Merge branch 'master' into App-v-revision

2025-05-13 13:57:22 +00:00 · 2018-02-07 08:45:55 -08:00 · 2018-02-07 08:45:55 -08:00 · ab7fc3ad86
commit ab7fc3ad86
parent b16cddf1f3 87bc3f0790
8 changed files with 71 additions and 20 deletions
--- a/windows/access-protection/hello-for-business/hello-deployment-guide.md
+++ b/windows/access-protection/hello-for-business/hello-deployment-guide.md
@ -19,13 +19,13 @@ ms.date: 11/08/2017
 > This guide only applies to Windows 10, version 1703 or higher.
-Windows Hello for Business is the springboard to a world without passwords. It replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair.
+Windows Hello for Business is the springboard to a world without passwords. It replaces username and password sign-in to Windows with strong user authentication based on an asymmetric key pair.
 This deployment guide is to guide you through deploying Windows Hello for Business, based on the planning decisions made using the Planning a Windows Hello for Business Deployment Guide. It provides you with the information needed to successfully deploy Windows Hello for Business in an existing environment.
 ## Assumptions
-This guide assumes a baseline infrastructure exists that meets the requirements for your deployment.  For either hybrid or on-premises deployments, it is expected that you have: 
+This guide assumes that baseline infrastructure exists which meets the requirements for your deployment. For either hybrid or on-premises deployments, it is expected that you have: 
 * A well-connected, working network
 * Internet access
 * Multifactor Authentication Server to support MFA during Windows Hello for Business provisioning
@ -34,17 +34,20 @@ This guide assumes a baseline infrastructure exists that meets the requirements
 * Active Directory Certificate Services 2012 or later
 * One or more workstation computers running Windows 10, version 1703
-If you are installing a role for the first time, ensure the appropriate server operating system is installed, updated with the latest patches, and joined to the domain.  This document provides guidance to install and configure the specific roles on that server.  
+If you are installing a server role for the first time, ensure the appropriate server operating system is installed, updated with the latest patches, and joined to the domain. This document provides guidance to install and configure the specific roles on that server.  
 Do not begin your deployment until the hosting servers and infrastructure (not roles) identified in your prerequisite worksheet are configured and properly working.
 ## Deployment and trust models
-Windows Hello for Business has two deployment models: Hybrid and On-premises. Each deployment model has two trust models: Key trust or certificate trust.
+Windows Hello for Business has two deployment models: Hybrid and On-premises. Each deployment model has two trust models: *Key trust* or *certificate trust*.
-Hybrid deployments are for enterprises that use Azure Active Directory.  On-premises deployments are for enterprises who exclusively use on-premises Active Directory. Remember that the environments that use Azure Active Directory must use the hybrid deployment model for all domains in that forest.
+Hybrid deployments are for enterprises that use Azure Active Directory. On-premises deployments are for enterprises who exclusively use on-premises Active Directory. Remember that the environments that use Azure Active Directory must use the hybrid deployment model for all domains in that forest.
-The trust model determines how you want users to authentication to the on-premises Active Directory. Remember hybrid environments use Azure Active Directory and on-premises Active Directory. The key-trust model is for enterprises who do not want to issue end-entity certificates to their users and they have an adequate number of 2016 domain controllers in each site to support the authentication. The certificate-trust model is for enterprise that do want to issue end-entity certificates to their users and have the benefits of certificate expiration and renewal, similar to how smart cards work today. The certificate trust model is also enterprise who are not ready to deploy Windows Server 2016 domain controllers.
+The trust model determines how you want users to authenticate to the on-premises Active Directory: 
 * The key-trust model is for enterprises who do not want to issue end-entity certificates to their users and have an adequate number of 2016 domain controllers in each site to support authentication. 
 * The certificate-trust model is for enterprise that *do* want to issue end-entity certificates to their users and have the benefits of certificate expiration and renewal, similar to how smart cards work today. 
 * The certificate trust model also supports enterprises which are not ready to deploy Windows Server 2016 Domain Controllers.
 Following are the various deployment guides included in this topic:
 * [Hybrid Key Trust Deployment](hello-hybrid-key-trust.md)
@ -55,5 +58,5 @@ Following are the various deployment guides included in this topic:
 ## Provisioning
-The Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop.  Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**.
+Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop. Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**.
