diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index bf51ddcd42..f9bec539d6 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -14392,11 +14392,6 @@ "redirect_document_id": true }, { -"source_path": "windows/update/waas-wufb-intune.md", -"redirect_url": "https://docs.microsoft.com/windows/deployment/update/waas-wufb-intune", -"redirect_document_id": true -}, -{ "source_path": "windows/manage/manage-settings-app-with-group-policy.md", "redirect_url": "https://docs.microsoft.com/windows/client-management/manage-settings-app-with-group-policy", "redirect_document_id": true @@ -14652,9 +14647,9 @@ "redirect_document_id": true }, { -"source_path": "windows/privacy/basic-level-windows-diagnostic-events-and-fields.md", -"redirect_url": "https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903", -"redirect_document_id": true + "source_path": "windows/privacy/basic-level-windows-diagnostic-events-and-fields.md", + "redirect_url": "https://docs.microsoft.com/windows/privacy/required-windows-diagnostic-events-and-fields-2004", + "redirect_document_id": true }, { "source_path": "windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703.md", diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index 3dcabcaee0..cb44c5b311 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -18,7 +18,7 @@ ## [Getting around HoloLens (1st gen)](hololens1-basic-usage.md) ## [HoloLens (1st Gen) release notes](hololens1-release-notes.md) -# Deploy HoloLens and mixed-reality apps in commercial environments +# Deploy HoloLens and mixed reality apps in commercial environments ## [Commercial features](hololens-commercial-features.md) ## [Deploy HoloLens in a commercial environment](hololens-requirements.md) ## [Determine what licenses you need](hololens-licenses-requirements.md) @@ -29,13 +29,13 @@ ## [Manage HoloLens updates](hololens-updates.md) ## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) -# Navigating Windows Holographic -## [Start menu and mixed reality home](holographic-home.md) -## [Use your voice with HoloLens](hololens-cortana.md) +# Navigate the Windows Holographic environment +## [Use the Start menu and mixed reality home](holographic-home.md) +## [Use your voice to operate HoloLens](hololens-cortana.md) ## [Find, open, and save files](holographic-data.md) ## [Create mixed reality photos and videos](holographic-photos-and-videos.md) -# User management and access management +# Manage users and access ## [Manage user identity and sign-in for HoloLens](hololens-identity.md) ## [Share your HoloLens with multiple people](hololens-multiple-users.md) ## [Set up HoloLens as a kiosk](hololens-kiosk.md) diff --git a/devices/hololens/holographic-home.md b/devices/hololens/holographic-home.md index 9b554c0638..8cbbe10268 100644 --- a/devices/hololens/holographic-home.md +++ b/devices/hololens/holographic-home.md @@ -1,5 +1,5 @@ --- -title: Start menu and mixed reality home +title: Use the Start menu and mixed reality home description: Navigate the mixed reality home in Windows Holographic. ms.assetid: 742bc126-7996-4f3a-abb2-cf345dff730c ms.date: 08/07/2019 @@ -15,7 +15,7 @@ appliesto: - HoloLens 2 --- -# Start menu and mixed reality home +# Use the Start menu and mixed reality home Just like the Windows PC experience starts with the desktop, Windows Holographic starts with mixed reality home. Using the Start menu you can open and place app windows, immersive app launchers, and 3D content in mixed reality home, and their placement in your physical space will be remembered. diff --git a/devices/hololens/hololens-cortana.md b/devices/hololens/hololens-cortana.md index 89a01c0628..ec869cc67d 100644 --- a/devices/hololens/hololens-cortana.md +++ b/devices/hololens/hololens-cortana.md @@ -1,5 +1,5 @@ --- -title: Use your voice with HoloLens +title: Use your voice to operate HoloLens description: Cortana can help you do all kinds of things on your HoloLens ms.assetid: fd96fb0e-6759-4dbe-be1f-58bedad66fed ms.date: 03/10/2020 @@ -17,7 +17,7 @@ appliesto: - HoloLens 2 --- -# Use your voice with HoloLens +# Use your voice to operate HoloLens You can use your voice to do almost anything on HoloLens, such as taking a quick photo or opening an app. Many voice commands are built into HoloLens, while others are available through Cortana. @@ -34,14 +34,14 @@ Get around HoloLens faster with these basic commands. In order to use these, you ### General speech commands -Use these commands throughout Windows Mixed Reality to get around faster. Some commands use the gaze cursor, which you bring up by saying “select.” +Use these commands throughout Windows Mixed Reality to get around faster. Some commands use the gaze cursor, which you bring up by saying "select." > [!NOTE] > Hand rays are not supported on HoloLens (1st Gen). | Say this | To do this | | - | - | -| "Select" | Say "select" to bring up the gaze cursor. Then, turn your head to position the cursor on the thing you want to select, and say “select” again. | +| "Select" | Say "select" to bring up the gaze cursor. Then, turn your head to position the cursor on the thing you want to select, and say "select" again. | |Open the Start menu | "Go to Start" | |Close the Start menu | "Close" | |Leave an immersive app | Say "Go to Start" to bring up the quick actions menu, then say "Mixed reality home." | diff --git a/devices/hololens/hololens-enroll-mdm.md b/devices/hololens/hololens-enroll-mdm.md index 0e557e9c50..9eb5eea890 100644 --- a/devices/hololens/hololens-enroll-mdm.md +++ b/devices/hololens/hololens-enroll-mdm.md @@ -41,7 +41,7 @@ When auto-enrollment is enabled, no additional manual enrollment is needed. When 1. Select **Enroll into device management** and enter your organizational account. You will be redirected to your organization's sign in page. 1. Upon successful authentication to the MDM server, a success message is shown. -Your device is now enrolled with your MDM server. The device will need to restart to acquire policies, certificates, and apps. The Settings app will now reflect that the device is enrolled in device management. +Your device is now enrolled with your MDM server. The Settings app will now reflect that the device is enrolled in device management. ## Unenroll HoloLens from Intune diff --git a/devices/hololens/hololens-release-notes.md b/devices/hololens/hololens-release-notes.md index b98be63493..6653076c8c 100644 --- a/devices/hololens/hololens-release-notes.md +++ b/devices/hololens/hololens-release-notes.md @@ -132,7 +132,7 @@ Many Windows apps now support both dark and light modes, and HoloLens 2 customer - 3D Viewer - Movies & TV -![Dark mode windows tiled](images/hololens-darkmode-tiled-picture.jpg) +![Dark mode windows tiled](images/DarkMode.jpg) ### System voice commands diff --git a/devices/hololens/images/DarkMode.jpg b/devices/hololens/images/DarkMode.jpg new file mode 100644 index 0000000000..f2cd7c4510 Binary files /dev/null and b/devices/hololens/images/DarkMode.jpg differ diff --git a/devices/hololens/index.md b/devices/hololens/index.md index 47862d7138..91a487f9a0 100644 --- a/devices/hololens/index.md +++ b/devices/hololens/index.md @@ -53,7 +53,7 @@ appliesto: | [HoloLens user management](hololens-multiple-users.md) | Multiple users can share a HoloLens device by using their Azure Active Directory accounts. | | [HoloLens application access management](hololens-kiosk.md) | Manage application access for different user groups. | | [Recover and troubleshoot HoloLens issues](https://support.microsoft.com/products/hololens) | Learn how to gather logs from HoloLens, recover a misbehaving device, or reset HoloLens when necessary. | -| [Contact Support](https://support.microsoft.com/supportforbusiness/productselection) | Create a new support request for the business support team. | +| [Contact Support](https://support.microsoft.com/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f) | Create a new support request for the business support team. | | [More support options](https://support.microsoft.com/products/hololens) | Connect with Microsoft support resources for HoloLens in the enterprise. | ## Related resources diff --git a/devices/surface-hub/surface-hub-2s-account.md b/devices/surface-hub/surface-hub-2s-account.md index fb93b0e7d9..27c7053045 100644 --- a/devices/surface-hub/surface-hub-2s-account.md +++ b/devices/surface-hub/surface-hub-2s-account.md @@ -1,6 +1,6 @@ --- -title: "Create Surface Hub 2S device account" -description: "This page describes the procedure for creating the Surface Hub 2S device account." +title: Create Surface Hub 2S device account +description: This page describes the procedure for creating the Surface Hub 2S device account. keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library @@ -15,15 +15,18 @@ ms.localizationpriority: Medium # Create Surface Hub 2S device account -Creating a Surface Hub device account (also known as a Room mailbox) allows Surface Hub 2S to receive, approve, or decline meeting requests and join meetings using Microsoft Teams or Skype for Business. Configure the device account during OOBE setup. If needed you can change it later (without going through OOBE setup). +Creating a Surface Hub device account (also known as a Room mailbox) allows Surface Hub 2S to receive, approve, or decline meeting requests and join meetings using either Microsoft Teams or Skype for Business. Configure the device account during Out-of-Box Experience (OOBE) setup. If needed, you can change it later (without going through OOBE setup). Unlike standard Room mailboxes that remain disabled by default, you need to enable the Surface Hub 2S device account to sign on to Microsoft Teams and Skype for Business. Surface Hub 2S relies on Exchange ActiveSync, which requires an ActiveSync mailbox policy on the device account. Apply the default ActiveSync mailbox policy that comes with Exchange Online. -Create the account using the Microsoft 365 admin center or by using PowerShell. You can use Exchange Online PowerShell to configure specific features including: +Create the account by using the Microsoft 365 admin center or by using PowerShell. You can use Exchange Online PowerShell to configure specific features including: - Calendar processing for every Surface Hub device account. - Custom auto replies to scheduling requests. -- If the default ActiveSync mailbox policy has already been modified by someone else or another process, you will likely have to create and assign a new ActiveSync mailbox policy +- If the default ActiveSync mailbox policy has already been modified by someone else or by another process, you will likely have to create and assign a new ActiveSync mailbox policy. + +> [!NOTE] +> The Surface Hub device account doesn’t support third-party Federated Identity Providers (FIPs) and must be a standard Active Directory or Azure Active Directory account. ## Create account using Microsoft 365 admin center @@ -31,17 +34,17 @@ Create the account using the Microsoft 365 admin center or by using PowerShell. 2. Provide a name and email address for the device account. Leave remaining settings unchanged in the default state. -![Provide a name and email address](images/sh2-account2.png) + ![Provide a name and email address](images/sh2-account2.png) -![Leave remaining settings unchanged in the default state](images/sh2-account3.png) + ![Leave remaining settings unchanged in the default state](images/sh2-account3.png) 3. Set the password for the device account. To set the password, choose **Users** and then select **Active Users**. Now search for the newly created user to set the password. Ensure that you **do not** select the option **Make this user change their password when they first sign in.** -![Set the password for the device account](images/sh2-account4.png) + ![Set the password for the device account](images/sh2-account4.png) 4. Assign the room with an Office 365 license. It’s recommended to assign the Office 365 **Meeting Room** license, a new option that automatically enables the account for Skype for Business Online and Microsoft Teams. -![Assign Office 365 license](images/sh2-account5.png) + ![Assign Office 365 license](images/sh2-account5.png) ### Finalize setup via PowerShell @@ -50,6 +53,7 @@ Create the account using the Microsoft 365 admin center or by using PowerShell. - **Microsoft Teams and Skype for Business Calendar:** Set [**Calendar Auto processing**](https://docs.microsoft.com/surface-hub/surface-hub-2s-account?source=docs#set-calendar-auto-processing) for this account. ## Create account using PowerShell + Instead of using the Microsoft Admin Center portal, you can create the account using PowerShell. ### Connect to Exchange Online PowerShell @@ -59,13 +63,13 @@ $365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $ImportResults = Import-PSSession $365Session ``` -### Create a new Room Mailbox +### Create a new Room mailbox ```powershell New-Mailbox -MicrosoftOnlineServicesID account@YourDomain.com -Alias SurfaceHub2S -Name SurfaceHub2S -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String "" -AsPlainText -Force) ``` -### Set Calendar Auto processing +### Set Calendar auto-processing ```powershell Set-CalendarProcessing -Identity "account@YourDomain.com" -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false -AddAdditionalResponse $true -AdditionalResponse "This room is equipped with a Surface Hub" @@ -81,7 +85,7 @@ Set-MsolUserLicense -UserPrincipalName "account@YourDomain.com" -AddLicenses "co ## Connect to Skype for Business Online using PowerShell -### Install prerequisites +### Install pre-requisites - [Visual C++ 2017 Redistributable](https://aka.ms/vs/15/release/vc_redist.x64.exe) - [Skype for Business Online PowerShell Module](https://www.microsoft.com/download/confirmation.aspx?id=39366) diff --git a/devices/surface-hub/surface-hub-security.md b/devices/surface-hub/surface-hub-security.md index 4dc2b7518e..faee5ad929 100644 --- a/devices/surface-hub/surface-hub-security.md +++ b/devices/surface-hub/surface-hub-security.md @@ -5,7 +5,7 @@ keywords: separate values with commas ms.prod: surface-hub ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin manager: laurawi audience: Admin ms.topic: article diff --git a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md index 017f34559f..4abd9e0c86 100644 --- a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md +++ b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md @@ -11,7 +11,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices, security ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article --- diff --git a/devices/surface/assettag.md b/devices/surface/assettag.md index 296a57b10e..6d9533bb52 100644 --- a/devices/surface/assettag.md +++ b/devices/surface/assettag.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage ms.localizationpriority: medium ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: hachidan manager: laurawi diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md index 35be5e736d..b1aed6e997 100644 --- a/devices/surface/change-history-for-surface.md +++ b/devices/surface/change-history-for-surface.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.localizationpriority: medium ms.audience: itpro diff --git a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md index f68989b045..e8ce13b98d 100644 --- a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md +++ b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.pagetype: surface, devices ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.localizationpriority: medium ms.audience: itpro diff --git a/devices/surface/customize-the-oobe-for-surface-deployments.md b/devices/surface/customize-the-oobe-for-surface-deployments.md index 70d53dae71..cb492c2620 100644 --- a/devices/surface/customize-the-oobe-for-surface-deployments.md +++ b/devices/surface/customize-the-oobe-for-surface-deployments.md @@ -11,7 +11,7 @@ ms.mktglfcycl: deploy ms.pagetype: surface, devices ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.audience: itpro --- diff --git a/devices/surface/deploy-surface-app-with-windows-store-for-business.md b/devices/surface/deploy-surface-app-with-windows-store-for-business.md index 121be61007..fc2956ead6 100644 --- a/devices/surface/deploy-surface-app-with-windows-store-for-business.md +++ b/devices/surface/deploy-surface-app-with-windows-store-for-business.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.pagetype: surface, store ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.localizationpriority: medium ms.audience: itpro diff --git a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md b/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md index 47f14939db..bb8e62fb6b 100644 --- a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md +++ b/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.pagetype: surface ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.localizationpriority: medium ms.audience: itpro diff --git a/devices/surface/deploy.md b/devices/surface/deploy.md index a7220315da..7431a22a8a 100644 --- a/devices/surface/deploy.md +++ b/devices/surface/deploy.md @@ -8,7 +8,7 @@ ms.sitesec: library author: coveminer ms.reviewer: manager: laurawi -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.localizationpriority: medium ms.audience: itpro diff --git a/devices/surface/documentation/surface-system-sku-reference.md b/devices/surface/documentation/surface-system-sku-reference.md index 0d49be965e..227d58d778 100644 --- a/devices/surface/documentation/surface-system-sku-reference.md +++ b/devices/surface/documentation/surface-system-sku-reference.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article --- # Surface System SKU Reference diff --git a/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md b/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md index d51a90413e..36f05515f3 100644 --- a/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md +++ b/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md @@ -11,7 +11,7 @@ ms.mktglfcycl: deploy ms.pagetype: surface, devices ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article --- diff --git a/devices/surface/enroll-and-configure-surface-devices-with-semm.md b/devices/surface/enroll-and-configure-surface-devices-with-semm.md index 56282326a4..6eb848da41 100644 --- a/devices/surface/enroll-and-configure-surface-devices-with-semm.md +++ b/devices/surface/enroll-and-configure-surface-devices-with-semm.md @@ -7,7 +7,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices, security ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.localizationpriority: medium ms.audience: itpro diff --git a/devices/surface/ethernet-adapters-and-surface-device-deployment.md b/devices/surface/ethernet-adapters-and-surface-device-deployment.md index abc4672793..a68242b88a 100644 --- a/devices/surface/ethernet-adapters-and-surface-device-deployment.md +++ b/devices/surface/ethernet-adapters-and-surface-device-deployment.md @@ -11,7 +11,7 @@ ms.mktglfcycl: deploy ms.pagetype: surface, devices ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.audience: itpro --- diff --git a/devices/surface/ltsb-for-surface.md b/devices/surface/ltsb-for-surface.md index c250085467..17e6d48fb1 100644 --- a/devices/surface/ltsb-for-surface.md +++ b/devices/surface/ltsb-for-surface.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: manager: laurawi diff --git a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md index 36197ca93f..e7c739be75 100644 --- a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md +++ b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: manager: laurawi diff --git a/devices/surface/manage-surface-driver-and-firmware-updates.md b/devices/surface/manage-surface-driver-and-firmware-updates.md index 75ccff3070..1d78180a03 100644 --- a/devices/surface/manage-surface-driver-and-firmware-updates.md +++ b/devices/surface/manage-surface-driver-and-firmware-updates.md @@ -11,7 +11,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.audience: itpro --- diff --git a/devices/surface/manage-surface-uefi-settings.md b/devices/surface/manage-surface-uefi-settings.md index c5f41821d3..f56bcb55d1 100644 --- a/devices/surface/manage-surface-uefi-settings.md +++ b/devices/surface/manage-surface-uefi-settings.md @@ -8,7 +8,7 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: devices, surface author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: manager: laurawi diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md index f0e6c5d221..2bb2c8a956 100644 --- a/devices/surface/microsoft-surface-brightness-control.md +++ b/devices/surface/microsoft-surface-brightness-control.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: hachidan manager: laurawi diff --git a/devices/surface/support-solutions-surface.md b/devices/surface/support-solutions-surface.md index ab4c3a46c4..d9f0e6200d 100644 --- a/devices/surface/support-solutions-surface.md +++ b/devices/surface/support-solutions-surface.md @@ -10,7 +10,7 @@ ms.mktglfcycl: support ms.sitesec: library ms.pagetype: surfacehub author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.date: 09/26/2019 ms.localizationpriority: medium diff --git a/devices/surface/surface-book-quadro.md b/devices/surface/surface-book-quadro.md index 79fb762dba..8b1599f5b4 100644 --- a/devices/surface/surface-book-quadro.md +++ b/devices/surface/surface-book-quadro.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage ms.localizationpriority: medium ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.date: 5/06/2020 ms.reviewer: brrecord diff --git a/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md b/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md index 044b0e0437..19eb605696 100644 --- a/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md +++ b/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md @@ -7,7 +7,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.localizationpriority: medium ms.audience: itpro diff --git a/devices/surface/surface-diagnostic-toolkit-command-line.md b/devices/surface/surface-diagnostic-toolkit-command-line.md index 035eec60da..d7b8828415 100644 --- a/devices/surface/surface-diagnostic-toolkit-command-line.md +++ b/devices/surface/surface-diagnostic-toolkit-command-line.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: hachidan manager: laurawi diff --git a/devices/surface/surface-diagnostic-toolkit-desktop-mode.md b/devices/surface/surface-diagnostic-toolkit-desktop-mode.md index 795bff7f7f..7734d2a4fa 100644 --- a/devices/surface/surface-diagnostic-toolkit-desktop-mode.md +++ b/devices/surface/surface-diagnostic-toolkit-desktop-mode.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: hachidan manager: laurawi diff --git a/devices/surface/surface-diagnostic-toolkit-for-business-intro.md b/devices/surface/surface-diagnostic-toolkit-for-business-intro.md index 2b19282899..10939f979e 100644 --- a/devices/surface/surface-diagnostic-toolkit-for-business-intro.md +++ b/devices/surface/surface-diagnostic-toolkit-for-business-intro.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: cottmca manager: laurawi diff --git a/devices/surface/surface-manage-dfci-guide.md b/devices/surface/surface-manage-dfci-guide.md index f21805f1a7..e1df0dc226 100644 --- a/devices/surface/surface-manage-dfci-guide.md +++ b/devices/surface/surface-manage-dfci-guide.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.date: 11/13/2019 ms.reviewer: jesko diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md index 488eeca1a2..5b7adaf812 100644 --- a/devices/surface/surface-pro-arm-app-management.md +++ b/devices/surface/surface-pro-arm-app-management.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage ms.localizationpriority: high ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.date: 4/15/2020 ms.reviewer: jessko diff --git a/devices/surface/surface-pro-arm-app-performance.md b/devices/surface/surface-pro-arm-app-performance.md index 4459d6052b..10f3e57bbd 100644 --- a/devices/surface/surface-pro-arm-app-performance.md +++ b/devices/surface/surface-pro-arm-app-performance.md @@ -6,7 +6,7 @@ ms.localizationpriority: medium ms.mktglfcycl: manage ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.date: 10/03/2019 ms.reviewer: jessko diff --git a/devices/surface/surface-system-sku-reference.md b/devices/surface/surface-system-sku-reference.md index c0de20193f..499e718991 100644 --- a/devices/surface/surface-system-sku-reference.md +++ b/devices/surface/surface-system-sku-reference.md @@ -7,7 +7,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices, security ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.date: 03/09/2020 ms.reviewer: diff --git a/devices/surface/surface-wireless-connect.md b/devices/surface/surface-wireless-connect.md index 24a358065b..34c653abc0 100644 --- a/devices/surface/surface-wireless-connect.md +++ b/devices/surface/surface-wireless-connect.md @@ -7,7 +7,7 @@ ms.sitesec: library author: coveminer ms.audience: itpro ms.localizationpriority: medium -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: tokatz manager: laurawi diff --git a/devices/surface/unenroll-surface-devices-from-semm.md b/devices/surface/unenroll-surface-devices-from-semm.md index 0caea932ab..6750387137 100644 --- a/devices/surface/unenroll-surface-devices-from-semm.md +++ b/devices/surface/unenroll-surface-devices-from-semm.md @@ -7,7 +7,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices, security ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: manager: laurawi diff --git a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md index c9345502d8..7602e690be 100644 --- a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md +++ b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.pagetype: surface ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.localizationpriority: medium ms.audience: itpro diff --git a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md index 21616dc89e..91c1b17875 100644 --- a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md +++ b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md @@ -7,7 +7,7 @@ ms.mktglfcycl: manage ms.pagetype: surface, devices ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: manager: laurawi diff --git a/devices/surface/using-the-sda-deployment-share.md b/devices/surface/using-the-sda-deployment-share.md index 0309d071ec..288e79b8c6 100644 --- a/devices/surface/using-the-sda-deployment-share.md +++ b/devices/surface/using-the-sda-deployment-share.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.pagetype: surface, devices ms.sitesec: library author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.localizationpriority: medium ms.audience: itpro diff --git a/devices/surface/wake-on-lan-for-surface-devices.md b/devices/surface/wake-on-lan-for-surface-devices.md index a6686dcf69..b9c11bd90f 100644 --- a/devices/surface/wake-on-lan-for-surface-devices.md +++ b/devices/surface/wake-on-lan-for-surface-devices.md @@ -8,7 +8,7 @@ ms.pagetype: surface, devices ms.sitesec: library ms.localizationpriority: medium author: coveminer -ms.author: v-jokai +ms.author: greglin ms.topic: article ms.reviewer: scottmca manager: laurawi diff --git a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md index 76656d39e1..38d5dc61eb 100644 --- a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md +++ b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md @@ -4,7 +4,6 @@ title: How to Revert Extension Points From an App-V 5.0 Package to an App-V 4.6 description: How to Revert Extension Points From an App-V 5.0 Package to an App-V 4.6 Package for a Specific User ms.assetid: f1d2ab1f-0831-4976-b49f-169511d3382a author: dansimp -ms.assetid: f1d2ab1f-0831-4976-b49f-169511d3382a ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library diff --git a/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md b/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md index 0345a45113..bad9d61431 100644 --- a/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md +++ b/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md @@ -4,7 +4,6 @@ title: How to Use an App-V 4.6 Application From an App-V 5.0 Application description: How to Use an App-V 4.6 Application From an App-V 5.0 Application ms.assetid: 4e78cb32-9c8b-478e-ae8b-c474a7e42487 author: msfttracyp -ms.assetid: 4e78cb32-9c8b-478e-ae8b-c474a7e42487 ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library diff --git a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md index cd77d39b06..8a255ed548 100644 --- a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md +++ b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md @@ -11,8 +11,7 @@ ms.mktglfcycl: manage ms.sitesec: library ms.prod: w10 ms.date: 8/30/2018 -ms.author: pashort -author: shortpatti +ms.author: dansimp --- # Applying hotfixes on MBAM 2.5 SP1 diff --git a/mdop/mbam-v25/deploy-mbam.md b/mdop/mbam-v25/deploy-mbam.md index a921105176..c035e3eadb 100644 --- a/mdop/mbam-v25/deploy-mbam.md +++ b/mdop/mbam-v25/deploy-mbam.md @@ -8,7 +8,6 @@ ms.author: delhan ms.sitesec: library ms.prod: w10 ms.date: 09/16/2019 -manager: dcscontentpm --- # Deploying MBAM 2.5 in a standalone configuration diff --git a/mdop/mbam-v25/troubleshooting-mbam-installation.md b/mdop/mbam-v25/troubleshooting-mbam-installation.md index f2d0494b7f..9dce3b1297 100644 --- a/mdop/mbam-v25/troubleshooting-mbam-installation.md +++ b/mdop/mbam-v25/troubleshooting-mbam-installation.md @@ -8,7 +8,6 @@ ms.author: delhan ms.sitesec: library ms.prod: w10 ms.date: 09/16/2019 -manager: dcscontentpm --- # Troubleshooting MBAM 2.5 installation problems diff --git a/mdop/mbam-v25/upgrade-mbam2.5-sp1.md b/mdop/mbam-v25/upgrade-mbam2.5-sp1.md index 153757ee67..0e55529039 100644 --- a/mdop/mbam-v25/upgrade-mbam2.5-sp1.md +++ b/mdop/mbam-v25/upgrade-mbam2.5-sp1.md @@ -2,11 +2,10 @@ title: Upgrading from MBAM 2.5 to MBAM 2.5 SP1 Servicing Release Update author: dansimp ms.author: ksharma -manager: +manager: miaposto audience: ITPro ms.topic: article ms.prod: w10 -manager: miaposto ms.localizationpriority: Normal --- diff --git a/smb/cloud-mode-business-setup.md b/smb/cloud-mode-business-setup.md index b62b89b55a..9b5f3ae040 100644 --- a/smb/cloud-mode-business-setup.md +++ b/smb/cloud-mode-business-setup.md @@ -2,7 +2,7 @@ title: Deploy and manage a full cloud IT solution for your business description: Learn how to set up a cloud infrastructure for your business, acquire devices and apps, and configure and deploy policies to your devices. keywords: smb, full cloud IT solution, small to medium business, deploy, setup, manage, Windows, Intune, Office 365 -ms.prod: +ms.prod: w10 ms.technology: ms.author: eravena audience: itpro @@ -13,6 +13,7 @@ author: eavena ms.reviewer: manager: dansimp ms.localizationpriority: medium +ms.topic: conceptual --- # Get started: Deploy and manage a full cloud IT solution for your business diff --git a/smb/index.md b/smb/index.md index 5cc2746261..1f9527ebf2 100644 --- a/smb/index.md +++ b/smb/index.md @@ -2,16 +2,17 @@ title: Windows 10 for small to midsize businesses description: Microsoft products and devices to transform and grow your businessLearn how to use Windows 10 for your small to midsize business. keywords: Windows 10, SMB, small business, midsize business, business -ms.prod: +ms.prod: w10 ms.technology: ms.topic: article -ms.author: celested +ms.author: dansimp ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: smb -author: CelesteDG +author: dansimp ms.localizationpriority: medium manager: dansimp +audience: itpro --- # Windows 10 for SMB diff --git a/store-for-business/microsoft-store-for-business-education-powershell-module.md b/store-for-business/microsoft-store-for-business-education-powershell-module.md index b7fea1a9ef..04c86ceb64 100644 --- a/store-for-business/microsoft-store-for-business-education-powershell-module.md +++ b/store-for-business/microsoft-store-for-business-education-powershell-module.md @@ -9,7 +9,6 @@ author: TrudyHa ms.author: TrudyHa ms.topic: conceptual ms.localizationpriority: medium -ms.author: ms.date: 10/22/2017 ms.reviewer: manager: dansimp diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md index da98a12e3b..b82c42bf9a 100644 --- a/windows/application-management/manage-windows-mixed-reality.md +++ b/windows/application-management/manage-windows-mixed-reality.md @@ -13,7 +13,7 @@ ms.author: dansimp ms.topic: article --- -# Enable or block Windows Mixed Reality apps in the enterprise +# Enable or block Windows Mixed Reality apps in enterprises **Applies to** @@ -33,7 +33,7 @@ Organizations that use Windows Server Update Services (WSUS) must take action to 2. Windows Mixed Reality Feature on Demand (FOD) is downloaded from Windows Update. If access to Windows Update is blocked, you must manually install the Windows Mixed Reality FOD. - a. Download the FOD .cab file for [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab), [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab), [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), or [Windows 10, version 1709](https://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab). + a. Download the FOD .cab file for [Windows 10, version 20H1](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab), [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab), [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), or [Windows 10, version 1709](https://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab). >[!NOTE] >You must download the FOD .cab file that matches your operating system version. diff --git a/windows/client-management/determine-appropriate-page-file-size.md b/windows/client-management/determine-appropriate-page-file-size.md index b6abb3661e..8daf0f4ce4 100644 --- a/windows/client-management/determine-appropriate-page-file-size.md +++ b/windows/client-management/determine-appropriate-page-file-size.md @@ -8,8 +8,8 @@ author: Deland-Han ms.localizationpriority: medium ms.author: delhan ms.date: 8/28/2019 -ms.reviewer: -manager: dcscontentpm +ms.reviewer: dcscontentpm +manager: dansimp --- # How to determine the appropriate page file size for 64-bit versions of Windows diff --git a/windows/client-management/introduction-page-file.md b/windows/client-management/introduction-page-file.md index cee81bcd72..2f12bd900f 100644 --- a/windows/client-management/introduction-page-file.md +++ b/windows/client-management/introduction-page-file.md @@ -7,8 +7,8 @@ ms.topic: troubleshooting author: Deland-Han ms.localizationpriority: medium ms.author: delhan -ms.reviewer: greglin -manager: dcscontentpm +ms.reviewer: dcscontentpm +manager: dansimp --- # Introduction to page files diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md index 40de22d2b3..7a9545e09a 100644 --- a/windows/client-management/mdm/accounts-csp.md +++ b/windows/client-management/mdm/accounts-csp.md @@ -40,7 +40,7 @@ Available naming macros: Supported operation is Add. > [!Note] -> For desktop PCs on the next major release of Windows 10 or later, use the **Ext/Microsoft/DNSComputerName** node in [DevDetail CSP](devdetail-csp.md). +> For desktop PCs on Windows 10, version 2004 or later, use the **Ext/Microsoft/DNSComputerName** node in [DevDetail CSP](devdetail-csp.md). **Users** Interior node for the user account information. diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index c76115e831..f93af2f2a2 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -2808,4 +2808,4 @@ The following list shows the CSPs supported in HoloLens devices: - 5 - Added in Windows 10, version 1809. - 6 - Added in Windows 10, version 1903. - 7 - Added in Windows 10, version 1909. -- 8 - Added in the next major release of Windows 10. +- 8 - Added in Windows 10, version 2004. diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md index 859ffd1672..285d96ddf8 100644 --- a/windows/client-management/mdm/devdetail-csp.md +++ b/windows/client-management/mdm/devdetail-csp.md @@ -14,9 +14,6 @@ ms.date: 03/27/2020 # DevDetail CSP -> [!WARNING] -> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. - The DevDetail configuration service provider handles the management object which provides device-specific parameters to the OMA DM server. These device parameters are not sent from the client to the server automatically, but can be queried by servers using OMA DM commands. > [!NOTE] @@ -135,7 +132,7 @@ Value type is string. Supported operations are Get and Replace. **Ext/Microsoft/DNSComputerName** -Added in the next major release of Windows 10. This node specifies the DNS computer name for a device. The server must explicitly reboot the device for this value to take effect. A couple of macros can be embedded within the value for dynamic substitution. Using any of these macros will limit the new name to 63 characters. This node replaces the **Domain/ComputerName** node in [Accounts CSP](accounts-csp.md). +Added in Windows 10, version 2004. This node specifies the DNS computer name for a device. The server must explicitly reboot the device for this value to take effect. A couple of macros can be embedded within the value for dynamic substitution. Using any of these macros will limit the new name to 63 characters. This node replaces the **Domain/ComputerName** node in [Accounts CSP](accounts-csp.md). The following are the available naming macros: diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md index 1c440edf96..5384ce0168 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md @@ -14,9 +14,6 @@ ms.date: 09/27/2019 # EnterpriseModernAppManagement CSP -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. - The EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps. For details about how to use this CSP to for reporting apps inventory, installation and removal of apps for users, provisioning apps to devices, and managing app licenses, see [Enterprise app management](enterprise-app-management.md). > [!Note] @@ -329,6 +326,7 @@ Required. The value is 0 or 1 that indicates if the app is provisioned on the de Supported operation is Get. **.../*PackageFamilyName*/*PackageFullName*/IsStub** +Added in Windows 10, version 2004. Required. This node is used to identify whether the package is a stub package. A stub package is a version of the package with minimal functionality that will reduce the size of the app. The value is 1 if the package is a stub package and 0 (zero) for all other cases. Value type is int. diff --git a/windows/client-management/mdm/esim-enterprise-management.md b/windows/client-management/mdm/esim-enterprise-management.md index 386f5a8c48..9251f6a755 100644 --- a/windows/client-management/mdm/esim-enterprise-management.md +++ b/windows/client-management/mdm/esim-enterprise-management.md @@ -8,7 +8,7 @@ ms.sitesec: library author: dansimp ms.localizationpriority: medium ms.author: dansimp -ms.topic: +ms.topic: conceptual --- # How Mobile Device Management Providers support eSIM Management on Windows diff --git a/windows/client-management/mdm/images/provisioning-csp-devdetail-dm.png b/windows/client-management/mdm/images/provisioning-csp-devdetail-dm.png index 6ece851369..76df1eafea 100644 Binary files a/windows/client-management/mdm/images/provisioning-csp-devdetail-dm.png and b/windows/client-management/mdm/images/provisioning-csp-devdetail-dm.png differ diff --git a/windows/client-management/mdm/images/provisioning-csp-enterprisemodernappmanagement.png b/windows/client-management/mdm/images/provisioning-csp-enterprisemodernappmanagement.png index 5c90ec5a2b..4328edcad7 100644 Binary files a/windows/client-management/mdm/images/provisioning-csp-enterprisemodernappmanagement.png and b/windows/client-management/mdm/images/provisioning-csp-enterprisemodernappmanagement.png differ diff --git a/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png b/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png index 498ce66f47..f123d98073 100644 Binary files a/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png and b/windows/client-management/mdm/images/provisioning-csp-supl-dmandcp.png differ diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 0ab027fca0..8a720f94a0 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -24,6 +24,7 @@ This topic provides information about what's new and breaking changes in Windows For details about Microsoft mobile device management protocols for Windows 10 see [\[MS-MDM\]: Mobile Device Management Protocol](https://go.microsoft.com/fwlink/p/?LinkId=619346) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( https://go.microsoft.com/fwlink/p/?LinkId=619347). - **What’s new in MDM for Windows 10 versions** + - [What’s new in MDM for Windows 10, version 2004](#whats-new-in-mdm-for-windows-10-version-2004) - [What’s new in MDM for Windows 10, version 1909](#whats-new-in-mdm-for-windows-10-version-1909) - [What’s new in MDM for Windows 10, version 1903](#whats-new-in-mdm-for-windows-10-version-1903) - [What’s new in MDM for Windows 10, version 1809](#whats-new-in-mdm-for-windows-10-version-1809) @@ -58,6 +59,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s - [What is dmwappushsvc?](#what-is-dmwappushsvc) - **Change history in MDM documentation** + - [May 2020](#may-2020) - [February 2020](#february-2020) - [January 2020](#january-2020) - [November 2019](#november-2019) @@ -87,6 +89,45 @@ For details about Microsoft mobile device management protocols for Windows 10 s - [September 2017](#september-2017) - [August 2017](#august-2017) +## What’s new in MDM for Windows 10, version 2004 + ++++ + + + + + + + + + + + + + + + + + + + + +
New or updated topicDescription
Policy CSP

