656])
Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)| -|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[6.0.6001.18000 and 6.0.6002.18005][sp-1003]|[1003][certificate-1003]|FIPS approved algorithms: DSA (Cert. [#281][dsa-281]); RNG (Cert. [#435][rng-435]); SHS (Cert. [#753][shs-753]); Triple-DES (Cert. [#656][tdes-656]); Triple-DES MAC (Triple-DES Cert. [#656][tdes-656], vendor affirmed)
Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4| - -
Other algorithms: DES; MD5; HMAC MD5| -|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[5.1.2600.5507][sp-990]|[990][certificate-990]|FIPS approved algorithms: DSA (Cert. [#292][dsa-292]); RNG (Cert. [#448][rng-448]); SHS (Cert. [#784][shs-784]); Triple-DES (Cert. [#676][tdes-676]); Triple-DES MAC (Triple-DES Cert. [#676][tdes-676], vendor affirmed)
Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4| -|Enhanced Cryptographic Provider (RSAENH)|[5.1.2600.5507][sp-989]|[989][certificate-989]|FIPS approved algorithms: AES (Cert. [#781][aes-781]); HMAC (Cert. [#428][shs-428]); RNG (Cert. [#447][rng-447]); RSA (Cert. [#371][rsa-371]); SHS (Cert. [#783][shs-783]); Triple-DES (Cert. [#675][tdes-675]); Triple-DES MAC (Triple-DES Cert. [#675][tdes-675], vendor affirmed)
Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits)| - -
Other algorithms: DES (Cert. [#66][des-66]); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement)| -|Microsoft Enhanced Cryptographic Provider|[5.1.2600.2161][sp-238]|[238][certificate-238]|FIPS approved algorithms: Triple-DES (Cert. [#81][tdes-81]); AES (Cert. [#33][aes-33]); SHA-1 (Cert. [#83][shs-83]); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. [#83][shs-83], vendor affirmed)
Other algorithms: DES (Cert. [#156][des-156]); RC2; RC4; MD5| - - -
Other algorithms: DES (Cert. [#156][des-156]); RC2; RC4; MD5| - -
Other algorithms: DES (Cert. [#89][des-89])| - -
Other algorithms: DES (Certs. [#89][des-89])| -|Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider|[(Base DSS: 5.0.2195.3665 [SP3])][sp-103]
[(Base: 5.0.2195.3839 [SP3])][sp-103]
[(DSS/DH Enh: 5.0.2195.3665 [SP3])][sp-103]
[(Enh: 5.0.2195.3839 [SP3]][sp-103]|[103][certificate-103]|FIPS approved algorithms: Triple-DES (Cert. [#16][tdes-16]); DSA/SHA-1 (Certs. [#28][dsa-28] and [#29][dsa-29]); RSA (vendor affirmed)
Other algorithms: DES (Certs. [#65][des-65], [66][des-66], [67][des-67] and [68][des-68]); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5| - -
Other algorithms: DES (Certs. [#89][des-89])| -|Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider|[(Base DSS:][sp-103]
[5.0.2195.2228 [SP2])][sp-103]
[(Base:][sp-103]
[5.0.2195.2228 [SP2])][sp-103]
[(DSS/DH Enh:][sp-103]
[5.0.2195.2228 [SP2])][sp-103]
[(Enh:][sp-103]
[5.0.2195.2228 [SP2])][sp-103]|[103][certificate-103]|FIPS approved algorithms: Triple-DES (Cert. [#16][tdes-16]); DSA/SHA-1 (Certs. [#28][dsa-28] and [#29][dsa-29]); RSA (vendor affirmed)
Other algorithms: DES (Certs. [#65][des-65], [66][des-66], [67][des-67] and [68][des-68]); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5| - -
[(Base: 5.0.2150.1391 [SP1])][sp-103]
[(DSS/DH Enh: 5.0.2150.1391 [SP1])][sp-103]
[(Enh: 5.0.2150.1391 [SP1])][sp-103]|[103][certificate-103]|FIPS approved algorithms: Triple-DES (Cert. [#16][tdes-16]); DSA/SHA-1 (Certs. [#28][dsa-28] and [#29][dsa-29]); RSA (vendor affirmed)
Other algorithms: DES (Certs. [#65][des-65], [66][des-66], [67][des-67] and [68][des-68]); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5| - -
Other algorithms: DES (Certs. [#65][des-65], [66][des-66], [67][des-67] and [68][des-68]); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)| - -
Other algorithms: DES (Certs. [#61][des-61], [62][des-62], [63][des-63] and [64][des-64]); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)| - -
Other algorithms: DES (Certs. [#61][des-61], [62][des-62], [63][des-63] and [64][des-64]); Triple-DES (allowed for US and Canadian Government use); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)| - -
Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)| -|Kernel Mode Cryptographic Primitives Library (cng.sys)|[10.0.14393][sp-2936]|[2936][certificate-2936]|FIPS approved algorithms: AES (Cert. [#4064][aes-4064]); DRBG (Cert. [#1217][drbg-1217]); DSA (Cert. [#1098][dsa-1098]); ECDSA (Cert. [#911][ecdsa-911]); HMAC (Cert. [#2651][hmac-2651]); KAS (Cert. [#92][kas-92]); KBKDF (Cert. [#101][kdf-101]); KTS (AES Cert. [#4062][aes-4062]; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2192][rsa-2192], [#2193, and #2195][rsa-2193]); SHS (Cert. [#3347][shs-3347]); Triple-DES (Cert. [#2227][tdes-2227])
Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)| -|Boot Manager|[10.0.14393][sp-2931]|[2931][certificate-2931]|FIPS approved algorithms: AES (Certs. [#4061][aes-4061] and [#4064][aes-4064]); HMAC (Cert. [#2651][hmac-2651]); PBKDF (vendor affirmed); RSA (Cert. [#2193][rsa-2193]); SHS (Cert. [#3347][shs-3347])
Other algorithms: MD5; PBKDF (non-compliant); VMK KDF| -|BitLocker® Windows OS Loader (winload)|[10.0.14393][sp-2932]|[2932][certificate-2932]|FIPS approved algorithms: AES (Certs. [#4061][aes-4061] and [#4064][aes-4064]); RSA (Cert. [#2193][rsa-2193]); SHS (Cert. [#3347][shs-3347])
Other algorithms: NDRNG; MD5| -|BitLocker® Windows Resume (winresume)|[10.0.14393][sp-2933]|[2933][certificate-2934]|FIPS approved algorithms: AES (Certs. [#4061][aes-4061] and [#4064][aes-4064]); RSA (Cert. [#2193][rsa-2193]); SHS (Cert. [#3347][shs-3347])
Other algorithms: MD5| -|BitLocker® Dump Filter (dumpfve.sys)|[10.0.14393][sp-2934]|[2934][certificate-2934]|FIPS approved algorithms: AES (Certs. [#4061][aes-4061] and [#4064][aes-4064])| -|Code Integrity (ci.dll)|[10.0.14393][sp-2935]|[2935][certificate-2935]|FIPS approved algorithms: RSA (Cert. [#2193][rsa-2193]); SHS (Cert. [#3347][shs-3347])
Other algorithms: AES (non-compliant); MD5| -|Secure Kernel Code Integrity (skci.dll)|[10.0.14393][sp-2938]|[2938][certificate-2938]|FIPS approved algorithms: RSA (Certs. [#2193][rsa-2193]); SHS (Certs. [#3347][shs-3347])
Other algorithms: MD5| - -
Other algorithms: AES (Cert. [#2832][aes-2832], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)| -|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.3.9600 6.3.9600.17042][sp-2356]|[2356][certificate-2356]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832]); DRBG (Certs. [#489][drbg-489]); ECDSA (Cert. [#505][ecdsa-505]); HMAC (Cert. [#1773][hmac-1773]); KAS (Cert. [#47][kas-47]); KBKDF (Cert. [#30][kdf-30]); PBKDF (vendor affirmed); RSA (Certs. [#1487][rsa-1487], [#1493, and #1519][rsa-1493]); SHS (Cert. [# 2373][shs-2373]); Triple-DES (Cert. [#1692][tdes-1692])
Other algorithms: AES (Cert. [#2832][aes-2832], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)| -|Boot Manager|[6.3.9600 6.3.9600.17031][sp-2351]|[2351][certificate-2351]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832]); HMAC (Cert. [#1773][hmac-1773]); PBKDF (vendor affirmed); RSA (Cert. [#1494][rsa-1494]); SHS (Certs. [# 2373][shs-2373] and [#2396][shs-2396])
Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)| -|BitLocker® Windows OS Loader (winload)|[6.3.9600 6.3.9600.17031][sp-2352]|[2352][certificate-2352]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832]); RSA (Cert. [#1494][rsa-1494]); SHS (Cert. [#2396][shs-2396])
Other algorithms: MD5; NDRNG| -|BitLocker® Windows Resume (winresume)[16]|[6.3.9600 6.3.9600.17031][sp-2353]|[2353][certificate-2353]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832]); RSA (Cert. [#1494][rsa-1494]); SHS (Certs. [# 2373][shs-2373] and [#2396][shs-2396])
Other algorithms: MD5| -|BitLocker® Dump Filter (dumpfve.sys)[17]|[6.3.9600 6.3.9600.17031][sp-2354]|[2354][certificate-2354]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832])
Other algorithms: N/A| -|Code Integrity (ci.dll)|[6.3.9600 6.3.9600.17031][sp-2355]|[2355][certificate-2355]|FIPS approved algorithms: RSA (Cert. [#1494][rsa-1494]); SHS (Cert. [# 2373][shs-2373])
Other algorithms: MD5| - -\[16\] Doesn't apply to **Azure StorSimple Virtual Array Windows Server 2012 R2** - -\[17\] Doesn't apply to **Azure StorSimple Virtual Array Windows Server 2012 R2** - -
Other algorithms: AES (Cert. [#2197][aes-2197], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert.); HMAC (Cert. #); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)| -|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.2.9200][sp-1891]|[1891][certificate-1891]|FIPS approved algorithms: AES (Certs. [#2197][aes-2197] and [#2216][aes-2216]); DRBG (Certs. [#258][drbg-258] and [#259][drbg-259]); ECDSA (Cert. [#341][ecdsa-341]); HMAC (Cert. [#1345][hmac-1345]); KAS (Cert. [#36][kas-36]); KBKDF (Cert. [#3][kdf-3]); PBKDF (vendor affirmed); RNG (Cert. [#1110][rng-1110]); RSA (Certs. [#1133][rsa-1133] and [#1134][rsa-1134]); SHS (Cert. [#1903][shs-1903]); Triple-DES (Cert. [#1387][tdes-1387])
Other algorithms: AES (Cert. [#2197][aes-2197], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)| -|Boot Manager|[6.2.9200][sp-1895]|[1895][sp-1895]|FIPS approved algorithms: AES (Certs. [#2196][aes-2196] and [#2198][aes-2198]); HMAC (Cert. #[1347][hmac-1347]); RSA (Cert. [#1132][rsa-1132]); SHS (Cert. [#1903][shs-1903])
Other algorithms: MD5| -|BitLocker® Windows OS Loader (WINLOAD)|[6.2.9200][sp-1896]|[1896][sp-1896]|FIPS approved algorithms: AES (Certs. [#2196][aes-2196] and [#2198][aes-2198]); RSA (Cert. [#1132][rsa-1132]); SHS (Cert. [#1903][shs-1903])
Other algorithms: AES (Cert. [#2197][aes-2197]; non-compliant); MD5; Non-Approved RNG| -|BitLocker® Windows Resume (WINRESUME)|[6.2.9200][sp-1898]|[1898][sp-1898]|FIPS approved algorithms: AES (Certs. [#2196][aes-2196] and [#2198][aes-2198]); RSA (Cert. [#1132][rsa-1132]); SHS (Cert. [#1903][shs-1903])
Other algorithms: MD5| -|BitLocker® Dump Filter (DUMPFVE.SYS)|[6.2.9200][sp-1899]|[1899][sp-1899]|FIPS approved algorithms: AES (Certs. [#2196][aes-2196] and [#2198][aes-2198])
Other algorithms: N/A| -|Code Integrity (CI.DLL)|[6.2.9200][sp-1897]|[1897][sp-1897]|FIPS approved algorithms: RSA (Cert. [#1132][rsa-1132]); SHS (Cert. [#1903][shs-1903])
Other algorithms: MD5| -|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)|[6.2.9200][sp-1893]|[1893][sp-1893]|FIPS approved algorithms: DSA (Cert. [#686][dsa-686]); SHS (Cert. [#1902][shs-1902]); Triple-DES (Cert. [#1386][tdes-1386]); Triple-DES MAC (Triple-DES Cert. [#1386][tdes-1386], vendor affirmed)
Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. [#1386][tdes-1386], key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)| -|Enhanced Cryptographic Provider (RSAENH.DLL)|[6.2.9200][sp-1894]|[1894][sp-1894]|FIPS approved algorithms: AES (Cert. [#2196][aes-2196]); HMAC (Cert. [#1346][hmac-1346]); RSA (Cert. [#1132][rsa-1132]); SHS (Cert. [#1902][shs-1902]); Triple-DES (Cert. [#1386][tdes-1386])
Other algorithms: AES (Cert. [#2196][aes-2196], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. [#1386][tdes-1386], key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)| -
Other algorithms: MD5| -|Winload OS Loader (winload.exe)|[6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675][sp-1333]|[1333][certificate-1333]|FIPS approved algorithms: AES (Certs. [#1168][aes-1168] and [#1177][aes-1177]); RSA (Cert. [#568][rsa-568]); SHS (Cert. [#1081][shs-1081])
Other algorithms: MD5| -|Code Integrity (ci.dll)|[6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108][sp-1334]|[1334][certificate-1334]|FIPS approved algorithms: RSA (Cert. [#568][rsa-568]); SHS (Cert. [#1081][shs-1081])
Other algorithms: MD5| -|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076][sp-1335]|[1335][certificate-1335]|FIPS approved algorithms: AES (Certs. [#1168][aes-1168] and [#1177][aes-1177]); AES GCM (Cert. [#1168][aes-1168], vendor-affirmed); AES GMAC (Cert. [#1168][aes-1168], vendor-affirmed); DRBG (Certs. [#23][drbg-23] and [#27][drbg-27]); ECDSA (Cert. [#142][ecdsa-142]); HMAC (Cert. [#686][hmac-686]); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. [#649][rng-649]); RSA (Certs. [#559][rsa-559] and [#567][rsa-567]); SHS (Cert. [#1081][shs-1081]); Triple-DES (Cert. [#846][tdes-846])
Other algorithms: AES (Cert. [#1168][aes-1168], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4| -|Cryptographic Primitives Library (bcryptprimitives.dll)|[66.1.7600.16385 or 6.1.7601.17514][sp-1336]|[1336][certificate-1336]|FIPS approved algorithms: AES (Certs. [#1168][aes-1168] and [#1177][aes-1177]); AES GCM (Cert. [#1168][aes-1168], vendor-affirmed); AES GMAC (Cert. [#1168][aes-1168], vendor-affirmed); DRBG (Certs. [#23][drbg-23] and [#27][drbg-27]); DSA (Cert. [#391][dsa-391]); ECDSA (Cert. [#142][ecdsa-142]); HMAC (Cert. [#686][hmac-686]); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. [#649][rng-649]); RSA (Certs. [#559][rsa-559] and [#567][rsa-567]); SHS (Cert. [#1081][shs-1081]); Triple-DES (Cert. [#846][tdes-846])
Other algorithms: AES (Cert. [#1168][aes-1168], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4| -|Enhanced Cryptographic Provider (RSAENH)|[6.1.7600.16385][sp-1337]|[1337][certificate-1337]|FIPS approved algorithms: AES (Cert. [#1168][aes-1168]); DRBG (Cert. [#23][drbg-23]); HMAC (Cert. [#687][hmac-687]); SHS (Cert. [#1081][shs-1081]); RSA (Certs. [#559][rsa-559] and [#568][rsa-568]); Triple-DES (Cert. [#846][tdes-846])
Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)| -|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[6.1.7600.16385][sp-1338]|[1338][certificate-1338]|FIPS approved algorithms: DSA (Cert. [#390][dsa-390]); RNG (Cert. [#649][rng-649]); SHS (Cert. [#1081][shs-1081]); Triple-DES (Cert. [#846][tdes-846]); Triple-DES MAC (Triple-DES Cert. [#846][tdes-846], vendor affirmed)
Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4| -|BitLocker™ Drive Encryption|[6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675][sp-1339]|[1339][certificate-1339]|FIPS approved algorithms: AES (Certs. [#1168][aes-1168] and [#1177][aes-1177]); HMAC (Cert. [#675][hmac-675]); SHS (Cert. [#1081][shs-1081])
Other algorithms: Elephant Diffuser| - -
Other algorithms: N/A| -|Winload OS Loader (winload.exe)|[6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596][sp-1005]|[1005][certificate-1005]|FIPS approved algorithms: AES (Certs. [#739][aes-739] and [#760][aes-760]); RSA (Cert. [#355][rsa-355]); SHS (Cert. [#753][shs-753])
Other algorithms: MD5| -|Code Integrity (ci.dll)|[6.0.6001.18000 and 6.0.6002.18005][sp-1006]|[1006][certificate-1006]|FIPS approved algorithms: RSA (Cert. [#355][rsa-355]); SHS (Cert. [#753][shs-753])
Other algorithms: MD5| -|Kernel Mode Security Support Provider Interface (ksecdd.sys)|[6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869][sp-1007]|[1007][certificate-1007]|FIPS approved algorithms: AES (Certs. [#739][aes-739] and [#757][aes-757]); ECDSA (Cert. [#83][ecdsa-83]); HMAC (Cert. [#413][hmac-413]); RNG (Cert. [#435][rng-435] and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. [#353][rsa-353] and [#358][rsa-358]); SHS (Cert. [#753][shs-753]); Triple-DES (Cert. [#656][tdes-656])
Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert.); RNG (Cert. and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. and); SHS (Cert.); Triple-DES (Cert.)
Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)| -|Cryptographic Primitives Library (bcrypt.dll)|[6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872][sp-1008]|[1008][certificate-1008]|FIPS approved algorithms: AES (Certs. [#739][aes-739] and [#757][aes-757]); DSA (Cert. [#284][dsa-284]); ECDSA (Cert. [#83][ecdsa-83]); HMAC (Cert. [#413][hmac-413]); RNG (Cert. [#435][rng-435] and SP800-90, vendor affirmed); RSA (Certs. [#353][rsa-353] and [#358][rsa-358]); SHS (Cert. [#753][shs-753]); Triple-DES (Cert. [#656][tdes-656])
Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)| -|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[6.0.6001.18000 and 6.0.6002.18005][sp-1009]|[1009][certificate-1009]|FIPS approved algorithms: DSA (Cert. [#282][dsa-282]); RNG (Cert. [#435][rng-435]); SHS (Cert. [#753][shs-753]); Triple-DES (Cert. [#656][tdes-656]); Triple-DES MAC (Triple-DES Cert. [#656][tdes-656], vendor affirmed)
Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4| -|Enhanced Cryptographic Provider (RSAENH)|[6.0.6001.22202 and 6.0.6002.18005][sp-1010]|[1010][certificate-1010]|FIPS approved algorithms: AES (Cert. [#739][aes-739]); HMAC (Cert. [#408][hmac-408]); RNG (SP 800-90, vendor affirmed); RSA (Certs. [#353][rsa-353] and [#355][rsa-355]); SHS (Cert. [#753][shs-753]); Triple-DES (Cert. [#656][tdes-656])
Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)| - -
Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4| -|Kernel Mode Cryptographic Module (FIPS.SYS)|[5.2.3790.3959][sp-869]|[869][certificate-869]|FIPS approved algorithms: HMAC (Cert. [#287][hmac-287]); RNG (Cert. [#313][rng-313]); SHS (Cert. [#610][shs-610]); Triple-DES (Cert. [#542][tdes-542])
Other algorithms: DES; HMAC-MD5| -|Enhanced Cryptographic Provider (RSAENH)|[5.2.3790.3959][sp-868]|[868][certificate-868]|FIPS approved algorithms: AES (Cert. [#548][aes-548]); HMAC (Cert. [#289][hmac-289]); RNG (Cert. [#316][rng-316]); RSA (Cert. [#245][rsa-245]); SHS (Cert. [#613][shs-613]); Triple-DES (Cert. [#544][tdes-544])
Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)| - -
Other algorithms: DES (Cert. [#230][des-230][1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)
[1] x86
[2] SP1 x86, x64, IA64| -|Enhanced Cryptographic Provider (RSAENH)|[5.2.3790.1830 [Service Pack 1])][sp-382]|[382][certificate-382]|FIPS approved algorithms: Triple-DES (Cert. [#192][tdes-192][1] and [#365][tdes-365][2]); AES (Certs. [#80][aes-80][1] and [#290][aes-290][2]); SHS (Cert. [#176][shs-176][1] and [#364][shs-364][2]); HMAC (Cert. [#176][shs-176], vendor affirmed[1] and [#99][hmac-99][2]); RSA (PKCS#1, vendor affirmed[1] and [#81][rsa-81][2])
Other algorithms: DES (Cert. [#226][des-226][1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5
[1] x86
[2] SP1 x86, x64, IA64| -|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[5.2.3790.1830 [Service Pack 1]][sp-381]|[381][certificate-381]|FIPS approved algorithms: Triple-DES (Certs. [#199][tdes-199][1] and [#381][tdes-381][2]); SHA-1 (Certs. [#181][shs-181][1] and [#385][shs-385][2]); DSA (Certs. [#95][dsa-95][1] and [#146][dsa-146][2]); RSA (Cert. [#81][rsa-81])
Other algorithms: DES (Cert. [#229][des-229][1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40
[1] x86
[2] SP1 x86, x64, IA64| - -
Other algorithms: DES (Cert. [#230][des-230] [1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)
[1] x86
[2] SP1 x86, x64, IA64| -|Enhanced Cryptographic Provider (RSAENH)|[5.2.3790.0][sp-382]|[382][certificate-382]|FIPS approved algorithms: Triple-DES (Cert. [#192][tdes-192][1] and [#365][tdes-365][2]); AES (Certs. [#80][aes-80][1] and [#290][aes-290][2]); SHS (Cert. [#176][shs-176][1] and [#364][shs-364][2]); HMAC (Cert. [#176][shs-176], vendor affirmed[1] and [#99][hmac-99][2]); RSA (PKCS#1, vendor affirmed[1] and [#81][rsa-81][2])
Other algorithms: DES (Cert. [#226][des-226][1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5
[1] x86
[2] SP1 x86, x64, IA64| -|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[5.2.3790.0][sp-381]|[381][certificate-381]|FIPS approved algorithms: Triple-DES (Certs. [#199][tdes-199][1] and [#381][tdes-381][2]); SHA-1 (Certs. [#181][shs-181][1] and [#385][shs-385][2]); DSA (Certs. [#95][dsa-95][1] and [#146][dsa-146][2]); RSA (Cert. [#81][rsa-81])
Other algorithms: DES (Cert. [#229][des-229][1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40
[1] x86
[2] SP1 x86, x64, IA64| - -
Allowed algorithms: HMAC-MD5, MD5, NDRNG| -|Cryptographic Primitives Library (bcrypt.dll)|[7.00.2872 [1] and 8.00.6246 [2]][sp-2956]|[2956][certificate-2956]|FIPS approved algorithms: AES (Certs.[#4430][aes-4430]and[#4431][aes-4431]); CKG (vendor affirmed); CVL (Certs.[#1139][component-1139]and[#1140][component-1140]); DRBG (Certs.[#1429][drbg-1429]and[#1430][drbg-1430]); DSA (Certs.[#1187][dsa-1187]and[#1188][dsa-1188]); ECDSA (Certs.[#1072][ecdsa-1072]and[#1073][ecdsa-1073]); HMAC (Certs.[#2942][hmac-2942]and[#2943][hmac-2943]); KAS (Certs.[#114][kas-114]and[#115][kas-115]); RSA (Certs.[#2411][rsa-2411]and[#2412][rsa-2412]); SHS (Certs.[#3648][shs-3648]and[#3649][shs-3649]); Triple-DES (Certs.[#2381][tdes-2381]and[#2382][tdes-2382])
Allowed algorithms: MD5, NDRNG, RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength| - -
Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES| - -
Other algorithms: DES (Certs. [#91][des-91]); DES MAC; RC2; MD2; MD5| - -
AES-CBC:
AES-CFB128:
AES-CTR:
Counter Source: Internal
AES-OFB:
Version 10.0.15063.674| -|
AES-CBC:
AES-CFB128:
AES-CTR:
Counter Source: Internal
AES-OFB:
Version 10.0.16299| -|
AES-CBC:
AES-CCM:
AES-CFB128:
AES-CFB8:
AES-CMAC:
AES-128:
AES-192:
AES-256:
Verification:
AES-128:
AES-192:
AES-256:
AES-CTR:
Counter Source: Internal
AES-ECB:
AES-GCM:
AES-XTS:
Version 10.0.15063.674| -|
AES-CBC:
AES-CCM:
AES-CFB128:
AES-CFB8:
AES-CMAC:
AES-128:
AES-192:
AES-256:
AES-128:
AES-192:
AES-256:
AES-CTR:
Counter Source: Internal
AES-ECB:
AES-GCM:
AES-XTS:
Version 10.0.15254| -|AES-CBC:
AES-CCM:
AES-CFB128:
AES-CFB8:
AES-CMAC:
AES-128:
AES-192:
AES-256:
Verification:
AES-128:
AES-192:
AES-256:
AES-CTR:
Counter Source: Internal
AES-ECB:
AES-GCM:
AES-XTS:
Version 10.0.16299| -|AES-KW:
AES [validation number 4902][aes-4902]|Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations [#4900][aes-4900]
Version 10.0.15063.674| -|AES-KW:
AES [validation number 4901][aes-4901]|Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations [#4899][aes-4899]
Version 10.0.15254| -|AES-KW:
AES [validation number 4897][aes-4897]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations [#4898][aes-4898]
Version 10.0.16299| -|AES-CCM:
AES [validation number 4902][aes-4902]|Microsoft Surface Hub BitLocker(R) Cryptographic Implementations [#4896][aes-4896]
Version 10.0.15063.674| -|AES-CCM:
AES [validation number 4901][aes-4901]|Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations [#4895][aes-4895]
Version 10.0.15254| -|AES-CCM:
AES [validation number 4897][aes-4897]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations [#4894][aes-4894]
Version 10.0.16299| -|**CBC** (e/d; 128, 192, 256);
**CFB128** (e/d; 128, 192, 256);
**OFB** (e/d; 128, 192, 256);
**CTR** (int only; 128, 192, 256)|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#4627][aes-4627]
Version 10.0.15063| -|**KW** (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)
AES [validation number 4624][aes-4624]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations [#4626][aes-4626]
Version 10.0.15063| -|**CCM** (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
AES [validation number 4624][aes-4624]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations [#4625][aes-4625]
Version 10.0.15063| -|**ECB** (e/d; 128, 192, 256);
**CBC** (e/d; 128, 192, 256);
**CFB8** (e/d; 128, 192, 256);
**CFB128** (e/d; 128, 192, 256);
**CTR** (int only; 128, 192, 256)
**CCM** (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
**CMAC** (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16)
**GCM** (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
IV Generated: (External); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); 96 bit IV supported
GMAC supported
**XTS**((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#4624][aes-4624]
Version 10.0.15063| -|**ECB** (e/d; 128, 192, 256);
**CBC** (e/d; 128, 192, 256);|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#4434][aes-4434]
Version 7.00.2872| -|**ECB** (e/d; 128, 192, 256);
**CBC** (e/d; 128, 192, 256);|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#4433][aes-4433]
Version 8.00.6246| -|**ECB** (e/d; 128, 192, 256);
**CBC** (e/d; 128, 192, 256);
**CTR** (int only; 128, 192, 256)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#4431][aes-4431]
Version 7.00.2872| -|**ECB** (e/d; 128, 192, 256);
**CBC** (e/d; 128, 192, 256);
**CTR** (int only; 128, 192, 256)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#4430][aes-4430]
Version 8.00.6246| -|**CBC** (e/d; 128, 192, 256);
**CFB128** (e/d; 128, 192, 256);
**OFB** (e/d; 128, 192, 256);
**CTR** (int only; 128, 192, 256)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#4074][aes-4074]
Version 10.0.14393| -|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CFB8** (e/d; 128, 192, 256);
**CFB128** (e/d; 128, 192, 256); **CTR** (int only; 128, 192, 256)
**CCM** (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
**CMAC (Generation/Verification)** (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
**GCM** (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
**IV Generated:** (Externally); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported
GMAC supported
**XTS((KS: XTS_128**((e/d)(f)) **KS: XTS_256**((e/d)(f))|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations [#4064][aes-4064]
Version 10.0.14393| -|**ECB** (e/d; 128, 192, 256);
**CBC** (e/d; 128, 192, 256);
**CFB8** (e/d; 128, 192, 256);|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations [#4063][aes-4063]
Version 10.0.14393| -|**KW** (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 192, 256, 320, 2048)
AES [validation number 4064][aes-4064]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#4062][aes-4062]
Version 10.0.14393| -|**CCM** (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
AES [validation number 4064][aes-4064]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations [#4061][aes-4061]
Version 10.0.14393| -|**KW** (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)
AES [validation number 3629][aes-3629]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" Cryptography Next Generation (CNG) Implementations [#3652][aes-3652]
Version 10.0.10586| -|**CCM** (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
AES [validation number 3629][aes-3629]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" BitLocker® Cryptographic Implementations [#3653][aes-3653]
Version 10.0.10586| -|**ECB** (e/d; 128, 192, 256);
**CBC** (e/d; 128, 192, 256);
**CFB8** (e/d; 128, 192, 256);|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" RSA32 Algorithm Implementations [#3630][aes-3630]
Version 10.0.10586| -|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CFB8** (e/d; 128, 192, 256);
**CFB128** (e/d; 128, 192, 256); **CTR** (int only; 128, 192, 256)
**CCM** (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
**CMAC (Generation/Verification)** (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
**GCM** (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)v**IV Generated:** (Externally); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported
GMAC supported
