From ab86e4f2540fede500f06da7bc1ba1e822102324 Mon Sep 17 00:00:00 2001 From: MandiOhlinger Date: Tue, 21 Sep 2021 20:54:39 -0400 Subject: [PATCH] replaced html tables; fixed validation suggestions --- ...can-use-configuration-service-providers.md | 12 ++-- .../provision-pcs-for-initial-deployment.md | 72 ++++++++++++++++--- .../provisioning-apply-package.md | 2 +- .../provisioning-command-line.md | 4 +- .../provisioning-create-package.md | 2 +- .../provisioning-how-it-works.md | 2 +- .../provisioning-install-icd.md | 3 +- .../provisioning-multivariant.md | 13 ++-- .../provisioning-packages.md | 7 +- .../provisioning-powershell.md | 2 +- .../provisioning-script-to-install-app.md | 1 - 11 files changed, 87 insertions(+), 33 deletions(-) diff --git a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md index 658cadc4da..65eac1c2a8 100644 --- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md +++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md @@ -2,7 +2,7 @@ title: Configuration service providers for IT pros (Windows 10/11) description: Describes how IT pros and system administrators can use configuration service providers (CSPs) to configure devices. ms.assetid: 25C1FDCA-0E10-42A1-A368-984FFDB2B7B6 -ms.reviewer: +ms.reviewer: gkomatsu manager: dansimp ms.prod: w10 ms.mktglfcycl: manage @@ -32,7 +32,7 @@ Each CSP provides access to specific settings. For example, the [Wi-Fi CSP](/win CSPs are behind many of the management tasks and policies for Windows client, both in Microsoft Intune and in non-Microsoft MDM service providers. For example, in Intune, the policy to allow search suggestions in the Microsoft Edge address bar uses **Browser/AllowSearchSuggestionsinAddressBar** in the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider). -![how intune maps to csp.](../images/policytocsp.png) +:::image type="content" source="../images/policytocsp.png" alt-text="How intune maps to CSP"::: CSPs receive configuration policies in the XML-based Synchronization Markup Language (SyncML) format, pushed from an MDM-compliant management server, such as Microsoft Intune. Traditional enterprise management systems, such as Microsoft Endpoint Configuration Manager, can also target CSPs, by using a client-side Windows Management Instrumentation (WMI)-to-CSP Bridge. @@ -58,7 +58,7 @@ You can use Windows Configuration Designer to create [provisioning packages](./p Many settings in Windows Configuration Designer will display documentation for that setting in the center pane, and will include a reference to the CSP if the setting uses one, as shown in the following image. -![how help content appears in icd.](../images/cspinicd.png) +:::image type="content" source="../images/cspinicd.png" alt-text="In Windows Configuration Designer, how help content appears in icd."::: [Provisioning packages in Windows client](provisioning-packages.md) explains how to use the Windows Configuration Designer tool to create a runtime provisioning package. @@ -78,7 +78,7 @@ All CSPs are documented in the [Configuration service provider reference](/windo The [CSP reference](/windows/client-management/mdm/configuration-service-provider-reference) tells you which CSPs are supported on each edition of Windows, and links to the documentation for each individual CSP. -![csp per windows edition.](../images/csptable.png) +:::image type="content" source="../images/csptable.png" alt-text="The CSP reference shows the supported Windows editions"::: The documentation for each CSP follows the same structure. After an introduction that explains the purpose of the CSP, a diagram shows the parts of the CSP in tree format. @@ -86,7 +86,7 @@ The full path to a specific configuration setting is represented by its Open Mob The following example shows the diagram for the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp). The diagram maps to the XML for that CSP. Notice the different shapes in the diagram: rounded elements are nodes, and rectangular elements are settings or policies for which a value must be supplied. -![assigned access csp tree.](../images/provisioning-csp-assignedaccess.png) +:::image type="content" source="../images/provisioning-csp-assignedaccess.png" alt-text="The CSP reference shows the assigned access csp tree."::: The element in the tree diagram after the root node tells you the name of the CSP. Knowing this structure, you would recognize in XML the parts of the URI path for that CSP and, if you saw it in XML, you would know which CSP reference to look up. For example, in the following OMS-URI path for the kiosk mode app settings, you can see that it uses the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp). @@ -96,7 +96,7 @@ The element in the tree diagram after the root node tells you the name of the CS When an element in the diagram uses _italic_ font, it indicates a placeholder for specific information, such as the tenant ID in the following example. -![placeholder in csp tree.](../images/csp-placeholder.png) +:::image type="content" source="../images/csp-placeholder.png" alt-text="The placeholder in the CSP tree"::: After the diagram, the documentation describes each element. For each policy or setting, the valid values are listed. diff --git a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md index f826a8a266..7bcc415747 100644 --- a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md +++ b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md @@ -58,7 +58,7 @@ Provisioning packages can include management instructions and policies, installa > [!TIP] > Use the desktop wizard to create a package with the common settings, then switch to the advanced editor to add other settings, apps, policies, etc. > ->![open advanced editor.](../images/icd-simple-edit.png) +> :::image type="content" source="../images/icd-simple-edit.png" alt-text="In the desktop wizard, open the advanced editor."::: ## Create the provisioning package @@ -68,26 +68,76 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L 2. Click **Provision desktop devices**. - ![ICD start options.](../images/icd-create-options-1703.png) + :::image type="content" source="../images/icd-create-options-1703.png" alt-text="In Windows Configuration Designer, see the ICD start options."::: 3. Name your project and click **Finish**. The pages for desktop provisioning will walk you through the following steps. - ![ICD desktop provisioning.](../images/icd-desktop-1703.png) + :::image type="content" source="../images/icd-desktop-1703.png" alt-text="In Windows Configuration Designer, select Finish, and see the ICD desktop provisioning."::: > [!IMPORTANT] > When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. ## Configure settings +1. Enable device setup: - - - - - - - -
step oneset up device