Added the following new policies in Windows 10, version 2004:

+
DevDetail CSP

Added the following new node:
Ext/Microsoft/DNSComputerName

+
EnterpriseModernAppManagement CSP

Added the following new node:
IsStub

+
SUPL CSP

Added the following new node:
FullVersion

+
+ ## What’s new in MDM for Windows 10, version 1909 @@ -1940,6 +1981,13 @@ How do I turn if off? | The service can be stopped from the "Services" console o ## Change history in MDM documentation +### May 2020 +|New or updated topic | Description| +|--- | ---| +|[BitLocker CSP](bitlocker-csp.md)|Added the bitmask table for the Status/DeviceEncryptionStatus node.| +|[Policy CSP - RestrictedGroups](policy-csp-restrictedgroups.md)| Updated the topic with additional details. Added policy timeline table. + + ### February 2020 |New or updated topic | Description| |--- | ---| diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md index 798bbae111..b2bfd70f15 100644 --- a/windows/client-management/mdm/policy-csp-applicationmanagement.md +++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md @@ -14,10 +14,6 @@ manager: dansimp # Policy CSP - ApplicationManagement -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. - -
@@ -436,15 +432,15 @@ Most restricted value: 0 - + - + - +
Businesscheck mark7check mark8
Enterprisecheck mark7check mark8
Educationcheck mark7check mark8
@@ -462,7 +458,7 @@ Most restricted value: 0 -Added in the next major release of Windows 10. +Added in Windows 10, version 2004. Manages non-administrator users' ability to install Windows app packages. @@ -1112,7 +1108,7 @@ Footnotes: - 4 - Added in Windows 10, version 1803. - 5 - Added in Windows 10, version 1809. - 6 - Added in Windows 10, version 1903. -- 7 - Added in the next major release of Windows 10. - +- 7 - Added in Windows 10, version 1909. +- 8 - Added in Windows 10, version 2004. diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index 40e770a691..74dbe86c25 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -14,9 +14,6 @@ manager: dansimp # Policy CSP - Bluetooth -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. -
@@ -412,19 +409,19 @@ The default value is an empty string. For more information, see [ServicesAllowed Pro - check mark7 + check mark8 Business - check mark7 + check mark8 Enterprise - check mark7 + check mark8 Education - check mark7 + check mark8 @@ -441,8 +438,7 @@ The default value is an empty string. For more information, see [ServicesAllowed -Added in the next major release of Windows 10. -There are multiple levels of encryption strength when pairing Bluetooth devices. This policy helps prevent weaker devices cryptographically being used in high security environments. +Added in Windows 10, version 2004. There are multiple levels of encryption strength when pairing Bluetooth devices. This policy helps prevent weaker devices cryptographically being used in high security environments. @@ -470,8 +466,8 @@ Footnotes: - 4 - Added in Windows 10, version 1803. - 5 - Added in Windows 10, version 1809. - 6 - Added in Windows 10, version 1903. -- 7 - Added in the next major release of Windows 10. - +- 7 - Added in Windows 10, version 1909. +- 8 - Added in Windows 10, version 2004.
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index d3fa4df77e..4b686d7c13 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -17,11 +17,6 @@ ms.localizationpriority: medium > [!NOTE] > You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). -
- -> [!NOTE] -> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). - ## Browser policies @@ -4310,4 +4305,3 @@ Footnotes: - 6 - Added in Windows 10, version 1903. - diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md index 825ac41a15..3f4beef3e9 100644 --- a/windows/client-management/mdm/policy-csp-education.md +++ b/windows/client-management/mdm/policy-csp-education.md @@ -52,23 +52,23 @@ manager: dansimp Home - check mark + check mark8 Pro - check mark + check mark8 Business - check mark + check mark8 Enterprise - check mark + check mark8 Education - check mark + check mark8 @@ -85,7 +85,7 @@ manager: dansimp -Added in next major release of Windows 10. This policy setting allows you to control whether graphing functionality is available in the Windows Calculator app. If you disable this policy setting, graphing functionality will not be accessible in the Windows Calculator app. If you enable or don't configure this policy setting, you will be able to access graphing functionality. +Added in Windows 10, version 2004. This policy setting allows you to control whether graphing functionality is available in the Windows Calculator app. If you disable this policy setting, graphing functionality will not be accessible in the Windows Calculator app. If you enable or don't configure this policy setting, you will be able to access graphing functionality. ADMX Info: @@ -283,6 +283,8 @@ Footnotes: - 4 - Added in Windows 10, version 1803. - 5 - Added in Windows 10, version 1809. - 6 - Added in Windows 10, version 1903. +- 7 - Added in Windows 10, version 1909. +- 8 - Added in Windows 10, version 2004. diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md index 3b7a445092..4935d3f947 100644 --- a/windows/client-management/mdm/policy-csp-restrictedgroups.md +++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md @@ -155,7 +155,7 @@ where: ### Policy timeline -The behavior of this policy setting differs in different Windows 10 versions. For Windows 10, version 1809 through version 1909, you can use name in `` and SID in ``. For the latest release of Windows 10, you can use name or SID for both the elements, as described in this topic. +The behavior of this policy setting differs in different Windows 10 versions. For Windows 10, version 1809 through version 1909, you can use name in `` and SID in ``. For Windows 10, version 2004, you can use name or SID for both the elements, as described in this topic. The following table describes how this policy setting behaves in different Windows 10 versions: @@ -163,7 +163,7 @@ The following table describes how this policy setting behaves in different Windo | ------------------ | --------------- | |Windows 10, version 1803 | Added this policy setting.
XML accepts group and member only by name.
Supports configuring the administrators group using the group name.
Expects member name to be in the account name format. | | Windows 10, version 1809
Windows 10, version 1903
Windows 10, version 1909 | Supports configuring any local group.
`` accepts only name.
`` accepts a name or an SID.
This is useful when you want to ensure a certain local group always has a well-known SID as member. | -| The latest release of Windows 10 | Behaves as described in this topic.
Accepts name or SID for group and members and translates as appropriate. | +| Windows 10, version 2004 | Behaves as described in this topic.
Accepts name or SID for group and members and translates as appropriate. | @@ -178,5 +178,7 @@ Footnotes: - 4 - Added in Windows 10, version 1803. - 5 - Added in Windows 10, version 1809. - 6 - Added in Windows 10, version 1903. +- 7 - Added in Windows 10, version 1909. +- 8 - Added in Windows 10, version 2004. diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index 7786a5eb5c..a116d3b084 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -815,19 +815,19 @@ This setting supports a range of values between 0 and 1. Pro - check mark + check mark8 Business - check mark + check mark8 Enterprise - check mark + check mark8 Education - check mark + check mark8 @@ -848,7 +848,7 @@ This setting supports a range of values between 0 and 1. > - The policy is only enforced in Windows 10 for desktop. > - This policy requires reboot to take effect. -Added in next major release of Windows 10. Allows IT admins to configure Microsoft Japanese IME version in the desktop. +Added in Windows 10, version 2004. Allows IT admins to configure Microsoft Japanese IME version in the desktop. @@ -878,19 +878,19 @@ The following list shows the supported values: Pro - check mark + check mark8 Business - check mark + check mark8 Enterprise - check mark + check mark8 Education - check mark + check mark8 @@ -911,7 +911,7 @@ The following list shows the supported values: > - This policy is enforced only in Windows 10 for desktop. > - This policy requires reboot to take effect. -Added in next major release of Windows 10. Allows IT admins to configure Microsoft Simplified Chinese IME version in the desktop. +Added in Windows 10, version 2004. Allows IT admins to configure Microsoft Simplified Chinese IME version in the desktop. @@ -941,19 +941,19 @@ The following list shows the supported values: Pro - check mark + check mark8 Business - check mark + check mark8 Enterprise - check mark + check mark8 Education - check mark + check mark8 @@ -974,7 +974,7 @@ The following list shows the supported values: > - This policy is enforced only in Windows 10 for desktop. > - This policy requires reboot to take effect. -Added in next major release of Windows 10. Allows IT admins to configure Microsoft Traditional Chinese IME version in the desktop. +Added in Windows 10, version 2004. Allows IT admins to configure Microsoft Traditional Chinese IME version in the desktop. @@ -1718,6 +1718,8 @@ Footnotes: - 4 - Added in Windows 10, version 1803. - 5 - Added in Windows 10, version 1809. - 6 - Added in Windows 10, version 1903. +- 7 - Added in Windows 10, version 1909. +- 8 - Added in Windows 10, version 2004. diff --git a/windows/client-management/mdm/policy-csps-supported-by-hololens2.md b/windows/client-management/mdm/policy-csps-supported-by-hololens2.md index 5e31cf4abc..0a0040f58c 100644 --- a/windows/client-management/mdm/policy-csps-supported-by-hololens2.md +++ b/windows/client-management/mdm/policy-csps-supported-by-hololens2.md @@ -104,7 +104,7 @@ Footnotes: - 5 - Added in Windows 10, version 1809. - 6 - Added in Windows 10, version 1903. - 7 - Added in Windows 10, version 1909. -- 8 - Added in the next major release of Windows 10. +- 8 - Added in Windows 10, version 2004. ## Related topics diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md index 64077761f8..28d0b9c42e 100644 --- a/windows/client-management/mdm/supl-csp.md +++ b/windows/client-management/mdm/supl-csp.md @@ -14,9 +14,6 @@ ms.date: 09/12/2019 # SUPL CSP -> [!WARNING] -> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. - The SUPL configuration service provider is used to configure the location client, as shown in the following table: @@ -89,7 +86,7 @@ For OMA DM, if the format for this node is incorrect the entry will be ignored a Optional. Determines the major version of the SUPL protocol to use. For SUPL 1.0.0, set this value to 1. For SUPL 2.0.0, set this value to 2. The default is 1. Refer to FullVersion to define the minor version and the service indicator. **FullVersion** -Added in the next major release of Windows 10. Optional. Determines the full version (X.Y.Z where X, Y, and Z are the major version, the minor version, and the service indicator, respectively) of the SUPL protocol to use. The default is 1.0.0. If FullVersion is defined, Version field is ignored. +Added in Windows 10, version 2004. Optional. Determines the full version (X.Y.Z where X, Y, and Z are the major version, the minor version, and the service indicator, respectively) of the SUPL protocol to use. The default is 1.0.0. If FullVersion is defined, Version field is ignored. **MCCMNCPairs** Required. List all of the MCC and MNC pairs owned by the mobile operator. This list is used to verify that the UICC matches the network and SUPL can be used. When the UICC and network do not match, the device uses the default location service and does not use SUPL. diff --git a/windows/client-management/system-failure-recovery-options.md b/windows/client-management/system-failure-recovery-options.md index 28f7edaab0..d0806c95e1 100644 --- a/windows/client-management/system-failure-recovery-options.md +++ b/windows/client-management/system-failure-recovery-options.md @@ -8,8 +8,8 @@ author: Deland-Han ms.localizationpriority: medium ms.author: delhan ms.date: 8/22/2019 -ms.reviewer: -manager: dcscontentpm +ms.reviewer: dcscontentpm +manager: dansimp --- # Configure system failure and recovery options in Windows diff --git a/windows/configuration/TOC.md b/windows/configuration/TOC.md index 55040620db..0d01784273 100644 --- a/windows/configuration/TOC.md +++ b/windows/configuration/TOC.md @@ -2,7 +2,7 @@ ## [Accessibility information for IT Pros](windows-10-accessibility-for-ITPros.md) ## [Configure access to Microsoft Store](stop-employees-from-using-microsoft-store.md) ## [Configure Cortana in Windows 10](cortana-at-work/cortana-at-work-overview.md) -## [Set up and test Cortana in Windows 10, version 2004 and later](cortana-at-work/set-up-and-test-cortana-in-windows-10) +## [Set up and test Cortana in Windows 10, version 2004 and later](cortana-at-work/set-up-and-test-cortana-in-windows-10.md) ## [Testing scenarios using Cortana in your business or organization](cortana-at-work/cortana-at-work-testing-scenarios.md) ### [Test scenario 1 - Sign into Azure AD, enable the wake word, and try a voice query](cortana-at-work/cortana-at-work-scenario-1.md) ### [Test scenario 2 - Perform a Bing search with Cortana](cortana-at-work/cortana-at-work-scenario-2.md) @@ -13,13 +13,13 @@ ## [Send feedback about Cortana back to Microsoft](cortana-at-work/cortana-at-work-feedback.md) ## [Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization](cortana-at-work/cortana-at-work-o365.md) ## [Testing scenarios using Cortana in your business or organization](cortana-at-work/cortana-at-work-testing-scenarios.md) -### [Test scenario 1 - Sign into Azure AD, enable the wake word, and try a voice query](cortana-at-work/test-scenario-1) -### [Test scenario 2 - Perform a quick search with Cortana at work](cortana-at-work/test-scenario-2) -### [Test scenario 3 - Set a reminder for a specific location using Cortana at work](cortana-at-work/test-scenario-3) -### [Test scenario 4 - Use Cortana at work to find your upcoming meetings](cortana-at-work/test-scenario-4) -### [Test scenario 5 - Use Cortana to send email to a co-worker](cortana-at-work/test-scenario-5) -### [Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email](cortana-at-work/test-scenario-6) -### [Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device](cortana-at-work/cortana-at-work-scenario-7) +### [Test scenario 1 - Sign into Azure AD, enable the wake word, and try a voice query](cortana-at-work/test-scenario-1.md) +### [Test scenario 2 - Perform a quick search with Cortana at work](cortana-at-work/test-scenario-2.md) +### [Test scenario 3 - Set a reminder for a specific location using Cortana at work](cortana-at-work/test-scenario-3.md) +### [Test scenario 4 - Use Cortana at work to find your upcoming meetings](cortana-at-work/test-scenario-4.md) +### [Test scenario 5 - Use Cortana to send email to a co-worker](cortana-at-work/test-scenario-5.md) +### [Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email](cortana-at-work/test-scenario-6.md) +### [Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device](cortana-at-work/cortana-at-work-scenario-7.md) ## [Set up and test custom voice commands in Cortana for your organization](cortana-at-work/cortana-at-work-voice-commands.md) ## [Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization](cortana-at-work/cortana-at-work-policy-settings.md) ## [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md) diff --git a/windows/configuration/cortana-at-work/cortana-at-work-o365.md b/windows/configuration/cortana-at-work/cortana-at-work-o365.md index 61fdb9257a..d915ec9aee 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-o365.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-o365.md @@ -33,7 +33,7 @@ There are a few things to be aware of before you start using Cortana in Windows - **Troubleshooting tips.** If you run into issues, check out these [troubleshooting tips](https://go.microsoft.com/fwlink/p/?LinkId=620763). -### Turn on Cortana enterprise services on employees devices +### Turn on Cortana enterprise services on employees' devices Your employees must connect Cortana to their Microsoft 365 account to be able to use skills like email and calendar. #### Turn on Cortana enterprise services @@ -51,6 +51,6 @@ Cortana in Windows 10, versions 1909 and earlier can only access data in your Mi 2. Select the app launcher icon in the upper-left and choose **Admin**. -3. Expand **Settings** and select **Settings**. +3. Expand **Settings** and select **Org Settings**. 4. Select **Cortana** to toggle Cortana's access to Microsoft 365 data off. \ No newline at end of file diff --git a/windows/configuration/cortana-at-work/cortana-at-work-overview.md b/windows/configuration/cortana-at-work/cortana-at-work-overview.md index 9bdf2f0ae6..5158bc4ada 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-overview.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-overview.md @@ -34,7 +34,7 @@ Cortana requires a PC running Windows 10, version 1703 or later, as well as the |**Software** |**Minimum version** | |---------|---------| -|Client operating system | Desktop:
- Windows 10, version 2004 (recommended)

- Windows 10, version 1703 (legacy version of Cortana)

Mobile: Windows 10 mobile, version 1703 (legacy version of Cortana)

For more information on the differences between Cortana in Windows 10, version 2004 and earlier versions, see **How is my data processed by Cortana** below. | +|Client operating system | Desktop:
- Windows 10, version 2004 (recommended)

- Windows 10, version 1703 (legacy version of Cortana)

Mobile: Windows 10 mobile, version 1703 (legacy version of Cortana)