--- a/windows/application-management/manage-windows-mixed-reality.md
+++ b/windows/application-management/manage-windows-mixed-reality.md
@ -23,11 +23,7 @@ Windows 10, version 1709 (also known as the Fall Creators Update), introduces [W
 <span id="enable" />
 ## Enable Windows Mixed Reality in WSUS
-To enable users to download the Windows Mixed Reality software, enterprises using WSUS can approve Windows Mixed Reality package by unblocking the following KBs:
+To enable users to download the Windows Mixed Reality software for devices running Windows 10, version 1703, enterprises using WSUS can approve Windows Mixed Reality package by unblocking **KB4016509: FeatureOnDemandOasis - Windows 10 version 1703 for x64-based Systems**. 
 - KB4016509: FeatureOnDemandOasis - Windows 10 version 1703 for x64-based Systems
 - KB3180030: language packs
 - KB3197985: language packs
 Enterprises devices running Windows 10, version 1709, will not be able to install Windows Mixed Reality Feature on Demand (FOD) directly from WSUS. Instead, use one of the following options to install Windows Mixed Reality software:
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@ -1389,6 +1389,27 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 ## Change history in MDM documentation
 ### February 2018
 <table class="mx-tdBreakAll">
 <colgroup>
 <col width="25%" />
 <col width="75%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th>New or updated topic</th>
 <th>Description</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td style="vertical-align:top">[VPNv2 ProfileXML XSD](vpnv2-profile-xsd.md)</td>
 <td style="vertical-align:top"><p>Updated the XSD and Plug-in profile example for VPNv2 CSP.</p>
 </td></tr>
 </tbody>
 </table>
 ### January 2018
 <table class="mx-tdBreakAll">
--- a/windows/client-management/mdm/vpnv2-profile-xsd.md
+++ b/windows/client-management/mdm/vpnv2-profile-xsd.md
@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/26/2017
+ms.date: 02/05/2018
 ---
 # ProfileXML XSD
@ -31,6 +31,8 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro
        <xs:element name="DnsSuffix" type="xs:string" minOccurs="0" maxOccurs="1"/>
        <xs:element name="TrustedNetworkDetection" type="xs:string" minOccurs="0" maxOccurs="1"/>
        <xs:element name="LockDown" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
        <xs:element name="DeviceTunnel" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
        <xs:element name="RegisterDNS" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
        <xs:element name="ByPassForLocal" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
        <xs:element name="Proxy" minOccurs="0" maxOccurs="1">
          <xs:complexType>
@ -46,6 +48,20 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro
            </xs:sequence>
          </xs:complexType>
        </xs:element>
                <xs:element name="APNBinding" minOccurs="0" maxOccurs="1">
          <xs:complexType>
            <xs:sequence>
              <xs:element name="ProviderId" type="xs:string" minOccurs="0" maxOccurs="1"/>
              <xs:element name="AccessPointName" type="xs:string" minOccurs="0" maxOccurs="1"/>
                      <xs:element name="UserName" type="xs:string" minOccurs="0" maxOccurs="1"/>
                      <xs:element name="Password" type="xs:string" minOccurs="0" maxOccurs="1"/>
                      <xs:element name="IsCompressionEnabled" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
                      <xs:element name="AuthenticationType" type="xs:string" minOccurs="0" maxOccurs="1"/>
            </xs:sequence>
          </xs:complexType>
        </xs:element>
        <xs:element name="DeviceCompliance" minOccurs="0" maxOccurs="1">
          <xs:complexType>
            <xs:sequence>
@ -388,6 +404,8 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro
    <!--<EdpModeId>corp.contoso.com</EdpModeId>-->
    <RememberCredentials>true</RememberCredentials>
    <AlwaysOn>false</AlwaysOn>
    <DeviceTunnel>false</DeviceTunnel>
    <RegisterDNS>false</RegisterDNS>
    <DnsSuffix>corp.contoso.com</DnsSuffix>
    <TrustedNetworkDetection>contoso.com,test.corp.contoso.com</TrustedNetworkDetection>
    <Proxy>
@ -396,6 +414,14 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro
        </Manual>
        <AutoConfigUrl>Helloworld.Com</AutoConfigUrl>
    </Proxy>
    <APNBinding>
                <ProviderId></ProviderId>
                <AccessPointName></AccessPointName>
                <UserName></UserName>
                <Password></Password>
                <IsCompressionEnabled></IsCompressionEnabled>
                <AuthenticationType></AuthenticationType>
    </APNBinding>
 </VPNProfile>  
 ```
--- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@ -1485,7 +1485,11 @@ In the **Background Apps** area, you can choose which apps can run in the backgr
 To turn off **Let apps run in the background**:
-   Turn off the feature in the UI for each app.