Enter a name for the device.

(Optional) Select a license file to upgrade Windows client to a different edition. See the permitted upgrades.

Toggle Yes or No to Configure devices for shared use. This setting optimizes Windows client for shared use scenarios. Learn more about shared PC configuration.

You can also select to remove pre-installed software from the device. 		device name, upgrade to enterprise, shared use, remove pre-installed software
step two set up network

Toggle On or Off for wireless network connectivity. If you select On, enter the SSID, the network type (Open or WPA2-Personal), and (if WPA2-Personal) the password for the wireless network.		Enter network SSID and type
step three account management

Enable account management if you want to configure settings on this page.

You can enroll the device in Active Directory, enroll in Azure Active Directory, or create a local administrator account on the device

To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain.

Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, set up Azure AD join in your organization. The maximum number of devices per user setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 180 days from the date you get the token). Click Get bulk token. In the Let's get you signed in window, enter an account that has permissions to join a device to Azure AD, and then the password. Click Accept to give Windows Configuration Designer the necessary permissions.

To create a local administrator account, select that option and enter a user name and password.

Important: If you create a local account in the provisioning package, you must change the password using the Settings app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. 		join Active Directory, Azure AD, or create a local admin account
step four add applications

You can install multiple applications, both Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps, in a provisioning package. The settings in this step vary according to the application that you select. For help with the settings, see Provision PCs with apps. 		add an application
step five add certificates

To provision the device with a certificate, click Add a certificate. Enter a name for the certificate, and then browse to and select the certificate to be used.		add a certificate
The 'finish' button as displayed when provisioning a desktop device in Windows Configuration Designer.