For more information on the differences between Cortana in Windows 10, version 2004 and earlier versions, see [**How is my data processed by Cortana**](https://docs.microsoft.com/windows/configuration/cortana-at-work/cortana-at-work-overview#how-is-my-data-processed-by-cortana) below. | |Azure Active Directory (Azure AD) | While all employees signing into Cortana need an Azure AD account, an Azure AD premium tenant isn’t required. | |Additional policies (Group Policy and Mobile Device Management (MDM)) |There is a rich set of policies that can be used to manage various aspects of Cortana. Most of these policies will limit the abilities of Cortana but won't turn Cortana off. For example, if you turn **Speech** off, your employees won't be able to use the wake word (“Cortana”) for hands-free activation or voice commands to easily ask for help. | @@ -65,6 +65,9 @@ The table below describes the data handling for Cortana enterprise services. #### How does the wake word (Cortana) work? If I enable it, is Cortana always listening? +>[!NOTE] +>The wake word has been temporarily disabled in the latest version of Cortana in Windows but will be restored soon. You can still click on the microphone button to use your voice with Cortana. + Cortana only begins listening for commands or queries when the wake word is detected, or the microphone button has been selected. First, the user must enable the wake word from within Cortana settings. Once it has been enabled, a component of Windows called the [Windows Multiple Voice Assistant platform](https://docs.microsoft.com/windows-hardware/drivers/audio/voice-activation-mva#voice-activation) will start listening for the wake word. No audio is processed by speech recognition unless two local wake word detectors and a server-side one agree with high confidence that the wake word was heard. diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md index ae1cc6a4a5..de5e546244 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md @@ -14,6 +14,9 @@ manager: dansimp # Test scenario 1 – Sign into Azure AD, enable the wake word, and try a voice query +>[!NOTE] +>The wake word has been temporarily disabled in the latest version of Cortana in Windows but will be restored soon. + 1. Select the **Cortana** icon in the task bar and sign in using your Azure AD account. 2. Select the "…" menu and select **Talking to Cortana**. diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md deleted file mode 100644 index d67f31c871..0000000000 --- a/windows/deployment/TOC.md +++ /dev/null @@ -1,283 +0,0 @@ -# [Deploy and update Windows 10](https://docs.microsoft.com/windows/deployment) -## [Deployment process posters](windows-10-deployment-posters.md) -## [Deploy Windows 10 with Microsoft 365](deploy-m365.md) -## [What's new in Windows 10 deployment](deploy-whats-new.md) -## [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) -## [Windows Autopilot](windows-autopilot/windows-autopilot.md) - -## Subscription Activation -### [Windows 10 Subscription Activation](windows-10-subscription-activation.md) -### [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md) -### [Configure VDA for Subscription Activation](vda-subscription-activation.md) -### [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md) - -## Resolve upgrade errors -### [Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) -### [Quick fixes](upgrade\quick-fixes.md) -### [SetupDiag](upgrade/setupdiag.md) -### [Troubleshooting upgrade errors](upgrade/troubleshoot-upgrade-errors.md) -### [Windows error reporting](upgrade/windows-error-reporting.md) -### [Upgrade error codes](upgrade/upgrade-error-codes.md) -### [Log files](upgrade/log-files.md) -### [Resolution procedures](upgrade/resolution-procedures.md) -### [Submit Windows 10 upgrade errors](upgrade/submit-errors.md) - -## Deploy Windows 10 -### [Deploying Windows 10](deploy.md) - -### [Windows Autopilot](windows-autopilot/windows-autopilot.md) -### [Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) -### [Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) -### [Windows 10 volume license media](windows-10-media.md) - -### [Windows 10 in S mode](s-mode.md) -#### [Switch to Windows 10 Pro/Enterprise from S mode](windows-10-pro-in-s-mode.md) - -### [Windows 10 deployment test lab](windows-10-poc.md) -#### [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) -#### [Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md) - -### [Plan for Windows 10 deployment](planning/index.md) -#### [Windows 10 Enterprise FAQ for IT Pros](planning/windows-10-enterprise-faq-itpro.md) -#### [Windows 10 deployment considerations](planning/windows-10-deployment-considerations.md) -#### [Windows 10 compatibility](planning/windows-10-compatibility.md) -#### [Windows 10 infrastructure requirements](planning/windows-10-infrastructure-requirements.md) - -#### [Volume Activation [client]](volume-activation/volume-activation-windows-10.md) -##### [Plan for volume activation [client]](volume-activation/plan-for-volume-activation-client.md) -##### [Activate using Key Management Service [client]](volume-activation/activate-using-key-management-service-vamt.md) -##### [Activate using Active Directory-based activation [client]](volume-activation/activate-using-active-directory-based-activation-client.md) -##### [Activate clients running Windows 10](volume-activation/activate-windows-10-clients-vamt.md) -##### [Monitor activation [client]](volume-activation/monitor-activation-client.md) -##### [Use the Volume Activation Management Tool [client]](volume-activation/use-the-volume-activation-management-tool-client.md) -##### [Appendix: Information sent to Microsoft during activation [client]](volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md) - -#### [Application Compatibility Toolkit (ACT) Technical Reference](planning/act-technical-reference.md) -##### [SUA User's Guide](planning/sua-users-guide.md) -###### [Using the SUA Wizard](planning/using-the-sua-wizard.md) -###### [Using the SUA Tool](planning/using-the-sua-tool.md) -####### [Tabs on the SUA Tool Interface](planning/tabs-on-the-sua-tool-interface.md) -####### [Showing Messages Generated by the SUA Tool](planning/showing-messages-generated-by-the-sua-tool.md) -####### [Applying Filters to Data in the SUA Tool](planning/applying-filters-to-data-in-the-sua-tool.md) -####### [Fixing Applications by Using the SUA Tool](planning/fixing-applications-by-using-the-sua-tool.md) -##### [Compatibility Administrator User's Guide](planning/compatibility-administrator-users-guide.md) -###### [Using the Compatibility Administrator Tool](planning/using-the-compatibility-administrator-tool.md) -####### [Available Data Types and Operators in Compatibility Administrator](planning/available-data-types-and-operators-in-compatibility-administrator.md) -####### [Searching for Fixed Applications in Compatibility Administrator](planning/searching-for-fixed-applications-in-compatibility-administrator.md) -####### [Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator](planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md) -####### [Creating a Custom Compatibility Fix in Compatibility Administrator](planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md) -####### [Creating a Custom Compatibility Mode in Compatibility Administrator](planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md) -####### [Creating an AppHelp Message in Compatibility Administrator](planning/creating-an-apphelp-message-in-compatibility-administrator.md) -####### [Viewing the Events Screen in Compatibility Administrator](planning/viewing-the-events-screen-in-compatibility-administrator.md) -####### [Enabling and Disabling Compatibility Fixes in Compatibility Administrator](planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md) -####### [Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator](planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md) -###### [Managing Application-Compatibility Fixes and Custom Fix Databases](planning/managing-application-compatibility-fixes-and-custom-fix-databases.md) -####### [Understanding and Using Compatibility Fixes](planning/understanding-and-using-compatibility-fixes.md) -####### [Compatibility Fix Database Management Strategies and Deployment](planning/compatibility-fix-database-management-strategies-and-deployment.md) -####### [Testing Your Application Mitigation Packages](planning/testing-your-application-mitigation-packages.md) -###### [Using the Sdbinst.exe Command-Line Tool](planning/using-the-sdbinstexe-command-line-tool.md) -##### [Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista](planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md) - - -### Deploy Windows 10 with the Microsoft Deployment Toolkit (MDT) -#### [Get started with MDT](deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md) - -#### Deploy Windows 10 with MDT -##### [Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md) -##### [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md) -##### [Deploy a Windows 10 image using MDT](deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md) -##### [Build a distributed environment for Windows 10 deployment](deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md) -##### [Refresh a Windows 7 computer with Windows 10](deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md) -##### [Replace a Windows 7 computer with a Windows 10 computer](deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md) -##### [Perform an in-place upgrade to Windows 10 with MDT](deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md) - -#### Customize MDT -##### [Configure MDT settings](deploy-windows-mdt/configure-mdt-settings.md) -##### [Set up MDT for BitLocker](deploy-windows-mdt/set-up-mdt-for-bitlocker.md) -##### [Configure MDT deployment share rules](deploy-windows-mdt/configure-mdt-deployment-share-rules.md) -##### [Configure MDT for UserExit scripts](deploy-windows-mdt/configure-mdt-for-userexit-scripts.md) -##### [Simulate a Windows 10 deployment in a test environment](deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md) -##### [Use the MDT database to stage Windows 10 deployment information](deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md) -##### [Assign applications using roles in MDT](deploy-windows-mdt/assign-applications-using-roles-in-mdt.md) -##### [Use web services in MDT](deploy-windows-mdt/use-web-services-in-mdt.md) -##### [Use Orchestrator runbooks with MDT](deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md) - -### Deploy Windows 10 with Microsoft Endpoint Configuration Manager -#### Prepare for Windows 10 deployment with Configuration Manager -##### [Prepare for Zero Touch Installation with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) -##### [Create a custom Windows PE boot image with Configuration Manager](deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md) -##### [Add a Windows 10 operating system image using Configuration Manager](deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md) -##### [Create an application to deploy with Windows 10 using Configuration Manager](deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md) -##### [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md) -##### [Create a task sequence with Configuration Manager and MDT](deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md) -##### [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md) - -#### Deploy Windows 10 with Configuration Manager -##### [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md) -##### [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md) -##### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) -##### [Perform an in-place upgrade to Windows 10 using Configuration Manager](deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md) - -### [Windows 10 deployment tools](windows-10-deployment-tools.md) - -#### [Windows 10 deployment scenarios and tools](windows-deployment-scenarios-and-tools.md) -#### [Convert MBR partition to GPT](mbr-to-gpt.md) -#### [Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) -#### [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md) - -#### [Deploy Windows To Go in your organization](deploy-windows-to-go.md) -##### [Windows To Go: feature overview](planning/windows-to-go-overview.md) -###### [Best practice recommendations for Windows To Go](planning/best-practice-recommendations-for-windows-to-go.md) -###### [Deployment considerations for Windows To Go](planning/deployment-considerations-for-windows-to-go.md) -###### [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) -###### [Security and data protection considerations for Windows To Go](planning/security-and-data-protection-considerations-for-windows-to-go.md) -###### [Windows To Go: frequently asked questions](planning/windows-to-go-frequently-asked-questions.md) - -#### [Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md) -##### [Introduction to VAMT](volume-activation/introduction-vamt.md) -##### [Active Directory-Based Activation Overview](volume-activation/active-directory-based-activation-overview.md) -##### [Install and Configure VAMT](volume-activation/install-configure-vamt.md) -###### [VAMT Requirements](volume-activation/vamt-requirements.md) -###### [Install VAMT](volume-activation/install-vamt.md) -###### [Configure Client Computers](volume-activation/configure-client-computers-vamt.md) -##### [Add and Manage Products](volume-activation/add-manage-products-vamt.md) -###### [Add and Remove Computers](volume-activation/add-remove-computers-vamt.md) -###### [Update Product Status](volume-activation/update-product-status-vamt.md) -###### [Remove Products](volume-activation/remove-products-vamt.md) -##### [Manage Product Keys](volume-activation/manage-product-keys-vamt.md) -###### [Add and Remove a Product Key](volume-activation/add-remove-product-key-vamt.md) -###### [Install a Product Key](volume-activation/install-product-key-vamt.md) -###### [Install a KMS Client Key](volume-activation/install-kms-client-key-vamt.md) -##### [Manage Activations](volume-activation/manage-activations-vamt.md) -###### [Perform Online Activation](volume-activation/online-activation-vamt.md) -###### [Perform Proxy Activation](volume-activation/proxy-activation-vamt.md) -###### [Perform KMS Activation](volume-activation/kms-activation-vamt.md) -###### [Perform Local Reactivation](volume-activation/local-reactivation-vamt.md) -###### [Activate an Active Directory Forest Online](volume-activation/activate-forest-vamt.md) -###### [Activate by Proxy an Active Directory Forest](volume-activation/activate-forest-by-proxy-vamt.md) -##### [Manage VAMT Data](volume-activation/manage-vamt-data.md) -###### [Import and Export VAMT Data](volume-activation/import-export-vamt-data.md) -###### [Use VAMT in Windows PowerShell](volume-activation/use-vamt-in-windows-powershell.md) -##### [VAMT Step-by-Step Scenarios](volume-activation/vamt-step-by-step.md) -###### [Scenario 1: Online Activation](volume-activation/scenario-online-activation-vamt.md) -###### [Scenario 2: Proxy Activation](volume-activation/scenario-proxy-activation-vamt.md) -###### [Scenario 3: KMS Client Activation](volume-activation/scenario-kms-activation-vamt.md) -##### [VAMT Known Issues](volume-activation/vamt-known-issues.md) -#### [User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md) -##### [User State Migration Tool (USMT) Overview Topics](usmt/usmt-topics.md) -###### [User State Migration Tool (USMT) Overview](usmt/usmt-overview.md) -###### [Getting Started with the User State Migration Tool (USMT)](usmt/getting-started-with-the-user-state-migration-tool.md) -###### [Windows Upgrade and Migration Considerations](upgrade/windows-upgrade-and-migration-considerations.md) -##### [User State Migration Tool (USMT) How-to topics](usmt/usmt-how-to.md) -###### [Exclude Files and Settings](usmt/usmt-exclude-files-and-settings.md) -###### [Extract Files from a Compressed USMT Migration Store](usmt/usmt-extract-files-from-a-compressed-migration-store.md) -###### [Include Files and Settings](usmt/usmt-include-files-and-settings.md) -###### [Migrate Application Settings](usmt/migrate-application-settings.md) -###### [Migrate EFS Files and Certificates](usmt/usmt-migrate-efs-files-and-certificates.md) -###### [Migrate User Accounts](usmt/usmt-migrate-user-accounts.md) -###### [Reroute Files and Settings](usmt/usmt-reroute-files-and-settings.md) -###### [Verify the Condition of a Compressed Migration Store](usmt/verify-the-condition-of-a-compressed-migration-store.md) -##### [User State Migration Tool (USMT) Troubleshooting](usmt/usmt-troubleshooting.md) -###### [Common Issues](usmt/usmt-common-issues.md) -###### [Frequently Asked Questions](usmt/usmt-faq.md) -###### [Log Files](usmt/usmt-log-files.md) -###### [Return Codes](usmt/usmt-return-codes.md) -###### [USMT Resources](usmt/usmt-resources.md) -##### [User State Migration Toolkit (USMT) Reference](usmt/usmt-reference.md) -###### [USMT Requirements](usmt/usmt-requirements.md) -###### [USMT Best Practices](usmt/usmt-best-practices.md) -###### [How USMT Works](usmt/usmt-how-it-works.md) -###### [Plan Your Migration](usmt/usmt-plan-your-migration.md) -####### [Common Migration Scenarios](usmt/usmt-common-migration-scenarios.md) -####### [What Does USMT Migrate?](usmt/usmt-what-does-usmt-migrate.md) -####### [Choose a Migration Store Type](usmt/usmt-choose-migration-store-type.md) -######## [Migration Store Types Overview](usmt/migration-store-types-overview.md) -######## [Estimate Migration Store Size](usmt/usmt-estimate-migration-store-size.md) -######## [Hard-Link Migration Store](usmt/usmt-hard-link-migration-store.md) -######## [Migration Store Encryption](usmt/usmt-migration-store-encryption.md) -####### [Determine What to Migrate](usmt/usmt-determine-what-to-migrate.md) -######## [Identify Users](usmt/usmt-identify-users.md) -######## [Identify Applications Settings](usmt/usmt-identify-application-settings.md) -######## [Identify Operating System Settings](usmt/usmt-identify-operating-system-settings.md) -######## [Identify File Types, Files, and Folders](usmt/usmt-identify-file-types-files-and-folders.md) -####### [Test Your Migration](usmt/usmt-test-your-migration.md) -###### [User State Migration Tool (USMT) Command-line Syntax](usmt/usmt-command-line-syntax.md) -####### [ScanState Syntax](usmt/usmt-scanstate-syntax.md) -####### [LoadState Syntax](usmt/usmt-loadstate-syntax.md) -####### [UsmtUtils Syntax](usmt/usmt-utilities.md) -###### [USMT XML Reference](usmt/usmt-xml-reference.md) -####### [Understanding Migration XML Files](usmt/understanding-migration-xml-files.md) -####### [Config.xml File](usmt/usmt-configxml-file.md) -####### [Customize USMT XML Files](usmt/usmt-customize-xml-files.md) -####### [Custom XML Examples](usmt/usmt-custom-xml-examples.md) -####### [Conflicts and Precedence](usmt/usmt-conflicts-and-precedence.md) -####### [General Conventions](usmt/usmt-general-conventions.md) -####### [XML File Requirements](usmt/xml-file-requirements.md) -####### [Recognized Environment Variables](usmt/usmt-recognized-environment-variables.md) -####### [XML Elements Library](usmt/usmt-xml-elements-library.md) -###### [Offline Migration Reference](usmt/offline-migration-reference.md) -### [Install fonts in Windows 10](windows-10-missing-fonts.md) - -## Update Windows 10 -### [Update Windows 10 in enterprise deployments](update/index.md) -### Windows as a service -#### [Windows as a service - introduction](update/windows-as-a-service.md) -#### [Quick guide to Windows as a service](update/waas-quick-start.md) -#### [Servicing stack updates](update/servicing-stack-updates.md) -#### [Overview of Windows as a service](update/waas-overview.md) -### [Prepare servicing strategy for Windows 10 updates](update/waas-servicing-strategy-windows-10-updates.md) -### [Build deployment rings for Windows 10 updates](update/waas-deployment-rings-windows-10-updates.md) -### [Assign devices to servicing channels for Windows 10 updates](update/waas-servicing-channels-windows-10-updates.md) -### Get started -#### [Get started with Windows Update](update/windows-update-overview.md) -#### [How Windows Update works](update/how-windows-update-works.md) -#### [Windows Update log files](update/windows-update-logs.md) -#### [How to troubleshoot Windows Update](update/windows-update-troubleshooting.md) -#### [Common Windows Update errors](update/windows-update-errors.md) -#### [Windows Update error code reference](update/windows-update-error-reference.md) -#### [Other Windows Update resources](update/windows-update-resources.md) -### Optimize delivery -#### [Optimize Windows 10 update delivery](update/waas-optimize-windows-10-updates.md) -#### [Delivery Optimization for Windows 10 updates](update/waas-delivery-optimization.md) -#### [Set up Delivery Optimization for Windows 10 updates](update/waas-delivery-optimization-setup.md) -#### [Delivery Optimization reference](update/waas-delivery-optimization-reference.md) -#### [Configure BranchCache for Windows 10 updates](update/waas-branchcache.md) -#### [Whitepaper: Windows Updates using forward and reverse differentials](update/PSFxWhitepaper.md) -### Monitor Windows Updates -#### [Monitor Windows Updates with Update Compliance](update/update-compliance-monitor.md) -#### [Get started with Update Compliance](update/update-compliance-get-started.md) -##### [Update Compliance Configuration Script](update/update-compliance-configuration-script.md) -##### [Manually Configuring Devices for Update Compliance](update/update-compliance-configuration-manual.md) -#### [Use Update Compliance](update/update-compliance-using.md) -##### [Need Attention! report](update/update-compliance-need-attention.md) -##### [Security Update Status report](update/update-compliance-security-update-status.md) -##### [Feature Update Status report](update/update-compliance-feature-update-status.md) -##### [Delivery Optimization in Update Compliance](update/update-compliance-delivery-optimization.md) -##### [Data Handling and Privacy in Update Compliance](update/update-compliance-privacy.md) -##### [Update Compliance Schema Reference](update/update-compliance-schema.md) -###### [WaaSUpdateStatus](update/update-compliance-schema-waasupdatestatus.md) -###### [WaaSInsiderStatus](update/update-compliance-schema-waasinsiderstatus.md) -###### [WaaSDeploymentStatus](update/update-compliance-schema-waasdeploymentstatus.md) -###### [WUDOStatus](update/update-compliance-schema-wudostatus.md) -###### [WUDOAggregatedStatus](update/update-compliance-schema-wudoaggregatedstatus.md) -### Best practices -#### [Best practices for feature updates on mission-critical devices](update/feature-update-mission-critical.md) -#### [Update Windows 10 media with Dynamic Update](update/media-dynamic-update.md) -#### [Deploy feature updates during maintenance windows](update/feature-update-maintenance-window.md) -#### [Deploy feature updates for user-initiated installations](update/feature-update-user-install.md) -#### [Conclusion](update/feature-update-conclusion.md) -### [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](update/waas-mobile-updates.md) -### Use Windows Update for Business -#### [What is Windows Update for Business?](update/waas-manage-updates-wufb.md) -#### [Configure Windows Update for Business](update/waas-configure-wufb.md) -#### [Enforcing compliance deadlines for updates](update/wufb-compliancedeadlines.md) -#### [Integrate Windows Update for Business with management solutions](update/waas-integrate-wufb.md) -#### [Walkthrough: use Group Policy to configure Windows Update for Business](update/waas-wufb-group-policy.md) -#### [Walkthrough: use Intune to configure Windows Update for Business](https://docs.microsoft.com/intune/windows-update-for-business-configure) -### Use Windows Server Update Services -#### [Deploy Windows 10 updates using Windows Server Update Services](update/waas-manage-updates-wsus.md) -#### [Enable FoD and language pack updates in Windows Update](update/fod-and-lang-packs.md) -### [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](update/waas-manage-updates-configuration-manager.md) -### [Manage device restarts after updates](update/waas-restart.md) -### [Manage additional Windows Update settings](update/waas-wu-settings.md) -### [Determine the source of Windows updates](update/windows-update-sources.md) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml new file mode 100644 index 0000000000..3dda78fbb4 --- /dev/null +++ b/windows/deployment/TOC.yml @@ -0,0 +1,515 @@ +- name: Deploy and update Windows 10 + href: index.yml + items: + - name: Get started + items: + - name: What's new + href: deploy-whats-new.md + - name: Windows 10 deployment scenarios + href: windows-10-deployment-scenarios.md + - name: What is Windows as a service? + href: update/waas-quick-start.md + - name: Windows update fundamentals + href: update/waas-overview.md + - name: Types of Windows updates + href: update/waas-quick-start.md#definitions + - name: Servicing the Windows 10 operating system + href: update/waas-servicing-strategy-windows-10-updates.md + + - name: Deployment proof of concept + items: + - name: Demonstrate Autopilot deployment on a VM + href: windows-autopilot/demonstrate-deployment-on-vm.md + - name: Deploy Windows 10 with MDT and Configuration Manager + items: + - name: 'Step by step guide: Configure a test lab to deploy Windows 10' + href: windows-10-poc.md + - name: Deploy Windows 10 in a test lab using MDT + href: windows-10-poc-mdt.md + - name: Deploy Windows 10 in a test lab using Configuration Manager + href: windows-10-poc-sc-config-mgr.md + - name: Deployment process posters + href: windows-10-deployment-posters.md + + - name: Plan + items: + - name: Create a deployment plan + href: update/create-deployment-plan.md + - name: Define readiness criteria + href: update/plan-define-readiness.md + - name: Evaluate infrastructure and tools + href: update/eval-infra-tools.md + - name: Determine application readiness + href: update/plan-determine-app-readiness.md + - name: Define your servicing strategy + href: update/waas-servicing-strategy-windows-10-updates.md + - name: Best practices for feature updates on mission-critical devices + href: update/feature-update-mission-critical.md + - name: Plan for volume activation + href: volume-activation/plan-for-volume-activation-client.md + - name: Features removed or planned for replacement + items: + - name: Windows 10 features lifecycle + href: planning/features-lifecycle.md + - name: Features we're no longer developing + href: planning/windows-10-deprecated-features.md + - name: Features we removed + href: planning/windows-10-removed-features.md + + - name: Prepare + items: + - name: Prepare to deploy Windows 10 + href: deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md + - name: Evaluate and update infrastructure + href: update/update-policies.md + - name: Set up Delivery Optimization for Windows 10 updates + href: update/waas-delivery-optimization-setup.md + - name: Configure BranchCache for Windows 10 updates + href: update/waas-branchcache.md + - name: Prepare your deployment tools + items: + - name: Register devices for deployment with Windows Autopilot + href: windows-autopilot/add-devices.md + - name: Prepare for deployment with MDT + href: deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md + - name: Prepare for deployment with Configuration Manager + href: deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md + - name: Build a successful servicing strategy + items: + - name: Build deployment rings for Windows 10 updates + href: update/waas-deployment-rings-windows-10-updates.md + - name: Prepare updates using Windows Update for Business + href: update/waas-manage-updates-wufb.md + - name: Prepare updates using WSUS + href: update/waas-manage-updates-wsus.md + + - name: Deploy + items: + - name: Deploy Windows 10 + items: + - name: Deploy Windows 10 with Autopilot + href: windows-autopilot/windows-autopilot-scenarios.md + - name: Deploy Windows 10 with Configuration Manager + items: + - name: Deploy to a new device + href: deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md + - name: Refresh a device + href: deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md + - name: Replace a device + href: deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md + - name: In-place upgrade + href: deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md + - name: Deploy Windows 10 with MDT + items: + - name: Deploy to a new device + href: deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md + - name: Refresh a device + href: deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md + - name: Replace a device + href: deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md + - name: In-place upgrade + href: deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md + - name: Subscription Activation + items: + - name: Windows 10 Subscription Activation + href: windows-10-subscription-activation.md + - name: Windows 10 Enterprise E3 in CSP + href: windows-10-enterprise-e3-overview.md + - name: Configure VDA for Subscription Activation + href: vda-subscription-activation.md + - name: Deploy Windows 10 Enterprise licenses + href: deploy-enterprise-licenses.md + - name: Deploy Windows 10 updates + items: + - name: Assign devices to servicing channels + href: update/waas-servicing-channels-windows-10-updates.md + - name: Deploy updates with Configuration Manager + href: update/deploy-updates-configmgr.md + - name: Deploy updates with Intune + href: update/waas-wufb-csp-mdm.md + - name: Deploy updates with WSUS + href: update/waas-manage-updates-wsus.md + - name: Deploy updates with Group Policy + href: update/waas-wufb-group-policy.md + - name: Update Windows 10 media with Dynamic Update + href: update/media-dynamic-update.md + - name: Manage the Windows 10 update experience + items: + - name: Manage device restarts after updates + href: update/waas-restart.md + - name: Manage additional Windows Update settings + href: update/waas-wu-settings.md + - name: Deploy feature updates during maintenance windows + href: update/feature-update-maintenance-window.md + - name: Deploy feature updates for user-initiated installations + href: update/feature-update-user-install.md + - name: Use Windows Update for Business + items: + - name: What is Windows Update for Business? + href: update/waas-manage-updates-wufb.md + - name: Configure Windows Update for Business + href: update/waas-configure-wufb.md + - name: Enforcing compliance deadlines for updates + href: update/wufb-compliancedeadlines.md + - name: Integrate Windows Update for Business with management solutions + href: update/waas-integrate-wufb.md + - name: 'Walkthrough: use Group Policy to configure Windows Update for Business' + href: update/waas-wufb-group-policy.md + - name: 'Walkthrough: use Intune to configure Windows Update for Business' + href: update/waas-wufb-csp-mdm.md + - name: Monitor Windows 10 updates + items: + - name: Monitor Delivery Optimization + href: update/waas-delivery-optimization-setup.md#monitor-delivery-optimization + - name: Monitor Windows Updates with Update Compliance + items: + - name: Get started + items: + - name: Get started with Update Compliance + href: update/update-compliance-get-started.md + - name: Update Compliance configuration script + href: update/update-compliance-configuration-script.md + - name: Manually configuring devices for Update Compliance + href: update/update-compliance-configuration-manual.md + - name: Update Compliance monitoring + items: + - name: Use Update Compliance + href: update/update-compliance-using.md + - name: Need attention report + href: update/update-compliance-need-attention.md + - name: Security update status report + href: update/update-compliance-security-update-status.md + - name: Feature update status report + href: update/update-compliance-feature-update-status.md + - name: Delivery Optimization in Update Compliance + href: update/update-compliance-delivery-optimization.md + - name: Data handling and privacy in Update Compliance + href: update/update-compliance-privacy.md + - name: Update Compliance schema reference + items: + - name: WaaSUpdateStatus + href: update/update-compliance-schema-waasupdatestatus.md + - name: WaaSInsiderStatus + href: update/update-compliance-schema-waasinsiderstatus.md + - name: WaaSDepoymentStatus + href: update/update-compliance-schema-waasdeploymentstatus.md + - name: WUDOStatus + href: update/update-compliance-schema-wudostatus.md + - name: WUDOAggregatedStatus + href: update/update-compliance-schema-wudoaggregatedstatus.md + - name: Troubleshooting + items: + - name: Resolve upgrade errors + items: + - name: Resolve Windows 10 upgrade errors + href: upgrade/resolve-windows-10-upgrade-errors.md + - name: Quick fixes + href: upgrade/quick-fixes.md + - name: SetupDiag + href: upgrade/setupdiag.md + - name: Troubleshooting upgrade errors + href: upgrade/troubleshoot-upgrade-errors.md + - name: Windows error reporting + href: upgrade/windows-error-reporting.md + - name: Upgrade error codes + href: upgrade/upgrade-error-codes.md + - name: Log files + href: upgrade/log-files.md + - name: Resolution procedures + href: upgrade/resolution-procedures.md + - name: Submit Windows 10 upgrade errors + href: upgrade/submit-errors.md + - name: Troubleshoot Windows Update + items: + - name: How to troubleshoot Windows Update + href: update/windows-update-troubleshooting.md + - name: Determine the source of Windows Updates + href: update/windows-update-sources.md + - name: Common Windows Update errors + href: update/windows-update-errors.md + - name: Windows Update error code reference + href: update/windows-update-error-reference.md + + - name: Reference + items: + - name: How does Windows Update work? + href: update/how-windows-update-works.md + - name: Understanding the Unified Update Platform + href: update/windows-update-overview.md + - name: Servicing stack updates + href: update/servicing-stack-updates.md + - name: How Windows Update works + href: update/how-windows-update-works.md + - name: Additional Windows Update settings + href: update/waas-wu-settings.md + - name: Delivery Optimization reference + href: update/waas-delivery-optimization-reference.md + - name: Windows 10 in S mode + href: windows-10-pro-in-s-mode.md + - name: Windows 10 deployment tools + items: + - name: Windows 10 deployment scenarios and tools + items: + - name: Convert MBR partition to GPT + href: mbr-to-gpt.md + - name: Configure a PXE server to load Windows PE + href: configure-a-pxe-server-to-load-windows-pe.md + - name: Windows ADK for Windows 10 scenarios for IT Pros + href: windows-adk-scenarios-for-it-pros.md + - name: Windows To Go + items: + - name: Deploy Windows To Go in your organization + href: deploy-windows-to-go.md + - name: "Windows To Go: feature overview" + href: planning/windows-to-go-overview.md + - name: Best practice recommendations for Windows To Go + href: planning/best-practice-recommendations-for-windows-to-go.md + - name: Deployment considerations for Windows To Go + href: planning/deployment-considerations-for-windows-to-go.md + - name: Prepare your organization for Windows To Go + href: planning/prepare-your-organization-for-windows-to-go.md + - name: Security and data protection considerations for Windows To Go + href: planning/security-and-data-protection-considerations-for-windows-to-go.md + - name: "Windows To Go: frequently asked questions" + href: planning/windows-to-go-frequently-asked-questions.md + + - name: Volume Activation Management Tool (VAMT) technical reference + items: + - name: VAMT technical reference + href: volume-activation/volume-activation-management-tool.md + - name: Introduction to VAMT + href: volume-activation/introduction-vamt.md + - name: Active Directory-Based Activation Overview + href: volume-activation/active-directory-based-activation-overview.md + - name: Install and Configure VAMT + href: volume-activation/install-configure-vamt.md + - name: VAMT Requirements + href: volume-activation/vamt-requirements.md + - name: Install VAMT + href: volume-activation/install-vamt.md + - name: Configure Client Computers + href: volume-activation/configure-client-computers-vamt.md + - name: Add and Manage Products + href: volume-activation/add-manage-products-vamt.md + - name: Add and Remove Computers + href: volume-activation/add-remove-computers-vamt.md + - name: Update Product Status + href: volume-activation/update-product-status-vamt.md + - name: Remove Products + href: volume-activation/remove-products-vamt.md + - name: Manage Product Keys + href: volume-activation/manage-product-keys-vamt.md + - name: Add and Remove a Product Key + href: volume-activation/add-remove-product-key-vamt.md + - name: Install a Product Key + href: volume-activation/install-product-key-vamt.md + - name: Install a KMS Client Key + href: volume-activation/install-kms-client-key-vamt.md + - name: Manage Activations + href: volume-activation/manage-activations-vamt.md + - name: Perform Online Activation + href: volume-activation/online-activation-vamt.md + - name: Perform Proxy Activation + href: volume-activation/proxy-activation-vamt.md + - name: Perform KMS Activation + href: volume-activation/kms-activation-vamt.md + - name: Perform Local Reactivation + href: volume-activation/local-reactivation-vamt.md + - name: Activate an Active Directory Forest Online + href: volume-activation/activate-forest-vamt.md + - name: Activate by Proxy an Active Directory Forest + href: volume-activation/activate-forest-by-proxy-vamt.md + - name: Manage VAMT Data + href: volume-activation/manage-vamt-data.md + - name: Import and Export VAMT Data + href: volume-activation/import-export-vamt-data.md + - name: Use VAMT in Windows PowerShell + href: volume-activation/use-vamt-in-windows-powershell.md + - name: VAMT Step-by-Step Scenarios + href: volume-activation/vamt-step-by-step.md + - name: "Scenario 1: Online Activation" + href: volume-activation/scenario-online-activation-vamt.md + - name: "Scenario 2: Proxy Activation" + href: volume-activation/scenario-proxy-activation-vamt.md + - name: "Scenario 3: KMS Client Activation" + href: volume-activation/scenario-kms-activation-vamt.md + - name: VAMT Known Issues + href: volume-activation/vamt-known-issues.md + + - name: User State Migration Tool (USMT) technical reference + items: + - name: USMT overview topics + items: + - name: USMT overview + href: usmt/usmt-overview.md + - name: Getting started with the USMT + href: usmt/getting-started-with-the-user-state-migration-tool.md + - name: Windows upgrade and migration considerations + href: upgrade/windows-upgrade-and-migration-considerations.md + - name: USMT How-to topics + items: + - name: Exclude Files and Settings + href: usmt/usmt-exclude-files-and-settings.md + - name: Extract Files from a Compressed USMT Migration Store + href: usmt/usmt-extract-files-from-a-compressed-migration-store.md + - name: Include Files and Settings + href: usmt/usmt-include-files-and-settings.md + - name: Migrate Application Settings + href: usmt/migrate-application-settings.md + - name: Migrate EFS Files and Certificates + href: usmt/usmt-migrate-efs-files-and-certificates.md + - name: Migrate User Accounts + href: usmt/usmt-migrate-user-accounts.md + - name: Reroute Files and Settings + href: usmt/usmt-reroute-files-and-settings.md + - name: Verify the Condition of a Compressed Migration Store + href: usmt/verify-the-condition-of-a-compressed-migration-store.md + - name: USMT Troubleshooting + href: usmt/usmt-troubleshooting.md + - name: Common Issues + href: usmt/usmt-common-issues.md + - name: Frequently Asked Questions + href: usmt/usmt-faq.md + - name: Log Files + href: usmt/usmt-log-files.md + - name: Return Codes + href: usmt/usmt-return-codes.md + - name: USMT Resources + href: usmt/usmt-resources.md + + - name: USMT Reference + items: + - name: USMT Requirements + href: usmt/usmt-requirements.md + - name: USMT Best Practices + href: usmt/usmt-best-practices.md + - name: How USMT Works + href: usmt/usmt-how-it-works.md + - name: Plan Your Migration + href: usmt/usmt-plan-your-migration.md + - name: Common Migration Scenarios + href: usmt/usmt-common-migration-scenarios.md + - name: What Does USMT Migrate? + href: usmt/usmt-what-does-usmt-migrate.md + - name: Choose a Migration Store Type + href: usmt/usmt-choose-migration-store-type.md + - name: Migration Store Types Overview + href: usmt/migration-store-types-overview.md + - name: Estimate Migration Store Size + href: usmt/usmt-estimate-migration-store-size.md + - name: Hard-Link Migration Store + href: usmt/usmt-hard-link-migration-store.md + - name: Migration Store Encryption + href: usmt/usmt-migration-store-encryption.md + - name: Determine What to Migrate + href: usmt/usmt-determine-what-to-migrate.md + - name: Identify users + href: usmt/usmt-identify-users.md + - name: Identify Applications Settings + href: usmt/usmt-identify-application-settings.md + - name: Identify Operating System Settings + href: usmt/usmt-identify-operating-system-settings.md + - name: Identify File Types, Files, and Folders + href: usmt/usmt-identify-file-types-files-and-folders.md + - name: Test Your Migration + href: usmt/usmt-test-your-migration.md + - name: USMT Command-line Syntax + href: usmt/usmt-command-line-syntax.md + - name: ScanState Syntax + href: usmt/usmt-scanstate-syntax.md + - name: LoadState Syntax + href: usmt/usmt-loadstate-syntax.md + - name: UsmtUtils Syntax + href: usmt/usmt-utilities.md + - name: USMT XML Reference + href: usmt/usmt-xml-reference.md + - name: Understanding Migration XML Files + href: usmt/understanding-migration-xml-files.md + - name: Config.xml File + href: usmt/usmt-configxml-file.md + - name: Customize USMT XML Files + href: usmt/usmt-customize-xml-files.md + - name: Custom XML Examples + href: usmt/usmt-custom-xml-examples.md + - name: Conflicts and Precedence + href: usmt/usmt-conflicts-and-precedence.md + - name: General Conventions + href: usmt/usmt-general-conventions.md + - name: XML File Requirements + href: usmt/xml-file-requirements.md + - name: Recognized Environment Variables + href: usmt/usmt-recognized-environment-variables.md + - name: XML Elements Library + href: usmt/usmt-xml-elements-library.md + - name: Offline Migration Reference + href: usmt/offline-migration-reference.md + + - name: Application Compatibility Toolkit (ACT) Technical Reference + items: + - name: SUA User's Guide + href: planning/sua-users-guide.md + - name: Using the SUA Wizard + href: planning/using-the-sua-wizard.md + - name: Using the SUA Tool + href: planning/using-the-sua-tool.md + - name: Tabs on the SUA Tool Interface + href: planning/tabs-on-the-sua-tool-interface.md + - name: Showing Messages Generated by the SUA Tool + href: planning/showing-messages-generated-by-the-sua-tool.md + - name: Applying Filters to Data in the SUA Tool + href: planning/applying-filters-to-data-in-the-sua-tool.md + - name: Fixing Applications by Using the SUA Tool + href: planning/fixing-applications-by-using-the-sua-tool.md + - name: Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista + href: planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md + - name: Compatibility Administrator User's Guide + href: planning/compatibility-administrator-users-guide.md + - name: Using the Compatibility Administrator Tool + href: planning/using-the-compatibility-administrator-tool.md + - name: Available Data Types and Operators in Compatibility Administrator + href: planning/available-data-types-and-operators-in-compatibility-administrator.md + - name: Searching for Fixed Applications in Compatibility Administrator + href: planning/searching-for-fixed-applications-in-compatibility-administrator.md + - name: Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator + href: planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md + - name: Creating a Custom Compatibility Fix in Compatibility Administrator + href: planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md + - name: Creating a Custom Compatibility Mode in Compatibility Administrator + href: planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md + - name: Creating an AppHelp Message in Compatibility Administrator + href: planning/creating-an-apphelp-message-in-compatibility-administrator.md + - name: Viewing the Events Screen in Compatibility Administrator + href: planning/viewing-the-events-screen-in-compatibility-administrator.md + - name: Enabling and Disabling Compatibility Fixes in Compatibility Administrator + href: planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md + - name: Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator + href: planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md + - name: Managing Application-Compatibility Fixes and Custom Fix Databases + href: planning/managing-application-compatibility-fixes-and-custom-fix-databases.md + - name: Understanding and Using Compatibility Fixes + href: planning/understanding-and-using-compatibility-fixes.md + - name: Compatibility Fix Database Management Strategies and Deployment + href: planning/compatibility-fix-database-management-strategies-and-deployment.md + - name: Testing Your Application Mitigation Packages + href: planning/testing-your-application-mitigation-packages.md + - name: Using the Sdbinst.exe Command-Line Tool + href: planning/using-the-sdbinstexe-command-line-tool.md + - name: Volume Activation + href: volume-activation/volume-activation-windows-10.md + - name: Plan for volume activation + href: volume-activation/plan-for-volume-activation-client.md + - name: Activate using Key Management Service + href: volume-activation/activate-using-key-management-service-vamt.md + - name: Activate using Active Directory-based activation + href: volume-activation/activate-using-active-directory-based-activation-client.md + - name: Activate clients running Windows 10 + href: volume-activation/activate-windows-10-clients-vamt.md + - name: Monitor activation + href: volume-activation/monitor-activation-client.md + - name: Use the Volume Activation Management Tool + href: volume-activation/use-the-volume-activation-management-tool-client.md + - name: "Appendix: Information sent to Microsoft during activation " + href: volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md + + - name: Install fonts in Windows 10 + href: windows-10-missing-fonts.md \ No newline at end of file diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md index 4e60ac99b8..50841d9bc7 100644 --- a/windows/deployment/deploy-whats-new.md +++ b/windows/deployment/deploy-whats-new.md @@ -27,12 +27,10 @@ This topic provides an overview of new solutions and online content related to d - For an all-up overview of new features in Windows 10, see [What's new in Windows 10](https://docs.microsoft.com/windows/whats-new/index). - For a detailed list of changes to Windows 10 ITPro TechNet library content, see [Online content change history](#online-content-change-history). -## Recent additions to this page +## Recent changes -[SetupDiag](#setupdiag) 1.6 is released.
-The [Windows ADK for Windows 10, version 1903](https://docs.microsoft.com/windows-hardware/get-started/adk-install) is available.
-New [Windows Autopilot](#windows-autopilot) content is available.
-[Windows 10 Subscription Activation](#windows-10-subscription-activation) now supports Windows 10 Education. +[SetupDiag](#setupdiag) is included with Windows 10, version 2004 and later.
+The [Windows ADK for Windows 10, version 2004](https://docs.microsoft.com/windows-hardware/get-started/adk-install) is available.
## The Modern Desktop Deployment Center @@ -50,8 +48,8 @@ See [Deploy Windows 10 with Microsoft 365](deploy-m365.md) for an overview, whic ## Windows 10 servicing and support - [**Delivery Optimization**](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization): Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with of [new policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Microsoft 365 Apps for enterprise updates, and Intune content, with Microsoft Endpoint Configuration Manager content coming soon! -- [**Automatic Restart Sign-on (ARSO)**](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#automatic-restart-and-sign-on-arso-for-enterprises-build-18305): Windows will automatically logon as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed. -- [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period. +- [**Automatic Restart Sign-on (ARSO)**](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#automatic-restart-and-sign-on-arso-for-enterprises-build-18305): Windows will automatically log on as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed. +- [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will be a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period. - **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally. - **Pause updates**: We have extended the ability to pause updates for both feature and monthly updates. This extension ability is for all editions of Windows 10, including Home. You can pause both feature and monthly updates for up to 35 days (seven days at a time, up to five times). Once the 35-day pause period is reached, you will need to update your device before pausing again. - **Improved update notifications**: When there’s an update requiring you to restart your device, you’ll see a colored dot on the Power button in the Start menu and on the Windows icon in your taskbar. diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md index c6400f67e9..4872285d93 100644 --- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md +++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md @@ -88,7 +88,6 @@ Following these steps, you enable the backup of BitLocker and TPM recovery infor 3. Do not enable BitLocker until recovery information is stored in AD DS for operating system drives 2. Enable the **Configure TPM platform validation profile for BIOS-based firmware configurations** policy. 3. Enable the **Configure TPM platform validation profile for native UEFI firmware configurations** policy. - Computer Configuration / Policies / Administrative Templates / System / Trusted Platform Module Services > [!NOTE] > If you consistently get the error "Windows BitLocker Drive Encryption Information. The system boot information has changed since BitLocker was enabled. You must supply a BitLocker recovery password to start this system." after encrypting a computer with BitLocker, you might have to change the various "Configure TPM platform validation profile" Group Policies, as well. Whether or not you need to do this will depend on the hardware you are using. diff --git a/windows/deployment/deploy-windows-to-go.md b/windows/deployment/deploy-windows-to-go.md index b54532b820..52cc80097b 100644 --- a/windows/deployment/deploy-windows-to-go.md +++ b/windows/deployment/deploy-windows-to-go.md @@ -25,8 +25,8 @@ ms.topic: article This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment. ->[!IMPORTANT] ->Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. +> [!IMPORTANT] +> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. ## Deployment tips diff --git a/windows/deployment/index.yml b/windows/deployment/index.yml index 2d316a4b7f..753f83e575 100644 --- a/windows/deployment/index.yml +++ b/windows/deployment/index.yml @@ -1,105 +1,94 @@ -### YamlMime:YamlDocument +### YamlMime:Landing + +title: Windows 10 deployment resources and documentation # < 60 chars +summary: Learn about deploying and and keeping Windows 10 up to date. # < 160 chars -documentType: LandingData -title: Deploy and update Windows 10 metadata: - document_id: - title: Deploy and update Windows 10 - description: Deploying and updating Windows 10 for IT professionals. - keywords: deploy, update, Windows, service, Microsoft365, e5, e3 - ms.localizationpriority: high - author: greg-lindsay - ms.author: greglin - manager: laurawi - ms.topic: article - ms.devlang: na + title: Windows 10 deployment resources and documentation # Required; page title displayed in search results. Include the brand. < 60 chars. + description: Learn about deploying Windows 10 and keeping it up to date in your organization. # Required; article description that is displayed in search results. < 160 chars. + services: windows-10 + ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM. + ms.subservice: subservice + ms.topic: landing-page # Required + ms.collection: windows-10 + author: greg-lindsay #Required; your GitHub user alias, with correct capitalization. + ms.author: greglin #Required; microsoft alias of author; optional team alias. + ms.date: 05/27/2020 #Required; mm/dd/yyyy format. + localization_priority: medium + +# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new -sections: -- items: - - type: markdown - text: Learn about deployment of Windows 10 for IT professionals. This includes deploying the operating system, upgrading to it from previous versions and updating Windows 10. -- items: - - type: list - style: cards - className: cardsM - columns: 3 - items: - - href: windows-10-deployment-scenarios - html:

Understand the different ways that Windows 10 can be deployed

- image: - src: https://docs.microsoft.com/media/common/i_deploy.svg - title: Windows 10 deployment scenarios - - href: update - html:

Update Windows 10 in the enterprise

- image: - src: https://docs.microsoft.com/media/common/i_upgrade.svg - title: Windows as a service - - href: windows-autopilot/windows-autopilot - html:

Windows Autopilot greatly simplifies deployment of Windows devices

- image: - src: https://docs.microsoft.com/media/common/i_delivery.svg - title: Windows Autopilot -- title: -- items: - - type: markdown - text: " -
-
- - - - - - -
[Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home) Check out the new Modern Deskop Deployment Center and discover content to help you with your Windows 10 and Microsoft 365 Apps for enterprise deployments.
[What's new in Windows 10 deployment](deploy-whats-new.md) See this topic for a summary of new features and some recent changes related to deploying Windows 10 in your organization.
[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task.
[Windows Autopilot](windows-autopilot/windows-autopilot.md) Windows Autopilot enables an IT department to pre-configure new devices and repurpose existing devices with a simple process that requires little to no infrastructure.
[Windows 10 Subscription Activation](windows-10-subscription-activation.md) Windows 10 Enterprise has traditionally been sold as on premises software, however, with Windows 10 version 1703 (also known as the Creator’s Update), both Windows 10 Enterprise E3 and Windows 10 Enterprise E5 are available as true online services via subscription. You can move from Windows 10 Pro to Windows 10 Enterprise with no keys and no reboots. If you are using a Cloud Service Providers (CSP) see the related topic: [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md).
[Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) This topic provides a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade.
- " -- title: Deploy Windows 10 -- items: - - type: markdown - text: " - Windows 10 upgrade options are discussed and information is provided about planning, testing, and managing your production deployment. -
 
- - - - - - - - - - - -
TopicDescription
[Overview of Windows Autopilot](windows-autopilot/windows-autopilot.md) Windows Autopilot deployment is a new cloud service from Microsoft that provides a zero touch experience for deploying Windows 10 devices.
[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) This topic provides information about support for upgrading directly to Windows 10 from a previous operating system.
[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) This topic provides information about support for upgrading from one edition of Windows 10 to another.
[Windows 10 volume license media](windows-10-media.md) This topic provides information about media available in the Microsoft Volume Licensing Service Center.
[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
[Windows 10 deployment test lab](windows-10-poc.md) This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, additional guides are provided to deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md).
[Plan for Windows 10 deployment](planning/index.md) This section describes Windows 10 deployment considerations and provides information to assist in Windows 10 deployment planning.
[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT).
[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-cm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or.
[Windows 10 deployment tools](windows-10-deployment-tools-reference.md) Learn about available tools to deploy Windows 10, such as the Windows ADK, DISM, USMT, WDS, MDT, Windows PE and more.
- " -- title: Update Windows 10 -- items: - - type: markdown - text: " - Information is provided about keeping Windows 10 up-to-date. -
 