**XTS((KS: XTS_128**((e/d) (f)) **KS: XTS_256**((e/d) (f))|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" SymCrypt Cryptographic Implementations [#3629][aes-3629]
Version 10.0.10586| -|**KW** (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)
AES [validation number 3497][aes-3497]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#3507][aes-3507]
Version 10.0.10240| -|**CCM** (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
AES [validation number 3497][aes-3497]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations [#3498][aes-3498]
Version 10.0.10240| -|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CFB8** (e/d; 128, 192, 256);
**CFB128** (e/d; 128, 192, 256); **CTR** (int only; 128, 192, 256)
**CCM** (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
**CMAC(Generation/Verification)** (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
**GCM** (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
**IV Generated:** (Externally); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported
GMAC supported
**XTS((KS: XTS_128**((e/d)(f)) **KS: XTS_256**((e/d)(f))|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations [#3497][aes-3497]
Version 10.0.10240| -|**ECB** (e/d; 128, 192, 256);
**CBC** (e/d; 128, 192, 256);
**CFB8** (e/d; 128, 192, 256);|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations [#3476][aes-3476]
Version 10.0.10240| -|**ECB** (e/d; 128, 192, 256);
**CBC** (e/d; 128, 192, 256);
**CFB8** (e/d; 128, 192, 256);|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations [#2853][aes-2853]
Version 6.3.9600| -|**CCM (KS: 256)** (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
AES [validation number 2832][aes-2832]|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BitLocker Cryptographic Implementations [#2848][aes-2848]
Version 6.3.9600| -|**CCM (KS: 128, 192, 256)** (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 0 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
**CMAC (Generation/Verification) (KS: 128**; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
**GCM (KS: AES_128**(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
**(KS: AES_256**(e/d) Tag Length(s): 128 120 112 104 96)
**IV Generated:** (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96 bit IV supported;
**OtherIVLen_Supported
GMAC supported**|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #[2832][aes-2832]
Version 6.3.9600| -|**CCM (KS: 128, 192, 256**) **(Assoc. Data Len Range**: 0-0, 2^16) **(Payload Length Range**: 0 - 32 (**Nonce Length(s)**: 7 8 9 10 11 12 13 **(Tag Length(s)**: 4 6 8 10 12 14 16)
AES [validation number 2197][aes-2197]
**CMAC** (Generation/Verification) **(KS: 128;** Block Size(s); **Msg Len(s)** Min: 0 Max: 2^16; **Tag Len(s)** Min: 16 Max: 16) **(KS: 192**; Block Size(s); **Msg Len(s)** Min: 0 Max: 2^16; **Tag Len(s)** Min: 16 Max: 16) **(KS: 256**; Block Size(s); **Msg Len(s)** Min: 0 Max: 2^16; **Tag Len(s)** Min: 16 Max: 16)
AES [validation number 2197][aes-2197]
**GCM(KS: AES_128**(e/d) Tag Length(s): 128 120 112 104 96) **(KS: AES_192**(e/d) Tag Length(s): 128 120 112 104 96)
**(KS: AES_256**(e/d) Tag Length(s): 128 120 112 104 96)
**IV Generated:** (Externally); **PT Lengths Tested:** (0, 128, 1024, 8, 1016); **Additional authenticated data lengths tested:** (0, 128, 1024, 8, 1016); **IV Lengths Tested:** (8, 1024); **96 bit IV supported
GMAC supported**|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#2216][aes-2216]| -|**CCM (KS: 256) (Assoc. Data Len Range: **0 - 0, 2^16**) (Payload Length Range:** 0 - 32 (**Nonce Length(s)**: 12 **(Tag Length(s)**: 16)
AES [validation number 2196][aes-2196]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations [#2198][aes-2198]| -|**ECB** (e/d; 128, 192, 256);
**CBC** (e/d; 128, 192, 256);
**CFB8** (e/d; 128, 192, 256);
**CFB128** (e/d; 128, 192, 256);
**CTR** (int only; 128, 192, 256)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) [#2197][aes-2197]| -|**ECB** (e/d; 128, 192, 256);
**CBC** (e/d; 128, 192, 256);
**CFB8** (e/d; 128, 192, 256);|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) [#2196][aes-2196]| -|**CCM (KS: 128, 192, 256) (Assoc. Data Len Range: **0 - 0, 2^16**) (Payload Length Range:** 0 - 32 **(Nonce Length(s):** 7 8 9 10 11 12 13 **(Tag Length(s): **4 6 8 10 12 14 16**)**
AES [validation number 1168][aes-1168]|Windows Server 2008 R2 and SP1 CNG algorithms [#1187][aes-1187]
Windows 7 Ultimate and SP1 CNG algorithms [#1178][aes-1178]| -|**CCM (KS: 128, 256) (Assoc. Data Len Range: **0 - 8**) (Payload Length Range:** 4 - 32 **(Nonce Length(s):** 7 8 12 13 **(Tag Length(s): **4 6 8 14 16**)**
AES [validation number 1168][aes-1168]|Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations [#1177][aes-1177]| -|**ECB** (e/d; 128, 192, 256);
**CBC** (e/d; 128, 192, 256);
**CFB8** (e/d; 128, 192, 256);|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation [#1168][aes-1168]| -|**GCM**
**GMAC**|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation [#1168][aes-1168], vendor-affirmed| -|**CCM (KS: 128, 256) (Assoc. Data Len Range: **0 - 8**) (Payload Length Range:** 4 - 32 **(Nonce Length(s):** 7 8 12 13 **(Tag Length(s): **4 6 8 14 16**)**|Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations [#760][aes-760]| -|**CCM (KS: 128, 192, 256) (Assoc. Data Len Range: **0 - 0, 2^16**) (Payload Length Range:** 1 - 32 **(Nonce Length(s):** 7 8 9 10 11 12 13 **(Tag Length(s):** 4 6 8 10 12 14 16**)**|Windows Server 2008 CNG algorithms [#757][aes-757]
Windows Vista Ultimate SP1 CNG algorithms [#756][aes-756]| -|**CBC** (e/d; 128, 256);
**CCM** (**KS: 128, 256**) (**Assoc. Data Len Range**: 0 - 8) (**Payload Length Range**: 4 - 32 (**Nonce Length(s)**: 7 8 12 13 (**Tag Length(s)**: 4 6 8 14 16)|Windows Vista Ultimate BitLocker Drive Encryption [#715][aes-715]
Windows Vista Ultimate BitLocker Drive Encryption [#424][aes-424]| -|**ECB** (e/d; 128, 192, 256);
**CBC** (e/d; 128, 192, 256);
**CFB8** (e/d; 128, 192, 256);|Windows Vista Ultimate SP1 and Windows Server 2008 Symmetric Algorithm Implementation [#739][aes-739]
Windows Vista Symmetric Algorithm Implementation [#553][aes-553]| -|**ECB** (e/d; 128, 192, 256);
**CBC** (e/d; 128, 192, 256);
**CTR** (int only; 128, 192, 256)|Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#2023][aes-2023]| -|**ECB** (e/d; 128, 192, 256);
**CBC** (e/d; 128, 192, 256);|Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) [#2024][aes-2024]
Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#818][aes-818]
Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#781][aes-781]
Windows 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#548][aes-548]
Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) [#516][aes-516]
Windows CE and Windows Mobile 6, 6.1, and 6.5 Enhanced Cryptographic Provider (RSAENH) [#507][aes-507]
Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) [#290][aes-290]
Windows CE 5.0 and 5.1 Enhanced Cryptographic Provider (RSAENH) [#224][aes-224]
Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) [#80][aes-80]
Windows XP, SP1, and SP2 Enhanced Cryptographic Provider (RSAENH) [#33][aes-33]| - -
ECDSA SigGen:
Prerequisite: DRBG [#489][drbg-489]|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#1540][component-1540]
Version 6.3.9600| -|
RSASP1:
Modulus Size: 2048 (bits)
Padding Algorithms: PKCS 1.5|Microsoft Surface Hub Virtual TPM Implementations [#1519][component-1519]
Version 10.0.15063.674| -|
RSASP1:
Modulus Size: 2048 (bits)
Padding Algorithms: PKCS 1.5|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#1518][component-1518]
Version 10.0.16299| -|RSADP:
Modulus Size: 2048 (bits)|Microsoft Surface Hub MsBignum Cryptographic Implementations [#1517][component-1517]
Version 10.0.15063.674| -|
RSASP1:
Modulus Size: 2048 (bits)
Padding Algorithms: PKCS 1.5|Microsoft Surface Hub MsBignum Cryptographic Implementations [#1516][component-1516]
Version 10.0.15063.674| -|
ECDSA SigGen:
Prerequisite: DRBG [#1732][drbg-1732]|Microsoft Surface Hub MsBignum Cryptographic Implementations [#1515][component-1515]
Version 10.0.15063.674| -|
ECDSA SigGen:
Prerequisite: DRBG [#1732][drbg-1732]|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1514][component-1514]
Version 10.0.15063.674| -|RSADP:
Modulus Size: 2048 (bits)|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1513][component-1513]
Version 10.0.15063.674| -|
RSASP1:
Modulus Size: 2048 (bits)
Padding Algorithms: PKCS 1.5|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1512][component-1512]
Version 10.0.15063.674| -|
IKEv1:
Diffie-Hellman shared secrets:
Diffie-Hellman shared secret:
Diffie-Hellman shared secret:
Prerequisite: SHS [#4011][shs-4011], HMAC [#3269][hmac-3269]
IKEv2:
Diffie-Hellman shared secret:
Diffie-Hellman shared secret:
Diffie-Hellman shared secret:
Prerequisite: SHS [#4011][shs-4011], HMAC [#3269][hmac-3269]
TLS:
SHA Functions: SHA-256, SHA-384
Prerequisite: SHS [#4011][shs-4011], HMAC [#3269][hmac-3269]|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1511][component-1511]
Version 10.0.15063.674| -|
ECDSA SigGen:
Prerequisite: DRBG [#1731][drbg-1731]|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1510][component-1510]
Version 10.0.15254| -|RSADP:
Modulus Size: 2048 (bits)|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1509][component-1509]
Version 10.0.15254| -|
RSASP1:
Modulus Size: 2048 (bits)
Padding Algorithms: PKCS 1.5|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1508][component-1508]
Version 10.0.15254| -|
IKEv1:
Diffie-Hellman shared secret:
Diffie-Hellman shared secret:
Diffie-Hellman shared secret:
Prerequisite: SHS [#4010][shs-4010], HMAC [#3268][hmac-3268]
IKEv2:
Diffie-Hellman shared secret:
Diffie-Hellman shared secret:
Diffie-Hellman shared secret:
Prerequisite: SHS [#4010][shs-4010], HMAC [#3268][hmac-3268]
TLS:
SHA Functions: SHA-256, SHA-384
Prerequisite: SHS [#4010][shs-4010], HMAC [#3268][hmac-3268]|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1507][component-1507]
Version 10.0.15254| -|
ECDSA SigGen:
Prerequisite: DRBG [#1731][drbg-1731]|Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations [#1506][component-1506]
Version 10.0.15254| -|RSADP:
Modulus Size: 2048 (bits)|Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations [#1505][component-1505]
Version 10.0.15254| -|
RSASP1:
Modulus Size: 2048 (bits)
Padding Algorithms: PKCS 1.5|Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations [#1504][component-1504]
Version 10.0.15254| -|
ECDSA SigGen:
Prerequisite: DRBG [#1730][drbg-1730]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations [#1503][component-1503]
Version 10.0.16299| -|RSADP:
Modulus Size: 2048 (bits)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations [#1502][component-1502]
Version 10.0.16299| -|
RSASP1:
Modulus Size: 2048 (bits)
Padding Algorithms: PKCS 1.5|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations [#1501][component-1501]
Version 10.0.16299| -|
ECDSA SigGen:
Prerequisite: DRBG [#1730][drbg-1730]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1499][component-1499]
Version 10.0.16299| -|RSADP:
Modulus Size: 2048 (bits)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1498][component-1498]
Version 10.0.16299| -|
RSASP1:
Modulus Size: 2048 (bits)
Padding Algorithms: PKCS 1.5|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1497][component-1497]
Version 10.0.16299| -|
IKEv1:
Diffie-Hellman shared secret:
Diffie-Hellman shared secret:
Diffie-Hellman shared secret:
Prerequisite: SHS [#4009][shs-4009], HMAC [#3267][hmac-3267]
IKEv2:
Diffie-Hellman shared secret:
Diffie-Hellman shared secret:
Diffie-Hellman shared secret:
Prerequisite: SHS [#4009][shs-4009], HMAC [#3267][hmac-3267]
TLS:
SHA Functions: SHA-256, SHA-384
Prerequisite: SHS [#4009][shs-4009], HMAC [#3267][hmac-3267]|Windows 10 Home, Pro, Enterprise, Education,Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1496][component-1496]
Version 10.0.16299| -|FIPS186-4 ECDSA
Signature Generation of hash sized messages
ECDSA SigGen Component: CURVES(P-256 P-384 P-521)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations [#1284][component-1284]
Version 10.0. 15063
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1279][component-1279]
Version 10.0. 15063
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations [#922][component-922]
Version 10.0.14393
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#894][component-894]
Version 10.0.14393icrosoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" MsBignum Cryptographic Implementations [#666][component-666]
Version 10.0.10586
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#288][component-288]
Version 6.3.9600| -|FIPS186-4 RSA; PKCS#1 v2.1
RSASP1 Signature Primitive
RSASP1: (Mod2048: PKCS1.5 PKCSPSS)|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#1285][component-1285]
Version 10.0.15063
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations [#1282][component-1282]
Version 10.0.15063
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1280][component-1280]
Version 10.0.15063
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#893][component-893]
Version 10.0.14393
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations [#888][component-888]
Version 10.0.14393
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" MsBignum Cryptographic Implementations [#665][component-665]
Version 10.0.10586
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations [#572][component-572]
Version 10.0.10240