You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.		Protect your package
+ :::image type="content" source="../images/set-up-device-details-desktop.png" alt-text="In Windows Configuration Designer, enable device setup, enter the device name, the product key to upgrade, turn off shared use, and remove preinstalled software."::: + + If you want to enable device setup, select **Set up device**, and configure the following settings: + + - **Device name**: Required. Enter a unique 15-character name for the device. You can use variables to add unique characters to the name, such as `Contoso-%SERIAL%` and `Contoso-%RAND:5%`. + - **Enter product key**: Optional. Select a license file to upgrade Windows client to a different edition. For more information, see [the permitted upgrades](/windows/deployment/upgrade/windows-10-edition-upgrades). + - **Configure devices for shared use**: Select **Yes** or **No** to optimize the Windows client for shared use scenarios. + - **Remove pre-installed software**: Optional. Select **Yes** if you want to remove preinstalled software. + +2. Set up the network: + + :::image type="content" source="../images/set-up-network-details-desktop.png" alt-text="In Windows Configuration Designer, turn on wireless connectivity, enter the network SSID, and network type."::: + + If you want to enable network setup, select **Set up network**, and configure the following settings: + + - **Set up network**: To enable wireless connectivity, select **On**. + - **Network SSID**: Enter the Service Set IDentifier (SSID) of the network. + - **Network type**: Select **Open** or **WPA2-Personal**. If you select **WPA2-Personal**, enter the password for the wireless network. + +3. Enable account management: + + :::image type="content" source="../images/account-management-details.png" alt-text="In Windows Configuration Designer, join Active Directory, Azure AD, or create a local admin account."::: + + If you want to enable account management, select **Account Management**, and configure the following settings: + + - **Manage organization/school accounts**: Choose how devices are enrolled. Your options: + - **Active Directory**: Enter the credentials for a least-privileged user account to join the device to the domain. + - **Azure Active Directory**: Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup). In your Azure AD tenant, the **maximum number of devices per user** setting determines how many times the bulk token in the wizard can be used. + + If you select this option, enter a friendly name for the bulk token you get using the wizard. Set an expiration date for the token. The maximum is 180 days from the date you get the token. Select **Get bulk token**. In **Let's get you signed in**, enter an account that has permissions to join a device to Azure AD, and then the password. Select **Accept** to give Windows Configuration Designer the necessary permissions. + + You must run Windows Configuration Designer on Windows client to configure Azure AD enrollment using any of the wizards. + + - **Local administrator**: If you select this option, enter a user name and password. If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password isn't changed during that period, the account might be locked out, and unable to sign in. + +4. Add applications: + + :::image type="content" source="../images/add-applications-details.png" alt-text="In Windows Configuration Designer, add an application."::: + + To add applications to the devices, select **Add applications**. You can install multiple applications, including Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps. The settings in this step vary depending on the application you select. For help with the settings, see [Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md). + +5. Add certificates: + + :::image type="content" source="../images/add-certificates-details.png" alt-text="In Windows Configuration Designer, add a certificate."::: + + To add a certificate to the devices, select **Add certificates**, and configure the following settings: + + - **Certificate name**: Enter a name for the certificate. + - **Certificate path**: Browse and select the certificate you want to add. + +6. Finish: + + :::image type="content" source="../images/finish-details.png" alt-text="In Windows Configuration Designer, protect your package with a password."::: + + To complete the wizard, select **Finish**, and configure the following setting: + + - **Protect your package**: Select **Yes** or **No** to password protect your provisioning package. When you apply the provisioning package to a device, you must enter this password. After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page. diff --git a/windows/configuration/provisioning-packages/provisioning-apply-package.md b/windows/configuration/provisioning-packages/provisioning-apply-package.md index 65c0c03a4d..b3cf6aa867 100644 --- a/windows/configuration/provisioning-packages/provisioning-apply-package.md +++ b/windows/configuration/provisioning-packages/provisioning-apply-package.md @@ -8,7 +8,7 @@ author: greg-lindsay ms.author: greglin ms.topic: article ms.localizationpriority: medium -ms.reviewer: +ms.reviewer: gkomatsu manager: dansimp --- diff --git a/windows/configuration/provisioning-packages/provisioning-command-line.md b/windows/configuration/provisioning-packages/provisioning-command-line.md index e73f3d5450..308f6bad92 100644 --- a/windows/configuration/provisioning-packages/provisioning-command-line.md +++ b/windows/configuration/provisioning-packages/provisioning-command-line.md @@ -1,6 +1,6 @@ --- title: Windows Configuration Designer command-line interface (Windows 10/11) -description: +description: Learn more about the ICD syntax, switches, and arguments that you can use in the Windows Configuration Designer command-line interface for Windows10/11 client devices. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -30,7 +30,7 @@ You can use the Windows Configuration Designer command-line interface (CLI) to a ## Syntax -``` icd +``` cmd icd.exe /Build-ProvisioningPackage /CustomizationXML: /PackagePath: [/StoreFile:] [/MSPackageRoot:] [/OEMInputXML:] [/ProductName:] [/Variables::] [[+|-]Encrypted] [[+|-]Overwrite] [/?] diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md index c9767905ce..7d3bd564aa 100644 --- a/windows/configuration/provisioning-packages/provisioning-create-package.md +++ b/windows/configuration/provisioning-packages/provisioning-create-package.md @@ -8,7 +8,7 @@ author: greg-lindsay ms.author: greglin ms.topic: article ms.localizationpriority: medium -ms.reviewer: +ms.reviewer: gkomatsu manager: dansimp --- diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md index e4ff8043f6..3d1a473ae6 100644 --- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md +++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md @@ -8,7 +8,7 @@ author: greg-lindsay ms.author: greglin ms.topic: article ms.localizationpriority: medium -ms.reviewer: +ms.reviewer: gkomatsu manager: dansimp --- diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md index e43cd69d98..97a69772ee 100644 --- a/windows/configuration/provisioning-packages/provisioning-install-icd.md +++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md @@ -8,7 +8,7 @@ author: greg-lindsay ms.author: greglin ms.topic: article ms.localizationpriority: medium -ms.reviewer: +ms.reviewer: gkomatsu manager: dansimp --- @@ -26,6 +26,7 @@ Use the Windows Configuration Designer tool to create provisioning packages to e Windows Configuration Designer can create provisioning packages for Windows client desktop, including Windows IoT Core, as well as Microsoft Surface Hub and Microsoft HoloLens. You can run Windows Configuration Designer on the following operating systems: +- Windows 11 - Windows 10 - x86 and amd64 - Windows 8.1 Update - x86 and amd64 - Windows 8.1 - x86 and amd64 diff --git a/windows/configuration/provisioning-packages/provisioning-multivariant.md b/windows/configuration/provisioning-packages/provisioning-multivariant.md index a2b51681ca..028b44c522 100644 --- a/windows/configuration/provisioning-packages/provisioning-multivariant.md +++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md @@ -36,10 +36,15 @@ A **Target** can have more than one **TargetState**, and a **TargetState** can h ![Target with multiple target states and conditions.](../images/multi-target.png) -The following table describes the logic for the target definition. +The following information describes the logic for the target definition: - -
When all Condition elements are TRUE, TargetState is TRUE.Target state is true when all conditions are true
If any of the TargetState elements is TRUE, Target is TRUE, and the ID can be used for setting customizations.Target is true if any target state is true
+- When all **Condition** elements are TRUE, **TargetState** is TRUE: + + :::image type="content" source="../images/icd-multi-targetstate-true.png" alt-text="Target state is true when all conditions are true."::: + +- If any of the **TargetState** elements is TRUE, **Target** is TRUE, and the **ID** can be used for setting customizations: + + :::image type="content" source="../images/icd-multi-target-true.png" alt-text="Target is true if any target state is true"::: ### Conditions @@ -291,7 +296,7 @@ The following events trigger provisioning on Windows client devices: | Package installation during device first run experience | Supported | | Detection of SIM presence or update | Supported | | Package installation at runtime | Supported | -| Roaming detected Not supported | +| Roaming detected | Not supported | ## Related articles diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md index 049789b70b..b7a5d07216 100644 --- a/windows/configuration/provisioning-packages/provisioning-packages.md +++ b/windows/configuration/provisioning-packages/provisioning-packages.md @@ -2,7 +2,7 @@ title: Provisioning packages overview on Windows 10/11 description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages, are and what they do. ms.assetid: 287706E5-063F-4AB5-902C-A0DF6D0730BC -ms.reviewer: +ms.reviewer: gkomatsu manager: dansimp ms.prod: w10 ms.mktglfcycl: deploy @@ -100,7 +100,6 @@ The following table describes settings that you can configure using the wizards - [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md) -- [Instructions for the mobile wizard](../mobile-devices/provisioning-configure-mobile.md) - [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard) - [Instructions for the HoloLens wizard](/hololens/hololens-provisioning#wizard) @@ -134,7 +133,7 @@ For details about the settings you can customize in provisioning packages, see [ WCD, simplified common provisioning scenarios. -![Configuration Designer options.](../images/icd.png) +:::image type="content" source="../images/icd.png" alt-text="Configuration Designer options"::: WCD supports the following scenarios for IT administrators: @@ -148,7 +147,7 @@ WCD supports the following scenarios for IT administrators: - Microsoft Intune (certificate-based enrollment) - AirWatch (password-string based enrollment) - - Mobile Iron (password-string based enrollment) + - MobileIron (password-string based enrollment) - Other MDMs (cert-based enrollment) diff --git a/windows/configuration/provisioning-packages/provisioning-powershell.md b/windows/configuration/provisioning-packages/provisioning-powershell.md index fc04ddb757..48b748a916 100644 --- a/windows/configuration/provisioning-packages/provisioning-powershell.md +++ b/windows/configuration/provisioning-packages/provisioning-powershell.md @@ -1,6 +1,6 @@ --- title: PowerShell cmdlets for provisioning Windows 10/11 (Windows 10/11) -description: +description: Learn morea bout the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows10/11 client desktop devices. ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md index 978c59acd8..51948f41b8 100644 --- a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md +++ b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md @@ -30,7 +30,6 @@ This walkthrough describes how to include scripts in a Windows client provisioni 2. If you need to include a directory structure of files, you will need to cab the assets for easy inclusion in the provisioning packages. - ## Cab the application assets 1. Create a `.DDF` file as below, replacing *file1* and *file2* with the files you want to package, and adding the name of file/directory.