- - - - - - - - - - - - - - - -
TopicDescription
[Quick guide to Windows as a service](update/waas-quick-start.md) Provides a brief summary of the key points for the new servicing model for Windows 10.
[Overview of Windows as a service](update/waas-overview.md) Explains the differences in building, deploying, and servicing Windows 10; introduces feature updates, quality updates, and the different servicing branches; compares servicing tools.
[Prepare servicing strategy for Windows 10 updates](update/waas-servicing-strategy-windows-10-updates.md) Explains the decisions you need to make in your servicing strategy.
[Build deployment rings for Windows 10 updates](update/waas-deployment-rings-windows-10-updates.md) Explains how to make use of servicing branches and update deferrals to manage Windows 10 updates.
[Assign devices to servicing branches for Windows 10 updates](update/waas-servicing-branches-windows-10-updates.md) Explains how to assign devices to Current Branch (CB) or Current Branch for Business (CBB) for feature and quality updates, and how to enroll devices in Windows Insider.
[Monitor Windows Updates with Update Compliance](update/update-compliance-monitor.md) Explains how to use Windows Analytics: Update Compliance to monitor and manage Windows Updates on devices in your organization.
[Optimize update delivery for Windows 10 updates](update/waas-optimize-windows-10-updates.md) Explains the benefits of using Delivery Optimization or BranchCache for update distribution.
[Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](update/waas-mobile-updates.md) Explains updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile.
[Deploy updates using Windows Update for Business](update/waas-manage-updates-wufb.md) Explains how to use Windows Update for Business to manage when devices receive updates directly from Windows Update. Includes walkthroughs for configuring Windows Update for Business using Group Policy and Microsoft Intune.
[Deploy Windows 10 updates using Windows Server Update Services (WSUS)](update/waas-manage-updates-wsus.md) Explains how to use WSUS to manage Windows 10 updates.
[Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](update/waas-manage-updates-configuration-manager.md) Explains how to use Configuration Manager to manage Windows 10 updates.
[Manage device restarts after updates](update/waas-restart.md) Explains how to manage update related device restarts.
[Manage additional Windows Update settings](update/waas-wu-settings.md) Provides details about settings available to control and configure Windows Update.
[Windows Insider Program for Business](update/waas-windows-insider-for-business.md) Explains how the Windows Insider Program for Business works and how to become an insider.
- " -- title: Additional topics -- items: - - type: markdown - text: " -
- [Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade/upgrade-windows-phone-8-1-to-10.md) This topic describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile. - -  " +landingContent: +# Cards and links should be based on top customer tasks or top subjects +# Start card title with a verb + # Card (optional) + - title: Overview + linkLists: + - linkListType: overview + links: + - text: Windows 10 deployment scenarios + url: windows-10-deployment-scenarios.md + - text: What is Windows as a service? + url: update/waas-overview.md + - text: Types of Windows updates + url: update/waas-quick-start.md#definitions + + # Card (optional) + - title: Get started + linkLists: + - linkListType: get-started + links: + - text: Demonstrate Autopilot deployment + url: windows-autopilot/demonstrate-deployment-on-vm.md + - text: Servicing the Windows 10 operating system + url: update/waas-servicing-strategy-windows-10-updates.md + - text: Deploy Windows 10 in a test lab + url: windows-10-poc.md + + # Card (optional) + - title: Deployment planning + linkLists: + - linkListType: architecture + links: + - text: Create a deployment plan + url: update/create-deployment-plan.md + - text: Evaluate infrastructure and tools + url: update/eval-infra-tools.md + - text: Define your servicing strategy + url: update/waas-servicing-strategy-windows-10-updates.md + + # Card + - title: Prepare to deploy Windows 10 + linkLists: + - linkListType: how-to-guide + links: + - text: Prepare to deploy Windows 10 + url: deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md + - text: Evaluate and update infrastructure + url: update/update-policies.md + - text: Build a successful servicing strategy + url: update/waas-deployment-rings-windows-10-updates.md + + # Card + - title: Deploy Windows 10 + linkLists: + - linkListType: deploy + links: + - text: Deploy Windows 10 with Autopilot + url: windows-autopilot/windows-autopilot-scenarios.md + - text: Assign devices to servicing channels + url: update/waas-servicing-channels-windows-10-updates.md + - text: Deploy Windows 10 updates + url: update/index.md + + # Card (optional) + - title: Also see + linkLists: + - linkListType: reference + links: + - text: Windows 10 release information + url: https://docs.microsoft.com/en-us/windows/release-information/ + - text: What's new in Windows 10 + url: https://docs.microsoft.com/en-us/windows/whats-new/ + - text: Windows 10 Enterprise Security + url: https://docs.microsoft.com/en-us/windows/security/ diff --git a/windows/deployment/planning/TOC.md b/windows/deployment/planning/TOC.md deleted file mode 100644 index fc4cb8fefa..0000000000 --- a/windows/deployment/planning/TOC.md +++ /dev/null @@ -1,37 +0,0 @@ -# [Plan for Windows 10 deployment](index.md) -## [Windows 10 Enterprise FAQ for IT Pros](windows-10-enterprise-faq-itpro.md) -## [Windows 10 deployment considerations](windows-10-deployment-considerations.md) -## [Windows 10 compatibility](windows-10-compatibility.md) -## [Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md) - -## Features removed or planned for replacement -### [Windows 10 features lifecycle](features-lifecycle.md) -### [Features we're no longer developing](windows-10-deprecated-features.md) -### [Features we removed](windows-10-removed-features.md) - -## Application Compatibility Toolkit (ACT) -### [Application Compatibility Toolkit (ACT) Technical Reference](act-technical-reference.md) -### [SUA User's Guide](sua-users-guide.md) -#### [Using the SUA Wizard](using-the-sua-wizard.md) -#### [Using the SUA Tool](using-the-sua-tool.md) -##### [Tabs on the SUA Tool Interface](tabs-on-the-sua-tool-interface.md) -##### [Showing Messages Generated by the SUA Tool](showing-messages-generated-by-the-sua-tool.md) -##### [Applying Filters to Data in the SUA Tool](applying-filters-to-data-in-the-sua-tool.md) -##### [Fixing Applications by Using the SUA Tool](fixing-applications-by-using-the-sua-tool.md) -### [Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) -#### [Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md) -##### [Available Data Types and Operators in Compatibility Administrator](available-data-types-and-operators-in-compatibility-administrator.md) -##### [Searching for Fixed Applications in Compatibility Administrator](searching-for-fixed-applications-in-compatibility-administrator.md) -##### [Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator](searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md) -##### [Creating a Custom Compatibility Fix in Compatibility Administrator](creating-a-custom-compatibility-fix-in-compatibility-administrator.md) -##### [Creating a Custom Compatibility Mode in Compatibility Administrator](creating-a-custom-compatibility-mode-in-compatibility-administrator.md) -##### [Creating an AppHelp Message in Compatibility Administrator](creating-an-apphelp-message-in-compatibility-administrator.md) -##### [Viewing the Events Screen in Compatibility Administrator](viewing-the-events-screen-in-compatibility-administrator.md) -##### [Enabling and Disabling Compatibility Fixes in Compatibility Administrator](enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md) -##### [Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator](installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md) -#### [Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md) -##### [Understanding and Using Compatibility Fixes](understanding-and-using-compatibility-fixes.md) -##### [Compatibility Fix Database Management Strategies and Deployment](compatibility-fix-database-management-strategies-and-deployment.md) -##### [Testing Your Application Mitigation Packages](testing-your-application-mitigation-packages.md) -#### [Using the Sdbinst.exe Command-Line Tool](using-the-sdbinstexe-command-line-tool.md) -### [Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista](compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md) diff --git a/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md b/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md index 0652569347..41c34aec02 100644 --- a/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md +++ b/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md @@ -1,54 +1,55 @@ ---- -title: Best practice recommendations for Windows To Go (Windows 10) -description: Best practice recommendations for Windows To Go -ms.assetid: 05e6e0ab-94ed-4c0c-a195-0abd006f0a86 -ms.reviewer: -manager: laurawi -ms.author: greglin -keywords: best practices, USB, device, boot -ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: mobility -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.topic: article ---- - -# Best practice recommendations for Windows To Go - - -**Applies to** - -- Windows 10 - ->[!IMPORTANT] ->Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. - -The following are the best practice recommendations for using Windows To Go: - -- Always shut down Windows and wait for shutdown to complete before removing the Windows To Go drive. -- Do not insert the Windows To Go drive into a running computer. -- Do not boot the Windows To Go drive from a USB hub. Always insert the Windows To Go drive directly into a port on the computer. -- If available, use a USB 3.0 port with Windows To Go. -- Do not install non-Microsoft core USB drivers on Windows To Go. -- Suspend BitLocker on Windows host computers before changing the BIOS settings to boot from USB and then resume BitLocker protection. - -Additionally, we recommend that when you plan your deployment you should also plan a standard operating procedure for answering questions about which USB drives can be used for Windows To Go and how to enable booting from USB to assist your IT department or help desk in supporting users and work groups that want to use Windows To Go. It may be very helpful for your organization to work with your hardware vendors to create an IT standard for USB drives for use with Windows To Go, so that if groups within your organization want to purchase drives they can quickly determine which ones they should obtain. - -## More information - - -[Windows To Go: feature overview](windows-to-go-overview.md)
-[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
-[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
-[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
-[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md)
- -  - -  - - - - - +--- +title: Best practice recommendations for Windows To Go (Windows 10) +description: Best practice recommendations for Windows To Go +ms.assetid: 05e6e0ab-94ed-4c0c-a195-0abd006f0a86 +ms.reviewer: +manager: laurawi +ms.author: greglin +keywords: best practices, USB, device, boot +ms.prod: w10 +ms.mktglfcycl: plan +ms.pagetype: mobility +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.topic: article +--- + +# Best practice recommendations for Windows To Go + + +**Applies to** + +- Windows 10 + +> [!IMPORTANT] +> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. + +The following are the best practice recommendations for using Windows To Go: + +- Always shut down Windows and wait for shutdown to complete before removing the Windows To Go drive. +- Do not insert the Windows To Go drive into a running computer. +- Do not boot the Windows To Go drive from a USB hub. Always insert the Windows To Go drive directly into a port on the computer. +- If available, use a USB 3.0 port with Windows To Go. +- Do not install non-Microsoft core USB drivers on Windows To Go. +- Suspend BitLocker on Windows host computers before changing the BIOS settings to boot from USB and then resume BitLocker protection. + +Additionally, we recommend that when you plan your deployment you should also plan a standard operating procedure for answering questions about which USB drives can be used for Windows To Go and how to enable booting from USB to assist your IT department or help desk in supporting users and work groups that want to use Windows To Go. It may be very helpful for your organization to work with your hardware vendors to create an IT standard for USB drives for use with Windows To Go, so that if groups within your organization want to purchase drives they can quickly determine which ones they should obtain. + +## More information + + +[Windows To Go: feature overview](windows-to-go-overview.md)
+[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
+[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
+[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)
+[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md)
+ +  + +  + + + + + diff --git a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md index d57413d357..8724e8278a 100644 --- a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md +++ b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md @@ -23,7 +23,7 @@ ms.topic: article - Windows 10 > [!IMPORTANT] -> Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. +> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. From the start, Windows To Go was designed to minimize differences between the user experience of working on a laptop and Windows To Go booted from a USB drive. Given that Windows To Go was designed as an enterprise solution, extra consideration was given to the deployment workflows that enterprises already have in place. Additionally, there has been a focus on minimizing the number of differences in deployment between Windows To Go workspaces and laptop PCs. diff --git a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md b/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md index a9f0103eb9..c896c72fde 100644 --- a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md +++ b/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md @@ -22,8 +22,8 @@ ms.topic: article - Windows 10 ->[!IMPORTANT] ->Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. +> [!IMPORTANT] +> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. The following information is provided to help you plan and design a new deployment of a Windows To Go in your production environment. It provides answers to the “what”, “why”, and “when” questions an IT professional might have when planning to deploy Windows To Go. diff --git a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md index 905e495858..952f743607 100644 --- a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md +++ b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md @@ -22,8 +22,8 @@ ms.topic: article - Windows 10 ->[!IMPORTANT] ->Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. +> [!IMPORTANT] +> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. One of the most important requirements to consider when you plan your Windows To Go deployment is to ensure that the data, content, and resources you work with in the Windows To Go workspace is protected and secure. diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md index 5a34226e0f..fba2f6ef1d 100644 --- a/windows/deployment/planning/windows-10-deprecated-features.md +++ b/windows/deployment/planning/windows-10-deprecated-features.md @@ -26,7 +26,9 @@ The features described below are no longer being actively developed, and might b |Feature | Details and mitigation | Announced in version | | ----------- | --------------------- | ---- | -| Hyper-V vSwitch on LBFO | In a future release, the Hyper-V vSwitch will no longer have the capability to be bound to an LBFO team. Instead, it can be bound via [Switch Embedded Teaming](https://docs.microsoft.com/windows-server/virtualization/hyper-v-virtual-switch/rdma-and-switch-embedded-teaming#bkmk_sswitchembedded) (SET).| 1909 | +| Companion Device Framework | The [Companion Device Framework](https://docs.microsoft.com/windows-hardware/design/device-experiences/windows-hello-companion-device-framework) is no longer under active development.| 2004 | +| Microsoft Edge | The legacy version of Microsoft Edge is no longer being developed.| 2004 | +| Dynamic Disks | The [Dynamic Disks](https://docs.microsoft.com/windows/win32/fileio/basic-and-dynamic-disks#dynamic-disks) feature is no longer being developed. This feature will be fully replaced by [Storage Spaces](https://docs.microsoft.com/windows-server/storage/storage-spaces/overview) in a future release.| 2004 | | Language Community tab in Feedback Hub | The Language Community tab will be removed from the Feedback Hub. The standard feedback process: [Feedback Hub - Feedback](feedback-hub://?newFeedback=true&feedbackType=2) is the recommended way to provide translation feedback. | 1909 | | My People / People in the Shell | My People is no longer being developed. It may be removed in a future update. | 1909 | | Package State Roaming (PSR) | PSR will be removed in a future update. PSR allows non-Microsoft developers to access roaming data on devices, enabling developers of UWP applications to write data to Windows and synchronize it to other instantiations of Windows for that user.
 