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry MsBignum Cryptographic Implementations [#289][component-289]
Version 6.3.9600| -|FIPS186-4 RSA; RSADP
RSADP Primitive
RSADP: (Mod2048)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations [#1283][component-1283]
Version 10.0.15063
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1281][component-1281]
Version 10.0.15063
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#895][component-895]
Version 10.0.14393
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#887][component-887]
Version 10.0.14393
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" Cryptography Next Generation (CNG) Implementations [#663][component-663]
Version 10.0.10586
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations [#576][component-576]
Version 10.0.10240| -|SP800-135
Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1496][component-1496]
Version 10.0.16299
Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1278][component-1278]
Version 10.0.15063
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1140][component-1140]
Version 7.00.2872
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1139][component-1139]
Version 8.00.6246
Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BcryptPrimitives and NCryptSSLp [#886][component-886]
Version 10.0.14393
Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" BCryptPrimitives and NCryptSSLp [#664][component-664]
Version 10.0.10586
Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BCryptPrimitives and NCryptSSLp [#575][component-575]
Version 10.0.10240
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BCryptPrimitives and NCryptSSLp [#323][component-323]
Version 6.3.9600| - -
Counter:
Prerequisite: AES [#4904][aes-4904]|Microsoft Surface Hub Virtual TPM Implementations [#1734][drbg-1734]
Version 10.0.15063.674| -|
Counter:
Prerequisite: AES [#4903][aes-4903]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#1733][drbg-1733]
Version 10.0.16299| -|
Counter:
Prerequisite: AES [#4902][aes-4902]|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1732][drbg-1732]
Version 10.0.15063.674| -|
Counter:
Prerequisite: AES [#4901][aes-4901]|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1731][drbg-1731]
Version 10.0.15254| -|
Counter:
Prerequisite: AES [#4897][aes-4897]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1730][drbg-1730]
Version 10.0.16299| -|**CTR_DRBG:** [Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256)
(AES [validation number 4627][aes-4627])]|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#1556][drbg-1556]
Version 10.0.15063| -|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256 (AES [validation number 4624][aes-4624])]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1555][drbg-1555]
Version 10.0.15063| -|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 4434][aes-4434])]|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#1433][drbg-1433]
Version 7.00.2872| -|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 4433][aes-4433])]|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#1432][drbg-1432]
Version 8.00.6246| -|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 4431][aes-4431])]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1430][drbg-1430]
Version 7.00.2872| -|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 4430][aes-4430])]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1429][drbg-1429]
Version 8.00.6246| -|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 4074][aes-4074])]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#1222][drbg-1222]
Version 10.0.14393| -|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES [validation number 4064][aes-4064])]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations [#1217][drbg-1217]
Version 10.0.14393| -|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES [validation number 3629][aes-3629])]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations [#955][drbg-955]
Version 10.0.10586| -|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES [validation number 3497][aes-3497])]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations [#868][drbg-868]
Version 10.0.10240| -|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES [validation number 2832][aes-2832])]|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations [#489][drbg-489]
Version 6.3.9600| -|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES [validation number 2197][aes-2197])]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) [#258][drbg-258]| -|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 2023][aes-2023])]|Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#193][drbg-193]| -|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 1168][aes-1168])]|Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 RNG Library [#23][drbg-23]| -|**DRBG** (SP 800-90)|Windows Vista Ultimate SP1, vendor-affirmed| - -
PQGGen:
PQGVer:
SigGen:
SigVer:
KeyPair:
Prerequisite: SHS [#4011][shs-4011], DRBG [#1732][drbg-1732]|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1303][dsa-1303]
Version 10.0.15063.674| -|DSA:
PQGGen:
PQGVer:
SigGen:
SigVer:
KeyPair:
Prerequisite: SHS [#4010][shs-4010], DRBG [#1731][drbg-1731]|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1302][dsa-1302]
Version 10.0.15254| -|DSA:
PQGGen:
PQGVer:
SigGen:
SigVer:
KeyPair:
Prerequisite: SHS [#4009][shs-4009], DRBG [#1730][drbg-1730]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1301][dsa-1301]
Version 10.0.16299|
-|**FIPS186-4:**
**PQG(gen)** PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]
**PQG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
**KeyPairGen**: [(2048,256); (3072,256)]
**SIG(gen)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
**SIG(ver)** PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
SHS: [validation number 3790][shs-3790]
DRBG: [validation number 1555][drbg-1555]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1223][dsa-1223]
Version 10.0.15063|
-|**FIPS186-4:
PQG(ver)PARMS TESTED:** [(1024,160) SHA(1)]
**SIG(ver)PARMS TESTED:** [(1024,160) SHA(1)]
SHS: [validation number 3649][shs-3649]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1188][dsa-1188]
Version 7.00.2872|
-|**FIPS186-4:
PQG(ver)PARMS TESTED:** [(1024,160) SHA(1)]
**SIG(ver)PARMS TESTED:** [(1024,160) SHA(1)]
SHS: [validation number 3648][shs-3648]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1187][dsa-1187]
Version 8.00.6246|
-|**FIPS186-4:
PQG(gen)** PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]
**PQG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
KeyPairGen: [(2048,256); (3072,256)]
**SIG(gen)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
**SIG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
SHS: [validation number 3347][shs-3347]
DRBG: [validation number 1217][drbg-1217]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations [#1098][dsa-1098]
Version 10.0.14393|
-|**FIPS186-4:
PQG(gen)** PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]
**PQG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
KeyPairGen: [(2048,256); (3072,256)] **SIG(gen)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
**SIG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
SHS: [validation number 3047][shs-3047]
DRBG: [validation number 955][drbg-955]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" MsBignum Cryptographic Implementations [#1024][dsa-1024]
Version 10.0.10586|
-|**FIPS186-4:
PQG(gen)** PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]
**PQG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
KeyPairGen: [(2048,256); (3072,256)]
**SIG(gen)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)] **SIG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
SHS: [validation number 2886][shs-2886]
DRBG: [validation number 868][drbg-868]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations [#983][dsa-983]
Version 10.0.10240|
-|**FIPS186-4:
PQG(gen)** PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]
**PQG(ver**)PARMS TESTED: [(2048,256), SHA(256); (3072,256) SHA(256)]
KeyPairGen: [(2048,256); (3072,256)]
**SIG(gen)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
**SIG(ver)**PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
SHS: [validation number 2373][shs-2373]
DRBG: [validation number 489][drbg-489]|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#855][dsa-855]
Version 6.3.9600| -|**FIPS186-2**:
**PQG(ver)** MOD(1024);
**SIG(ver)** MOD(1024);
SHS: [#1903][shs-1903]
DRBG: [#258][drbg-258]
**FIPS186-4: PQG(gen)PARMS TESTED**: [(2048,256)SHA(256); (3072,256) SHA(256)]
**PQG(ver)PARMS TESTED**: [(2048,256) SHA(256); (3072,256) SHA(256)]
**SIG(gen)PARMS TESTED**: [(2048,256) SHA(256); (3072,256) SHA(256)]
**SIG(ver)PARMS TESTED**: [(2048,256) SHA(256); (3072,256) SHA(256)]
SHS: [#1903][shs-1903]
DRBG: [#258][drbg-258]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#687][dsa-687]|
-|**FIPS186-2:
PQG(ver)** MOD(1024);
**SIG(ver)** MOD(1024);
SHS: [#1902][shs-1902]
DRBG: [#258][drbg-258]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) [#686][dsa-686]|
-|**FIPS186-2:
SIG(ver)** MOD(1024);
SHS: [validation number 1773][shs-1773]
DRBG: [validation number 193][drbg-193]|Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#645][dsa-645]|
-|**FIPS186-2:
SIG(ver)** MOD(1024);
SHS: [validation number 1081][shs-1081]
DRBG: [validation number 23][drbg-23]|Windows Server 2008 R2 and SP1 CNG algorithms [#391][dsa-391]
Windows 7 Ultimate and SP1 CNG algorithms [#386][dsa-386]|
-|**FIPS186-2:
SIG(ver)** MOD(1024);
SHS: [validation number 1081][shs-1081]
RNG: [validation number 649][rng-649]|Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) [#390][dsa-390]
Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) [#385][dsa-385]|
-|**FIPS186-2:
SIG(ver)** MOD(1024);
SHS: [validation number 753][shs-753]|Windows Server 2008 CNG algorithms [#284][dsa-284]
Windows Vista Ultimate SP1 CNG algorithms [#283][dsa-283]|
-|**FIPS186-2:
SIG(ver)** MOD(1024);
SHS: [validation number 753][shs-753]
RNG: [validation number 435][rng-435]|Windows Server 2008 Enhanced DSS (DSSENH) [#282][dsa-282]
Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) [#281][dsa-281]|
-|**FIPS186-2:
SIG(ver)** MOD(1024);
SHS: [validation number 618][shs-618]
RNG: [validation number 321][rng-321]|Windows Vista CNG algorithms [#227][dsa-227]
Windows Vista Enhanced DSS (DSSENH) [#226][dsa-226]|
-|**FIPS186-2:
SIG(ver)** MOD(1024);
SHS: [validation number 784][shs-784]
RNG: [validation number 448][rng-448]|Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#292][dsa-292]|
-|**FIPS186-2:
SIG(ver)** MOD(1024);
SHS: [validation number 783][shs-783]
RNG: [validation number 447][rng-447]|Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#291][dsa-291]|
-|**FIPS186-2:
PQG(gen)** MOD(1024);
**PQG(ver)** MOD(1024);
**KEYGEN(Y)** MOD(1024);
**SIG(gen)** MOD(1024);
**SIG(ver)** MOD(1024);
SHS: [validation number 611][shs-611]
RNG: [validation number 314][rng-314]|Windows 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider [#221][dsa-221]|
-|**FIPS186-2:
PQG(gen)** MOD(1024);
**PQG(ver)** MOD(1024);
**KEYGEN(Y)** MOD(1024);
**SIG(gen)** MOD(1024);v**SIG(ver)** MOD(1024);vSHS: [validation number 385][shs-385]|Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#146][dsa-146]|
-|**FIPS186-2:
PQG(ver)** MOD(1024);
**KEYGEN(Y)** MOD(1024);v**SIG(gen)** MOD(1024);
**SIG(ver)** MOD(1024);
SHS: [validation number 181][shs-181]|Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#95][dsa-95]|
-|**FIPS186-2:
PQG(gen)** MOD(1024);
**PQG(ver)** MOD(1024);
**KEYGEN(Y)** MOD(1024);
**SIG(gen)** MOD(1024); SHS: SHA-1 (BYTE)
**SIG(ver)** MOD(1024); SHS: SHA-1 (BYTE)|Windows 2000 DSSENH.DLL [#29][dsa-29]
Windows 2000 DSSBASE.DLL [#28][dsa-28]
Windows NT 4 SP6 DSSENH.DLL [#26][dsa-26]
Windows NT 4 SP6 DSSBASE.DLL [#25][dsa-25]|
-|**FIPS186-2: PRIME;
FIPS186-2:**
**KEYGEN(Y):**SHS: SHA-1 (BYTE)
**SIG(gen):SIG(ver)** MOD(1024);
SHS: SHA-1 (BYTE)|Windows NT 4.0 SP4 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider [#17][dsa-17]| - -
ECDSA:186-4:
Key Pair Generation:
Public Key Validation:
Signature Generation:
Signature Verification:
Prerequisite: SHS [#2373][shs-2373], DRBG [#489][drbg-489]|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#1263][ecdsa-1263]
Version 6.3.9600| -|ECDSA:186-4:
Key Pair Generation:
Prerequisite: SHS [#4011][shs-4011], DRBG [#1734][drbg-1734]|Microsoft Surface Hub Virtual TPM Implementations [#1253][ecdsa-1253]
Version 10.0.15063.674| -|ECDSA:186-4:
Key Pair Generation:
Prerequisite: SHS [#4009][shs-4009], DRBG [#1733][drbg-1733]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#1252][ecdsa-1252]
Version 10.0.16299| -|ECDSA:186-4:
Key Pair Generation:
Public Key Validation:
Signature Generation:
Signature Verification:
Prerequisite: SHS [#4011][shs-4011], DRBG [#1732][drbg-1732]|Microsoft Surface Hub MsBignum Cryptographic Implementations [#1251][ecdsa-1251]
Version 10.0.15063.674| -|ECDSA:186-4:
Key Pair Generation:
Public Key Validation:
Signature Generation:
Signature Verification:
Prerequisite: SHS [#4011][shs-4011], DRBG [#1732][drbg-1732]|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1250][ecdsa-1250]
Version 10.0.15063.674| -|ECDSA:186-4:
Key Pair Generation:
Public Key Validation:
Signature Generation:
Signature Verification:
Prerequisite: SHS [#4010][shs-4010], DRBG [#1731][drbg-1731]|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1249][ecdsa-1249]