+-   In **Background apps**, set **Let apps run in the background** to **Off**.
     -or-
 -   In **Background apps**, turn off the feature for each app.
     -or-
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@ -98,7 +98,7 @@ In Windows 10, rather than receiving several updates each month and trying to fi
 To align with the new method of delivering feature updates and quality updates in Windows 10, Microsoft introduced the concept of servicing channels to allow customers to designate how frequently their individual devices are updated. For example, an organization may have test devices that the IT department can update with new features as soon as possible, and then specialized devices that require a longer feature update cycle to ensure continuity. 
-With that in mind, Windows 10 offers 3 servicing channels. The [Windows Insider Program](#windows-insider) provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update. The [Semi-Annual Channel](#semi-annual-channel) provides new functionality with twice-per-year feature update releases. Organizations can choose when to deploy updates from the Semi-Annual Channel. The [Long Term Servicing Channel](#long-term-servicing-channel), which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases about every three years. For details about the versions in each servicing channel, see [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx).
+With that in mind, Windows 10 offers 3 servicing channels. The [Windows Insider Program](#windows-insider) provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update. The [Semi-Annual Channel](#semi-annual-channel) provides new functionality with twice-per-year feature update releases. Organizations can choose when to deploy updates from the Semi-Annual Channel. The [Long Term Servicing Channel](#long-term-servicing-channel), which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years. For details about the versions in each servicing channel, see [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx).
 The concept of servicing channels is new, but organizations can use the same management tools they used to manage updates and upgrades in previous versions of Windows. For more information about the servicing tool options for Windows 10 and their capabilities, see [Servicing tools](#servicing-tools).
@ -199,4 +199,4 @@ With all these options, which an organization chooses depends on the resources,
 - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
 - [Walkthrough: use Intune to configure Windows Update for Business](waas-wufb-intune.md)
 - [Manage device restarts after updates](waas-restart.md)
- 
+ 
--- a/windows/deployment/update/waas-quick-start.md
+++ b/windows/deployment/update/waas-quick-start.md
@ -29,7 +29,7 @@ Some new terms have been introduced as part of Windows as a service, so you shou
 - **Insider Preview** builds are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features as well as compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered.
 - **Servicing channels** allow organizations to choose when to deploy new features. 
    - The **Semi-Annual Channel** receives feature updates twice per year. 
-    - The **Long Term Servicing Channel**, which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases about every three years.
+    - The **Long Term Servicing Channel**, which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years.
 - **Deployment rings** are groups of devices used to initially pilot, and then to broadly deploy, each feature update in an organization.  
 See [Overview of Windows as a service](waas-overview.md) for more information.
--- a/windows/device-security/bitlocker/bitlocker-recovery-guide-plan.md
+++ b/windows/device-security/bitlocker/bitlocker-recovery-guide-plan.md
@ -100,15 +100,16 @@ Before you create a thorough BitLocker recovery process, we recommend that you t
 1.  Click the **Start** button, type **cmd** in the **Start Search** box, right-click **cmd.exe**, and then click **Run as administrator**.
 2.  At the command prompt, type the following command and then press ENTER:
-    `manage-bde -forcerecovery <Volume>`
+    `manage-bde -forcerecovery <BitLockerVolume>`
 **To force recovery for a remote computer**
 1.  On the Start screen, type **cmd.exe**, and then click **Run as administrator**.
 2.  At the command prompt, type the following command and then press ENTER:
-    `manage-bde. -ComputerName <ComputerName> -forcerecovery <Volume>`
+    `manage-bde. -ComputerName <RemoteComputerName> -forcerecovery <BitLockerVolume>`
-> **Note:**  *ComputerName* represents the name of the remote computer. *Volume* represents the volume on the remote computer that is protected with BitLocker.
+> **Note:**  Recovery triggered by `-forcerecovery` persists for multiple restarts until a TPM protector is added or protection is suspended by the user.
 ## <a href="" id="bkmk-planningrecovery"></a>Planning your recovery process