The recommended replacement for PSR is [Azure App Service](https://docs.microsoft.com/azure/app-service/). Azure App Service is widely supported, well documented, reliable, and supports cross-platform/cross-ecosystem scenarios such as iOS, Android and web. | 1909 | diff --git a/windows/deployment/planning/windows-10-removed-features.md b/windows/deployment/planning/windows-10-removed-features.md index 508cc788a8..b79a9e0b9d 100644 --- a/windows/deployment/planning/windows-10-removed-features.md +++ b/windows/deployment/planning/windows-10-removed-features.md @@ -27,6 +27,9 @@ The following features and functionalities have been removed from the installed |Feature | Details and mitigation | Removed in version | | ----------- | --------------------- | ------ | +| Cortana | Cortana has been updated and enhanced in the Windows 10 May 2020 Update. With [these changes](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-2004#cortana), some previously available consumer skills such as music, connected home, and other non-Microsoft skills are no longer available. | 2004 | +| Windows To Go | Windows To Go was announced as deprecated in Windows 10, version 1903 and is removed in this release. | 2004 | +| Mobile Plans and Messaging apps | Both apps are still supported, but are now distributed in a different way. OEMs can now include these apps in Windows images for cellular enabled devices. The apps are removed for non-cellular devices.| 2004 | | PNRP APIs| ​The Peer Name Resolution Protocol (PNRP) cloud service was removed in Windows 10, version 1809. We are planning to complete the removal process by removing the corresponding APIs. | 1909 | | Taskbar settings roaming | Roaming of taskbar settings is removed in this release. This feature was announced as no longer being developed in Windows 10, version 1903. | 1909 | | Desktop messaging app doesn't offer messages sync | The messaging app on Desktop has a sync feature that can be used to sync SMS text messages received from Windows Mobile and keep a copy of them on the Desktop. The sync feature has been removed from all devices. Due to this change, you will only be able to access messages from the device that received the message. | 1903 | diff --git a/windows/deployment/planning/windows-to-go-frequently-asked-questions.md b/windows/deployment/planning/windows-to-go-frequently-asked-questions.md index d888468cfe..2a8889f1ab 100644 --- a/windows/deployment/planning/windows-to-go-frequently-asked-questions.md +++ b/windows/deployment/planning/windows-to-go-frequently-asked-questions.md @@ -22,8 +22,8 @@ ms.topic: article - Windows 10 ->[!IMPORTANT] ->Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. +> [!IMPORTANT] +> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. The following list identifies some commonly asked questions about Windows To Go. diff --git a/windows/deployment/planning/windows-to-go-overview.md b/windows/deployment/planning/windows-to-go-overview.md index 23fefc02cd..c978295e6e 100644 --- a/windows/deployment/planning/windows-to-go-overview.md +++ b/windows/deployment/planning/windows-to-go-overview.md @@ -23,7 +23,7 @@ ms.topic: article - Windows 10 > [!IMPORTANT] -> Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. +> Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs. diff --git a/windows/deployment/update/create-deployment-plan.md b/windows/deployment/update/create-deployment-plan.md index 1e382897ed..da1db27ff2 100644 --- a/windows/deployment/update/create-deployment-plan.md +++ b/windows/deployment/update/create-deployment-plan.md @@ -136,4 +136,5 @@ For more about Desktop Analytics, see these articles: - [How to set up Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/set-up) - [Tutorial: Deploy Windows 10 to Pilot](https://docs.microsoft.com/mem/configmgr/desktop-analytics/tutorial-windows10) - [Desktop Analytics documentation](https://docs.microsoft.com/mem/configmgr/desktop-analytics/overview) -- [Intune deployment planning, design, and implementation guide](https://docs.microsoft.com/mem/intune/fundamentals/planning-guide) \ No newline at end of file +- [Intune deployment planning, design, and implementation guide](https://docs.microsoft.com/mem/intune/fundamentals/planning-guide) + diff --git a/windows/deployment/update/deploy-updates-configmgr.md b/windows/deployment/update/deploy-updates-configmgr.md new file mode 100644 index 0000000000..202b4531b9 --- /dev/null +++ b/windows/deployment/update/deploy-updates-configmgr.md @@ -0,0 +1,20 @@ +--- +title: Deploy Windows 10 updates with Configuration Manager (Windows 10) +description: Deploy Windows 10 updates with Configuration Manager +ms.prod: w10 +ms.mktglfcycl: manage +author: jaimeo +ms.localizationpriority: medium +ms.author: jaimeo +ms.reviewer: +manager: laurawi +ms.topic: article +--- + +# Deploy Windows 10 updates with Configuration Manager + +**Applies to** + +- Windows 10 + +See the Microsoft Endpoint Configuration Manager [documentation](https://docs.microsoft.com/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) for details about using Configuration Manager to deploy and manage Windows 10 updates. \ No newline at end of file diff --git a/windows/deployment/update/eval-infra-tools.md b/windows/deployment/update/eval-infra-tools.md new file mode 100644 index 0000000000..af6fe156e8 --- /dev/null +++ b/windows/deployment/update/eval-infra-tools.md @@ -0,0 +1,71 @@ +--- +title: Evaluate infrastructure and tools +ms.reviewer: +manager: laurawi +description: +keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools +ms.prod: w10 +ms.mktglfcycl: manage +audience: itpro +author: jaimeo +ms.localizationpriority: medium +ms.audience: itpro +author: jaimeo +ms.topic: article +ms.collection: M365-modern-desktop +--- + +# Evaluate infrastructure and tools + +Before you deploy an update, it's best to assess your deployment infrastucture (that is, tools such as Configuration Manager, Microsoft Intune, or similar) and current configurations (such as security baselines, administrative templates, and policies that affect updates). Then, set some criteria to define your operational readiness. + +## Infrastructure + +Do your deployment tools need updates? + +- If you use Configuration Manager, is it on the Current Branch with the latest release installed. This ensures that it supports the next Windows 10 feature update. Configuration Manager releases are supported for 18 months. +- Using a cloud-based management tool like Microsoft Intune reduces support challenges, since no related products need to be updated. +- If you use a non-Microsoft tool, check with its product support to make sure you're using the current version and that it supports the next Windows 10 feature update. + +Rely on your experiences and data from previous deployments to help you judge how long infrastructure changes take and identify any problems you've encountered while doing so. + +## Device settings + +Make sure your security basline, administrative templates, and policies have the right settings to support your devices once the new Windows 10 update is installed. + +### Security baseline + +Keep security baslines current to help ensure that your environment is secure and that new security feature in the coming Windows 10 update are set properly. + +- **Microsoft security baselines**: You should implement security baselines from Microsoft. They are included in the [Security Compliance Toolkit](https://www.microsoft.com/download/details.aspx?id=55319), along with tools for managing them. +- **Industry- or region-specific baselines**: Your specific industry or region might have particular baselines that you must follow per regulations. Ensure that any new baselines support the version of Windows 10 you are about to deploy. + +### Configuration updates + +There are a number of Windows policies (set by Group Policy, Intune, or other methods) that affect when Windows updates are installed, deferral, end-user experience, and many other aspects. Check these policies to make sure they are set appropriately. + +- **Windows 10 Administrative templates**: Each Windows 10 feature update has a supporting Administrative template (.admx) file. Group Policy tools use Administrative template files to populate policy settings in the user interface. The templates are available in the Download Center, for example, this one for [Windows 10, version 1909](https://www.microsoft.com/download/100591). +- **Policies for update compliance and end-user experience**: A number of settings affect when a device installs updates, whether and for how long a user can defer an update, restart behavior after installation, and many other aspects of update behavior. It's especially important to look for existing policies that are out of date or could conflict with new ones. + + +## Define operational readiness criteria + +When you’ve deployed an update, you’ll need to make sure the update isn’t introducing new operational issues. And you’ll also ensure that if incidents arise, the needed documentation and processes are available. To achieve this, work with your operations and support team to define acceptable trends and what documents or processes require updating: + +- **Call trend**: Define what percentage increase in calls relating to Windows 10 feature updates are acceptable or can be supported. +- **Incident trend**: Define what percentage of increase in calls asking for support relating to Windows 10 feature updates are acceptable or can be supported. +- **Support documentation**: Review supporting documentation that requires an update to support new infrastructure tooling or configuration as part of the Windows 10 feature update. +- **Process changes:** Define and update any processes that will change as a result of the Windows 10 feature update. + +Your operations and support staff can help you determine if the appropriate information is being tracked at the moment. If it isn't, work out how to get get this information so you can gain the right insight. + +## Tasks + +Finally, you can begin to carry out the work needed to ensure your infrastructure and configuration can support the update. To help you keep track, you can classify the work into the following overarching tasks: + +- **Review infrastructure requirements**: Go over the details of requirements to support the update, and ensure they’ve all been defined. +- **Validate infrastructure against requirements**: Compare your infrastructure against the requirements that have been identified for the update. +- **Define infrastructure update plan**: Detail how your infrastructure must change to support the update. +- **Review current support volume**: Understand the current support volume to understand how much of an effect the update has when it’s been deployed. +- **Identify gaps that require attention**: Identify issues that will need to be addressed to successfully deploy the update. For example, will your infrastructure engineer have to research how a new feature that comes with the update might affect the infrastructure? +- **Define operational update plan**: Detail how your operational services and processes must change to support the update. diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md new file mode 100644 index 0000000000..dbf94c9677 --- /dev/null +++ b/windows/deployment/update/update-policies.md @@ -0,0 +1,204 @@ +--- +title: Policies for update compliance, activity, and end-user experience +ms.reviewer: +manager: laurawi +description: +keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools +ms.prod: w10 +ms.mktglfcycl: manage +audience: itpro +author: jaimeo +ms.localizationpriority: medium +ms.audience: itpro +author: jaimeo +ms.topic: article +ms.collection: M365-modern-desktop +--- + +# Policies for update compliance, activity, and end-user experience +Keeping devices up to date is the best way to keep them working smoothly and securely. + +## Deadlines for update compliance + +You can control how strictly devices must reliably keep to your desired update schedule by using update deadline policies. Windows components adapt based on these deadlines. Also, they can make tradeoffs between user experience and velocity in order to meet your desired update deadlines. For example, they can prioritize user experience well before the +deadline approaches, and then prioritize velocity as the deadline nears, while still affording the user some control. + +### Deadlines + +Beginning with Windows 10, version 1903 and with the August 2019 security update for Windows 10, version 1709 +and late, a new policy was introduced to replace older deadline-like policies: **Specify deadlines for automatic updates and restarts**. + +The older policies started enforcing deadlines once the device reached a “restart pending” state for +an update. The new policy starts the countdown for the update installation deadline from when the +update is published plus any deferral. In addition, this policy includes a configurable grace period and the option +to opt out of automatic restarts until the deadline is reached (although we recommend always allowing automatic +restarts for maximum update velocity). + +> [!IMPORTANT] +> If you use the new **Specify deadlines for automatic updates and restarts** setting in Windows 10, +> version 1903, you must disable the [older deadline policies](wufb-compliancedeadlines.md#prior-to-windows-10-version-1709) because they could conflict. + +We recommend you set deadlines as follows: +- Quality update deadline, in days: 3 +- Feature update deadline, in days: 7 +- +Notifications are automatically presented to the user at appropriate times, and users can choose to be reminded +later, to reschedule, or to restart immediately, depending on how close the deadline is. We recommend that you +do **not** set any notification policies, because they are automatically configured with appropriate defaults. An exception is if you +have kiosks or digital signage. + +While three days for quality updates and seven days for feature updates is our recommendation, you might decide +you want more or less, depending on your organization and its requirements, and this policy is configurable down +to a minimum of two days. + + +> [!IMPORTANT] +> If the device is unable to reach the Internet, it can't determine when Microsoft +> published the update, so it won't be able to enforce the deadline. Learn more about [low activity devices](#device-activity-policies). + +### Grace periods + +You can set a period of days for Windows to find a minimally disruptive automatic restart time before the restart is enforced. This +is especially useful in cases where a user has been away for many days (for example, on vacation) so that the device will not +be forced to update immediately when the user returns. + +We recommend you set the following: + +- Grace period, in days: 2 + +Once the deadline and grace period have passed, updates are applied automatically, and a restart occurs +regardless of [active hours](#active-hours). + + +### Let Windows choose when to restart + +Windows can use user interactions to dynamically identify the least disruptive time for an +automatic restart. To take advantage of this feature, ensure **ConfigureDeadlineNoAutoReboot** is set to +**Disabled**. + +## Device activity policies + +Windows typically requires that a device is active and connected to the internet for at least six hours, with at least two +of continuous activity, in order to successfully complete a system update. The device could have other +physical circumstances that prevent successful installation of an update--for example, if a laptop is running low +on battery power, or the user has shut down the device before active hours end and the device cannot comply +with the deadline. + +You can use the settings in this section to ensure that devices are actually available to install updates during the update compliance period. + +### Active hours + +"Active hours" identify the period of time when a device is expected to be in use. Normally, restarts will occur outside of +these hours. Windows 10, version 1903 introduced "intelligent active hours," which allow the system to learn active hours based on a user’s activities, rather than you as an administrator having to make decisions for your organization or allowing the user to choose active hours that minimize the period when the system can install an update. + +> [!IMPORTANT] +> If you used the **Configure Active Hours** setting in previous versions of Windows 10, these +options must be **Disabled** in order to take advantage of intelligent active hours. + +If you do set active hours, we recommend setting the following policies to **Disabled** in order to increase update +velocity: + +- [Delay automatic reboot](waas-restart.md#delay-automatic-reboot). While it’s possible to set the system to delay restarts for users who are logged +in, this might delay an update indefinitely if a user is always either logged in or shut down. Instead, we +recommend setting the following polices to **Disabled**: + - **Turn off auto-restart during active hours** + - **No auto-restart with logged on users for scheduled automatic updates** + + - [Limit restart delays](waas-restart.md#limit-restart-delays). By using compliance deadlines, your users will receive notifications that +updates will occur, so we recommend that you set this policy to **Disabled**, to allow compliance deadlines to eliminate the user’s ability to delay a restart outside of compliance deadline settings. + +- **Do not allow users to approve updates and reboots**. Letting users approve or engage with the update process outside of the deadline policies decreases update velocity and increases risk. These policies should be set to **Disabled**: + - [Update/RequireUpdateApproval](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-requireupdateapproval) + - [Update/EngagedRestartDeadline](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-engagedrestartdeadline) + - [Update/EngagedRestartDeadlineForFeatureUpdates](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-engagedrestartdeadlineforfeatureupdates) + - [Update/EngagedRestartSnoozeSchedule](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-engagedrestartsnoozeschedule) + - [Update/EngagedRestartSnoozeScheduleForFeatureUpdates](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-engagedrestartsnoozescheduleforfeatureupdates) + - [Update/EngagedRestartTransitionSchedule](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-engagedrestarttransitionschedule) + +- [Configure automatic update](waas-wu-settings.md#configure-automatic-updates). By properly setting policies to configure automatic updates, you can increase update velocity by having clients contact a Windows Server Update Services (WSUS) server so it can manage them. We recommend that you set this policy to **Disabled**. However, if you need to provide values, ensure that you set downloads to install automatically by setting the [Group Policy](waas-manage-updates-wsus.md#configure-automatic-updates-and-update-service-location) to **4**. If you’re using Microsoft Intune, setting the value to [Reset to Default](https://docs.microsoft.com/mem/intune/protect/windows-update-settings#user-experience-settings). +- **Allow auto Windows Update to download over metered networks**. Since more and more devices primarily use cellular data and do not have wi-fi access, consider allowing users to automatically download updates from a metered network. Though the default setting does not allow download over a metered network, setting this value to **1** can increase velocity by enabling users to get updates whether they are connected to the internet or not, provided they have cellular service. + +> [!IMPORTANT] +> Older versions of Windows don't support intelligent active hours. If your device runs a version of Windows prior to Windows 10, version 1903, we recommend setting the following policies: +>- [Configure active hours](waas-restart.md#configure-active-hours). Starting with Windows 10, version 1703, you can specify a maximum active-hour range which is counted from the active hours start time. We recommend setting +this value to **10**. +>- [Schedule update installation](waas-restart.md#schedule-update-installation). In the **Configure Automatic Updates** settings, there are two ways to control a forced restart after a specified installation time. If you use **schedule update installation**, do not enable both settings because they will most likely conflict. +> - **Specify automatic maintenance time**. This setting lets you set broader maintenance windows for updates and ensures that this schedule does not conflict with active hours. We +recommend setting this value to **3** (corresponding to 3 AM). If 3:00 AM is in the middle of the work shift, pick another time that is at least a couple hours before your scheduled work time begins. +> - **Schedule the install time**. This setting allows you to schedule an installation time for a restart. We do *not* recommend you set this to **Disabled** as it could conflict with active hours. + +### Power policies + +Devices must actually be available during non-active hours in order to an update. They can't do this if power policies prevent them from waking up. In our organization, we strive to set a balance between security and eco-friendly configurations. We recommend the following settings to achieve what we feel are the appropriate tradeoffs: + +To a user, a device is either on or off, but for Windows, there are states that will allow an update to occur (active) and states that do not (inactive). Some states are considered active (sleep), but the user may think the device is off. Also, there are power statuses (plugged in/battery) that Windows checks before starting an update. + +You can override the default settings and prevent users from changing them in order to ensure that devices are available for updates during non-active hours. + +> [!NOTE] +> One way to ensure that devices can install updates when you need them to is to educate your users to keep devices plugged in during non-active hours. Even with the best policies, a device that isn't plugged in will not be updated, even in sleep mode. + +We recommend these power management settings: + +- Sleep mode (S1 or S0 Low Power Idle or [Modern Standby](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby)). When a device is in sleep mode, the system +appears to be off but if an update is available, it can wake the device up in order to take an update. The +power consumption in sleep mode is between working (system fully usable) and hibernate (S4 - lowest +power level before shutdown). When a device is not being used, the system will generally move to sleep +mode before it goes to hibernate. Issues in velocity arise when the time between sleep and hibernate is +too short and Windows does not have time to complete an update. Sleep mode is an important setting +because the system can wake the system from sleep in order to start the update process, as long as there +is enough power. + +Set the following policies to **Enable** or **Do Not Configure** in order to allow the device to use sleep mode: +- [Power/AllowStandbyStatesWhenSleepingOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#power-allowstandbystateswhensleepingonbattery) +- [Power/AllowStandbyWhenSleepingPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#power-selectlidcloseactionpluggedin) + +Set the following policies to **1 (Sleep)** so that when a user closes the lid of a device, the system goes to +sleep mode and the device has an opportunity to take an update: +- [Power/SelectLidCloseActionOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#power-selectlidcloseactiononbattery) +- [Power/SelectLidCloseActionPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#power-selectlidcloseactionpluggedin) + +- **Hibernate**. When a device is hibernating, power consumption is very low and the system cannot wake up +without user intervention, like pressing the power button. If a device is in this state, it cannot be updated +unless it supports an ACPI Time and Alarm Device (TAD). That said, if a device supporting Traditional Sleep +(S3) is plugged in, and a Windows update is available, a hibernate state will be delayed until the update is complete. + +> [!NOTE] +> This does not apply to devices that support Modern Standby (S0 Low Power Idle). You can check which system sleep state (S3 or S0 Low Power Idle) a device supports by running `powercfg /a` at a command prompt. For more, see [Powercfg options](https://docs.microsoft.com/windows-hardware/design/device-experiences/powercfg-command-line-options#option_availablesleepstates). + +The default timeout on devices that support traditional sleep is set to three hours. We recommend that you do not reduce these policies in order to allow Windows Update the opportunity to restart the device before sending it into hibernation: + +- [Power/HibernateTimeoutOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#power-hibernatetimeoutonbattery) +- [Power/HibernateTimeoutPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#power-hibernatetimeoutpluggedin) + +## Old or conflicting policies + +Each release of Windows 10 can introduce new policies to make the experience better for both administrators and their organizations. When we release a new client policy, we either release it purely for that release and later or we backport the policy to make it available on earlier versions. + +> [!IMPORTANT] +> If you are using Group Policy, note that we don't update the old ADMX templates and you must use the newer (1903) ADMX template in order to use the newer policy. Also, if you are +> using an MDM tool (Microsoft or non-Microsoft), you can't use the new policy until it's available in the tool interface. + +As administrators, you have set up and expect certain behaviors, so we expressly do not remove older policies since they were set up for your particular use cases. However, if you set a new policy without disabling a similar older policy, you could have conflicting behavior and updates might not perform as expected. + +> [!IMPORTANT] +> We sometimes find that administrators set devices to get both Group Policy settings and MDM settings from an MDM server such as Microsoft Intune. Policy conflicts are handled differently, depending on how they are ultimately set up: +> - Windows updates: Group Policy settings take precedence over MDM. +> - Microsoft Intune: If you set different values for the same policy on two different groups, you will +> receive an alert and neither policy will be set until the conflict is resolved. +> It is crucial that you disable conflicting policies in order for devices in your organization to take updates as +> expected. For example, if a device is not reacting to your MDM policy changes, check to see if a similar +> policy is set in Group Policy with a differing value. +> If you find that update velocity is not as high as you expect or if some devices are slower than others, it might be +> time to clear all polices and settings and specify only the recommended update policies. See the Policy and settings reference for a consolidated list of recommended polices. + +The following are policies that you might want to disable because they could decrease update velocity or there are better policies to use that might conflict: +- **Defer Feature Updates Period in Days**. For maximum update velocity, it's best to set this to **0** (no +deferral) so that the feature update can complete and monthly security updates will be offered again. Even if there is an urgent quality update that must be quickly deployed, it is best to use **Pause Feature +Updates** rather than setting a deferral policy. You can choose a longer period if you don't want to stay up to date with the latest feature update. +- **Defer Quality Updates Period in Days**. To minimize risk and maximize update velocity, the maximum time you might want to consider while evaluating the update with a different ring of devices is two to three days. +- **Pause Feature Updates Start Time**. Set to **Disabled** unless there is a known issue requiring time for a resolution. +- **Pause Quality Updates Start Time**. Set to **Disabled** unless there is a known issue requiring time for a resolution. +- **Deadline No Auto Reboot**. Default is **Disabled – Set to 0** . We recommend that devices automatically try to restart when an update is received. Windows uses user interactions to dynamically identify the least disruptive time to restart. + +There are additional policies are no longer supported or have been superseded. diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md index 0c96d3ba90..d25d48f473 100644 --- a/windows/deployment/update/waas-configure-wufb.md +++ b/windows/deployment/update/waas-configure-wufb.md @@ -99,9 +99,9 @@ In cases where the pause policy is first applied after the configured start date | Policy | Sets registry key under **HKLM\Software** | | --- | --- | -| GPO for Windows 10, version 1607 and later:
Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Feature Updates are received** | **1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdates
**1703 and later:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdatesStartDate | +| GPO for Windows 10, version 1607 and later:
Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Feature Updates are received** | **1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdates
**1703 and later:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdatesStartTime | | GPO for Windows 10, version 1511:
Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\Pause | -| MDM for Windows 10, version 1607 and later:
../Vendor/MSFT/Policy/Config/Update/
**PauseFeatureUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdates
**1703 and later:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdatesStartDate | +| MDM for Windows 10, version 1607 and later:
../Vendor/MSFT/Policy/Config/Update/
**PauseFeatureUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdates
**1703 and later:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdatesStartTime | | MDM for Windows 10, version 1511:
../Vendor/MSFT/Policy/Config/Update/
**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\Pause | You can check the date that Feature Updates were paused by checking the registry key **PausedFeatureDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**. @@ -223,10 +223,10 @@ The following are quick-reference tables of the supported policy values for Wind | BranchReadinessLevel | REG_DWORD | 2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)
4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)
8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)
16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-annual Channel
32: systems take Feature Updates from Semi-annual Channel
Note: Other value or absent: receive all applicable updates | | DeferQualityUpdates | REG_DWORD | 1: defer quality updates
Other value or absent: don’t defer quality updates | | DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days | -| PauseQualityUpdatesStartDate | REG_DWORD | 1: pause quality updates
Other value or absent: don’t pause quality updates | +| PauseQualityUpdatesStartTime | REG_DWORD | 1: pause quality updates
Other value or absent: don’t pause quality updates | |DeferFeatureUpdates | REG_DWORD | 1: defer feature updates
Other value or absent: don’t defer feature updates | | DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: defer feature updates by given days | -| PauseFeatureUpdatesStartDate | REG_DWORD |1: pause feature updates
Other value or absent: don’t pause feature updates | +| PauseFeatureUpdatesStartTime | REG_DWORD |1: pause feature updates
Other value or absent: don’t pause feature updates | | ExcludeWUDriversInQualityUpdate | REG_DWORD | 1: exclude Windows Update drivers
Other value or absent: offer Windows Update drivers | @@ -236,9 +236,9 @@ The following are quick-reference tables of the supported policy values for Wind | --- | --- | --- | | BranchReadinessLevel | REG_DWORD |2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)
4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)
8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)
16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-annual Channel
32: systems take Feature Updates from Semi-annual Channel
Note: Other value or absent: receive all applicable updates | | DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days | -| PauseQualityUpdatesStartDate | REG_DWORD | 1: pause quality updates
Other value or absent: don’t pause quality updates | +| PauseQualityUpdatesStartTime | REG_DWORD | 1: pause quality updates
Other value or absent: don’t pause quality updates | | DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: defer feature updates by given days | -| PauseFeatureUpdatesStartDate | REG_DWORD | 1: pause feature updates
Other value or absent: don’t pause feature updates | +| PauseFeatureUpdatesStartTime | REG_DWORD | 1: pause feature updates
Other value or absent: don’t pause feature updates | | ExcludeWUDriversinQualityUpdate | REG_DWORD | 1: exclude Windows Update drivers
Other value or absent: offer Windows Update drivers | ## Update devices to newer versions diff --git a/windows/deployment/update/waas-delivery-optimization-setup.md b/windows/deployment/update/waas-delivery-optimization-setup.md index 7bcf7c77c3..584aa81202 100644 --- a/windows/deployment/update/waas-delivery-optimization-setup.md +++ b/windows/deployment/update/waas-delivery-optimization-setup.md @@ -128,6 +128,8 @@ To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/** | PredefinedCallerApplication | Indicates the last caller that initiated a request for the file. | | ExpireOn | The target expiration date and time for the file. | | Pinned | A yes/no value indicating whether an item has been "pinned" in the cache (see `setDeliveryOptmizationStatus`). | + +Starting in Windows 10, version 2004, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of the connected peers. `Get-DeliveryOptimizationPerfSnap` returns a list of key performance data: diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 40cf29568f..d39db925b7 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -73,9 +73,6 @@ The following table lists the minimum Windows 10 version that supports Delivery - @@ -144,7 +141,7 @@ For the payloads (optional): **How does Delivery Optimization handle VPNs?** Delivery Optimization attempts to identify VPNs by checking the network adapter type and details and will treat the connection as a VPN if the adapter description contains certain keywords, such as "VPN" or "secure." -If the connection is identified as a VPN, Delivery Optimization will not use any peer-to-peer activity. However, you can allow peer-to-peer activity over a VPN by using the {WE SHOULD NAME OR POINT TO THIS POLICY} policy. +If the connection is identified as a VPN, Delivery Optimization will not use any peer-to-peer activity. However, you can allow peer-to-peer activity over a VPN by using the [Enable Peer Caching while the device connects via VPN](waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn) policy. If you have defined a boundary group in Configuration Manager and have for VPN IP ranges, you can set the DownloadMode policy to 0 for that boundary group to ensure that there will be no peer-to-peer activity over the VPN. diff --git a/windows/deployment/windows-autopilot/known-issues.md b/windows/deployment/windows-autopilot/known-issues.md index b85fc9b010..8dbec94be5 100644 --- a/windows/deployment/windows-autopilot/known-issues.md +++ b/windows/deployment/windows-autopilot/known-issues.md @@ -29,6 +29,9 @@ ms.topic: article Blocking apps specified in a user-targeted Enrollment Status Profile are ignored during device ESP. The services responsible for determining the list of apps that should be blocking during device ESP are not able to determine the correct ESP profile containing the list of apps because they do not know the user identity. As a workaround, enable the default ESP profile (which targets all users and devices) and place the blocking app list there. In the future, it will be possible to instead target the ESP profile to device groups to avoid this issue. +That username looks like it belongs to another organization. Try signing in again or start over with a different account. + Confirm that all of your information is correct at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\Diagnostics\AutoPilot. See Troubleshooting Windows Auto Pilot for more details. + Windows Autopilot user-driven Hybrid Azure AD deployments do not grant users Administrator rights even when specified in the Windows Autopilot profile. This will occur when there is another user on the device that already has Administrator rights. For example, a PowerShell script or policy could create an additional local account that is a member of the Administrators group. To ensure this works properly, do not create an additional account until after the Windows Autopilot process has completed. diff --git a/windows/hub/index.md b/windows/hub/index.md index 97ce2a79a5..b34eb9cf48 100644 --- a/windows/hub/index.md +++ b/windows/hub/index.md @@ -19,12 +19,12 @@ Find the latest how to and support content that IT pros need to evaluate, plan,   -## Check out [what's new in Windows 10, version 1909](/windows/whats-new/whats-new-windows-10-version-1909). +## Check out [what's new in Windows 10, version 2004](/windows/whats-new/whats-new-windows-10-version-2004).
diff --git a/windows/privacy/TOC.md b/windows/privacy/TOC.md index eb2b637463..fe73e90c9e 100644 --- a/windows/privacy/TOC.md +++ b/windows/privacy/TOC.md @@ -8,6 +8,7 @@ ### [Diagnostic Data Viewer Overview](diagnostic-data-viewer-overview.md) ### [Diagnostic Data Viewer for PowerShell Overview](Microsoft-DiagnosticDataViewer.md) ## Basic level Windows diagnostic data events and fields +### [Windows 10, version 2004 required Windows diagnostic data events and fields](required-windows-diagnostic-data-events-and-fields-2004.md) ### [Windows 10, version 1903 and Windows 10, version 1909 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1903.md) ### [Windows 10, version 1809 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md) ### [Windows 10, version 1803 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md) diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md index 42ed225058..fc3ba2d75a 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md @@ -13,7 +13,7 @@ manager: dansimp ms.collection: M365-security-compliance ms.topic: article audience: ITPro -ms.date: 01/04/2020 +ms.date: 03/27/2020 ms.reviewer: --- @@ -81,7 +81,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd -Represents the basic metadata about specific application files installed on the system. +This event sends compatibility information about a file to help keep Windows up-to-date. The following fields are available: @@ -1323,7 +1323,7 @@ The following fields are available: - **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID - **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in a Configuration Manager environment. - **ServerFeatures** Represents the features installed on a Windows   Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. -- **SystemCenterID** The Microsoft Endpoint Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier. +- **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier. ### Census.Firmware @@ -2477,44 +2477,6 @@ The following fields are available: - **InventoryVersion** The version of the inventory file generating the events. -### Microsoft.Windows.Inventory.Core.InventoryDevicePnpAdd - -This event represents the basic metadata about a plug and play (PNP) device and its associated driver. - -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). - -The following fields are available: - -- **Class** The device setup class of the driver loaded for the device. -- **ClassGuid** The device class unique identifier of the driver package loaded on the device. -- **COMPID** The list of “Compatible IDs” for this device. See [COMPID](#compid). -- **ContainerId** The system-supplied unique identifier that specifies which group(s) the device(s) installed on the parent (main) device belong to. -- **Description** The description of the device. -- **DeviceState** Identifies the current state of the parent (main) device. -- **DriverId** The unique identifier for the installed driver. -- **DriverName** The name of the driver image file. -- **DriverPackageStrongName** The immediate parent directory name in the Directory field of InventoryDriverPackage. -- **DriverVerDate** The date of the driver loaded for the device -- **DriverVerVersion** The version of the driver loaded for the device -- **Enumerator** Identifies the bus that enumerated the device. -- **HWID** A list of hardware IDs for the device. See [HWID](#hwid). -- **Inf** The name of the INF file (possibly renamed by the OS, such as oemXX.inf). -- **InstallState** The device installation state. For a list of values, see: https://msdn.microsoft.com/library/windows/hardware/ff543130.aspx -- **InventoryVersion** The version number of the inventory process generating the events. -- **LowerClassFilters** The identifiers of the Lower Class filters installed for the device. -- **LowerFilters** The identifiers of the Lower filters installed for the device. -- **Manufacturer** The manufacturer of the device. -- **MatchingID** The Hardware ID or Compatible ID that Windows uses to install a device instance. -- **Model** Identifies the model of the device. -- **ParentId** The Device Instance ID of the parent of the device. -- **ProblemCode** The error code currently returned by the device, if applicable. -- **Provider** Identifies the device provider. -- **Service** The name of the device service. -- **STACKID** The list of hardware IDs for the stack. See [STACKID](#stackid). -- **UpperClassFilters** The identifiers of the Upper Class filters installed for the device. -- **UpperFilters** The identifiers of the Upper filters installed for the device. - - ### Microsoft.Windows.Inventory.Core.InventoryDevicePnpRemove This event indicates that the InventoryDevicePnpRemove object is no longer present. @@ -2551,7 +2513,7 @@ This event indicates that a new set of InventoryDeviceUsbHubClassAdd events will ### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryAdd -This event provides the basic metadata about driver binaries running on the system. +This event sends basic metadata about driver binaries running on the system to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -3077,6 +3039,56 @@ The following fields are available: - **resetSettingsResult** The return code of the action to correct the known issue. +## Quality Update Assistant events + +### Microsoft.Windows.QualityUpdateAssistant.Applicability + +This event sends basic info on whether the device should be updated to the latest cumulative update. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this device. +- **PackageVersion** Current package version of quality update assistant. +- **Result** Applicability check for quality update assistant. + + +### Microsoft.Windows.QualityUpdateAssistant.DeviceReadinessCheck + +This event sends basic info on whether the device is ready to download the latest cumulative update. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this device. +- **PackageVersion** Current package version of quality update assistant. +- **Result** Device readiness check for quality update assistant. + + +### Microsoft.Windows.QualityUpdateAssistant.Download + +This event sends basic info when download of the latest cumulative update begins. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter that indicates ordering of events sent by this device. +- **PackageVersion** Current package version of quality update assistant. +- **Result** Download of latest cumulative update payload. + + +### Microsoft.Windows.QualityUpdateAssistant.Install + +This event sends basic info on the result of the installation of the latest cumulative update. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this device. +- **PackageVersion** Current package version of quality update assistant. +- **Result** Install of latest cumulative update payload. + + ## Remediation events ### Microsoft.Windows.Remediation.Applicable @@ -4023,7 +4035,7 @@ This event sends basic metadata about the update installation process generated ### SetupPlatformTel.SetupPlatformTelEvent -This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios. +This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios, to help keep Windows up to date. The following fields are available: @@ -5139,7 +5151,7 @@ The following fields are available: - **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. - **Setup360Extended** Detailed information about the phase/action when the potential failure occurred. - **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. -- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used to diagnose errors. +- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors. - **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). - **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. @@ -6016,7 +6028,7 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.FlightInapplicable -This event indicates that the update is no longer applicable to this device. +This event sends data on whether the update was applicable to the device, to help keep Windows up to date. The following fields are available: @@ -6097,7 +6109,7 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.PostInstall -This event is sent after a Windows update install completes. +This event sends data about lite stack devices (mobile, IOT, anything non-PC) immediately before data migration is launched to help keep Windows up to date. The following fields are available: diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md index ed865d65fb..6c91cf051e 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md @@ -13,7 +13,7 @@ manager: dansimp ms.collection: M365-security-compliance ms.topic: article audience: ITPro -ms.date: 01/04/2020 +ms.date: 03/27/2020 ms.reviewer: --- @@ -1866,7 +1866,7 @@ The following fields are available: ### CbsServicingProvider.CbsCapabilityEnumeration -This event reports on the results of scanning for optional Windows content on Windows Update. +This event reports on the results of scanning for optional Windows content on Windows Update to keep Windows up to date. The following fields are available: @@ -2566,7 +2566,7 @@ The following fields are available: ### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryAdd -This event provides the basic metadata about driver binaries running on the system. +This event sends basic metadata about driver binaries running on the system to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -3225,6 +3225,56 @@ The following fields are available: - **resetSettingsResult** The return code of the action to correct the known issue. +## Quality Update Assistant events + +### Microsoft.Windows.QualityUpdateAssistant.Applicability + +This event sends basic info on whether the device should be updated to the latest cumulative update. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this device. +- **PackageVersion** Current package version of quality update assistant. +- **Result** Applicability check for quality update assistant. + + +### Microsoft.Windows.QualityUpdateAssistant.DeviceReadinessCheck + +This event sends basic info on whether the device is ready to download the latest cumulative update. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this device. +- **PackageVersion** Current package version of quality update assistant. +- **Result** Device readiness check for quality update assistant. + + +### Microsoft.Windows.QualityUpdateAssistant.Download + +This event sends basic info when download of the latest cumulative update begins. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter that indicates ordering of events sent by this device. +- **PackageVersion** Current package version of quality update assistant. +- **Result** Download of latest cumulative update payload. + + +### Microsoft.Windows.QualityUpdateAssistant.Install + +This event sends basic info on the result of the installation of the latest cumulative update. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this device. +- **PackageVersion** Current package version of quality update assistant. +- **Result** Install of latest cumulative update payload. + + ## Remediation events ### Microsoft.Windows.Remediation.Applicable @@ -3970,7 +4020,7 @@ This event sends basic metadata about the update installation process generated ### SetupPlatformTel.SetupPlatformTelEvent -This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios. +This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios, to help keep Windows up to date. The following fields are available: @@ -6253,7 +6303,7 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.FlightInapplicable -This event indicates that the update is no longer applicable to this device. +This event sends data on whether the update was applicable to the device, to help keep Windows up to date. The following fields are available: @@ -6347,7 +6397,7 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.PostInstall -This event is sent after a Windows update install completes. +This event sends data about lite stack devices (mobile, IOT, anything non-PC) immediately before data migration is launched to help keep Windows up to date. The following fields are available: diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index 03ef97ffb8..38c6834c3d 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -13,7 +13,7 @@ manager: dansimp ms.collection: M365-security-compliance ms.topic: article audience: ITPro -ms.date: 01/04/2020 +ms.date: 03/27/2020 ms.reviewer: --- @@ -2044,7 +2044,7 @@ The following fields are available: ### CbsServicingProvider.CbsCapabilityEnumeration -This event reports on the results of scanning for optional Windows content on Windows Update. +This event reports on the results of scanning for optional Windows content on Windows Update to keep Windows up to date. The following fields are available: @@ -3528,7 +3528,7 @@ The following fields are available: ### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryAdd -This event provides the basic metadata about driver binaries running on the system. +This event sends basic metadata about driver binaries running on the system to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -4091,71 +4091,71 @@ The following fields are available: ### Aria.160f0649efde47b7832f05ed000fc453.Microsoft.WebBrowser.SystemInfo.Config -This event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. The following fields are available: -- **app_version** The internal Microsoft Edge build version string. -- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). - **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled. -- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth -- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode. -- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode. -- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level. -- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event, where 1 is basic, 2 is enhanced, and 3 is full. - **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. -- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). - **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. - **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. -- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level -- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. ### Aria.29e24d069f27450385c7acaa2f07e277.Microsoft.WebBrowser.SystemInfo.Config -This event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. The following fields are available: -- **app_version** The internal Microsoft Edge build version string. -- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). - **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled. -- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth -- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode. -- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode. -- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level. -- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. - **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. -- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). - **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. - **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. -- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level -- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. ### Aria.7005b72804a64fa4b2138faab88f877b.Microsoft.WebBrowser.SystemInfo.Config -This event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. The following fields are available: -- **app_version** The internal Microsoft Edge build version string. -- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). - **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled. -- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth -- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode. -- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode. -- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level. -- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. - **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. -- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). - **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. - **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. -- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level -- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. ### Aria.754de735ccd546b28d0bfca8ac52c3de.Microsoft.WebBrowser.SystemInfo.Config @@ -4164,21 +4164,21 @@ This config event sends basic device connectivity and configuration information The following fields are available: -- **app_version** The internal Microsoft Edge build version string. -- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). - **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled. -- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth -- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode. -- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode. -- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level. -- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. - **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. -- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). - **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. - **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. -- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level -- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. ### Aria.af397ef28e484961ba48646a5d38cf54.Microsoft.WebBrowser.Installer.EdgeUpdate.Ping @@ -4187,17 +4187,18 @@ This event sends hardware and software inventory information about the Microsoft The following fields are available: -- **appAp** Microsoft Edge Update parameters, including channel, architecture, platform, and additional parameters identifying the release of Microsoft Edge to update and how to install it. Example: 'beta-arch_x64-full'. Default: ''. +- **appAp** Microsoft Edge Update parameters, including channel, architecture, platform, and additional parameters identifying the release of Microsoft Edge to update and how to install it. Example: 'beta-arch_x64-full'. Default: ''." - **appAppId** The GUID that identifies the product channels such as Edge Canary, Dev, Beta, Stable, and Edge Update. - **appBrandCode** The 4-digit brand code under which the the product was installed, if any. Possible values: 'GGLS' (default), 'GCEU' (enterprise install), and '' (unknown). - **appChannel** An integer indicating the channel of the installation (e.g. Canary or Dev). -- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. +- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. - **appCohort** A machine-readable string identifying the release channel that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited. - **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. Default: '-2' (Unknown). - **appExperiments** A semicolon-delimited key/value list of experiment identifiers and treatment groups. This field is unused and always empty in Edge Update. Default: ''. +- **appIid** A GUID that identifies a particular installation flow. For example, each download of a product installer is tagged with a unique GUID. Attempts to install using that installer can then be grouped. A client SHOULD NOT persist the IID GUID after the installation flow of a product is complete. - **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'. - **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''. - **appNextVersion** The version of the app that the update attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'. @@ -4208,7 +4209,7 @@ The following fields are available: - **appPingEventDownloadMetricsError** The error code (if any) of the operation, encoded as a signed base-10 integer. Default: '0'. - **appPingEventDownloadMetricsServerIpHint** For events representing a download, the CDN Host IP address that corresponds to the update file server. The CDN host is controlled by Microsoft servers and always maps to IP addresses hosting *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. - **appPingEventDownloadMetricsTotalBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. -- **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. +- **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. - **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. - **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'. - **appPingEventEventResult** An enumeration indicating the result of the event. Common values are '0' (Error) and '1' (Success). Default: '0' (Error). @@ -4217,15 +4218,14 @@ The following fields are available: - **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'. - **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'. - **appPingEventSequenceId** An ID that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event. -- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a tag. -- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'. +- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a tag. +- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'. - **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not. - **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' MUST match '1.2.3.4' but MUST NOT match '1.2.34'). Default: ''. - **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request is sent over SSL or another secure protocol. This field is unused by Edge Update and always empty. Default: ''. - **appVersion** The version of the product install. Default: '0.0.0.0'. -- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. - **eventType** A string representation of appPingEventEventType indicating the type of the event. -- **hwHasAvx** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'. +- **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware does not support the AVX instruction set. '-1' if unknown. Default: '-1'. - **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'. - **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'. - **hwHasSse3** '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware does not support the SSE3 instruction set. '-1' if unknown. Default: '-1'. @@ -4246,9 +4246,9 @@ The following fields are available: - **requestOmahaShellVersion** The version of the Omaha installation folder. Default: ''. - **requestOmahaVersion** The version of the Omaha updater itself (the entity sending this request). Default: '0.0.0.0'. - **requestProtocolVersion** The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients MUST always transmit this attribute. Default: undefined. -- **requestRequestId** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Default: ''. +- **requestRequestId** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''. - **requestSessionCorrelationVectorBase** A client generated random MS Correlation Vector base code used to correlate the update session with update and CDN servers. Default: ''. -- **requestSessionId** A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) should have (with high probability) a single unique sessionid. Default: ''. +- **requestSessionId** A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) SHOULD have (with high probability) a single unique session ID. Default: ''. - **requestTestSource** Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''. - **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt should have (with high probability) a unique request id. Default: ''. @@ -4552,6 +4552,56 @@ The following fields are available: - **resetSettingsResult** The return code of the action to correct the known issue. +## Quality Update Assistant events + +### Microsoft.Windows.QualityUpdateAssistant.Applicability + +This event sends basic info on whether the device should be updated to the latest cumulative update. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this device. +- **PackageVersion** Current package version of quality update assistant. +- **Result** Applicability check for quality update assistant. + + +### Microsoft.Windows.QualityUpdateAssistant.DeviceReadinessCheck + +This event sends basic info on whether the device is ready to download the latest cumulative update. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this device. +- **PackageVersion** Current package version of quality update assistant. +- **Result** Device readiness check for quality update assistant. + + +### Microsoft.Windows.QualityUpdateAssistant.Download + +This event sends basic info when download of the latest cumulative update begins. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this device. +- **PackageVersion** Current package version of quality update assistant. +- **Result** Download of latest cumulative update payload. + + +### Microsoft.Windows.QualityUpdateAssistant.Install + +This event sends basic info on the result of the installation of the latest cumulative update. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this device. +- **PackageVersion** Current package version of quality update assistant. +- **Result** Install of latest cumulative update payload. + + ## Remediation events ### Microsoft.Windows.Remediation.Applicable @@ -5153,7 +5203,7 @@ This event sends basic metadata about the update installation process generated ### SetupPlatformTel.SetupPlatformTelEvent -This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios. +This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios, to help keep Windows up to date. The following fields are available: @@ -7680,7 +7730,7 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.FlightInapplicable -This event indicates that the update is no longer applicable to this device. +This event sends data on whether the update was applicable to the device, to help keep Windows up to date. The following fields are available: @@ -7774,7 +7824,7 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.PostInstall -This event is sent after a Windows update install completes. +This event sends data about lite stack devices (mobile, IOT, anything non-PC) immediately before data migration is launched to help keep Windows up to date. The following fields are available: diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md index 0b9b110957..8be2e02435 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md @@ -13,7 +13,7 @@ manager: dansimp ms.collection: M365-security-compliance ms.topic: article audience: ITPro -ms.date: 01/04/2020 +ms.date: 03/27/2020 ms.reviewer: --- @@ -312,6 +312,7 @@ The following fields are available: - **DatasourceApplicationFile_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_20H1** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_20H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_21H1Setup** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. - **DatasourceApplicationFile_RS2** An ID for the system, calculated by hashing hardware identifiers. - **DatasourceApplicationFile_RS3** The count of the number of this particular object type present on this device. @@ -327,6 +328,7 @@ The following fields are available: - **DatasourceDevicePnp_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_20H1** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_20H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_21H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device. - **DatasourceDevicePnp_RS2** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_RS3** The count of the number of this particular object type present on this device. @@ -342,6 +344,7 @@ The following fields are available: - **DatasourceDriverPackage_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_20H1** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_20H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_21H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_RS1** The total DataSourceDriverPackage objects targeting Windows 10 version 1607 on this device. - **DatasourceDriverPackage_RS2** The total DataSourceDriverPackage objects targeting Windows 10, version 1703 on this device. - **DatasourceDriverPackage_RS3** The count of the number of this particular object type present on this device. @@ -357,6 +360,7 @@ The following fields are available: - **DataSourceMatchingInfoBlock_19H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_20H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_20H1Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_RS1** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device. - **DataSourceMatchingInfoBlock_RS2** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_RS3** The count of the number of this particular object type present on this device. @@ -372,6 +376,7 @@ The following fields are available: - **DataSourceMatchingInfoPassive_19H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_20H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_20H1Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_RS1** The total DataSourceMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. - **DataSourceMatchingInfoPassive_RS2** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_RS3** The count of the number of this particular object type present on this device. @@ -387,6 +392,7 @@ The following fields are available: - **DataSourceMatchingInfoPostUpgrade_19H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_20H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_20H1Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. - **DataSourceMatchingInfoPostUpgrade_RS2** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device. - **DataSourceMatchingInfoPostUpgrade_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device. @@ -402,6 +408,7 @@ The following fields are available: - **DatasourceSystemBios_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_20H1** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_20H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_21H1Setup** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_RS1** The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device. - **DatasourceSystemBios_RS2** The total DatasourceSystemBios objects targeting Windows 10 version 1703 present on this device. - **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting Windows 10 version 1709 present on this device. @@ -417,6 +424,7 @@ The following fields are available: - **DecisionApplicationFile_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_20H1** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS1** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS2** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS3** The count of the number of this particular object type present on this device. @@ -432,6 +440,7 @@ The following fields are available: - **DecisionDevicePnp_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_20H1** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_RS1** The total DecisionDevicePnp objects targeting Windows 10 version 1607 on this device. - **DecisionDevicePnp_RS2** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_RS3** The count of the number of this particular object type present on this device. @@ -447,6 +456,7 @@ The following fields are available: - **DecisionDriverPackage_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_20H1** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_RS1** The total DecisionDriverPackage objects targeting Windows 10 version 1607 on this device. - **DecisionDriverPackage_RS2** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_RS3** The count of the number of this particular object type present on this device. @@ -462,6 +472,7 @@ The following fields are available: - **DecisionMatchingInfoBlock_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_20H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_RS1** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device. - **DecisionMatchingInfoBlock_RS2** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1703 present on this device. - **DecisionMatchingInfoBlock_RS3** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1709 present on this device. @@ -477,6 +488,7 @@ The following fields are available: - **DecisionMatchingInfoPassive_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_20H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. - **DecisionMatchingInfoPassive_RS2** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1703 on this device. - **DecisionMatchingInfoPassive_RS3** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1803 on this device. @@ -492,6 +504,7 @@ The following fields are available: - **DecisionMatchingInfoPostUpgrade_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_20H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. - **DecisionMatchingInfoPostUpgrade_RS2** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device. - **DecisionMatchingInfoPostUpgrade_RS3** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device. @@ -507,6 +520,7 @@ The following fields are available: - **DecisionMediaCenter_19H1Setup** The total DecisionMediaCenter objects targeting the next release of Windows on this device. - **DecisionMediaCenter_20H1** The count of the number of this particular object type present on this device. - **DecisionMediaCenter_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionMediaCenter_RS1** The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device. - **DecisionMediaCenter_RS2** The total DecisionMediaCenter objects targeting Windows 10 version 1703 present on this device. - **DecisionMediaCenter_RS3** The total DecisionMediaCenter objects targeting Windows 10 version 1709 present on this device. @@ -522,6 +536,7 @@ The following fields are available: - **DecisionSystemBios_19H1Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device. - **DecisionSystemBios_20H1** The count of the number of this particular object type present on this device. - **DecisionSystemBios_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemBios_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionSystemBios_RS1** The total DecisionSystemBios objects targeting Windows 10 version 1607 on this device. - **DecisionSystemBios_RS2** The total DecisionSystemBios objects targeting Windows 10 version 1703 on this device. - **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting Windows 10 version 1709 on this device. @@ -534,6 +549,7 @@ The following fields are available: - **DecisionSystemBios_TH2** The count of the number of this particular object type present on this device. - **DecisionSystemProcessor_RS2** The count of the number of this particular object type present on this device. - **DecisionTest_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionTest_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. - **InventoryApplicationFile** The count of the number of this particular object type present on this device. - **InventoryDeviceContainer** A count of device container objects in cache. @@ -563,6 +579,7 @@ The following fields are available: - **Wmdrm_19H1Setup** The total Wmdrm objects targeting the next release of Windows on this device. - **Wmdrm_20H1** The count of the number of this particular object type present on this device. - **Wmdrm_20H1Setup** The count of the number of this particular object type present on this device. +- **Wmdrm_21H1Setup** The count of the number of this particular object type present on this device. - **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS2** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS3** An ID for the system, calculated by hashing hardware identifiers. @@ -1838,6 +1855,38 @@ The following fields are available: ## Audio endpoint events +### MicArrayGeometry + +This event provides information about the layout of the individual microphone elements in the microphone array. + +The following fields are available: + +- **MicCoords** The location and orientation of the microphone element. See [MicCoords](#miccoords). +- **usFrequencyBandHi** The high end of the frequency range for the microphone. +- **usFrequencyBandLo** The low end of the frequency range for the microphone. +- **usMicArrayType** The type of the microphone array. +- **usNumberOfMicrophones** The number of microphones in the array. +- **usVersion** The version of the microphone array specification. +- **wHorizontalAngleBegin** The horizontal angle of the start of the working volume (reported as radians times 10,000). +- **wHorizontalAngleEnd** The horizontal angle of the end of the working volume (reported as radians times 10,000). +- **wVerticalAngleBegin** The vertical angle of the start of the working volume (reported as radians times 10,000). +- **wVerticalAngleEnd** The vertical angle of the end of the working volume (reported as radians times 10,000). + + +### MicCoords + +This event provides information about the location and orientation of the microphone element. + +The following fields are available: + +- **usType** The type of microphone. +- **wHorizontalAngle** The horizontal angle of the microphone (reported as radians times 10,000). +- **wVerticalAngle** The vertical angle of the microphone (reported as radians times 10,000). +- **wXCoord** The x-coordinate of the microphone. +- **wYCoord** The y-coordinate of the microphone. +- **wZCoord** The z-coordinate of the microphone. + + ### Microsoft.Windows.Audio.EndpointBuilder.DeviceInfo This event logs the successful enumeration of an audio endpoint (such as a microphone or speaker) and provides information about the audio endpoint. @@ -1860,22 +1909,6 @@ The following fields are available: - **MicArrayGeometry** Describes the microphone array, including the microphone position, coordinates, type, and frequency range. See [MicArrayGeometry](#micarraygeometry). - **persistentId** A unique ID for this endpoint which is retained across migrations. -### MicArrayGeometry - -This event provides information about the layout of the individual microphone elements in the microphone array. - -The following fields are available: - -- **MicCoords** The location and orientation of the microphone element. -- **usFrequencyBandHi** The high end of the frequency range for the microphone. -- **usFrequencyBandLo** The low end of the frequency range for the microphone. -- **usMicArrayType** The type of the microphone array. -- **usNumberOfMicrophones** The number of microphones in the array. -- **usVersion** The version of the microphone array specification. -- **wHorizontalAngleBegin** The horizontal angle of the start of the working volume (reported as radians times 10,000). -- **wHorizontalAngleEnd** The horizontal angle of the end of the working volume (reported as radians times 10,000). -- **wVerticalAngleBegin** The vertical angle of the start of the working volume (reported as radians times 10,000). -- **wVerticalAngleEnd** The vertical angle of the end of the working volume (reported as radians times 10,000). ## Census events @@ -2437,6 +2470,7 @@ The following fields are available: - **ext_container** Describes the properties of the container for events logged within a container. See [Common Data Extensions.container](#common-data-extensionscontainer). - **ext_cs** Describes properties related to the schema of the event. See [Common Data Extensions.cs](#common-data-extensionscs). - **ext_device** Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice). +- **ext_m365a** Describes the Microsoft 365-related fields. See [Common Data Extensions.m365a](#common-data-extensionsm365a). - **ext_os** Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos). - **ext_sdk** Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk). - **ext_user** Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser). @@ -2449,6 +2483,14 @@ The following fields are available: - **time** Represents the event date time in Coordinated Universal Time (UTC) when the event was generated on the client. This should be in ISO 8601 format. - **ver** Represents the major and minor version of the extension. +### Common Data Extensions.m365a + +Describes the Microsoft 365-related fields. + +The following fields are available: + +- **enrolledTenantId** The enrolled tenant ID. +- **msp** A bitmask that lists the active programs. ### Common Data Extensions.os @@ -2562,7 +2604,7 @@ The following fields are available: ### CbsServicingProvider.CbsCapabilityEnumeration -This event reports on the results of scanning for optional Windows content on Windows Update. +This event reports on the results of scanning for optional Windows content on Windows Update to keep Windows up to date. The following fields are available: @@ -2774,6 +2816,75 @@ The following fields are available: ## Diagnostic data events +### TelClientSynthetic.AbnormalShutdown_0 + +This event sends data about boot IDs for which a normal clean shutdown was not observed, to help keep Windows up to date. + +The following fields are available: + +- **AbnormalShutdownBootId** BootId of the abnormal shutdown being reported by this event. +- **AcDcStateAtLastShutdown** Identifies if the device was on battery or plugged in. +- **BatteryLevelAtLastShutdown** The last recorded battery level. +- **BatteryPercentageAtLastShutdown** The battery percentage at the last shutdown. +- **CrashDumpEnabled** Indicates whether crash dumps are enabled. +- **CumulativeCrashCount** Cumulative count of operating system crashes since the BootId reset. +- **CurrentBootId** BootId at the time the abnormal shutdown event was being reported. +- **Firmwaredata->ResetReasonEmbeddedController** The reset reason that was supplied by the firmware. +- **Firmwaredata->ResetReasonEmbeddedControllerAdditional** Additional data related to reset reason provided by the firmware. +- **Firmwaredata->ResetReasonPch** The reset reason that was supplied by the hardware. +- **Firmwaredata->ResetReasonPchAdditional** Additional data related to the reset reason supplied by the hardware. +- **Firmwaredata->ResetReasonSupplied** Indicates whether the firmware supplied any reset reason or not. +- **FirmwareType** ID of the FirmwareType as enumerated in DimFirmwareType. +- **HardwareWatchdogTimerGeneratedLastReset** Indicates whether the hardware watchdog timer caused the last reset. +- **HardwareWatchdogTimerPresent** Indicates whether hardware watchdog timer was present or not. +- **LastBugCheckBootId** bootId of the last captured crash. +- **LastBugCheckCode** Code that indicates the type of error. +- **LastBugCheckContextFlags** Additional crash dump settings. +- **LastBugCheckOriginalDumpType** The type of crash dump the system intended to save. +- **LastBugCheckOtherSettings** Other crash dump settings. +- **LastBugCheckParameter1** The first parameter with additional info on the type of the error. +- **LastBugCheckProgress** Progress towards writing out the last crash dump. +- **LastBugCheckVersion** The version of the information struct written during the crash. +- **LastSuccessfullyShutdownBootId** BootId of the last fully successful shutdown. +- **LongPowerButtonPressDetected** Identifies if the user was pressing and holding power button. +- **OOBEInProgress** Identifies if the Out-Of-Box-Experience is running. +- **OSSetupInProgress** Identifies if the operating system setup is running. +- **PowerButtonCumulativePressCount** Indicates the number of times the power button has been pressed ("pressed" not to be confused with "released"). +- **PowerButtonCumulativeReleaseCount** Indicates the number of times the power button has been released ("released" not to be confused with "pressed"). +- **PowerButtonErrorCount** Indicates the number of times there was an error attempting to record Power Button metrics (e.g.: due to a failure to lock/update the bootstat file). +- **PowerButtonLastPressBootId** BootId of the last time the Power Button was detected to have been pressed ("pressed" not to be confused with "released"). +- **PowerButtonLastPressTime** Date/time of the last time the Power Button was pressed ("pressed" not to be confused with "released"). +- **PowerButtonLastReleaseBootId** The Boot ID of the last time the Power Button was released ("released" not to be confused with "pressed"). +- **PowerButtonLastReleaseTime** The date and time the Power Button was most recently released ("released" not to be confused with "pressed"). +- **PowerButtonPressCurrentCsPhase** Represents the phase of Connected Standby exit when the power button was pressed. +- **PowerButtonPressIsShutdownInProgress** Indicates whether a system shutdown was in progress at the last time the power button was pressed. +- **PowerButtonPressLastPowerWatchdogStage** The last stage completed when the Power Button was most recently pressed. +- **PowerButtonPressPowerWatchdogArmed** Indicates whether or not the watchdog for the monitor was active at the time of the last power button press. +- **ShutdownDeviceType** Identifies who triggered a shutdown. Is it because of battery, thermal zones, or through a Kernel API. +- **SleepCheckpoint** Provides the last checkpoint when there is a failure during a sleep transition. +- **SleepCheckpointSource** Indicates whether the source is the EFI variable or bootstat file. +- **SleepCheckpointStatus** Indicates whether the checkpoint information is valid. +- **StaleBootStatData** Identifies if the data from bootstat is stale. +- **TransitionInfoBootId** The Boot ID of the captured transition information. +- **TransitionInfoCSCount** The total number of times the system transitioned from "Connected Standby" mode to "On" when the last marker was saved. +- **TransitionInfoCSEntryReason** Indicates the reason the device last entered "Connected Standby" mode ("entered" not to be confused with "exited"). +- **TransitionInfoCSExitReason** Indicates the reason the device last exited "Connected Standby" mode ("exited" not to be confused with "entered"). +- **TransitionInfoCSInProgress** Indicates whether the system was in or entering Connected Standby mode when the last marker was saved. +- **TransitionInfoLastReferenceTimeChecksum** The checksum of TransitionInfoLastReferenceTimestamp. +- **TransitionInfoLastReferenceTimestamp** The date and time that the marker was last saved. +- **TransitionInfoLidState** Describes the state of the laptop lid. +- **TransitionInfoPowerButtonTimestamp** The most recent date and time when the Power Button was pressed (collected via a different mechanism than PowerButtonLastPressTime). +- **TransitionInfoSleepInProgress** Indicates whether the system was in or entering Sleep mode when the last marker was saved. +- **TransitionInfoSleepTranstionsToOn** The total number of times the system transitioned from Sleep mode to on, when the last marker was saved. +- **TransitionInfoSystemRunning** Indicates whether the system was running when the last marker was saved. +- **TransitionInfoSystemShutdownInProgress** Indicates whether a device shutdown was in progress when the power button was pressed. +- **TransitionInfoUserShutdownInProgress** Indicates whether a user shutdown was in progress when the power button was pressed. +- **TransitionLatestCheckpointId** Represents a unique identifier for a checkpoint during the device state transition. +- **TransitionLatestCheckpointSeqNumber** Represents the chronological sequence number of the checkpoint. +- **TransitionLatestCheckpointType** Represents the type of the checkpoint, which can be the start of a phase, end of a phase, or just informational. +- **VirtualMachineId** If the operating system is on a virtual Machine, it gives the virtual Machine ID (GUID) that can be used to correlate events on the host. + + ### TelClientSynthetic.AuthorizationInfo_RuntimeTransition This event sends data indicating that a device has undergone a change of telemetry opt-in level detected at UTC startup, to help keep Windows up to date. The telemetry opt-in level signals what data we are allowed to collect. @@ -3642,26 +3753,27 @@ The following fields are available: - **ComputePreemptionLevel** The maximum preemption level supported by GPU for compute payload. - **DDIInterfaceVersion** The device driver interface version. - **DedicatedSystemMemoryB** The amount of system memory dedicated for GPU use (in bytes). +- **DedicatedVideoMemo** Amount of dedicated video memory in bytes. - **DedicatedVideoMemoryB** The amount of dedicated VRAM of the GPU (in bytes). - **DisplayAdapterLuid** The display adapter LUID. - **DriverDate** The date of the display driver. - **DriverRank** The rank of the display driver. - **DriverVersion** The display driver version. -- **DriverWorkarounds** Bitfield data for specific driver workarounds enabled for this device. -- **DriverWorkarounds.Length** The length of the DriverWorkarounds bitfield. +- **DriverWorkarounds** Numeric value indicating the driver workarounds that are enabled for this device. - **DX10UMDFilePath** The file path to the location of the DirectX 10 Display User Mode Driver in the Driver Store. - **DX11UMDFilePath** The file path to the location of the DirectX 11 Display User Mode Driver in the Driver Store. +- **DX12U** File path to the location of the DirectX 12 Display User Mode Driver in the Driver Store. - **DX12UMDFilePath** The file path to the location of the DirectX 12 Display User Mode Driver in the Driver Store. - **DX9UMDFilePath** The file path to the location of the DirectX 9 Display User Mode Driver in the Driver Store. - **GPUDeviceID** The GPU device ID. - **GPUPreemptionLevel** The maximum preemption level supported by GPU for graphics payload. - **GPURevisionID** The GPU revision ID. - **GPUVendorID** The GPU vendor ID. -- **InterfaceFuncPointersProvided1** The number of device driver interface function pointers provided. -- **InterfaceFuncPointersProvided2** The number of device driver interface function pointers provided. +- **InterfaceFuncPointersProvided1** Number of device driver interface function pointers provided. +- **InterfaceFuncPointersProvided2** Number of device driver interface function pointers provided. - **InterfaceId** The GPU interface ID. - **IsDisplayDevice** Does the GPU have displaying capabilities? -- **IsHwSchEnabled** Indicates whether Hardware Scheduling is enabled. +- **IsHwSchEnabled** Boolean value indicating whether hardware scheduling is enabled. - **IsHwSchSupported** Indicates whether the adapter supports hardware scheduling. - **IsHybridDiscrete** Does the GPU have discrete GPU capabilities in a hybrid device? - **IsHybridIntegrated** Does the GPU have integrated GPU capabilities in a hybrid device? @@ -4216,7 +4328,7 @@ The following fields are available: ### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryAdd -This event provides the basic metadata about driver binaries running on the system. +This event sends basic metadata about driver binaries running on the system to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -4276,9 +4388,11 @@ The following fields are available: - **Date** The driver package date. - **Directory** The path to the driver package. - **DriverInBox** Is the driver included with the operating system? +- **FlightIds** Driver Flight IDs. - **Inf** The INF name of the driver package. - **InventoryVersion** The version of the inventory file generating the events. - **Provider** The provider for the driver package. +- **RecoveryIds** Driver recovery IDs. - **SubmissionId** The HLK submission ID for the driver package. - **Version** The version of the driver package. @@ -4804,71 +4918,79 @@ The following fields are available: ### Aria.160f0649efde47b7832f05ed000fc453.Microsoft.WebBrowser.SystemInfo.Config -This event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. The following fields are available: -- **app_version** The internal Microsoft Edge build version string. -- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). - **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled. -- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth -- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode. -- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode. -- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level. -- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event, where 1 is basic, 2 is enhanced, and 3 is full. - **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. -- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). - **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. - **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. -- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level -- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **reconsentConfigs** A comma separated list of all reconsent configurations the current installation has received. Each configuration follows a well-defined format: 2DigitMonth-2DigitYear-3LetterKeyword. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. ### Aria.29e24d069f27450385c7acaa2f07e277.Microsoft.WebBrowser.SystemInfo.Config -This event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. The following fields are available: -- **app_version** The internal Microsoft Edge build version string. -- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). - **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled. -- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth -- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode. -- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode. -- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level. -- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. - **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. -- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). - **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. - **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. -- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level -- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. ### Aria.7005b72804a64fa4b2138faab88f877b.Microsoft.WebBrowser.SystemInfo.Config -This event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. The following fields are available: -- **app_version** The internal Microsoft Edge build version string. -- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). - **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled. -- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth -- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode. -- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode. -- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level. -- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. - **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. -- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). - **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. - **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. -- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level -- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. ### Aria.754de735ccd546b28d0bfca8ac52c3de.Microsoft.WebBrowser.SystemInfo.Config @@ -4877,21 +4999,24 @@ This config event sends basic device connectivity and configuration information The following fields are available: -- **app_version** The internal Microsoft Edge build version string. -- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). - **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled. -- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth -- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode. -- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode. -- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level. -- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. - **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. -- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). - **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. - **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. -- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level -- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. ### Aria.af397ef28e484961ba48646a5d38cf54.Microsoft.WebBrowser.Installer.EdgeUpdate.Ping @@ -4965,28 +5090,76 @@ The following fields are available: - **requestTestSource** Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''. - **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt should have (with high probability) a unique request id. Default: ''. +### Microsoft.WebBrowser.Installer.EdgeUpdate.Ping -### Aria.f4a7d46e472049dfba756e11bdbbc08f.Microsoft.WebBrowser.SystemInfo.Config - -This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. +This event sends hardware and software inventory information about the Microsoft Edge Update service, Microsoft Edge applications, and the current system environment, including app configuration, update configuration, and hardware capabilities. It's used to measure the reliability and performance of the EdgeUpdate service and if Microsoft Edge applications are up to date The following fields are available: -- **app_version** The internal Microsoft Edge build version string. -- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). -- **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled. -- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth -- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode. -- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode. -- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level. -- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full -- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. -- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). -- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. -- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. -- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level -- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **appAp** Microsoft Edge Update parameters, including channel, architecture, platform, and additional parameters identifying the release of Microsoft Edge to update and how to install it. Example: 'beta-arch_x64-full'. Default: ''." +- **appAppId** The GUID that identifies the product channels such as Edge Canary, Dev, Beta, Stable, and Edge Update. +- **appBrandCode** The 4-digit brand code under which the the product was installed, if any. Possible values: 'GGLS' (default), 'GCEU' (enterprise install), and '' (unknown). +- **appChannel** An integer indicating the channel of the installation (e.g. Canary or Dev). +- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. +- **appCohort** A machine-readable string identifying the release channel that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited. +- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. Default: '-2' (Unknown). +- **appExperiments** A semicolon-delimited key/value list of experiment identifiers and treatment groups. This field is unused and always empty in Edge Update. Default: ''. +- **appIid** A GUID that identifies a particular installation flow. For example, each download of a product installer is tagged with a unique GUID. Attempts to install using that installer can then be grouped. A client SHOULD NOT persist the IID GUID after the installation flow of a product is complete. +- **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'. +- **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''. +- **appNextVersion** The version of the app that the update attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'. +- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'. +- **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. +- **appPingEventDownloadMetricsDownloader** A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''. +- **appPingEventDownloadMetricsDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. +- **appPingEventDownloadMetricsError** The error code (if any) of the operation, encoded as a signed base-10 integer. Default: '0'. +- **appPingEventDownloadMetricsServerIpHint** For events representing a download, the CDN Host IP address that corresponds to the update file server. The CDN host is controlled by Microsoft servers and always maps to IP addresses hosting *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. +- **appPingEventDownloadMetricsTotalBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. +- **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. +- **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. +- **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'. +- **appPingEventEventResult** An enumeration indicating the result of the event. Common values are '0' (Error) and '1' (Success). Default: '0' (Error). +- **appPingEventEventType** An enumeration indicating the type of the event and the event stage. Default: '0' (Unknown). +- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'. +- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'. +- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'. +- **appPingEventSequenceId** An ID that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event. +- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a tag. +- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'. +- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not. +- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' MUST match '1.2.3.4' but MUST NOT match '1.2.34'). Default: ''. +- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request is sent over SSL or another secure protocol. This field is unused by Edge Update and always empty. Default: ''. +- **appVersion** The version of the product install. Default: '0.0.0.0'. +- **eventType** A string representation of appPingEventEventType indicating the type of the event. +- **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware does not support the AVX instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse3** '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware does not support the SSE3 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse41** '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware does not support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse42** '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware does not support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSsse3** '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware does not support the SSSE3 instruction set. '-1' if unknown. Default: '-1'. +- **hwPhysmemory** The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'. +- **isMsftDomainJoined** '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'. +- **osArch** The architecture of the operating system (e.g. 'x86', 'x64', 'arm'). '' if unknown. Default: ''. +- **osPlatform** The operating system family that the within which the Omaha client is running (e.g. 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system name should be transmitted in lowercase with minimal formatting. Default: ''. +- **osServicePack** The secondary version of the operating system. '' if unknown. Default: ''. +- **osVersion** The primary version of the operating system. '' if unknown. Default: ''. +- **requestCheckPeriodSec** The update interval in seconds. The value is read from the registry. Default: '-1'. +- **requestDlpref** A comma-separated list of values specifying the preferred download URL behavior. The first value is the highest priority, further values reflect secondary, tertiary, et cetera priorities. Legal values are '' (in which case the entire list must be empty, indicating unknown or no-preference) or 'cacheable' (the server should prioritize sending URLs that are easily cacheable). Default: ''. +- **requestDomainJoined** '1' if the device is part of a managed enterprise domain. Otherwise '0'. +- **requestInstallSource** A string specifying the cause of the update flow. For example: 'ondemand', or 'scheduledtask'. Default: ''. +- **requestIsMachine** '1' if the client is known to be installed with system-level or administrator privileges. '0' otherwise. Default: '0'. +- **requestOmahaShellVersion** The version of the Omaha installation folder. Default: ''. +- **requestOmahaVersion** The version of the Omaha updater itself (the entity sending this request). Default: '0.0.0.0'. +- **requestProtocolVersion** The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients MUST always transmit this attribute. Default: undefined. +- **requestRequestId** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''. +- **requestSessionCorrelationVectorBase** A client generated random MS Correlation Vector base code used to correlate the update session with update and CDN servers. Default: ''. +- **requestSessionId** A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) SHOULD have (with high probability) a single unique session ID. Default: ''. +- **requestTestSource** Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''. +- **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''. ## Migration events @@ -5258,8 +5431,8 @@ The following fields are available: - **originatingContextName** The name of the originating call context that resulted in the failure. - **threadId** The ID of the thread on which the activity is executing. -## Privacy notifier events +## Privacy notifier events ### Microsoft.Windows.Shell.PrivacyNotifierLogging.PrivacyNotifierCompleted @@ -5276,6 +5449,85 @@ The following fields are available: - **resetSettingsResult** The return code of the action to correct the known issue. +## Quality Update Assistant events + +### Microsoft.Windows.QualityUpdateAssistant.Applicability + +This event sends basic info on whether the device should be updated to the latest cumulative update. + +The following fields are available: + +- **CV** Correlation vector. +- **dayspendingrebootafterfu** Number of days that have elapsed since the device reached ready to reboot for a Feature Update that is still actively pending reboot. +- **ExecutionRequestId** Identifier of the Execution Request that launched the QualityUpdateAssistant process. +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this device. +- **IsApplicable** Indicates whether the update is applicable to this device. +- **KBNumber** KBNumber of the update being installed. +- **PackageVersion** Current package version of quality update assistant. +- **Reason** Provides information on reasons why the update is not applicable to the device. +- **Result** Applicability check for quality update assistant. + + +### Microsoft.Windows.QualityUpdateAssistant.DeviceReadinessCheck + +This event sends basic info on whether the device is ready to download the latest cumulative update. + +The following fields are available: + +- **CV** Correlation vector. +- **ExecutionRequestId** Identifier of the Execution Request that launched the QualityUpdateAssistant process. +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this device. +- **KBNumber** KBNumber of the update being installed. +- **PackageVersion** Current package version of quality update assistant. +- **QualityUpdateReadinessProcessorMaxSpeed** Processor max speed. +- **Reason** Indicates why the device did not pass the readiness check. +- **Result** Device readiness check for quality update assistant. +- **VirtualMemoryUsedByCurrentProcess** Virtual memory in use by the Quality Update Assistant process. + + +### Microsoft.Windows.QualityUpdateAssistant.Download + +This event sends basic info when download of the latest cumulative update begins. + +The following fields are available: + +- **CV** Correlation vector. +- **DODownloadHResult** Result code from Delivery Optimization when used to download the quality update. +- **DownloadMode** Indicates how the quality update was downloaded. +- **ExecutionRequestId** Identifier of the Execution Request that launched the QualityUpdateAssistant process. +- **GlobalEventCounter** Client side counter that indicates ordering of events sent by this device. +- **HttpsDownloadHResult** Result code when HTTPS is used to download the quality update. +- **InstallMode** Indicates which installation method was used to attempt the install of the quality update. +- **KBNumber** KBNumber of the update being installed. +- **PackageVersion** Current package version of quality update assistant. +- **QualityUpdateDeviceHasMinimumUptime** Indicates whether the device has the minimum uptime required to install a quality update. +- **Result** Download of latest cumulative update payload. +- **Scenario** Indicates if the installation step succeeded or failed. + + +### Microsoft.Windows.QualityUpdateAssistant.Install + +This event sends basic info on the result of the installation of the latest cumulative update. + +The following fields are available: + +- **CV** Correlation vector. +- **DismInstallHResult** Internal result code from DISM when used to install the quality update. +- **ExecutionRequestId** Identifier of the Execution Request that launched the QualityUpdateAssistant process. +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this device. +- **InstallMode** Indicates which installation method was used to attempt the install of the quality update. +- **KBNumber** KBNumber of the update being installed. +- **launchretrycounter** Count of the number of times the install has been retried in the event of a non-successful installation attempt. +- **PackageVersion** Current package version of quality update assistant. +- **QualityUpdateDismErrorCode** Error code returned when DISM is used to install the quality update. +- **QualityUpdatePendingRebootAfterInstallStage** Indicates if the device is pending reboot after install is complete. +- **QualityUpdateSecondsInstallStage** Time spent installing the quality update. +- **QualityUpdateWusaErrorCode** Error code returned when WUSA is used to install the quality update. +- **Result** Install of latest cumulative update payload. +- **Scenario** Indicates if the installation step succeeded or failed. +- **WusaInstallHResult** Internal result code from WUSA when used to install the quality update. + + ## Remediation events ### Microsoft.Windows.Remediation.Applicable @@ -5789,7 +6041,7 @@ This event sends basic metadata about the update installation process generated ### SetupPlatformTel.SetupPlatformTelEvent -This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios. +This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios, to help keep Windows up to date. The following fields are available: @@ -7650,7 +7902,7 @@ The following fields are available: - **groupConnectionCount** The total number of connections made to peers in the same group. - **internetConnectionCount** The total number of connections made to peers not in the same LAN or the same group. - **isEncrypted** TRUE if the file is encrypted and will be decrypted after download. -- **isThrottled** Indicates the Event Rate was throttled (event represent aggregated data). +- **isThrottled** Event Rate throttled (event represents aggregated data). - **isVpn** Is the device connected to a Virtual Private Network? - **jobID** Identifier for the Windows Update job. - **lanConnectionCount** The total number of connections made to peers in the same LAN. @@ -8230,7 +8482,7 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.FlightInapplicable -This event indicates that the update is no longer applicable to this device. +This event sends data on whether the update was applicable to the device, to help keep Windows up to date. The following fields are available: @@ -8316,7 +8568,7 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.PostInstall -This event is sent after a Windows update install completes. +This event sends data about lite stack devices (mobile, IOT, anything non-PC) immediately before data migration is launched to help keep Windows up to date. The following fields are available: @@ -8623,6 +8875,22 @@ The following fields are available: - **wuDeviceid** The Windows Update device GUID. +### Microsoft.Windows.UpdateHealthTools.UpdateHealthToolsPushNotificationStatus + +This event is received when there is status on a push notification. + +The following fields are available: + +- **CV** Correlation vector. +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user. +- **PackageVersion** Current package version of UpdateHealthTools. +- **UpdateHealthToolsDeviceUri** The URI to be used for push notifications on this device. +- **UpdateHealthToolsEnterpriseActionType** Enum describing the type of action requested by the push. +- **UpdateHealthToolsPushCurrentRequestId** The request ID for the push. +- **UpdateHealthToolsPushCurrentResults** The results from the push request. +- **UpdateHealthToolsPushCurrentStep** The current step for the push notification + + ## Windows Update mitigation events ### Mitigation360Telemetry.MitigationCustom.CleanupSafeOsImages diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md index b7de342751..adb454d3a2 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903.md @@ -1,6 +1,6 @@ --- -description: Use this article to learn more about what Windows diagnostic data is gathered at the basic level. Specific to Windows 10, version 1903. -title: Windows 10, version 1903 and Windows 10, version 1909 basic diagnostic events and fields (Windows 10) +description: Use this article to learn more about what required Windows diagnostic data is gathered. +title: Windows 10, version 1909 and Windows 10, version 1903 required diagnostic events and fields (Windows 10) keywords: privacy, telemetry ms.prod: w10 ms.mktglfcycl: manage @@ -13,11 +13,16 @@ manager: dansimp ms.collection: M365-security-compliance ms.topic: article audience: ITPro -ms.date: 12/10/2019 +ms.date: 03/27/2020 --- -# Windows 10, version 1903 and Windows 10, version 1909 basic level Windows diagnostic events and fields +# Windows 10, version 1909 and Windows 10, version 1903 required Windows diagnostic events and fields + + +> [!IMPORTANT] +> Windows is moving to classifying the data collected from customer’s devices as either *Required* or *Optional*. + **Applies to** @@ -25,9 +30,9 @@ ms.date: 12/10/2019 - Windows 10, version 1903 -The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. When the level is set to Basic, it also includes the Security level information. +Required diagnostic data gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. -The Basic level helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems. +Required diagnostic data helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems. Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data. @@ -269,6 +274,8 @@ The following fields are available: - **DatasourceApplicationFile_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_20H1** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_20H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_21H1** The count of the number of this particular object type present on this device. +- **DatasourceApplicationFile_21H1Setup** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. - **DatasourceApplicationFile_RS2** An ID for the system, calculated by hashing hardware identifiers. - **DatasourceApplicationFile_RS3** The count of the number of this particular object type present on this device. @@ -280,6 +287,8 @@ The following fields are available: - **DatasourceDevicePnp_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_20H1** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_20H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_21H1** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_21H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device. - **DatasourceDevicePnp_RS2** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_RS3** The count of the number of this particular object type present on this device. @@ -294,6 +303,8 @@ The following fields are available: - **DatasourceDriverPackage_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_20H1** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_20H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_21H1** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_21H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_RS1** The total DataSourceDriverPackage objects targeting Windows 10 version 1607 on this device. - **DatasourceDriverPackage_RS2** The total DataSourceDriverPackage objects targeting Windows 10, version 1703 on this device. - **DatasourceDriverPackage_RS3** The count of the number of this particular object type present on this device. @@ -308,6 +319,8 @@ The following fields are available: - **DataSourceMatchingInfoBlock_19H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_20H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_20H1Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_21H1** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_RS1** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device. - **DataSourceMatchingInfoBlock_RS2** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_RS3** The count of the number of this particular object type present on this device. @@ -319,6 +332,8 @@ The following fields are available: - **DataSourceMatchingInfoPassive_19H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_20H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_20H1Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_21H1** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_RS1** The total DataSourceMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. - **DataSourceMatchingInfoPassive_RS2** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_RS3** The count of the number of this particular object type present on this device. @@ -326,11 +341,12 @@ The following fields are available: - **DataSourceMatchingInfoPassive_RS5** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_TH1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_TH2** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPoltUpgrade_20H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_19H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_19H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_20H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_20H1Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_21H1** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. - **DataSourceMatchingInfoPostUpgrade_RS2** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device. - **DataSourceMatchingInfoPostUpgrade_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device. @@ -343,6 +359,8 @@ The following fields are available: - **DatasourceSystemBios_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_20H1** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_20H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_21H1** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_21H1Setup** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_RS1** The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device. - **DatasourceSystemBios_RS2** The total DatasourceSystemBios objects targeting Windows 10 version 1703 present on this device. - **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting Windows 10 version 1709 present on this device. @@ -357,6 +375,8 @@ The following fields are available: - **DecisionApplicationFile_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_20H1** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_21H1** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS1** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS2** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS3** The count of the number of this particular object type present on this device. @@ -368,6 +388,8 @@ The following fields are available: - **DecisionDevicePnp_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_20H1** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_21H1** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_RS1** The total DecisionDevicePnp objects targeting Windows 10 version 1607 on this device. - **DecisionDevicePnp_RS2** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_RS3** The count of the number of this particular object type present on this device. @@ -382,6 +404,8 @@ The following fields are available: - **DecisionDriverPackage_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_20H1** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_21H1** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_RS1** The total DecisionDriverPackage objects targeting Windows 10 version 1607 on this device. - **DecisionDriverPackage_RS2** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_RS3** The count of the number of this particular object type present on this device. @@ -396,6 +420,8 @@ The following fields are available: - **DecisionMatchingInfoBlock_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_20H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_21H1** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_RS1** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device. - **DecisionMatchingInfoBlock_RS2** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1703 present on this device. - **DecisionMatchingInfoBlock_RS3** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1709 present on this device. @@ -407,6 +433,8 @@ The following fields are available: - **DecisionMatchingInfoPassive_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_20H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_21H1** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. - **DecisionMatchingInfoPassive_RS2** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1703 on this device. - **DecisionMatchingInfoPassive_RS3** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1803 on this device. @@ -414,11 +442,12 @@ The following fields are available: - **DecisionMatchingInfoPassive_RS5** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_TH1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_TH2** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPoltUpgrade_20H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_19H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_20H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_21H1** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. - **DecisionMatchingInfoPostUpgrade_RS2** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device. - **DecisionMatchingInfoPostUpgrade_RS3** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device. @@ -430,6 +459,8 @@ The following fields are available: - **DecisionMediaCenter_19H1Setup** The total DecisionMediaCenter objects targeting the next release of Windows on this device. - **DecisionMediaCenter_20H1** The count of the number of this particular object type present on this device. - **DecisionMediaCenter_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_21H1** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionMediaCenter_RS1** The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device. - **DecisionMediaCenter_RS2** The total DecisionMediaCenter objects targeting Windows 10 version 1703 present on this device. - **DecisionMediaCenter_RS3** The total DecisionMediaCenter objects targeting Windows 10 version 1709 present on this device. @@ -442,6 +473,8 @@ The following fields are available: - **DecisionSystemBios_19H1Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device. - **DecisionSystemBios_20H1** The count of the number of this particular object type present on this device. - **DecisionSystemBios_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemBios_21H1** The count of the number of this particular object type present on this device. +- **DecisionSystemBios_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionSystemBios_RS1** The total DecisionSystemBios objects targeting Windows 10 version 1607 on this device. - **DecisionSystemBios_RS2** The total DecisionSystemBios objects targeting Windows 10 version 1703 on this device. - **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting Windows 10 version 1709 on this device. @@ -454,6 +487,8 @@ The following fields are available: - **DecisionSystemBios_TH2** The count of the number of this particular object type present on this device. - **DecisionSystemProcessor_RS2** The count of the number of this particular object type present on this device. - **DecisionTest_20H1Setup** The count of the number of this particular object type present on this device. +- **DecisionTest_21H1** The count of the number of this particular object type present on this device. +- **DecisionTest_21H1Setup** The count of the number of this particular object type present on this device. - **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. - **InventoryApplicationFile** The count of the number of this particular object type present on this device. - **InventoryDeviceContainer** A count of device container objects in cache. @@ -482,6 +517,8 @@ The following fields are available: - **Wmdrm_19H1Setup** The total Wmdrm objects targeting the next release of Windows on this device. - **Wmdrm_20H1** The count of the number of this particular object type present on this device. - **Wmdrm_20H1Setup** The total Wmdrm objects targeting the next release of Windows on this device. +- **Wmdrm_21H1** The count of the number of this particular object type present on this device. +- **Wmdrm_21H1Setup** The count of the number of this particular object type present on this device. - **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS2** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS3** An ID for the system, calculated by hashing hardware identifiers. @@ -616,6 +653,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: - **AppraiserVersion** The version of the appraiser file generating the events. +- **ResolveAttempted** This will always be an empty string when sending diagnostic data. ### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoBlockStartSync @@ -847,10 +885,12 @@ The following fields are available: - **AppraiserVersion** The version of the appraiser file generating the events. - **BlockingApplication** Are there are any application issues that interfere with upgrade due to matching info blocks? - **DisplayGenericMessage** Will a generic message be shown for this block? +- **NeedsDismissAction** Will the file cause an action that can be dismissed? - **NeedsUninstallAction** Does the user need to take an action in setup due to a matching info block? - **SdbBlockUpgrade** Is a matching info block blocking upgrade? - **SdbBlockUpgradeCanReinstall** Is a matching info block blocking upgrade, but has the can reinstall tag? - **SdbBlockUpgradeUntilUpdate** Is a matching info block blocking upgrade but has the until update tag? +- **SdbReinstallUpgradeWarn** The file is tagged as needing to be reinstalled after upgrade with a warning in the SDB. It does not block upgrade. ### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoBlockStartSync @@ -1732,6 +1772,7 @@ The following fields are available: - **IsDomainJoined** Indicates whether a machine is joined to a domain. - **IsEDPEnabled** Represents if Enterprise data protected on the device. - **IsMDMEnrolled** Whether the device has been MDM Enrolled or not. +- **MDMServiceProvider** A hash of the specific MDM authority, such as Microsoft Intune, that is managing the device. - **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID - **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in a Configuration Manager environment. - **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers. @@ -1781,6 +1822,7 @@ The following fields are available: - **DeviceName** The device name that is set by the user. - **DigitizerSupport** Is a digitizer supported? - **DUID** The device unique ID. +- **EnclosureKind** Windows.Devices.Enclosure.EnclosureKind enum values representing each unique enclosure posture kind. - **Gyroscope** Indicates whether the device has a gyroscope (a mechanical component that measures and maintains orientation). - **InventoryId** The device ID used for compatibility testing. - **Magnetometer** Indicates whether the device has a magnetometer (a mechanical component that works like a compass). @@ -1965,10 +2007,14 @@ The following fields are available: - **HVCIRunning** Hypervisor Code Integrity (HVCI) enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s functionality to force all software running in kernel mode to safely allocate memory. This field tells if HVCI is running. - **IsSawGuest** Indicates whether the device is running as a Secure Admin Workstation Guest. - **IsSawHost** Indicates whether the device is running as a Secure Admin Workstation Host. +- **IsWdagFeatureEnabled** Indicates whether Windows Defender Application Guard is enabled. - **RequiredSecurityProperties** Describes the required security properties to enable virtualization-based security. - **SecureBootCapable** Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting. - **SModeState** The Windows S mode trail state. +- **SystemGuardState** Indicates the SystemGuard state. NotCapable (0), Capable (1), Enabled (2), Error (0xFF). +- **TpmReadyState** Indicates the TPM ready state. NotReady (0), ReadyForStorage (1), ReadyForAttestation (2), Error (0xFF). - **VBSState** Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation. VBS has a tri-state that can be Disabled, Enabled, or Running. +- **WdagPolicyValue** The Windows Defender Application Guard policy. ### Census.Speech @@ -2109,7 +2155,7 @@ The following fields are available: - **IsVirtualDevice** Retrieves that when the Hypervisor is Microsoft's Hyper-V Hypervisor or other Hv#1 Hypervisor, this field will be set to FALSE for the Hyper-V host OS and TRUE for any guest OS's. This field should not be relied upon for non-Hv#1 Hypervisors. - **SLATSupported** Represents whether Second Level Address Translation (SLAT) is supported by the hardware. - **VirtualizationFirmwareEnabled** Represents whether virtualization is enabled in the firmware. -- **VMId** A string that uniquely identifies a virtual machine. +- **VMId** A string that identifies a virtual machine. ### Census.WU @@ -2197,6 +2243,7 @@ The following fields are available: - **ext_app** Describes the properties of the running application. This extension could be populated by either a client app or a web app. See [Common Data Extensions.app](#common-data-extensionsapp). - **ext_container** Describes the properties of the container for events logged within a container. See [Common Data Extensions.container](#common-data-extensionscontainer). - **ext_device** Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice). +- **ext_m365a** Describes the Microsoft 365-related fields. See [Common Data Extensions.m365a](#common-data-extensionsm365a). - **ext_mscv** Describes the correlation vector-related fields. See [Common Data Extensions.mscv](#common-data-extensionsmscv). - **ext_os** Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos). - **ext_sdk** Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk). @@ -2208,6 +2255,14 @@ The following fields are available: - **time** Represents the event date time in Coordinated Universal Time (UTC) when the event was generated on the client. This should be in ISO 8601 format. - **ver** Represents the major and minor version of the extension. +### Common Data Extensions.m365a + +Describes the Microsoft 365-related fields. + +The following fields are available: + +- **enrolledTenantId** The enrolled tenant ID. +- **msp** A bitmask that lists the active programs. ### Common Data Extensions.mscv @@ -2276,6 +2331,7 @@ The following fields are available: - **providerGuid** The ETW provider ID associated with the provider name. - **raId** Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW. - **seq** Represents the sequence field used to track absolute order of uploaded events. It is an incrementing identifier for each event added to the upload queue. The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server. +- **sqmId** The Windows SQM (Software Quality Metrics—a precursor of Windows 10 Diagnostic Data collection) device identifier. - **stId** Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID. - **wcmp** The Windows Shell Composer ID. - **wPId** The Windows Core OS product ID. @@ -2325,7 +2381,7 @@ The following fields are available: ### CbsServicingProvider.CbsCapabilityEnumeration -This event reports on the results of scanning for optional Windows content on Windows Update. +This event reports on the results of scanning for optional Windows content on Windows Update to keep Windows up to date. The following fields are available: @@ -2610,6 +2666,22 @@ The following fields are available: - **RestrictedNetworkTime** Retrieves the time spent on a metered (cost restricted) network in seconds. +### TelClientSynthetic.EventMonitor_0 + +This event provides statistics for specific diagnostic events. + +The following fields are available: + +- **ConsumerCount** The number of instances seen in the Event Tracing for Windows consumer. +- **EventName** The name of the event being monitored. +- **EventSnFirst** The expected first event serial number. +- **EventSnLast** The expected last event serial number. +- **EventStoreCount** The number of events reaching the event store. +- **MonitorSn** The serial number of the monitor. +- **TriggerCount** The number of events reaching the trigger buffer. +- **UploadedCount** The number of events uploaded. + + ### TelClientSynthetic.GetFileInfoAction_FilePathNotApproved_0 This event occurs when the DiagTrack escalation fails due to the scenario requesting a path that is not approved for GetFileInfo actions. @@ -2809,6 +2881,22 @@ This event is a low latency health alert that is part of the 4Nines device healt +## Direct to update events + +### Microsoft.Windows.DirectToUpdate.DTUHandlerCheckApplicabilityGenericFailure + +This event indicates that we have received an unexpected error in the Direct to Update (DTU) Handler CheckApplicability call. + +The following fields are available: + +- **CampaignID** Campaign ID being run +- **ClientID** Client ID being run +- **CoordinatorVersion** Coordinator version of DTU +- **CV** Correlation vector +- **CV_new** New correlation vector +- **hResult** HRESULT of the failure + + ## DISM events ### Microsoft.Windows.StartRepairCore.DISMLatestInstalledLCU @@ -3007,12 +3095,12 @@ The following fields are available: - **ComputePreemptionLevel** The maximum preemption level supported by GPU for compute payload. - **DedicatedSystemMemoryB** The amount of system memory dedicated for GPU use (in bytes). - **DedicatedVideoMemoryB** The amount of dedicated VRAM of the GPU (in bytes). -- **Display1UMDFilePath** File path to the location of the Display User Mode Driver in the Driver Store. +- **Display1UMDFilePath** The file path to the location of the Display User Mode Driver in the Driver Store. - **DisplayAdapterLuid** The display adapter LUID. - **DriverDate** The date of the display driver. - **DriverRank** The rank of the display driver. - **DriverVersion** The display driver version. -- **DriverWorkarounds** Numeric value indicating the driver workarounds enabled for this device. +- **DriverWorkarounds** Numeric value indicating the driver workarounds that are enabled for this device. - **DX10UMDFilePath** The file path to the location of the DirectX 10 Display User Mode Driver in the Driver Store. - **DX11UMDFilePath** The file path to the location of the DirectX 11 Display User Mode Driver in the Driver Store. - **DX12UMDFilePath** The file path to the location of the DirectX 12 Display User Mode Driver in the Driver Store. @@ -3203,21 +3291,6 @@ The following fields are available: ## Holographic events -### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicDeviceAdded - -This event indicates Windows Mixed Reality device state. This event is also used to count WMR device. - -The following fields are available: - -- **ClassGuid** Windows Mixed Reality device class GUID. -- **DeviceInterfaceId** Windows Mixed Reality device interface ID. -- **DeviceName** Windows Mixed Reality device name. -- **DriverVersion** Windows Mixed Reality device driver version. -- **FirmwareVersion** Windows Mixed Reality firmware version. -- **Manufacturer** Windows Mixed Reality device manufacturer. -- **ModelName** Windows Mixed Reality device model name. -- **SerialNumber** Windows Mixed Reality device serial number. - ### Microsoft.Windows.Holographic.Coordinator.HoloShellStateUpdated This event indicates Windows Mixed Reality HoloShell State. This event is also used to count WMR device. @@ -3327,7 +3400,6 @@ The following fields are available: - **InventoryMiscellaneousOfficeVBA** A count of office vba objects in cache - **InventoryMiscellaneousOfficeVBARuleViolations** A count of office vba rule violations objects in cache - **InventoryMiscellaneousUUPInfo** A count of uup info objects in cache -- **InventoryVersion** The version of the inventory file generating the events. - **Metadata** A count of metadata objects in cache. - **Orphan** A count of orphan file objects in cache. - **Programs** A count of program objects in cache. @@ -3702,7 +3774,7 @@ The following fields are available: ### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryAdd -This event provides the basic metadata about driver binaries running on the system. +This event sends basic metadata about driver binaries running on the system to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -3762,9 +3834,11 @@ The following fields are available: - **Date** The driver package date. - **Directory** The path to the driver package. - **DriverInBox** Is the driver included with the operating system? +- **FlightIds** Driver Flight IDs. - **Inf** The INF name of the driver package. - **InventoryVersion** The version of the inventory file generating the events. - **Provider** The provider for the driver package. +- **RecoveryIds** Driver recovery IDs. - **SubmissionId** The HLK submission ID for the driver package. - **Version** The version of the driver package. @@ -4301,71 +4375,84 @@ The following fields are available: ### Aria.160f0649efde47b7832f05ed000fc453.Microsoft.WebBrowser.SystemInfo.Config -This event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. The following fields are available: -- **app_version** The internal Microsoft Edge build version string. -- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). - **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled. -- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth -- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode. -- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode. -- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level. -- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event, where 1 is basic, 2 is enhanced, and 3 is full. - **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. -- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). - **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. - **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. -- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level -- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **reconsentConfigs** A comma separated list of all reconsent configurations the current installation has received. Each configuration follows a well-defined format: 2DigitMonth-2DigitYear-3LetterKeyword. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. ### Aria.29e24d069f27450385c7acaa2f07e277.Microsoft.WebBrowser.SystemInfo.Config -This event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. The following fields are available: -- **app_version** The internal Microsoft Edge build version string. -- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). - **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled. -- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth -- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode. -- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode. -- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level. -- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. - **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. -- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). - **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. - **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. -- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level -- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **reconsentConfigs** A comma separated list of all reconsent configurations the current installation has received. Each configuration follows a well-defined format: 2DigitMonth-2DigitYear-3LetterKeyword. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. ### Aria.7005b72804a64fa4b2138faab88f877b.Microsoft.WebBrowser.SystemInfo.Config -This event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. The following fields are available: -- **app_version** The internal Microsoft Edge build version string. -- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **app_env** The environment from which the event was logged when testing; otherwise, the field is omitted or left blank. +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). - **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled. -- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth -- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode. -- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode. -- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level. -- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. - **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. -- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). - **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. - **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. -- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level -- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **reconsentConfigs** A comma separated list of all reconsent configurations the current installation has received. Each configuration follows a well-defined format: 2DigitMonth-2DigitYear-3LetterKeyword. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. ### Aria.754de735ccd546b28d0bfca8ac52c3de.Microsoft.WebBrowser.SystemInfo.Config @@ -4374,21 +4461,25 @@ This config event sends basic device connectivity and configuration information The following fields are available: -- **app_version** The internal Microsoft Edge build version string. -- **appConsentState** Bit flags that describe the consent for data collection on the device, or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). - **Channel** An integer indicating the channel of the installation (Canary or Dev). -- **client_id** A non-durable unique identifier with which all other diagnostic client data is associated. This value is reset whenever UMA data collection is disabled, or when the application is uninstalled. -- **ConnectionType** The first reported type of network connection currently connected. Possible values: Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth -- **container_client_id** The client ID of the container if the device is in Windows Defender Application Guard mode. -- **container_session_id** The session ID of the container if the device is in Windows Defender Application Guard mode. -- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. There is not value in this field is the device is at the Basic diagnostic data level. -- **EventInfo.Level** The minimum Windows diagnostic data level required for the event. Possible values: 1 -- Basic, 2 -- Enhanced, 3 -- Full +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. - **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. -- **installSource** An enumeration representing the source of this installation. Possible values: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). - **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. - **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. -- **PayloadLogType** The log type for the event correlating with. Possible values: 0 -- Unknown, 1 -- Stability, 2 -- On-going, 3 -- Independent, 4 -- UKM, or 5 -- Instance level -- **session_id** An ordered identifier that is guaranteed to be greater than the previous session identifier each time the user launches the application, reset on subsequent launch after client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **reconsentConfigs** A comma separated list of all reconsent configurations the current installation has received. Each configuration follows a well-defined format: 2DigitMonth-2DigitYear-3LetterKeyword. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. ### Aria.af397ef28e484961ba48646a5d38cf54.Microsoft.WebBrowser.Installer.EdgeUpdate.Ping @@ -4397,17 +4488,118 @@ This event sends hardware and software inventory information about the Microsoft The following fields are available: -- **appAp** Microsoft Edge Update parameters, including channel, architecture, platform, and additional parameters identifying the release of Microsoft Edge to update and how to install it. Example: 'beta-arch_x64-full'. Default: ''. +- **appAp** Any additional parameters for the specified application. Default: ''. +- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Please see the wiki for additional information. Default: undefined. +- **appBrandCode** The brand code under which the product was installed, if any. A brand code is a short (4-character) string used to identify installations that took place as a result of partner deals or website promotions. Default: ''. +- **appChannel** An integer indicating the channel of the installation (i.e. Canary or Dev). +- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. +- **appCohort** A machine-readable string identifying the release cohort (channel) that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. The exact legal values are app-specific and should be shared between the server and app implementations. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited. +- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value is not known. Please see the wiki for additional information. Default: '-2'. +- **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client should not transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''. +- **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'. +- **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''. +- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'. +- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'. +- **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. +- **appPingEventDownloadMetricsDownloader** A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''. +- **appPingEventDownloadMetricsDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. +- **appPingEventDownloadMetricsError** The error code (if any) of the operation, encoded as a signed base-10 integer. Default: '0'. +- **appPingEventDownloadMetricsServerIpHint** For events representing a download, the CDN Host IP address that corresponds to the update file server. The CDN host is controlled by Microsoft servers and always maps to IP addresses hosting *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. +- **appPingEventDownloadMetricsTotalBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. +- **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. +- **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. +- **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'. +- **appPingEventEventResult** An enum indicating the result of the event. Please see the wiki for additional information. Default: '0'. +- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. Please see the wiki for additional information. +- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'. +- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'. +- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'. +- **appPingEventSequenceId** An id that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event. +- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a "urls" tag. +- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'. +- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not. +- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server should not return an update instruction to a version number that does not match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''. +- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''. +- **appVersion** The version of the product install. Please see the wiki for additional information. Default: '0.0.0.0'. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. +- **eventType** A string indicating the type of the event. Please see the wiki for additional information. +- **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware does not support the AVX instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse3** '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware does not support the SSE3 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse41** '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware does not support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse42** '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware does not support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSsse3** '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware does not support the SSSE3 instruction set. '-1' if unknown. Default: '-1'. +- **hwPhysmemory** The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'. +- **isMsftDomainJoined** '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'. +- **osArch** The architecture of the operating system (e.g. 'x86', 'x64', 'arm'). '' if unknown. Default: ''. +- **osPlatform** The operating system family that the within which the Omaha client is running (e.g. 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system Name should be transmitted in lowercase with minimal formatting. Default: ''. +- **osServicePack** The secondary version of the operating system. '' if unknown. Default: ''. +- **osVersion** The primary version of the operating system. '' if unknown. Default: ''. +- **requestCheckPeriodSec** The update interval in seconds. The value is read from the registry. Default: '-1'. +- **requestDlpref** A comma-separated list of values specifying the preferred download URL behavior. The first value is the highest priority, further values reflect secondary, tertiary, et cetera priorities. Legal values are '' (in which case the entire list must be empty, indicating unknown or no-preference) or 'cacheable' (the server should prioritize sending URLs that are easily cacheable). Default: ''. +- **requestDomainJoined** '1' if the machine is part of a managed enterprise domain. Otherwise '0'. +- **requestInstallSource** A string specifying the cause of the update flow. For example: 'ondemand', or 'scheduledtask'. Default: ''. +- **requestIsMachine** '1' if the client is known to be installed with system-level or administrator privileges. '0' otherwise. Default: '0'. +- **requestOmahaShellVersion** The version of the Omaha installation folder. Default: ''. +- **requestOmahaVersion** The version of the Omaha updater itself (the entity sending this request). Default: '0.0.0.0'. +- **requestProtocolVersion** The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients must always transmit this attribute. Default: undefined. +- **requestRequestId** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Each request attempt should have (with high probability) a unique request id. Default: ''. +- **requestSessionCorrelationVectorBase** A client generated random MS Correlation Vector base code used to correlate the update session with update and CDN servers. Default: ''. +- **requestSessionId** A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) should have (with high probability) a single unique session ID. Default: ''. +- **requestTestSource** Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''. +- **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''. + + +### Aria.f4a7d46e472049dfba756e11bdbbc08f.Microsoft.WebBrowser.SystemInfo.Config + +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **app_env** The environment from which the event was logged when testing; otherwise, the field is omitted or left blank. +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **reconsentConfigs** A comma separated list of all reconsent configurations the current installation has received. Each configuration follows a well-defined format: 2DigitMonth-2DigitYear-3LetterKeyword. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. + + +### Microsoft.WebBrowser.Installer.EdgeUpdate.Ping + +This event sends hardware and software inventory information about the Microsoft Edge Update service, Microsoft Edge applications, and the current system environment, including app configuration, update configuration, and hardware capabilities. It's used to measure the reliability and performance of the EdgeUpdate service and if Microsoft Edge applications are up to date + +The following fields are available: + +- **appAp** Microsoft Edge Update parameters, including channel, architecture, platform, and additional parameters identifying the release of Microsoft Edge to update and how to install it. Example: 'beta-arch_x64-full'. Default: ''." - **appAppId** The GUID that identifies the product channels such as Edge Canary, Dev, Beta, Stable, and Edge Update. - **appBrandCode** The 4-digit brand code under which the the product was installed, if any. Possible values: 'GGLS' (default), 'GCEU' (enterprise install), and '' (unknown). - **appChannel** An integer indicating the channel of the installation (e.g. Canary or Dev). -- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. +- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. - **appCohort** A machine-readable string identifying the release channel that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. - **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited. - **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. Default: '-2' (Unknown). - **appExperiments** A semicolon-delimited key/value list of experiment identifiers and treatment groups. This field is unused and always empty in Edge Update. Default: ''. +- **appIid** A GUID that identifies a particular installation flow. For example, each download of a product installer is tagged with a unique GUID. Attempts to install using that installer can then be grouped. A client SHOULD NOT persist the IID GUID after the installation flow of a product is complete. - **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'. - **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''. - **appNextVersion** The version of the app that the update attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'. @@ -4418,7 +4610,7 @@ The following fields are available: - **appPingEventDownloadMetricsError** The error code (if any) of the operation, encoded as a signed base-10 integer. Default: '0'. - **appPingEventDownloadMetricsServerIpHint** For events representing a download, the CDN Host IP address that corresponds to the update file server. The CDN host is controlled by Microsoft servers and always maps to IP addresses hosting *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. - **appPingEventDownloadMetricsTotalBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. -- **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. +- **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. - **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. - **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'. - **appPingEventEventResult** An enumeration indicating the result of the event. Common values are '0' (Error) and '1' (Success). Default: '0' (Error). @@ -4427,15 +4619,14 @@ The following fields are available: - **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'. - **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'. - **appPingEventSequenceId** An ID that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event. -- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a tag. -- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'. +- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a tag. +- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'. - **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not. - **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' MUST match '1.2.3.4' but MUST NOT match '1.2.34'). Default: ''. - **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request is sent over SSL or another secure protocol. This field is unused by Edge Update and always empty. Default: ''. - **appVersion** The version of the product install. Default: '0.0.0.0'. -- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. - **eventType** A string representation of appPingEventEventType indicating the type of the event. -- **hwHasAvx** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'. +- **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware does not support the AVX instruction set. '-1' if unknown. Default: '-1'. - **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'. - **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'. - **hwHasSse3** '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware does not support the SSE3 instruction set. '-1' if unknown. Default: '-1'. @@ -4456,9 +4647,9 @@ The following fields are available: - **requestOmahaShellVersion** The version of the Omaha installation folder. Default: ''. - **requestOmahaVersion** The version of the Omaha updater itself (the entity sending this request). Default: '0.0.0.0'. - **requestProtocolVersion** The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients MUST always transmit this attribute. Default: undefined. -- **requestRequestId** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Default: ''. +- **requestRequestId** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''. - **requestSessionCorrelationVectorBase** A client generated random MS Correlation Vector base code used to correlate the update session with update and CDN servers. Default: ''. -- **requestSessionId** A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) should have (with high probability) a single unique sessionid. Default: ''. +- **requestSessionId** A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) SHOULD have (with high probability) a single unique session ID. Default: ''. - **requestTestSource** Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''. - **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt should have (with high probability) a unique request id. Default: ''. @@ -4596,6 +4787,24 @@ The following fields are available: - **WFD2Supported** Indicates if the Miracast receiver supports WFD2 protocol. +## Mixed Reality events + +### Microsoft.Windows.Analog.Spectrum.TelemetryHolographicDeviceAdded + +This event indicates Windows Mixed Reality device state. This event is also used to count WMR device. + +The following fields are available: + +- **ClassGuid** Windows Mixed Reality device class GUID. +- **DeviceInterfaceId** Windows Mixed Reality device interface ID. +- **DeviceName** Windows Mixed Reality device name. +- **DriverVersion** Windows Mixed Reality device driver version. +- **FirmwareVersion** Windows Mixed Reality firmware version. +- **Manufacturer** Windows Mixed Reality device manufacturer. +- **ModelName** Windows Mixed Reality device model name. +- **SerialNumber** Windows Mixed Reality device serial number. + + ## OneDrive events ### Microsoft.OneDrive.Sync.Setup.OSUpgradeInstallationOperation @@ -4613,6 +4822,7 @@ The following fields are available: - **SourceOSBuildNumber** The source build number of the operating system. - **SourceOSVersion** The source version of the operating system. + ## Privacy consent logging events ### Microsoft.Windows.Shell.PrivacyConsentLogging.PrivacyConsentCompleted @@ -4749,6 +4959,7 @@ The following fields are available: - **apiName** Name of the API command that completed. - **errorCode** Error code if an error occurred during the API call. - **sessionID** The ID of this push-button reset session. +- **succeeded** Indicates whether the operation is successfully completed. - **success** Indicates whether the API call was successful. - **timestamp** Timestamp of this push-button reset event. @@ -4818,6 +5029,7 @@ This event is sent when construction of the operation queue for push-button rese The following fields are available: - **error** The result code for operation queue construction. +- **errorCode** Represents any error code during the API call. - **sessionID** The ID of this push-button reset session. - **succeeded** Indicates whether the operation successfully completed. - **timestamp** Timestamp of this push-button reset event. @@ -4856,6 +5068,18 @@ The following fields are available: - **SPPhase** The last phase of the Setup Platform operation. +### Microsoft.Windows.PBR.PBRCreateNewSystemReconstructionSucceed + +This event is sent when the push-button reset operation succeeds in constructing a new copy of the operating system. + +The following fields are available: + +- **CBSPackageCount** The Component Based Servicing package count. +- **CustomizationPackageCount** The Customization package count. +- **PBRType** The type of push-button reset. +- **SessionID** The ID of this push-button reset session. + + ### Microsoft.Windows.PBR.PBRFailed This event is sent when the push-button reset operation fails and rolls back to the previous state. @@ -4881,6 +5105,34 @@ The following fields are available: - **SessionID** The ID of this push-button reset session. +### Microsoft.Windows.PBR.PBRFormatOSVolumeSucceed + +This event is sent when the operation to format the operating system volume succeeds during push-button reset (PBR). + +The following fields are available: + +- **JustDeleteFiles** Indicates whether disk formatting was skipped. +- **SessionID** The ID of this push-button reset session. + + +### Microsoft.Windows.PBR.PBRIOCTLErasureSucceed + +This event is sent when the erasure operation succeeds during push-button reset (PBR). + +The following fields are available: + +- **SessionID** The ID of this push-button reset session. + + +### Microsoft.Windows.PBR.PBRLayoutImageFailed + +This event is sent when push-button reset fails to create a new image of Windows. + +The following fields are available: + +- **SessionID** The ID of this push-button reset session. + + ### Microsoft.Windows.PBR.PBROEM1Failed This event is sent when the first OEM extensibility operation is successfully completed. @@ -5191,6 +5443,7 @@ This event returns data when System Info Sense is finished. The following fields are available: - **error** The error code if an error occurred while querying for system information. +- **errorCode** Represents any error code during the API call. - **sessionID** The ID of this push-button reset session. - **succeeded** Indicates whether the query for system information was successful. - **timestamp** The timestamp of this push-button reset event. @@ -5259,6 +5512,81 @@ The following fields are available: - **timestamp** The timestamp for this push-button reset event. +## Quality Update Assistant events + +### Microsoft.Windows.QualityUpdateAssistant.Applicability + +This event sends basic info on whether the device should be updated to the latest cumulative update. + +The following fields are available: + +- **CV** Correlation vector. +- **dayspendingrebootafterfu** Number of days that have elapsed since the device reached ready to reboot for a Feature Update that is still actively pending reboot. +- **ExecutionRequestId** Identifier of the Execution Request that launched the QualityUpdateAssistant process. +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this device. +- **KBNumber** KBNumber of the update being installed. +- **PackageVersion** Current package version of quality update assistant. +- **Reason** Provides information on reasons why the update is not applicable to the device. +- **Result** Applicability check for quality update assistant. + + +### Microsoft.Windows.QualityUpdateAssistant.DeviceReadinessCheck + +This event sends basic info on whether the device is ready to download the latest cumulative update. + +The following fields are available: + +- **CV** Correlation vector. +- **ExecutionRequestId** Identifier of the Execution Request that launched the QualityUpdateAssistant process. +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this device. +- **KBNumber** KBNumber of the update being installed. +- **PackageVersion** Current package version of quality update assistant. +- **Reason** Indicates why the device did not pass the readiness check. +- **Result** Device readiness check for quality update assistant. + + +### Microsoft.Windows.QualityUpdateAssistant.Download + +This event sends basic info when download of the latest cumulative update begins. + +The following fields are available: + +- **CV** Correlation vector. +- **DODownloadHResult** Result code from Delivery Optimization when used to download the quality update. +- **DownloadMode** Indicates how the quality update was downloaded. +- **ExecutionRequestId** Identifier of the Execution Request that launched the QualityUpdateAssistant process. +- **GlobalEventCounter** Client side counter that indicates ordering of events sent by this device. +- **HttpsDownloadHResult** Result code when HTTPS is used to download the quality update. +- **KBNumber** KBNumber of the update being installed. +- **PackageVersion** Current package version of quality update assistant. +- **QualityUpdateDeviceHasMinimumUptime** Indicates whether the device has the minimum uptime required to install a quality update. +- **Result** Download of latest cumulative update payload. +- **Scenario** Indicates if the installation step succeeded or failed. + + +### Microsoft.Windows.QualityUpdateAssistant.Install + +This event sends basic info on the result of the installation of the latest cumulative update. + +The following fields are available: + +- **CV** Correlation vector. +- **DismInstallHResult** Internal result code from DISM when used to install the quality update. +- **ExecutionRequestId** Identifier of the Execution Request that launched the QualityUpdateAssistant process. +- **GlobalEventCounter** Client side counter which indicates ordering of events sent by this device. +- **InstallMode** Indicates which installation method was used to attempt the install of the quality update. +- **KBNumber** KBNumber of the update being installed. +- **launchretrycounter** Count of the number of times the install has been retried in the event of a non-successful installation attempt. +- **PackageVersion** Current package version of quality update assistant. +- **QualityUpdateDismErrorCode** Error code returned when DISM is used to install the quality update. +- **QualityUpdatePendingRebootAfterInstallStage** Indicates if the device is pending reboot after install is complete. +- **QualityUpdateSecondsInstallStage** Time spent installing the quality update. +- **QualityUpdateWusaErrorCode** Error code returned when WUSA is used to install the quality update. +- **Result** Install of latest cumulative update payload. +- **Scenario** Indicates if the installation step succeeded or failed. +- **WusaInstallHResult** Internal result code from WUSA when used to install the quality update. + + ## Sediment events ### Microsoft.Windows.Sediment.Info.DetailedState @@ -5315,7 +5643,7 @@ This event sends basic metadata about the update installation process generated ### SetupPlatformTel.SetupPlatformTelEvent -This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios. +This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios, to help keep Windows up to date. The following fields are available: @@ -5374,6 +5702,7 @@ The following fields are available: - **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. - **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. - **IsWUfBFederatedScanDisabled** Indicates if Windows Update for Business federated scan is disabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. - **MetadataIntegrityMode** The mode of the update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce - **MSIError** The last error that was encountered during a scan for updates. - **NetworkConnectivityDetected** Indicates the type of network connectivity that was detected. 