Version 10.0.15254| -|ECDSA:186-4:
Key Pair Generation:
Public Key Validation:
Signature Generation:
Signature Verification:
Prerequisite: SHS [#4010][shs-4010], DRBG [#1731][drbg-1731]|Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations [#1248][ecdsa-1248]
Version 10.0.15254| -|ECDSA:186-4:
Key Pair Generation:
Public Key Validation:
Signature Generation:
Signature Verification:
Prerequisite: SHS [#4009][shs-4009], DRBG [#1730][drbg-1730]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations [#1247][ecdsa-1247]
Version 10.0.16299| -|ECDSA:186-4:
Key Pair Generation:
Public Key Validation:
Signature Generation:
Signature Verification:
Prerequisite: SHS [#4009][shs-4009], DRBG [#1730][drbg-1730]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1246][ecdsa-1246]
Version 10.0.16299|
-|**FIPS186-4:
PKG: CURVES**(P-256 P-384 TestingCandidates)
SHS: [validation number 3790][shs-3790]
DRBG: [validation number 1555][drbg-1555]|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#1136][ecdsa-1136]
Version 10.0.15063|
-|**FIPS186-4:
PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)
**PKV: CURVES**(P-256 P-384 P-521)
**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
**SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
SHS: [validation number 3790][shs-3790]
DRBG: [validation number 1555][drbg-1555]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations [#1135][ecdsa-1135]
Version 10.0.15063|
-|**FIPS186-4:
PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)
**PKV: CURVES**(P-256 P-384 P-521)
**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
**SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
SHS: [validation number 3790][shs-3790]
DRBG: [validation number 1555][drbg-1555]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1133][ecdsa-1133]
Version 10.0.15063|
-|**FIPS186-4:
PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)
**PKV: CURVES**(P-256 P-384 P-521)
**SigGen: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
**SigVer: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))
**SHS:**[validation number 3649][shs-3649]
**DRBG:**[validation number 1430][drbg-1430]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1073][ecdsa-1073]
Version 7.00.2872|
-|**FIPS186-4:
PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)
**PKV: CURVES**(P-256 P-384 P-521)
**SigGen: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
**SigVer: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))
**SHS:**[validation number 3648][shs-3648]
**DRBG:**[validation number 1429][drbg-1429]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1072][ecdsa-1072]
Version 8.00.6246|
-|**FIPS186-4:
PKG: CURVES**(P-256 P-384 TestingCandidates)v**PKV: CURVES**(P-256 P-384)
**SigGen: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.v**SigVer: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384))
SHS: [validation number 3347][shs-3347]
DRBG: [validation number 1222][drbg-1222]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#920][ecdsa-920]
Version 10.0.14393|
-|**FIPS186-4:
PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)
**PKV: CURVES**(P-256 P-384 P-521)
**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
**SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))vSHS: [validation number 3347][shs-3347]
DRBG: [validation number 1217][drbg-1217]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations [#911][ecdsa-911]
Version 10.0.14393|
-|**FIPS186-4:
PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)
**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
**SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
SHS: [validation number 3047][shs-3047]
DRBG: [validation number 955][drbg-955]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" MsBignum Cryptographic Implementations [#760][ecdsa-760]
Version 10.0.10586|
-|**FIPS186-4:
PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)
**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
**SigVer**: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
SHS: [validation number 2886][shs-2886]
DRBG: [validation number 868][drbg-868]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations [#706][ecdsa-706]
Version 10.0.10240|
-|**FIPS186-4:
PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)
**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
**SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
SHS: [validation number 2373][shs-2373]
DRBG: [validation number 489][drbg-489]|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#505][ecdsa-505]
Version 6.3.9600|
-|**FIPS186-2:
PKG: CURVES**(P-256 P-384 P-521)
**SHS**: [#1903][shs-1903]
**DRBG**: [#258][drbg-258]
**SIG(ver): CURVES**(P-256 P-384 P-521)
**SHS**: [#1903][shs-1903]
**DRBG**: [#258][drbg-258]
**FIPS186-4:
PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)
**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
**SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
**SHS**: [#1903][shs-1903]
**DRBG**: [#258][drbg-258].|Windows 8,
Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#341][ecdsa-341]|
-|**FIPS186-2:
PKG: CURVES**(P-256 P-384 P-521)
**SHS**: [validation number 1773][shs-1773]
**DRBG**: [validation number 193][drbg-193]
**SIG(ver): CURVES**(P-256 P-384 P-521)
**SHS**: [validation number 1773][shs-1773]
**DRBG**: [validation number 193][drbg-193]
**FIPS186-4:
PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)
**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
**SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
**SHS**: [validation number 1773][shs-1773]
**DRBG**: [validation number 193][drbg-193].|Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#295][ecdsa-295]|
-|**FIPS186-2:
PKG: CURVES**(P-256 P-384 P-521)
**SHS**: [validation number 1081][shs-1081]
**DRBG**: [validation number 23][drbg-23]
**SIG(ver): CURVES**(P-256 P-384 P-521)
**SHS**: [validation number 1081][shs-1081]
**DRBG**: [validation number 23][drbg-23].|Windows Server 2008 R2 and SP1 CNG algorithms [#142][ecdsa-142]
Windows 7 Ultimate and SP1 CNG algorithms [#141][ecdsa-141]|
-|**FIPS186-2:
PKG: CURVES**(P-256 P-384 P-521)
**SHS**: [validation number 753][shs-753]
**SIG(ver): CURVES**(P-256 P-384 P-521)
**SHS**: [validation number 753][shs-753].|Windows Server 2008 CNG algorithms [#83][ecdsa-83]
Windows Vista Ultimate SP1 CNG algorithms [#82][ecdsa-82]|
-|**FIPS186-2:
PKG: CURVES**(P-256 P-384 P-521)
**SHS**: [validation number 618][shs-618]
**RNG**: [validation number 321][shs-618]
**SIG(ver): CURVES**(P-256 P-384 P-521)
**SHS**: [validation number 618][shs-618]
**RNG**: [validation number 321][rng-321].|Windows Vista CNG algorithms [#60][ecdsa-60]| - -
HMAC-SHA-1:
HMAC-SHA2-256:
HMAC-SHA2-384:
Prerequisite: SHS [#4011][shs-4011]|Microsoft Surface Hub Virtual TPM Implementations [#3271][hmac-3271]
Version 10.0.15063.674| -|
HMAC-SHA-1:
HMAC-SHA2-256:
HMAC-SHA2-384:
Prerequisite: SHS [#4009][shs-4009]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#3270][hmac-3270]
Version 10.0.16299| -|
HMAC-SHA-1:
HMAC-SHA2-256:
HMAC-SHA2-384:
HMAC-SHA2-512:
Prerequisite: SHS [#4011][shs-4011]|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#3269][hmac-3269]
Version 10.0.15063.674| -|
HMAC-SHA-1:
HMAC-SHA2-256:
HMAC-SHA2-384:
HMAC-SHA2-512:
Prerequisite: SHS [#4010][shs-4010]|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#3268][hmac-3268]
Version 10.0.15254| -|
HMAC-SHA-1:
HMAC-SHA2-256:
HMAC-SHA2-384:
HMAC-SHA2-512:
Prerequisite: SHS [#4009][shs-4009]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#3267][hmac-3267]
Version 10.0.16299| -|
**HMAC-SHA1 (Key Sizes Ranges Tested:** KSBS) SHS [validation number 3790][shs-3790]
**HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3790][shs-3790]
**HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3790][shs-3790]|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#3062][hmac-3062]
Version 10.0.15063| -|
**HMAC-SHA1(Key Sizes Ranges Tested:** KSBS) SHS [validation number 3790][shs-3790]
**HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3790][shs-3790]
**HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3790][shs-3790]
**HMAC-SHA512 (Key Size Ranges Tested:** KSBS) SHS [validation number 3790][shs-3790]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#3061][hmac-3061]
Version 10.0.15063| -|
**HMAC-SHA1 (Key Sizes Ranges Tested:** KSBS) SHS [validation number 3652][shs-3652]
**HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3652][shs-3652]
**HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3652][shs-3652]
**HMAC-SHA512 (Key Size Ranges Tested:** KSBS) SHS[validation number 3652][shs-3652]|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2946][hmac-2946]
Version 7.00.2872| -|
**HMAC-SHA1 (Key Sizes Ranges Tested:** KSBS) SHS [validation number 3651][shs-3651]
**HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3651][shs-3651]
**HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3651][shs-3651]
**HMAC-SHA512 (Key Size Ranges Tested:** KSBS) SHS[validation number 3651][shs-3651]|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2945][hmac-2945]
Version 8.00.6246| -|
**HMAC-SHA1 (Key Sizes Ranges Tested:** KSBS) SHS [validation number 3649][shs-3649]
**HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3649][shs-3649]
**HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3649][shs-3649]
**HMAC-SHA512 (Key Size Ranges Tested:** KSBS) SHS[validation number 3649][shs-3649]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2943][hmac-2943]
Version 7.00.2872| -|
**HMAC-SHA1 (Key Sizes Ranges Tested:** KSBS) SHS [validation number 3648][shs-3648]
**HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3648][shs-3648]
**HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3648][shs-3648]
**HMAC-SHA512 (Key Size Ranges Tested:** KSBS) SHS[validation number 3648][shs-3648]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2942][hmac-2942]
Version 8.00.6246| -|
**HMAC-SHA1** (Key Sizes Ranges Tested: KSBS)
SHS [validation number 3347][shs-3347]
**HMAC-SHA256** (Key Size Ranges Tested: KSBS) SHS [validation number 3347][shs-3347]
**HMAC-SHA384** (Key Size Ranges Tested: KSBS) SHS [validation number 3347][shs-3347]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#2661][hmac-2661]
Version 10.0.14393| -|
**HMAC-SHA1** (Key Sizes Ranges Tested: KSBS) SHS [validation number 3347][shs-3347]
**HMAC-SHA256** (Key Size Ranges Tested: KSBS) SHS [validation number 3347][shs-3347]
**HMAC-SHA384** (Key Size Ranges Tested: KSBS) SHS [validation number 3347][shs-3347]
**HMAC-SHA512** (Key Size Ranges Tested: KSBS) SHS [validation number 3347][shs-3347]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations [#2651][hmac-2651]
Version 10.0.14393| -|
**HMAC-SHA1** (Key Sizes Ranges Tested: KSBS)
SHS [validation number 3047][shs-3047]
**HMAC-SHA256** (Key Size Ranges Tested: KSBS)
SHS [validation number 3047][shs-3047]
**HMAC-SHA384** (Key Size Ranges Tested: KSBS)
SHS [validation number 3047][shs-3047]
**HMAC-SHA512** (Key Size Ranges Tested: KSBS)
SHS [validation number 3047][shs-3047]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" SymCrypt Cryptographic Implementations [#2381][hmac-2381]
Version 10.0.10586| -|
**HMAC-SHA1** (Key Sizes Ranges Tested: KSBS)
SHS[validation number 2886][shs-2886]
**HMAC-SHA256** (Key Size Ranges Tested: KSBS)
SHS[validation number 2886][shs-2886]
**HMAC-SHA384** (Key Size Ranges Tested: KSBS)
[ SHSvalidation number 2886][shs-2886]
**HMAC-SHA512** (Key Size Ranges Tested: KSBS)
SHS[validation number 2886][shs-2886]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations [#2233][hmac-2233]
Version 10.0.10240| -|
**HMAC-SHA1** (Key Sizes Ranges Tested: KSBS)
SHS [validation number 2373][shs-2373]
**HMAC-SHA256** (Key Size Ranges Tested: KSBS)
SHS [validation number 2373][shs-2373]
**HMAC-SHA384** (Key Size Ranges Tested: KSBS)
SHS [validation number 2373][shs-2373]
**HMAC-SHA512** (Key Size Ranges Tested: KSBS)
SHS [validation number 2373][shs-2373]|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations [#1773][hmac-1773]
Version 6.3.9600| -|
**HMAC-SHA1** (Key Sizes Ranges Tested: KSBS) SHS [validation number 2764][shs-2764]
**HMAC-SHA256** (Key Size Ranges Tested: KSBS) SHS [validation number 2764][shs-2764]
**HMAC-SHA384** (Key Size Ranges Tested: KSBS) SHS [validation number 2764][shs-2764]
**HMAC-SHA512** (Key Size Ranges Tested: KSBS) SHS [validation number 2764][shs-2764]|Windows CE and Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) [#2122][hmac-2122]
Version 5.2.29344| -|
**HMAC-SHA1 (Key Sizes Ranges Tested: KS**[#1902][shs-1902]
**HMAC-SHA256 (Key Size Ranges Tested: KS**[#1902][shs-1902]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #[1347][hmac-1347]| -|
**HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS**[#1902][shs-1902]
**HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS**[#1902][shs-1902]
**HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS**[#1902][shs-1902]
**HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS**[#1902][shs-1902]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #[1346][hmac-1346]| -|
**HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)**
**SHS**[#1903][shs-1903]
**HMAC-SHA256 (Key Size Ranges Tested: KSBS)**
**SHS**[#1903][shs-1903]
**HMAC-SHA384 (Key Size Ranges Tested: KSBS)**
**SHS**[#1903][shs-1903]
**HMAC-SHA512 (Key Size Ranges Tested: KSBS)**
**SHS**[#1903][shs-1903]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #[1345][hmac-1345]|
-|
**HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 1773][shs-1773]
**HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 1773][shs-1773]
**Tinker HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 1773][shs-1773]
**HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 1773][shs-1773]|Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll), [#1364][hmac-1364]| -|
**HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 1774][shs-1774]
**HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 1774][shs-1774]
**HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 1774][shs-1774]
**HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 1774][shs-1774]|Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) [#1227][hmac-1227]| -|
**HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 1081][shs-1081]
**HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 1081][shs-1081]
**HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 1081][shs-1081]
**HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 1081][shs-1081]|Windows Server 2008 R2 and SP1 CNG algorithms [#686][hmac-686]
Windows 7 and SP1 CNG algorithms [#677][hmac-677]
Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) [#687][hmac-687]
Windows 7 Enhanced Cryptographic Provider (RSAENH) [#673][hmac-673]| -|
**HMAC-SHA1(Key Sizes Ranges Tested: KS**[validation number 1081][shs-1081]
**HMAC-SHA256 (Key Size Ranges Tested: KS**[validation number 1081][shs-1081]|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations [#675][hmac-675]| -|
**HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 816][shs-816]
**HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 816][shs-816]
**HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 816][shs-816]
**HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 816][shs-816]|Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#452][hmac-452]| -|
**HMAC-SHA1 (Key Sizes Ranges Tested: KS**[validation number 753][shs-753]
**HMAC-SHA256 (Key Size Ranges Tested: KS**[validation number 753][shs-753]|Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations [#415][hmac-415]| -|
**HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 753][shs-753]
**HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 753][shs-753]
**HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 753][shs-753]
**HMAC-SHA512 (Key Size Ranges Tested: KSBS)** SHS [validation number 753][shs-753]|Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) [#408][hmac-408]
Windows Vista Enhanced Cryptographic Provider (RSAENH) [#407][hmac-407]| -|
**HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)SHS** [validation number 618][shs-618]
**HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 618][shs-618]
**HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 618][shs-618]
**HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 618][shs-618]|Windows Vista Enhanced Cryptographic Provider (RSAENH) [#297][hmac-297]| -|
**HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 785][shs-785]|Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) [#429][hmac-429]
Windows XP, vendor-affirmed| -|
**HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 783][shs-783]
**HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 783][shs-783]
**HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 783][shs-783]
**HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 783][shs-783]|Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#428][hmac-428]| -|
**HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 613][shs-613]
**HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 613][shs-613]
**HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 613][shs-613]
**HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 613][shs-613]|Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#289][hmac-289]| -|
**HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 610][shs-610]|Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) [#287][hmac-287]| -|
**HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 753][shs-753]
**HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 753][shs-753]
**HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 753][shs-753]
**HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 753][shs-753]|Windows Server 2008 CNG algorithms [#413][hmac-413]
Windows Vista Ultimate SP1 CNG algorithms [#412][hmac-412]| -|
**HMAC-SHA1 (Key Sizes Ranges Tested: KS**[validation number 737][shs-737]
**HMAC-SHA256 (Key Size Ranges Tested: KS**[validation number 737][shs-737]|Windows Vista Ultimate BitLocker Drive Encryption [#386][hmac-386]| -|
**HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 618][shs-618]
**HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 618][shs-618]
**HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 618][shs-618]
**HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 618][shs-618]|Windows Vista CNG algorithms [#298][hmac-298]| -|
**HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 589][shs-589]
**HMAC-SHA256 (Key Size Ranges Tested: KSBS)SHS** [validation number 589][shs-589]
**HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 589][shs-589]
**HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 589][shs-589]|Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) [#267][hmac-267]| -|
**HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 578][shs-578]
**HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 578][shs-578]
**HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 578][shs-578]
**HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 578][shs-578]|Windows CE and Windows Mobile 6.0 and Windows Mobil 6.5 Enhanced Cryptographic Provider (RSAENH) [#260][hmac-260]| -|
**HMAC-SHA1 (Key Sizes Ranges Tested: KS**[validation number 495][shs-495]
**HMAC-SHA256 (Key Size Ranges Tested: KS**[validation number 495][shs-495]|Windows Vista BitLocker Drive Encryption [#199][hmac-199]| -|
**HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 364][shs-364]|Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) [#99][hmac-99]
Windows XP, vendor-affirmed| -|
**HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 305][shs-305]
**HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 305][shs-305]
**HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 305][shs-305]
**HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 305][shs-305]|Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) [#31][hmac-31]| - -
Schemes:
Full Unified:
EC:
ED:
Version 10.0.15063.674|
-|KAS ECC:
Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration
Schemes:
Full Unified:
EC:
ED:
Version 10.0.16299|
-|KAS ECC:
Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
Schemes:
Ephemeral Unified:
EC:
ED:
EE:
One-Pass DH:
EC:
ED:
EE:
Static Unified:
EC:
ED:
EE:
KAS FFC:
Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
Schemes:
dhEphem:
FB:
FC:
dhOneFlow:
FB:
FC
dhStatic:
FB:
FC:
Version 10.0.15063.674|
-|KAS ECC:
Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
Schemes:
Ephemeral Unified:
EC:
ED:
EE:
One-Pass DH:
EC:
ED:
EE:
Static Unified:
EC:
ED:
EE:
KAS FFC:
Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
Schemes:
dhEphem:
FB:
FC:
dhOneFlow:
FB:
FC
dhStatic:
FB:
FC:
Version 10.0.15254| -|KAS ECC:
Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration
Schemes:
Ephemeral Unified:
EC:
ED:
EE:
One-Pass DH:
ED
EE:
Static Unified:
EC:
ED:
EE:
KAS FFC:
Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation
Schemes:
dhEphem:
FB:
FC:
dhOneFlow:
FB:
FC:
dhStatic:
FB:
FC:
Version 10.0.16299| -|**ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Full Validation Key Regeneration) **SCHEMES** [**FullUnified** (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC)]
SHS [validation number 3790][shs-3790]
DSA [validation number 1135][dsa-1135]
DRBG [validation number 1556][drbg-1556]|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#128][kas-128]
Version 10.0.15063| -|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation)
**SCHEMES** [**dhEphem** (KARole(s): Initiator / Responder)(**FB:** SHA256) (**FC:** SHA256)]
[**dhOneFlow** (**FB:** SHA256) (**FC:** SHA256)]
[**dhStatic** (**No_KC** < KARole(s): Initiator / Responder>) (**FB:** SHA256 HMAC) (**FC:** SHA256 HMAC)]
SHS [validation number 3790][shs-3790]
DSA [validation number 1223][dsa-1223]
DRBG [validation number 1555][drbg-1555]**ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) **SCHEMES** [**EphemeralUnified** (**No_KC** < KARole(s): Initiator / Responder>) (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512)))]
[**OnePassDH** (**No_KC** < KARole(s): Initiator / Responder>) (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512))]
[**StaticUnified** (**No_KC** < KARole(s): Initiator / Responder>) (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512))]
SHS [validation number 3790][shs-3790]
ECDSA [validation number 1133][ecdsa-1133]DRBG [validation number 1555][drbg-1555]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#127][kas-127]
Version 10.0.15063| -|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation)
**SCHEMES** [**dhEphem** (KARole(s): Initiator / Responder)(**FB:** SHA256) (**FC:** SHA256)]
[**dhOneFlow** (KARole(s): Initiator / Responder) (**FB:** SHA256) (**FC:** SHA256)] [**dhStatic** (**No_KC** < KARole(s): Initiator / Responder>) (**FB:** SHA256 HMAC) (**FC:** SHA256 HMAC)]
SHS [validation number 3649][shs-3649]
DSA [validation number 1188][dsa-1188]
DRBG [validation number 1430][drbg-1430]
**ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration)
**SCHEMES** [**EphemeralUnified** (**No_KC** < KARole(s): Initiator / Responder>) (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512)))]
[**OnePassDH** (**No_KC** < KARole(s): Initiator / Responder>) (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512))]
[**StaticUnified** (**No_KC** < KARole(s): Initiator / Responder>) (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512))]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#115][kas-115]
Version 7.00.2872| -|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation)
**SCHEMES** [**dhEphem** (KARole(s): Initiator / Responder)(**FB:** SHA256) (**FC:** SHA256)]
[**dhHybridOneFlow** (**No_KC** < KARole(s): Initiator / Responder>) (**FB:**SHA256 HMAC) (**FC:** SHA256 HMAC)]
[**dhStatic** (**No_KC** < KARole(s): Initiator / Responder>) (**FB:**SHA256 HMAC) (**FC:** SHA256 HMAC)]
SHS [validation number 3648][shs-3648]
DSA [validation number 1187][dsa-1187]
DRBG [validation number 1429][drbg-1429]
**ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration)
**SCHEMES** [**EphemeralUnified** (**No_KC**) (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512)))]
[**OnePassDH** (**No_KC** < KARole(s): Initiator / Responder>) (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512))]
[**StaticUnified** (**No_KC** < KARole(s): Initiator / Responder>) (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512))]
SHS [validation number 3648][shs-3648]
ECDSA [validation number 1072][ecdsa-1072]
DRBG [validation number 1429][drbg-1429]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#114][kas-114]
Version 8.00.6246| -|**ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Full Validation Key Regeneration)
**SCHEMES [FullUnified (No_KC** < KARole(s): Initiator / Responder > < KDF: CONCAT >) (**EC:** P-256 SHA256 HMAC) (**ED:** P-384 SHA384 HMAC)]
SHS [validation number 3347][shs-3347] ECDSA [validation number 920][ecdsa-920] DRBG [validation number 1222][drbg-1222]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#93][kas-93]
Version 10.0.14393| -|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation)
**SCHEMES** [dhEphem (KARole(s): Initiator / Responder)(**FB:** SHA256) (**FC:** SHA256)]
[dhOneFlow (KARole(s): Initiator / Responder) (**FB:** SHA256) (**FC:** SHA256)] [**dhStatic (No_KC** < KARole(s): Initiator / Responder >) (FB: SHA256 HMAC) (FC: SHA256 HMAC)]
SHS [validation number 3347][shs-3347] DSA [validation number 1098][dsa-1098] DRBG [validation number 1217][drbg-1217]
**ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) **SCHEMES** [EphemeralUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
[OnePassDH (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
[StaticUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
SHS [validation number 3347][shs-3347] DSA [validation number 1098][dsa-1098] ECDSA [validation number 911][ecdsa-911] DRBG [validation number 1217][drbg-1217] HMAC [validation number 2651][hmac-2651]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#92][kas-92]
Version 10.0.14393| -|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)]
[dhOneFlow (KARole(s): Initiator / Responder) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC < KARole(s): Initiator / Responder >) (FB: SHA256 HMAC) (FC: SHA256 HMAC)]
SHS [validation number 3047][shs-3047] DSA [validation number 1024][dsa-1024] DRBG [validation number 955][drbg-955]
**ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
[OnePassDH (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
[StaticUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
SHS [validation number 3047][shs-3047] ECDSA [validation number 760][ecdsa-760] DRBG [validation number 955][drbg-955]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations [#72][dsa-72]
Version 10.0.10586| -|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)]
[dhOneFlow (KARole(s): Initiator / Responder) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC < KARole(s): Initiator / Responder >) (FB: SHA256 HMAC) (FC: SHA256 HMAC)]
SHS [validation number 2886][shs-2886] DSA [validation number 983][dsa-983] DRBG [validation number 868][drbg-868]
**ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
[OnePassDH (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
[StaticUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
SHS [validation number 2886][shs-2886] ECDSA [validation number 706][ecdsa-706] DRBG [validation number 868][drbg-868]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations [#64][kas-64]
Version 10.0.10240| -|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)]
[dhOneFlow (KARole(s): Initiator / Responder) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC < KARole(s): Initiator / Responder >) (FB: SHA256 HMAC) (FC: SHA256 HMAC)]
SHS [validation number 2373][shs-2373] DSA [validation number 855][dsa-855] DRBG [validation number 489][drbg-489]
**ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
[OnePassDH (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
[StaticUnified (No_KC < KARole(s): Initiator / Responder >) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
SHS [validation number 2373][shs-2373] ECDSA [validation number 505][ecdsa-505] DRBG [validation number 489][drbg-489]|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations [#47][kas-47]
Version 6.3.9600| -|**FFC**: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [**dhEphem** (KARole(s): Initiator / Responder)
(**FA**: SHA256) (**FB**: SHA256) (**FC**: SHA256)]
[**dhOneFlow** (KARole(s): Initiator / Responder) (**FA**: SHA256) (**FB**: SHA256) (**FC**: SHA256)]
[**dhStatic** (**No_KC** < KARole(s): Initiator / Responder>) (**FA**: SHA256 HMAC) (**FB**: SHA256 HMAC) (**FC**: SHA256 HMAC)]
SHS [#1903][shs-1903] DSA [validation number 687][dsa-687] DRBG [#258][drbg-258]
**ECC**: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) **SCHEMES**
[**EphemeralUnified** (**No_KC** < KARole(s): Initiator / Responder>) (EC: P-256 SHA256 HMAC) (**ED**: P-384 SHA384 HMAC) (**EE**: P-521 HMAC (SHA512, HMAC_SHA512)))]
[**OnePassDH(No_KC** < KARole(s): Initiator / Responder>) (**EC**: P-256 SHA256) (**ED**: P-384 SHA384) (**EE**: P-521 (SHA512, HMAC_SHA512)))]
[**StaticUnified** (**No_KC** < KARole(s): Initiator / Responder>) (**EC**: P-256 SHA256 HMAC) (**ED**: P-384 SHA384 HMAC) (**EE**: P-521 HMAC (SHA512, HMAC_SHA512))]
SHS [#1903][shs-1903]
ECDSA [validation number 341][ecdsa-341] DRBG [#258][drbg-258]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#36][kas-36]| -|**KAS (SP 800-56A)**
Windows Server 2008 R2 and SP1, vendor-affirmed| - -
MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384
MAC prerequisite: HMAC [#3271][hmac-3271]
K prerequisite: DRBG [#1734][drbg-1734], KAS [#150][kas-150]|Microsoft Surface Hub Virtual TPM Implementations [#161][kdf-161]
Version 10.0.15063.674| -|Counter:
MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384
MAC prerequisite: HMAC [#3270][hmac-3270]
K prerequisite: DRBG [#1733][drbg-1733], KAS [#149][kas-149]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#160][kdf-160]
Version 10.0.16299| -|Counter:
MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
MAC prerequisite: AES [#4902][aes-4902], HMAC [#3269][hmac-3269]
K prerequisite: KAS [#148][kas-148]|Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations [#159][kdf-159]
Version 10.0.15063.674| -|Counter:
MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
MAC prerequisite: AES [#4901][aes-4901], HMAC [#3268][hmac-3268]
K prerequisite: KAS [#147][kas-147]|Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations [#158][kdf-158]
Version 10.0.15254| -|Counter:
MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512
MAC prerequisite: AES [#4897][aes-4897], HMAC [#3267][hmac-3267]
K prerequisite: KAS [#146][kas-146]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations [#157][kdf-157]
Version 10.0.16299| -|**CTR_Mode:** (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256][HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32]))
KAS [validation number 128][kas-128]
DRBG [validation number 1556][drbg-1556]
MAC [validation number 3062][hmac-3062]|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#141][kdf-141]
Version 10.0.15063| -|**CTR_Mode:** (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
KAS [validation number 127][kas-127]
AES [validation number 4624][aes-4624]
DRBG [validation number 1555][drbg-1555]
MAC [validation number 3061][hmac-3061]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations [#140][kdf-140]
Version 10.0.15063| -|**CTR_Mode:** (Llength(Min20 Max64) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32]))
KAS [validation number 93][kas-93] DRBG [validation number 1222][drbg-1222] MAC [validation number 2661][hmac-2661]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#102][kdf-102]
Version 10.0.14393| -|**CTR_Mode:** (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
KAS [validation number 92][kas-92] AES [validation number 4064][aes-4064] DRBG [validation number 1217][drbg-1217] MAC [validation number 2651][hmac-2651]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#101][kdf-101]
Version 10.0.14393| -|**CTR_Mode:** (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
KAS [validation number 72][kas-72] AES [validation number 3629][aes-3629] DRBG [validation number 955][drbg-955] MAC [validation number 2381][hmac-2381]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" Cryptography Next Generation (CNG) Implementations [#72][kdf-72]
Version 10.0.10586| -|**CTR_Mode:** (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
KAS [validation number 64][kas-64] AES [validation number 3497][aes-3497] RBG [validation number 868][drbg-868] MAC [validation number 2233][hmac-2233]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations [#66][kdf-66]
Version 10.0.10240| -|**CTR_Mode:** (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
DRBG [validation number 489][drbg-489] MAC [validation number 1773][hmac-1773]|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations [#30][kdf-30]
Version 6.3.9600| -|**CTR_Mode**: (Llength(Min0 Max4) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
DRBG [#258][drbg-258] HMAC [validation number 1345][hmac-1345]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#3][kdf-3]| - -
Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) [#292][rng-292]
Windows CE and Windows Mobile 6.0 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) [#286][rng-286]
Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) [#66][rng-66]|
-|**FIPS 186-2
[(x-Change Notice); (SHA-1)]**; **FIPS 186-2 General Purpose
[(x-Change Notice); (SHA-1)]**|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 RNG Library [#649][rng-649]
Windows Vista Ultimate SP1 and Windows Server 2008 RNG Implementation [#435][rng-435]
Windows Vista RNG implementation [#321][rng-321]|
-|**FIPS 186-2 General Purpose
[(x-Change Notice); (SHA-1)]**|Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#470][rng-470]
Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) [#449][rng-449]
Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#447][rng-447]
Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#316][rng-316]
Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) [#313][rng-313]|
-|**FIPS 186-2
[(x-Change Notice); (SHA-1)]**|Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#448][rng-448]
Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider [#314][rng-314]| - -
186-4:
Signature Generation PKCS1.5:
Mod 2048 SHA: SHA-1,
Signature Generation PSS:
Mod 2048:
Signature Verification PKCS1.5:
Mod 1024 SHA: SHA-1,
Mod 2048 SHA: SHA-1,
Signature Verification PSS:
Mod 2048:
Mod 3072:
Prerequisite: SHS [#4011][shs-4011], DRBG [#1734][drbg-1734]|Microsoft Surface Hub Virtual TPM Implementations [#2677][rsa-2677]
Version 10.0.15063.674| -|RSA:
186-4:
Signature Generation PKCS1.5:
Mod 2048 SHA:
Signature Generation PSS:
Mod 2048:
Signature Verification PKCS1.5:
Mod 1024 SHA:
Mod 2048 SHA:
Signature Verification PSS:
Mod 1024
Mod 2048:
Prerequisite: SHS [#4009][shs-4009], DRBG [#1733][drbg-1733]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (
Version 1709); Virtual TPM Implementations [#2676][rsa-2676]
Version 10.0.16299| -|RSA:
186-4:
Key Generation:
Signature Verification PKCS1.5:
Mod 1024 SHA:
Mod 2048 SHA:
Mod 3072 SHA:
Prerequisite: SHS [#4011][shs-4011], DRBG [#1732][drbg-1732]|Microsoft Surface Hub RSA32 Algorithm Implementations [#2675][rsa-2675]
Version 10.0.15063.674| -|RSA:
186-4:
Signature Verification PKCS1.5:
Mod 1024 SHA:
Mod 2048 SHA:
Mod 3072 SHA:
Prerequisite: SHS [#4009][shs-4009], DRBG [#1730][drbg-1730]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); RSA32 Algorithm Implementations [#2674][rsa-2674]
Version 10.0.16299| -|RSA:
186-4:
Signature Verification PKCS1.5:
Mod 1024 SHA:
Mod 2048 SHA:
Mod 3072 SHA:
Prerequisite: SHS [#4010][shs-4010], DRBG [#1731][drbg-1731]|Windows 10 Mobile (version 1709) RSA32 Algorithm Implementations [#2673][rsa-2673]
Version 10.0.15254| -|RSA:
186-4:
Key Generation:
Mod lengths: 2048, 3072 (bits)
Primality Tests: C.3
Signature Generation PKCS1.5:
Mod 2048 SHA:
Mod 3072 SHA:
Signature Generation PSS:
Mod 2048:
Mod 3072
Signature Verification PKCS1.5
Mod 1024 SHA:
Mod 2048 SHA:
Mod 3072 SHA:
Signature Verification PSS
Mod 1024
Mod 2048:
Mod 3072:
Prerequisite: SHS [#4011][shs-4011], DRBG [#1732][drbg-1732]|Microsoft Surface Hub MsBignum Cryptographic Implementations [#2672][rsa-2672]
Version 10.0.15063.674| -|RSA:
186-4:
Key Generation:
Probable Random Primes:
Mod lengths: 2048, 3072 (bits)
Primality Tests: C 2
Signature Generation PKCS1.5:
Mod 2048 SHA:
Mod 3072 SHA:
Signature Generation PSS:
Mod 2048:
Mod 3072:
Signature Verification PKCS1.5:
Mod 1024 SHA:
Mod 2048 SHA:
Mod 3072 SHA:
Signature Verification PSS:
Mod 1024:
Mod 2048:
Mod 3072:
Prerequisite: SHS [#4011][shs-4011], DRBG [#1732][drbg-1732]|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#2671][rsa-2671]
Version 10.0.15063.674| -|RSA:
186-4:
Key Generation:
Probable Random Primes:
Mod lengths: 2048, 3072 (bits)
Primality Tests: C.2
Signature Generation PKCS1.5:
Mod 2048 SHA:
Mod 3072 SHA:
Signature Generation PSS:
Mod 2048:
Mod 3072:
Signature Verification PKCS1.5:
Mod 1024 SHA:
Mod 2048 SHA:
Mod 3072 SHA:
Signature Verification PSS:
Mod 1024:
Mod 2048
Mod 3072:
Prerequisite: SHS [#4010][shs-4010], DRBG [#1731][drbg-1731]|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#2670][rsa-2670]
Version 10.0.15254| -|RSA:
186-4:
Key Generation:
Public Key Exponent: Fixed (10001)
Provable Primes with Conditions:
Mod lengths: 2048, 3072 (bits)
Primality Tests: C.3
Signature Generation PKCS1.5:
Mod 2048 SHA:
Mod 3072 SHA:
Signature Generation PSS:
Mod 2048:
Mod 3072
Signature Verification PKCS1.5
Mod 1024 SHA:
Mod 2048 SHA:
Mod 3072 SHA:
Signature Verification PSS:
Mod 1024
Mod 2048:
Mod 3072:
Prerequisite: SHS [#4010][shs-4010], DRBG [#1731][drbg-1731]|Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations [#2669][rsa-2669]
Version 10.0.15254| -|
186-4:
Key Generation:
Public Key Exponent: Fixed (10001)
Provable Primes with Conditions:
Mod lengths: 2048, 3072 (bits)
Primality Tests: C.3
Signature Generation PKCS1.5:
Mod 2048 SHA:
Mod 3072 SHA:
Signature Generation PSS:
Mod 2048:
Mod 3072
Signature Verification PKCS1.5
Mod 1024 SHA:
Mod 2048 SHA:
Mod 3072 SHA:
Signature Verification PSS:
Mod 1024
Mod 2048:
Mod 3072:
Prerequisite: SHS [#4009][shs-4009], DRBG [#1730][drbg-1730]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations [#2668][rsa-2668]
Version 10.0.16299| -|
186-4:
Key Generation
Probable Random Primes:
Mod lengths: 2048, 3072 (bits)
Primality Tests: C.2
Signature Generation PKCS1.5:
Mod 2048 SHA:
Mod 3072 SHA:
Signature Generation PSS:
Mod 2048:
Mod 3072:
Signature Verification PKCS1.5:
Mod 1024 SHA:
Mod 2048 SHA:
Mod 3072 SHA:
Signature Verification PSS:
Mod 1024:
Mod 2048:
Mod 3072:
Prerequisite: SHS [#4009][shs-4009], DRBG [#1730][drbg-1730]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#2667][rsa-2667]
Version 10.0.16299| -|
**FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384)) **SIG(gen) with SHA-1 affirmed for use with protocols only.
**SIG(ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384))
**[RSASSA-PSS]:** Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) **SIG(gen) with SHA-1 affirmed for use with protocols only.
**SIG(ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))
SHA [validation number 3790][shs-3790]|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#2524][rsa-2524]
Version 10.0.15063| -|
**FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA [validation number 3790][shs-3790]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile RSA32 Algorithm Implementations [#2523][rsa-2523]
Version 10.0.15063| -|
**FIPS186-4:
186-4KEY(gen):** FIPS186-4_Fixed_e (10001);
**PGM(ProbPrimeCondition):** 2048, 3072 **PPTT:**(C.3)**
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))**SIG(gen) with SHA-1 affirmed for use with protocols only.
**SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
**[RSASSA-PSS]:** Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) **SIG(gen) with SHA-1 affirmed for use with protocols only.
**SIG(ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64
SHA [validation number 3790][shs-3790]
DRBG: [validation number 1555][drbg-1555]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations [#2522][rsa-2522]
Version 10.0.15063| -|
**FIPS186-4:
186-4KEY(gen):**PGM(ProbRandom:** (2048, 3072) **PPTT:**(C.2)**
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only.
**SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
**[RSASSA-PSS]:** Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) **SIG(gen) with SHA-1 affirmed for use with protocols only.
**SIG(ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
SHA [validation number 3790][shs-3790]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#2521][rsa-2521]
Version 10.0.15063| -|
**FIPS186-2:
ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 3652][shs-3652]**
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 4096, SHS:
**FIPS186-4:
ALG[ANSIX9.31]** Sig(Gen): (2048 SHA(1)) (3072 SHA(1))**SIG(gen) with SHA-1 affirmed for use with protocols only.**SIG(ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))**
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only
**SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA [validation number 3652][shs-3652]|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2415][rsa-2415]
Version 7.00.2872| -|
**FIPS186-2:
ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 3651][shs-3651]**
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 4096, SHS:
**FIPS186-4:
ALG[ANSIX9.31]** Sig(Gen): (2048 SHA(1)) (3072 SHA(1))**SIG(gen) with SHA-1 affirmed for use with protocols only.** SIG(ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))**
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only.
**SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA [validation number 3651][shs-3651]|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2414][rsa-2414]
Version 8.00.6246| -|
**FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 4096, SHS:
**FIPS186-4:
186-4KEY(gen):** FIPS186-4_Fixed_e (10001);
**PGM(ProbRandom:** (2048, 3072) **PPTT:**(C.2)
**ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only.
**SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA [validation number 3649][shs-3649]
DRBG: [validation number 1430][drbg-1430]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2412][rsa-2412]
Version 7.00.2872| -|
**FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 4096, SHS:
**FIPS186-4:
186-4KEY(gen):** FIPS186-4_Fixed_e (10001);
**PGM(ProbRandom:** (2048, 3072) **PPTT:**(C.2)**
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only.
**SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA [validation number 3648][shs-3648]
DRBG: [validation number 1429][drbg-1429]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2411][rsa-2411]
Version 8.00.6246| -|
**FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384)) SIG(gen) with SHA-1 affirmed for use with protocols only.SIG(Ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384))
**[RSASSA-PSS]:** Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SIG(gen) with SHA-1 affirmed for use with protocols only.Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))
SHA [validation number 3347][shs-3347]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#2206][rsa-2206]
Version 10.0.14393| -|
**FIPS186-4:
186-4KEY(gen):** FIPS186-4_Fixed_e (10001
**PGM(ProbPrimeCondition):** 2048, 3072 PPTT:(C.3)
SHA [validation number 3347][shs-3347] DRBG: [validation number 1217][drbg-1217]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation [#2195][rsa-2195]
Version 10.0.14393| -|
**FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA [validation number 3346][shs-3346]|soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations [#2194][rsa-2194]
Version 10.0.14393| -|
**FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
**SIG(Ver)** (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA [validation number 3347][shs-3347] DRBG: [validation number 1217][drbg-1217]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations [#2193][rsa-2193]
Version 10.0.14393| -|
**FIPS186-4:
[RSASSA-PSS]: Sig(Gen):** (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))
**Sig(Ver):** (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
SHA [validation number 3347][shs-3347] DRBG: [validation number 1217][drbg-1217]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#2192][rsa-2192]
Version 10.0.14393| -|
**FIPS186-4:
186-4KEY(gen)**: FIPS186-4_Fixed_e (10001);
**PGM(ProbPrimeCondition**): 2048, 3072 PPTT:(C.3)
SHA [validation number 3047][shs-3047] DRBG: [validation number 955][drbg-955]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" RSA Key Generation Implementation [#1889][rsa-1889]
Version 10.0.10586| -|
**FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA [validation number 3048][shs-3048]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations [#1871][rsa-1871]
Version 10.0.10586| -|
**FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
**SIG(Ver)** (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA [validation number 3047][shs-3047]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations [#1888][rsa-1888]
Version 10.0.10586| -|
**FIPS186-4:
[RSASSA-PSS]: Sig(Gen)**: (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
**Sig(Ver):** (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
SHA [validation number 3047][shs-3047]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations [#1887][rsa-1887]
Version 10.0.10586| -|
**FIPS186-4:
186-4KEY(gen):** FIPS186-4_Fixed_e (10001);PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
SHA [validation number 2886][shs-2886] DRBG: [validation number 868][drbg-868]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation [#1798][rsa-1798]
Version 10.0.10240| -|
**FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA [validation number 2871][shs-2871]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations [#1784][rsa-1784]
Version 10.0.10240| -|
**FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA [validation number 2871][shs-2871]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations [#1783][rsa-1783]
Version 10.0.10240| -|
**FIPS186-4:
[RSASSA-PSS]:** Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))), Sig(Ver): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
SHA [validation number 2886][shs-2886]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations [#1802][rsa-1802]
Version 10.0.10240| -|
**FIPS186-4:
186-4KEY(gen):** FIPS186-4_Fixed_e;
**PGM(ProbPrimeCondition):** 2048, 3072 PPTT:(C.3)
SHA [validation number 2373][shs-2373] DRBG: [validation number 489][drbg-489]|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 RSA Key Generation Implementation [#1487][rsa-1487]
Version 6.3.9600| -|
**FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA [validation number 2373][shs-2373]|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations [#1494][rsa-1494]
Version 6.3.9600| -|
**FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512)), SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
SHA [validation number 2373][shs-2373]|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#1493][rsa-1493]
Version 6.3.9600| -|
**FIPS186-4:
[RSASSA-PSS]:** Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))), Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
SHA [validation number 2373][shs-2373]|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations [#1519][rsa-1519]
Version 6.3.9600| -|
**FIPS186-4:
ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(256, 384, 512-256)) (3072 SHA(256, 384, 512-256)), SIG(Ver) (1024 SHA(1, 256, 384, 512-256)) (2048 SHA(1, 256, 384, 512-256)) (3072 SHA(1, 256, 384, 512-256))
**[RSASSA-PSS]:** Sig(Gen): (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512)), Sig(Ver): (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512, 512)), SHA [#1903][shs-1903].|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#1134][rsa-1134]| -|
**FIPS186-4:
186-4KEY(gen):** FIPS186-4_Fixed_e, FIPS186-4_Fixed_e_Value
**PGM(ProbPrimeCondition):** 2048, 3072 **PPTT:**(C.3)
SHA [#1903][shs-1903] DRBG: [#258][drbg-258]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 RSA Key Generation Implementation [#1133][rsa-1133]| -|
**FIPS186-2:
ALG[ANSIX9.31]:** Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: [#258][drbg-258]
**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
**FIPS186-2:ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 1774][shs-1774]
**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
**FIPS186-2:
ALG[ANSIX9.31]:** Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: [validation number 193][drbg-193]
**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
**FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
**FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
Windows 7 and SP1 CNG algorithms [#560][rsa-560]| -|
**FIPS186-2:
ALG[ANSIX9.31]:** Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: [validation number 23][drbg-23].|Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation [#559][rsa-559]|
-|
**FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
**FIPS186-2:
ALG[ANSIX9.31]:
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
**FIPS186-2:
ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 783][shs-783]**
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
**FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
Windows Vista SP1 CNG algorithms [#357][rsa-357]| -|
**FIPS186-2:
ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 753][shs-753]
**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) [#354][rsa-354]| -|
**FIPS186-2:
ALG[ANSIX9.31]:** Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537.|Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation [#353][rsa-353]|
-|
**FIPS186-2:
ALG[ANSIX9.31]:** Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 RNG: [validation number 321][rng-321].|Windows Vista RSA key generation implementation [#258][rsa-258]|
-|
**FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
**FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
**FIPS186-2:
ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 613][shs-613]
**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
**FIPS186-2:
ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 589][shs-589]
**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
**FIPS186-2:
ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 578][shs-578]
**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
**FIPS186-2:
ALG[RSASSA-PKCS1_V1_5]:**
SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 364][shs-364].|Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) [#81][rsa-81]| -|
**FIPS186-2:
ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 305][shs-305]
**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:
**FIPS186-2:**:
Windows 2000, vendor-affirmed| - -
SHA-1:
Supports Empty Message
SHA-256:
Supports Empty Message
SHA-384:
Supports Empty Message
SHA-512:
Supports Empty Message|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#4011][shs-4011]
Version 10.0.15063.674| -|
SHA-1:
Supports Empty Message
SHA-256:
Supports Empty Message
SHA-384:
Supports Empty Message
SHA-512:
Supports Empty Message|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#4010][shs-4010]
Version 10.0.15254| -|
SHA-1:
Supports Empty Message
SHA-256:
Supports Empty Message
SHA-384:
Supports Empty Message
SHA-512:
Supports Empty Message|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#4009][shs-4009]
Version 10.0.16299| -|
Version 10.0.15063| -|
Version 7.00.2872| -|
Version 8.00.6246| -|
Version 7.00.2872| -|
Version 8.00.6246| -|
Version 10.0.14393| -|
Version 10.0.14393| -|
Version 10.0.10586| -|
Version 10.0.10586| -|
Version 10.0.10240| -|
Version 10.0.10240| -|
Version 6.3.9600| -|
Version 6.3.9600| -|
Implementation does not support zero-length (null) messages.|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) [#1903][shs-1903]
Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) [#1902][shs-1902]| -|
Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#1773][shs-1773]| -|
Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#816][shs-816]| -|
Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#784][shs-784]| -|
Windows Vista Symmetric Algorithm Implementation [#618][shs-618]| -|
Windows Vista Beta 2 BitLocker Drive Encryption [#495][shs-495]| -|
Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) [#364][shs-364]| -|
Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) [#610][shs-610]
Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#385][shs-385]
Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) [#371][shs-371]
Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#181][shs-181]
Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) [#177][shs-177]
Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) [#176][shs-176]| -|
Windows CE and Windows Mobile 6 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) [#578][shs-578]
Windows CE 5.00 and Windows CE 5.01 Enhanced
Cryptographic Provider (RSAENH) [#305][shs-305]| -|
Crypto Driver for Windows 2000 (fips.sys) [#35][shs-35]
Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) [#32][shs-32]
Windows 2000 RSAENH.DLL [#24][shs-24]
Windows 2000 RSABASE.DLL [#23][shs-23]
Windows NT 4 SP6 RSAENH.DLL [#21][shs-21]
Windows NT 4 SP6 RSABASE.DLL [#20][shs-20]| - -
TDES-CBC:
TDES-CFB64:
TDES-CFB8:
TDES-ECB:
Version 10.0.15063.674| -|
TDES-CBC:
TDES-CFB64:
TDES-CFB8:
TDES-ECB:
Version 10.0.15254| -|
TDES-CBC:
TDES-CFB64:
TDES-CFB8:
TDES-ECB:
Version 10.0.16299| -|**TECB**(KO 1 e/d); **TCBC**(KO 1 e/d); **TCFB8**(KO 1 e/d); **TCFB64**(KO 1 e/d)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#2459][tdes-2459]
Version 10.0.15063| -|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d)|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2384][tdes-2384]
Version 8.00.6246| -|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d)|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2383][tdes-2383]
Version 8.00.6246| -|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d);**CTR** (int only)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2382][tdes-2382]
Version 7.00.2872| -|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2381][tdes-2381]
Version 8.00.6246| -|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d);**TCFB8**(KO 1 e/d);**TCFB64**(KO 1 e/d)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations [#2227][tdes-2227]
Version 10.0.14393| -|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d);**TCFB8**(KO 1 e/d);**TCFB64**(KO 1 e/d)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations [#2024][tdes-2024]
Version 10.0.10586| -|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d);**TCFB8**(KO 1 e/d);**TCFB64**(KO 1 e/d)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations [#1969][tdes-1969]
Version 10.0.10240| -|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d);**TCFB8**(KO 1 e/d);**TCFB64**(KO 1 e/d)|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations [#1692][tdes-1692]
Version 6.3.9600| -|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2);**TCFB8**(e/d; KO 1, 2);**TCFB64**(e/d; KO 1, 2)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) [#1387][tdes-1387]| -|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2);**TCFB8**(e/d; KO 1, 2)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) [#1386][tdes-1386]| -|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2);**TCFB8**(e/d; KO 1, 2)|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation [#846][tdes-846]| -|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2);**TCFB8**(e/d; KO 1, 2)|Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation [#656][tdes-656]| -|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2);**TCFB8**(e/d; KO 1, 2)|Windows Vista Symmetric Algorithm Implementation [#549][tdes-549]| -|**Triple DES MAC**|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 [#1386][tdes-1386], vendor-affirmedWindows 7 and SP1 and Windows Server 2008 R2 and SP1 [#846][tdes-846], vendor-affirmed| -|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2)|Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) [#1308][tdes-1308]Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#1307][tdes-1307]
Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#691][tdes-691]
Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) [#677][tdes-677]
Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#676][tdes-676]
Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#675][tdes-675]
Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#544][tdes-544]
Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider [#543][tdes-543]
Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) [#542][tdes-542]Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) [#526][tdes-526]
Windows CE and Windows Mobile 6 and Windows Mobile 6.1 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) [#517][tdes-517]
Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#381][tdes-381]
Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) [#370][tdes-370]
Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) [#365][tdes-365]Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) [#315][tdes-315]
Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) [#201][tdes-201]
Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#199][tdes-199]
Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) [#192][tdes-192]Windows XP Microsoft Enhanced Cryptographic Provider [#81][tdes-81]
Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) [#18][tdes-18]Crypto Driver for Windows 2000 (fips.sys) [#16][tdes-16]| - -