0 - IPv4, 1 - IPv6 @@ -5406,6 +5735,7 @@ The following fields are available: - **SystemBIOSMajorRelease** Major version of the BIOS. - **SystemBIOSMinorRelease** Minor version of the BIOS. - **TargetMetadataVersion** For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null. +- **TargetReleaseVersion** The value selected for the target release version policy. - **TotalNumMetadataSignatures** The total number of metadata signatures checks done for new metadata that was synced down. - **WebServiceRetryMethods** Web service method requests that needed to be retried to complete operation. - **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. @@ -5497,6 +5827,7 @@ The following fields are available: - **IsDependentSet** Indicates whether a driver is a part of a larger System Hardware/Firmware Update - **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. - **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. - **NetworkCost** A flag indicating the cost of the network (congested, fixed, variable, over data limit, roaming, etc.) used for downloading the update content. - **NetworkCostBitMask** Indicates what kind of network the device is connected to (roaming, metered, over data cap, etc.) - **NetworkRestrictionStatus** More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered." @@ -5630,6 +5961,7 @@ The following fields are available: - **IsSuccessFailurePostReboot** Indicates whether the update succeeded and then failed after a restart. - **IsWUfBDualScanEnabled** Indicates whether Windows Update for Business dual scan is enabled on the device. - **IsWUfBEnabled** Indicates whether Windows Update for Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. - **MergedUpdate** Indicates whether the OS update and a BSP update merged for installation. - **MsiAction** The stage of MSI installation where it failed. - **MsiProductCode** The unique identifier of the MSI installer. @@ -5686,6 +6018,7 @@ The following fields are available: - **IsSuccessFailurePostReboot** Indicates whether an initial success was a failure after a reboot. - **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device. - **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. - **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. - **ProcessName** Process name of the caller who initiated API calls into the software distribution client. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. @@ -6820,7 +7153,7 @@ The following fields are available: - **AggregatedPackageFullNames** Includes a set of package full names for each app that is part of an atomic set. - **AttemptNumber** The total number of attempts to acquire this product. -- **BundleId** The identity of the test build (flight) associated with this product. +- **BundleId** The bundle ID - **CategoryId** The identity of the package or packages being installed. - **ClientAppId** The identity of the app that initiated this operation. - **HResult** HResult code to show the result of the operation (success/failure). @@ -6830,7 +7163,7 @@ The following fields are available: - **IsRemediation** Is this repairing a previous installation? - **IsRestore** Is this happening after a device restore? - **IsUpdate** Is this an update? -- **ParentBundleId** The product identifier of the parent if this product is part of a bundle. +- **ParentBundleId** The parent bundle ID (if it's part of a bundle). - **PFN** Product Family Name of the product being installed. - **ProductId** The Store Product ID for the product being installed. - **SystemAttemptNumber** The number of attempts by the system to acquire this product. @@ -7242,7 +7575,7 @@ The following fields are available: - **groupConnectionCount** The total number of connections made to peers in the same group. - **internetConnectionCount** The total number of connections made to peers not in the same LAN or the same group. - **isEncrypted** TRUE if the file is encrypted and will be decrypted after download. -- **isThrottled** Indicates the Event Rate was throttled (event represent aggregated data). +- **isThrottled** Event Rate throttled (event represents aggregated data). - **isVpn** Is the device connected to a Virtual Private Network? - **jobID** Identifier for the Windows Update job. - **lanConnectionCount** The total number of connections made to peers in the same LAN. @@ -7743,7 +8076,7 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.FlightInapplicable -This event indicates that the update is no longer applicable to this device. +This event sends data on whether the update was applicable to the device, to help keep Windows up to date. The following fields are available: @@ -7973,13 +8306,13 @@ The following fields are available: ### Microsoft.Windows.Update.Orchestrator.UniversalOrchestratorScheduleWorkInvalidCmd -Event to indicate a critical error with the callback binary requested by the updater +This event indicates a critical error with the callback binary requested by the updater. The following fields are available: -- **updaterCmdLine** The callback executable for the updater. -- **updaterId** The ID of the updater. -- **wuDeviceid** The Windows Update device identifier. +- **updaterCmdLine** The command line requested by the updater. +- **updaterId** The ID of the updater that requested the work. +- **wuDeviceid** WU device ID. ### Microsoft.Windows.Update.Orchestrator.UnstickUpdate diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index d15ec0f74b..ba4a8aff28 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.localizationpriority: high audience: ITPro author: medgarmedgar -ms.author: v-medgar +ms.author: dansimp manager: robsize ms.date: 3/25/2020 --- diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md index ea17373f32..9d9c6e8fe4 100644 --- a/windows/privacy/manage-windows-1903-endpoints.md +++ b/windows/privacy/manage-windows-1903-endpoints.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.localizationpriority: high audience: ITPro author: danihalfin -ms.author: v-medgar +ms.author: dansimp manager: sanashar ms.collection: M365-security-compliance ms.topic: article diff --git a/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md new file mode 100644 index 0000000000..42ac740880 --- /dev/null +++ b/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md @@ -0,0 +1,1296 @@ +--- +description: Use this article to learn more about what required Windows diagnostic data is gathered. +title: Windows 10, version 2004 required diagnostic events and fields (Windows 10) +keywords: privacy, telemetry +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: security +localizationpriority: high +author: brianlic-msft +ms.author: brianlic +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article +audience: ITPro +ms.date: 03/27/2020 +--- + + +# Windows 10, version 2004 required Windows diagnostic events and fields + + +> [!IMPORTANT] +> Windows is moving to classifying the data collected from customer’s devices as either *Required* or *Optional*. + + + **Applies to** + +- Windows 10, version 2004 + + +Required diagnostic data gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. + +Required diagnostic data helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems. + +Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data. + +You can learn more about Windows functional and diagnostic data through these articles: + + +- [Windows 10, version 1809 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1809.md) +- [Windows 10, version 1803 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1803.md) +- [Windows 10, version 1709 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md) +- [Windows 10, version 1703 basic diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md) +- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) +- [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) + + + + +## Appraiser events + +### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureCount + +This event lists the types of objects and how many of each exist on the client device. This allows for a quick way to ensure that the records present on the server match what is present on the client. + +The following fields are available: + +- **DatasourceApplicationFile_21H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_21H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceDriverPackage_21H1Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_21H1Setup** The count of the number of this particular object type present on this device. +- **DecisionApplicationFile_21H1Setup** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_21H1Setup** The count of the number of this particular object type present on this device. +- **DecisionDriverPackage_21H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_21H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPassive_21H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoPostUpgrade_21H1Setup** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_21H1Setup** The count of the number of this particular object type present on this device. +- **DecisionSystemBios_21H1Setup** The count of the number of this particular object type present on this device. +- **DecisionTest_21H1Setup** The count of the number of this particular object type present on this device. +- **PCFP** The count of the number of this particular object type present on this device. +- **Wmdrm_21H1Setup** The count of the number of this particular object type present on this device. + + +### Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd + +This event sends compatibility data for a Plug and Play device, to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **ActiveNetworkConnection** Indicates whether the device is an active network device. +- **CosDeviceRating** An enumeration that indicates if there is a driver on the target operating system. +- **CosDeviceSolution** An enumeration that indicates how a driver on the target operating system is available. +- **CosDeviceSolutionUrl** Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd . Empty string +- **CosPopulatedFromId** The expected uplevel driver matching ID based on driver coverage data. +- **IsBootCritical** Indicates whether the device boot is critical. +- **UplevelInboxDriver** Indicates whether there is a driver uplevel for this device. +- **WuDriverCoverage** Indicates whether there is a driver uplevel for this device, according to Windows Update. +- **WuDriverUpdateId** The Windows Update ID of the applicable uplevel driver. +- **WuPopulatedFromId** The expected uplevel driver matching ID based on driver coverage from Windows Update. + + +### Microsoft.Windows.Appraiser.General.DatasourceDriverPackageAdd + +This event sends compatibility database data about driver packages to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + + +### Microsoft.Windows.Appraiser.General.DataSourceMatchingInfoPassiveRemove + +This event indicates that the DataSourceMatchingInfoPassive object is no longer present. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **AppraiserVersion** The version of the Appraiser file that is generating the events. + + +## Census events + +### Census.PrivacySettings + +This event provides information about the device level privacy settings and whether device-level access was granted to these capabilities. Not all settings are applicable to all devices. Each field records the consent state for the corresponding privacy setting. The consent state is encoded as a 16-bit signed integer, where the first 8 bits represents the effective consent value, and the last 8 bits represent the authority that set the value. The effective consent (first 8 bits) is one of the following values: -3 = unexpected consent value, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = undefined, 1 = allow, 2 = deny, 3 = prompt. The consent authority (last 8 bits) is one of the following values: -3 = unexpected authority, -2 = value was not requested, -1 = an error occurred while attempting to retrieve the value, 0 = system, 1 = a higher authority (a gating setting, the system-wide setting, or a group policy), 2 = advertising ID group policy, 3 = advertising ID policy for child account, 4 = privacy setting provider doesn't know the actual consent authority, 5 = consent was not configured and a default set in code was used, 6 = system default, 7 = organization policy, 8 = OneSettings. + +The following fields are available: + +- **Activity** Current state of the activity history setting. +- **ActivityHistoryCloudSync** Current state of the activity history cloud sync setting. +- **ActivityHistoryCollection** Current state of the activity history collection setting. +- **AdvertisingId** Current state of the advertising ID setting. +- **AppDiagnostics** Current state of the app diagnostics setting. +- **Appointments** Current state of the calendar setting. +- **Bluetooth** Current state of the Bluetooth capability setting. +- **BluetoothSync** Current state of the Bluetooth sync capability setting. +- **BroadFileSystemAccess** Current state of the broad file system access setting. +- **CellularData** Current state of the cellular data capability setting. +- **Chat** Current state of the chat setting. +- **Contacts** Current state of the contacts setting. +- **DocumentsLibrary** Current state of the documents library setting. +- **Email** Current state of the email setting. +- **FindMyDevice** Current state of the "find my device" setting. +- **GazeInput** Current state of the gaze input setting. +- **HumanInterfaceDevice** Current state of the human interface device setting. +- **InkTypeImprovement** Current state of the improve inking and typing setting. +- **Location** Current state of the location setting. +- **LocationHistory** Current state of the location history setting. +- **Microphone** Current state of the microphone setting. +- **PhoneCall** Current state of the phone call setting. +- **PhoneCallHistory** Current state of the call history setting. +- **PicturesLibrary** Current state of the pictures library setting. +- **Radios** Current state of the radios setting. +- **SensorsCustom** Current state of the custom sensor setting. +- **SerialCommunication** Current state of the serial communication setting. +- **Sms** Current state of the text messaging setting. +- **SpeechPersonalization** Current state of the speech services setting. +- **USB** Current state of the USB setting. +- **UserAccountInformation** Current state of the account information setting. +- **UserDataTasks** Current state of the tasks setting. +- **UserNotificationListener** Current state of the notifications setting. +- **VideosLibrary** Current state of the videos library setting. +- **Webcam** Current state of the camera setting. +- **WifiData** Current state of the Wi-Fi data setting. +- **WiFiDirect** Current state of the Wi-Fi direct setting. + + +### Census.Security + +This event provides information on about security settings used to help keep Windows up to date and secure. + +The following fields are available: + +- **AvailableSecurityProperties** This field helps to enumerate and report state on the relevant security properties for Device Guard. +- **CGRunning** Credential Guard isolates and hardens key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector. This field tells if Credential Guard is running. +- **DGState** This field summarizes the Device Guard state. +- **HVCIRunning** Hypervisor Code Integrity (HVCI) enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s functionality to force all software running in kernel mode to safely allocate memory. This field tells if HVCI is running. +- **IsSawGuest** Indicates whether the device is running as a Secure Admin Workstation Guest. +- **IsSawHost** Indicates whether the device is running as a Secure Admin Workstation Host. +- **IsWdagFeatureEnabled** Indicates whether Windows Defender Application Guard is enabled. +- **RequiredSecurityProperties** Describes the required security properties to enable virtualization-based security. +- **SecureBootCapable** Systems that support Secure Boot can have the feature turned off via BIOS. This field tells if the system is capable of running Secure Boot, regardless of the BIOS setting. +- **SModeState** The Windows S mode trail state. +- **SystemGuardState** Indicates the SystemGuard state. NotCapable (0), Capable (1), Enabled (2), Error (0xFF). +- **TpmReadyState** Indicates the TPM ready state. NotReady (0), ReadyForStorage (1), ReadyForAttestation (2), Error (0xFF). +- **VBSState** Virtualization-based security (VBS) uses the hypervisor to help protect the kernel and other parts of the operating system. Credential Guard and Hypervisor Code Integrity (HVCI) both depend on VBS to isolate/protect secrets, and kernel-mode code integrity validation. VBS has a tri-state that can be Disabled, Enabled, or Running. +- **WdagPolicyValue** The Windows Defender Application Guard policy. + + +## Common data extensions + +### Common Data Extensions.app + +Describes the properties of the running application. This extension could be populated by a client app or a web app. + +The following fields are available: + +- **asId** An integer value that represents the app session. This value starts at 0 on the first app launch and increments after each subsequent app launch per boot session. +- **env** The environment from which the event was logged. +- **expId** Associates a flight, such as an OS flight, or an experiment, such as a web site UX experiment, with an event. +- **id** Represents a unique identifier of the client application currently loaded in the process producing the event; and is used to group events together and understand usage pattern, errors by application. +- **locale** The locale of the app. +- **name** The name of the app. +- **userId** The userID as known by the application. +- **ver** Represents the version number of the application. Used to understand errors by Version, Usage by Version across an app. + + +### Common Data Extensions.container + +Describes the properties of the container for events logged within a container. + +The following fields are available: + +- **epoch** An ID that's incremented for each SDK initialization. +- **localId** The device ID as known by the client. +- **osVer** The operating system version. +- **seq** An ID that's incremented for each event. +- **type** The container type. Examples: Process or VMHost + + +### Common Data Extensions.device + +Describes the device-related fields. + +The following fields are available: + +- **deviceClass** The device classification. For example, Desktop, Server, or Mobile. +- **localId** A locally-defined unique ID for the device. This is not the human-readable device name. Most likely equal to the value stored at HKLM\Software\Microsoft\SQMClient\MachineId +- **make** Device manufacturer. +- **model** Device model. + + +### Common Data Extensions.Envelope + +Represents an envelope that contains all of the common data extensions. + +The following fields are available: + +- **data** Represents the optional unique diagnostic data for a particular event schema. +- **ext_app** Describes the properties of the running application. This extension could be populated by either a client app or a web app. See [Common Data Extensions.app](#common-data-extensionsapp). +- **ext_container** Describes the properties of the container for events logged within a container. See [Common Data Extensions.container](#common-data-extensionscontainer). +- **ext_device** Describes the device-related fields. See [Common Data Extensions.device](#common-data-extensionsdevice). +- **ext_m365a** Describes the Microsoft 365-related fields. See [Common Data Extensions.m365a](#common-data-extensionsm365a). +- **ext_mscv** Describes the correlation vector-related fields. See [Common Data Extensions.mscv](#common-data-extensionsmscv). +- **ext_os** Describes the operating system properties that would be populated by the client. See [Common Data Extensions.os](#common-data-extensionsos). +- **ext_sdk** Describes the fields related to a platform library required for a specific SDK. See [Common Data Extensions.sdk](#common-data-extensionssdk). +- **ext_user** Describes the fields related to a user. See [Common Data Extensions.user](#common-data-extensionsuser). +- **ext_utc** Describes the fields that might be populated by a logging library on Windows. See [Common Data Extensions.utc](#common-data-extensionsutc). +- **ext_xbl** Describes the fields related to XBOX Live. See [Common Data Extensions.xbl](#common-data-extensionsxbl). +- **iKey** Represents an ID for applications or other logical groupings of events. +- **name** Represents the uniquely qualified name for the event. +- **time** Represents the event date time in Coordinated Universal Time (UTC) when the event was generated on the client. This should be in ISO 8601 format. +- **ver** Represents the major and minor version of the extension. + +### Common Data Extensions.m365a + +Describes the Microsoft 365-related fields. + +The following fields are available: + +- **enrolledTenantId** The enrolled tenant ID. +- **msp** A bitmask that lists the active programs. + +### Common Data Extensions.mscv + +Describes the correlation vector-related fields. + +The following fields are available: + +- **cV** Represents the Correlation Vector: A single field for tracking partial order of related events across component boundaries. + + +### Common Data Extensions.os + +Describes some properties of the operating system. + +The following fields are available: + +- **bootId** An integer value that represents the boot session. This value starts at 0 on first boot after OS install and increments after every reboot. +- **expId** Represents the experiment ID. The standard for associating a flight, such as an OS flight (pre-release build), or an experiment, such as a web site UX experiment, with an event is to record the flight / experiment IDs in Part A of the common schema. +- **locale** Represents the locale of the operating system. +- **name** Represents the operating system name. +- **ver** Represents the major and minor version of the extension. + + +### Common Data Extensions.sdk + +Used by platform specific libraries to record fields that are required for a specific SDK. + +The following fields are available: + +- **epoch** An ID that is incremented for each SDK initialization. +- **installId** An ID that's created during the initialization of the SDK for the first time. +- **libVer** The SDK version. +- **seq** An ID that is incremented for each event. +- **ver** The version of the logging SDK. + + +### Common Data Extensions.user + +Describes the fields related to a user. + +The following fields are available: + +- **authId** This is an ID of the user associated with this event that is deduced from a token such as a Microsoft Account ticket or an XBOX token. +- **locale** The language and region. +- **localId** Represents a unique user identity that is created locally and added by the client. This is not the user's account ID. + + +### Common Data Extensions.utc + +Describes the properties that could be populated by a logging library on Windows. + +The following fields are available: + +- **aId** Represents the ETW ActivityId. Logged via TraceLogging or directly via ETW. +- **bSeq** Upload buffer sequence number in the format: buffer identifier:sequence number +- **cat** Represents a bitmask of the ETW Keywords associated with the event. +- **cpId** The composer ID, such as Reference, Desktop, Phone, Holographic, Hub, IoT Composer. +- **epoch** Represents the epoch and seqNum fields, which help track how many events were fired and how many events were uploaded, and enables identification of data lost during upload and de-duplication of events on the ingress server. +- **eventFlags** Represents a collection of bits that describe how the event should be processed by the Connected User Experience and Telemetry component pipeline. The lowest-order byte is the event persistence. The next byte is the event latency. +- **flags** Represents the bitmap that captures various Windows specific flags. +- **loggingBinary** The binary (executable, library, driver, etc.) that fired the event. +- **mon** Combined monitor and event sequence numbers in the format: monitor sequence : event sequence +- **op** Represents the ETW Op Code. +- **pgName** The short form of the provider group name associated with the event. +- **popSample** Represents the effective sample rate for this event at the time it was generated by a client. +- **providerGuid** The ETW provider ID associated with the provider name. +- **raId** Represents the ETW Related ActivityId. Logged via TraceLogging or directly via ETW. +- **seq** Represents the sequence field used to track absolute order of uploaded events. It is an incrementing identifier for each event added to the upload queue. The Sequence helps track how many events were fired and how many events were uploaded and enables identification of data lost during upload and de-duplication of events on the ingress server. +- **sqmId** The Windows SQM (Software Quality Metrics—a precursor of Windows 10 Diagnostic Data collection) device identifier. +- **stId** Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID. +- **wcmp** The Windows Shell Composer ID. +- **wPId** The Windows Core OS product ID. +- **wsId** The Windows Core OS session ID. + + +### Common Data Extensions.xbl + +Describes the fields that are related to XBOX Live. + +The following fields are available: + +- **claims** Any additional claims whose short claim name hasn't been added to this structure. +- **did** XBOX device ID +- **dty** XBOX device type +- **dvr** The version of the operating system on the device. +- **eid** A unique ID that represents the developer entity. +- **exp** Expiration time +- **ip** The IP address of the client device. +- **nbf** Not before time +- **pid** A comma separated list of PUIDs listed as base10 numbers. +- **sbx** XBOX sandbox identifier +- **sid** The service instance ID. +- **sty** The service type. +- **tid** The XBOX Live title ID. +- **tvr** The XBOX Live title version. +- **uts** A bit field, with 2 bits being assigned to each user ID listed in xid. This field is omitted if all users are retail accounts. +- **xid** A list of base10-encoded XBOX User IDs. + + +## Common data fields + +### Ms.Device.DeviceInventoryChange + +Describes the installation state for all hardware and software components available on a particular device. + +The following fields are available: + +- **action** The change that was invoked on a device inventory object. +- **inventoryId** Device ID used for Compatibility testing +- **objectInstanceId** Object identity which is unique within the device scope. +- **objectType** Indicates the object type that the event applies to. +- **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object. + +## Component-based Servicing events + +### Microsoft.Windows.CbsLite.CbsLiteResetBegin + +This event is fired from Update OS when re-install of the OS begins. + +The following fields are available: + +- **cbsLiteSessionID** An ID to associate other Cbs events related to this reset session. +- **resetFlags** A flag containing the detail of which reset scenarios was executed. +- **wipeDuration** The time taken to purge the system volume and format data volume. + +## DISM events + +### Microsoft.Windows.StartRepairCore.DISMLatestInstalledLCU + +The DISM Latest Installed LCU sends information to report result of search for latest installed LCU after last successful boot. + +The following fields are available: + +- **dismInstalledLCUPackageName** The name of the latest installed package. + + +### Microsoft.Windows.StartRepairCore.DISMUninstallLCU + +The DISM Uninstall LCU sends information to report result of uninstall attempt for found LCU. + +The following fields are available: + +- **errorCode** The result code returned by the event. + + +## Driver installation events + +### Microsoft.Windows.DriverInstall.DeviceInstall + +This critical event sends information about the driver installation that took place. + +The following fields are available: + +- **ClassGuid** The unique ID for the device class. +- **ClassLowerFilters** The list of lower filter class drivers. +- **ClassUpperFilters** The list of upper filter class drivers. +- **CoInstallers** The list of coinstallers. +- **ConfigFlags** The device configuration flags. +- **DeviceConfigured** Indicates whether this device was configured through the kernel configuration. +- **DeviceInstalled** Indicates whether the legacy install code path was used. +- **DeviceInstanceId** The unique identifier of the device in the system. +- **DeviceStack** The device stack of the driver being installed. +- **DriverDate** The date of the driver. +- **DriverDescription** A description of the driver function. +- **DriverInfName** Name of the INF file (the setup information file) for the driver. +- **DriverInfSectionName** Name of the DDInstall section within the driver INF file. +- **DriverPackageId** The ID of the driver package that is staged to the driver store. +- **DriverProvider** The driver manufacturer or provider. +- **DriverUpdated** Indicates whether the driver is replacing an old driver. +- **DriverVersion** The version of the driver file. +- **EndTime** The time the installation completed. +- **Error** Provides the WIN32 error code for the installation. +- **ExtensionDrivers** List of extension drivers that complement this installation. +- **FinishInstallAction** Indicates whether the co-installer invoked the finish-install action. +- **FinishInstallUI** Indicates whether the installation process shows the user interface. +- **FirmwareDate** The firmware date that will be stored in the EFI System Resource Table (ESRT). +- **FirmwareRevision** The firmware revision that will be stored in the EFI System Resource Table (ESRT). +- **FirmwareVersion** The firmware version that will be stored in the EFI System Resource Table (ESRT). +- **FirstHardwareId** The ID in the hardware ID list that provides the most specific device description. +- **FlightIds** A list of the different Windows Insider builds on the device. +- **GenericDriver** Indicates whether the driver is a generic driver. +- **Inbox** Indicates whether the driver package is included with Windows. +- **InstallDate** The date the driver was installed. +- **LastCompatibleId** The ID in the hardware ID list that provides the least specific device description. +- **LastInstallFunction** The last install function invoked in a co-installer if the install timeout was reached while a co-installer was executing. +- **LowerFilters** The list of lower filter drivers. +- **MatchingDeviceId** The hardware ID or compatible ID that Windows used to install the device instance. +- **NeedReboot** Indicates whether the driver requires a reboot. +- **OriginalDriverInfName** The original name of the INF file before it was renamed. +- **ParentDeviceInstanceId** The device instance ID of the parent of the device. +- **PendedUntilReboot** Indicates whether the installation is pending until the device is rebooted. +- **Problem** Error code returned by the device after installation. +- **ProblemStatus** The status of the device after the driver installation. +- **RebootRequiredReason** DWORD (Double Word—32-bit unsigned integer) containing the reason why the device required a reboot during install. +- **SecondaryDevice** Indicates whether the device is a secondary device. +- **ServiceName** The service name of the driver. +- **SessionGuid** GUID (Globally Unique IDentifier) for the update session. +- **SetupMode** Indicates whether the driver installation took place before the Out Of Box Experience (OOBE) was completed. +- **StartTime** The time when the installation started. +- **SubmissionId** The driver submission identifier assigned by the Windows Hardware Development Center. +- **UpperFilters** The list of upper filter drivers. + + +## DxgKernelTelemetry events + +### DxgKrnlTelemetry.GPUAdapterInventoryV2 + +This event sends basic GPU and display driver information to keep Windows and display drivers up-to-date. + +The following fields are available: + +- **AdapterTypeValue** The numeric value indicating the type of Graphics adapter. +- **aiSeqId** The event sequence ID. +- **bootId** The system boot ID. +- **BrightnessVersionViaDDI** The version of the Display Brightness Interface. +- **ComputePreemptionLevel** The maximum preemption level supported by GPU for compute payload. +- **DDIInterfaceVersion** The device driver interface version. +- **DedicatedSystemMemoryB** The amount of system memory dedicated for GPU use (in bytes). +- **DedicatedVideoMemoryB** The amount of dedicated VRAM of the GPU (in bytes). +- **DisplayAdapterLuid** The display adapter LUID. +- **DriverDate** The date of the display driver. +- **DriverRank** The rank of the display driver. +- **DriverVersion** The display driver version. +- **DX10UMDFilePath** The file path to the location of the DirectX 10 Display User Mode Driver in the Driver Store. +- **DX11UMDFilePath** The file path to the location of the DirectX 11 Display User Mode Driver in the Driver Store. +- **DX12UMDFilePath** The file path to the location of the DirectX 12 Display User Mode Driver in the Driver Store. +- **DX9UMDFilePath** The file path to the location of the DirectX 9 Display User Mode Driver in the Driver Store. +- **GPUDeviceID** The GPU device ID. +- **GPUPreemptionLevel** The maximum preemption level supported by GPU for graphics payload. +- **GPURevisionID** The GPU revision ID. +- **GPUVendorID** The GPU vendor ID. +- **InterfaceFuncPointersProvided1** Number of device driver interface function pointers provided. +- **InterfaceFuncPointersProvided2** Number of device driver interface function pointers provided. +- **InterfaceId** The GPU interface ID. +- **IsDisplayDevice** Does the GPU have displaying capabilities? +- **IsHwSchEnabled** Boolean value indicating whether hardware scheduling is enabled. +- **IsHwSchSupported** Indicates whether the adapter supports hardware scheduling. +- **IsHybridDiscrete** Does the GPU have discrete GPU capabilities in a hybrid device? +- **IsHybridIntegrated** Does the GPU have integrated GPU capabilities in a hybrid device? +- **IsLDA** Is the GPU comprised of Linked Display Adapters? +- **IsMiracastSupported** Does the GPU support Miracast? +- **IsMismatchLDA** Is at least one device in the Linked Display Adapters chain from a different vendor? +- **IsMPOSupported** Does the GPU support Multi-Plane Overlays? +- **IsMsMiracastSupported** Are the GPU Miracast capabilities driven by a Microsoft solution? +- **IsPostAdapter** Is this GPU the POST GPU in the device? +- **IsRemovable** TRUE if the adapter supports being disabled or removed. +- **IsRenderDevice** Does the GPU have rendering capabilities? +- **IsSoftwareDevice** Is this a software implementation of the GPU? +- **KMDFilePath** The file path to the location of the Display Kernel Mode Driver in the Driver Store. +- **MeasureEnabled** Is the device listening to MICROSOFT_KEYWORD_MEASURES? +- **NumVidPnSources** The number of supported display output sources. +- **NumVidPnTargets** The number of supported display output targets. +- **SharedSystemMemoryB** The amount of system memory shared by GPU and CPU (in bytes). +- **SubSystemID** The subsystem ID. +- **SubVendorID** The GPU sub vendor ID. +- **TelemetryEnabled** Is the device listening to MICROSOFT_KEYWORD_TELEMETRY? +- **TelInvEvntTrigger** What triggered this event to be logged? Example: 0 (GPU enumeration) or 1 (DxgKrnlTelemetry provider toggling) +- **version** The event version. +- **WDDMVersion** The Windows Display Driver Model version. + + +## Feature update events + +### Microsoft.Windows.Upgrade.Uninstall.UninstallFinalizedAndRebootTriggered + +This event indicates that the uninstall was properly configured and that a system reboot was initiated. + + + +## Holographic events + +### Microsoft.Windows.Shell.HolographicFirstRun.AppActivated + +This event indicates Windows Mixed Reality Portal app activation state. This event also used to count WMR device. + +The following fields are available: + +- **IsDemoMode** Windows Mixed Reality Portal app state of demo mode. +- **IsDeviceSetupComplete** Windows Mixed Reality Portal app state of device setup completion. +- **PackageVersion** Windows Mixed Reality Portal app package version. +- **PreviousExecutionState** Windows Mixed Reality Portal app prior execution state. +- **wilActivity** Windows Mixed Reality Portal app wilActivity ID. See [wilActivity](#wilactivity). + +### wilActivity + +This event provides a Windows Internal Library context used for Product and Service diagnostics. + +The following fields are available: + +- **callContext** The function where the failure occurred. +- **currentContextId** The ID of the current call context where the failure occurred. +- **currentContextMessage** The message of the current call context where the failure occurred. +- **currentContextName** The name of the current call context where the failure occurred. +- **failureCount** The number of failures for this failure ID. +- **failureId** The ID of the failure that occurred. +- **failureType** The type of the failure that occurred. +- **fileName** The file name where the failure occurred. +- **function** The function where the failure occurred. +- **hresult** The HResult of the overall activity. +- **lineNumber** The line number where the failure occurred. +- **message** The message of the failure that occurred. +- **module** The module where the failure occurred. +- **originatingContextId** The ID of the originating call context that resulted in the failure. +- **originatingContextMessage** The message of the originating call context that resulted in the failure. +- **originatingContextName** The name of the originating call context that resulted in the failure. +- **threadId** The ID of the thread on which the activity is executing. + + +### Microsoft.Windows.Shell.HolographicFirstRun.AppLifecycleService_Resuming + +This event indicates Windows Mixed Reality Portal app resuming. This event is also used to count WMR device. + + +## Inventory events + +### Microsoft.Windows.Inventory.Core.AmiTelCacheChecksum + +This event captures basic checksum data about the device inventory items stored in the cache for use in validating data completeness for Microsoft.Windows.Inventory.Core events. The fields in this event may change over time, but they will always represent a count of a given object. + +The following fields are available: + +- **Device** A count of device objects in cache. +- **DriverPackageExtended** A count of driverpackageextended objects in cache. +- **File** A count of file objects in cache. +- **Generic** A count of generic objects in cache. +- **InventoryApplication** A count of application objects in cache. +- **InventoryApplicationDriver** A count of application driver objects in cache +- **InventoryApplicationFile** A count of application file objects in cache. +- **InventoryApplicationFramework** A count of application framework objects in cache +- **InventoryApplicationShortcut** A count of application shortcut objects in cache +- **InventoryDeviceContainer** A count of device container objects in cache. +- **InventoryDeviceInterface** A count of Plug and Play device interface objects in cache. +- **InventoryDeviceMediaClass** A count of device media objects in cache. +- **InventoryDevicePnp** A count of device Plug and Play objects in cache. +- **InventoryDeviceUsbHubClass** A count of device usb objects in cache +- **InventoryDriverBinary** A count of driver binary objects in cache. +- **InventoryDriverPackage** A count of device objects in cache. +- **InventoryMiscellaneousOfficeAddIn** A count of office add-in objects in cache +- **InventoryMiscellaneousOfficeAddInUsage** A count of office add-in usage objects in cache. +- **InventoryMiscellaneousOfficeIdentifiers** A count of office identifier objects in cache +- **InventoryMiscellaneousOfficeIESettings** A count of office ie settings objects in cache +- **InventoryMiscellaneousOfficeInsights** A count of office insights objects in cache +- **InventoryMiscellaneousOfficeProducts** A count of office products objects in cache +- **InventoryMiscellaneousOfficeSettings** A count of office settings objects in cache +- **InventoryMiscellaneousOfficeVBA** A count of office vba objects in cache +- **InventoryMiscellaneousOfficeVBARuleViolations** A count of office vba rule violations objects in cache +- **InventoryMiscellaneousUUPInfo** A count of uup info objects in cache +- **Metadata** A count of metadata objects in cache. +- **Programs** A count of program objects in cache. + + +### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkAdd + +This event provides the basic metadata about the frameworks an application may depend on. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **FileId** A hash that uniquely identifies a file. +- **Frameworks** The list of frameworks this file depends on. +- **InventoryVersion** The version of the inventory file generating the events. + + +### Microsoft.Windows.Inventory.Core.InventoryDeviceContainerAdd + +This event sends basic metadata about a device container (such as a monitor or printer as opposed to a Plug and Play device) to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **Categories** A comma separated list of functional categories in which the container belongs. +- **DiscoveryMethod** The discovery method for the device container. +- **FriendlyName** The name of the device container. +- **IsActive** Is the device connected, or has it been seen in the last 14 days? +- **IsConnected** For a physically attached device, this value is the same as IsPresent. For wireless a device, this value represents a communication link. +- **IsMachineContainer** Is the container the root device itself? +- **IsNetworked** Is this a networked device? +- **IsPaired** Does the device container require pairing? +- **Manufacturer** The manufacturer name for the device container. +- **ModelId** A unique model ID. +- **ModelName** The model name. +- **ModelNumber** The model number for the device container. +- **PrimaryCategory** The primary category for the device container. + + +### Microsoft.Windows.Inventory.Core.InventoryDriverPackageAdd + +This event sends basic metadata about drive packages installed on the system to help keep Windows up to date. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **Class** The class name for the device driver. +- **ClassGuid** The class GUID for the device driver. +- **Date** The driver package date. +- **Directory** The path to the driver package. +- **DriverInBox** Is the driver included with the operating system? +- **FlightIds** Driver Flight IDs. +- **Inf** The INF name of the driver package. +- **InventoryVersion** The version of the inventory file generating the events. +- **Provider** The provider for the driver package. +- **RecoveryIds** Driver recovery IDs. +- **SubmissionId** The HLK submission ID for the driver package. +- **Version** The version of the driver package. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousMemorySlotArrayInfoAdd + +This event provides basic information about active memory slots on the device. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **Capacity** Memory size in bytes. +- **Manufacturer** Name of the DRAM manufacturer. +- **Model** Model and submodel of the memory. +- **Slot** Slot the DRAM is plugged into the motherboard. +- **Speed** MHZ the memory is currently configured and used at. +- **Type** Reports DDR, etc. as an enumeration value per DMTF SMBIOS standard version 3.3.0, section 7.18.2. +- **TypeDetails** Reports Non-volatile, etc. as a bit flag enumeration per DMTF SMBIOS standard version 3.3.0, section 7.18.3. + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIdentifiersAdd + +Provides data on the Office identifiers. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **OAudienceData** Sub-identifier for Microsoft Office release management, identifying the pilot group for a device +- **OAudienceId** Microsoft Office identifier for Microsoft Office release management, identifying the pilot group for a device +- **OMID** Identifier for the Office SQM Machine +- **OPlatform** Whether the installed Microsoft Office product is 32-bit or 64-bit +- **OTenantId** Unique GUID representing the Microsoft O365 Tenant +- **OVersion** Installed version of Microsoft Office. For example, 16.0.8602.1000 +- **OWowMID** Legacy Microsoft Office telemetry identifier (SQM Machine ID) for WoW systems (32-bit Microsoft Office on 64-bit Windows) + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeProductsAdd + +Describes Office Products installed. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **OC2rApps** A GUID the describes the Office Click-To-Run apps +- **OC2rSkus** Comma-delimited list (CSV) of Office Click-To-Run products installed on the device. For example, Office 2016 ProPlus +- **OMsiApps** Comma-delimited list (CSV) of Office MSI products installed on the device. For example, Microsoft Word +- **OProductCodes** A GUID that describes the Office MSI products + + +### Microsoft.Windows.Inventory.Indicators.Checksum + +This event summarizes the counts for the InventoryMiscellaneousUexIndicatorAdd events. + +The following fields are available: + +- **CensusId** A unique hardware identifier. +- **ChecksumDictionary** A count of each operating system indicator. + + +## Microsoft Edge events + +### Aria.160f0649efde47b7832f05ed000fc453.Microsoft.WebBrowser.SystemInfo.Config + +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event, where 1 is basic, 2 is enhanced, and 3 is full. +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **reconsentConfigs** A comma separated list of all reconsent configurations the current installation has received. Each configuration follows a well-defined format: 2DigitMonth-2DigitYear-3LetterKeyword. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. + + +### Aria.29e24d069f27450385c7acaa2f07e277.Microsoft.WebBrowser.SystemInfo.Config + +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. + + +### Aria.7005b72804a64fa4b2138faab88f877b.Microsoft.WebBrowser.SystemInfo.Config + +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **reconsentConfigs** A comma separated list of all reconsent configurations the current installation has received. Each configuration follows a well-defined format: 2DigitMonth-2DigitYear-3LetterKeyword. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. + + +### Aria.754de735ccd546b28d0bfca8ac52c3de.Microsoft.WebBrowser.SystemInfo.Config + +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. + + +### Aria.af397ef28e484961ba48646a5d38cf54.Microsoft.WebBrowser.Installer.EdgeUpdate.Ping + +The Ping event sends a detailed inventory of software and hardware information about the EdgeUpdate user's version, app usage, update usage, and hardware capabilities. This event contains Device Connectivity and Configuration, Product and Service Performance, Product and Service Usage, and Software Setup and Inventory data. One roll-up event is sent each time any installation, update, or uninstallation process, including an error, occurs in the EdgeUpdate service. Each Ping event can contain an arbitrary number of apps which have been modified, and each of these apps in turn can fire multiple event types. This event is used to measure the reliability, performance, and usage of the EdgeUpdate service. + +The following fields are available: + +- **appAp** Any additional parameters for the specified application. Default: ''. +- **appAppId** The GUID that identifies the product. Compatible clients must transmit this attribute. Please see the wiki for additional information. Default: undefined. +- **appBrandCode** The brand code under which the product was installed, if any. A brand code is a short (4-character) string used to identify installations that took place as a result of partner deals or website promotions. Default: ''. +- **appChannel** An integer indicating the channel of the installation (i.e. Canary or Dev). +- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. +- **appCohort** A machine-readable string identifying the release cohort (channel) that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. The exact legal values are app-specific and should be shared between the server and app implementations. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort Name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited. +- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. The client MAY fuzz this value to the week granularity (e.g. send '0' for 0 through 6, '7' for 7 through 13, etc.). The first communication to the server should use a special value of '-1'. A value of '-2' indicates that this value is not known. Please see the wiki for additional information. Default: '-2'. +- **appExperiments** A key/value list of experiment identifiers. Experiment labels are used to track membership in different experimental groups, and may be set at install or update time. The experiments string is formatted as a semicolon-delimited concatenation of experiment label strings. An experiment label string is an experiment Name, followed by the '=' character, followed by an experimental label value. For example: 'crdiff=got_bsdiff;optimized=O3'. The client should not transmit the expiration date of any experiments it has, even if the server previously specified a specific expiration date. Default: ''. +- **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'. +- **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''. +- **appNextVersion** The version of the app that the update flow to which this event belongs attempted to reach, regardless of the success or failure of the update operation. Please see the wiki for additional information. Default: '0.0.0.0'. +- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'. +- **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. +- **appPingEventDownloadMetricsDownloader** A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''. +- **appPingEventDownloadMetricsDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. +- **appPingEventDownloadMetricsError** The error code (if any) of the operation, encoded as a signed base-10 integer. Default: '0'. +- **appPingEventDownloadMetricsTotalBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. +- **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. +- **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'. +- **appPingEventEventResult** An enum indicating the result of the event. Please see the wiki for additional information. Default: '0'. +- **appPingEventEventType** An enum indicating the type of the event. Compatible clients MUST transmit this attribute. Please see the wiki for additional information. +- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'. +- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'. +- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'. +- **appPingEventSequenceId** An id that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event. +- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a "urls" tag. +- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'. +- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not. +- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The server should not return an update instruction to a version number that does not match the prefix or complete version number. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' must match '1.2.3.4' but must not match '1.2.34'). Default: ''. +- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request should be sent over SSL or another secure protocol. Default: ''. +- **appVersion** The version of the product install. Please see the wiki for additional information. Default: '0.0.0.0'. +- **eventType** A string indicating the type of the event. Please see the wiki for additional information. +- **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware does not support the AVX instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse3** '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware does not support the SSE3 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse41** '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware does not support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse42** '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware does not support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSsse3** '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware does not support the SSSE3 instruction set. '-1' if unknown. Default: '-1'. +- **hwPhysmemory** The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'. +- **isMsftDomainJoined** '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'. +- **osArch** The architecture of the operating system (e.g. 'x86', 'x64', 'arm'). '' if unknown. Default: ''. +- **osPlatform** The operating system family that the within which the Omaha client is running (e.g. 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system Name should be transmitted in lowercase with minimal formatting. Default: ''. +- **osServicePack** The secondary version of the operating system. '' if unknown. Default: ''. +- **osVersion** The primary version of the operating system. '' if unknown. Default: ''. +- **requestCheckPeriodSec** The update interval in seconds. The value is read from the registry. Default: '-1'. +- **requestDlpref** A comma-separated list of values specifying the preferred download URL behavior. The first value is the highest priority, further values reflect secondary, tertiary, et cetera priorities. Legal values are '' (in which case the entire list must be empty, indicating unknown or no-preference) or 'cacheable' (the server should prioritize sending URLs that are easily cacheable). Default: ''. +- **requestDomainJoined** '1' if the machine is part of a managed enterprise domain. Otherwise '0'. +- **requestInstallSource** A string specifying the cause of the update flow. For example: 'ondemand', or 'scheduledtask'. Default: ''. +- **requestIsMachine** '1' if the client is known to be installed with system-level or administrator privileges. '0' otherwise. Default: '0'. +- **requestOmahaShellVersion** The version of the Omaha installation folder. Default: ''. +- **requestOmahaVersion** The version of the Omaha updater itself (the entity sending this request). Default: '0.0.0.0'. +- **requestProtocolVersion** The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients must always transmit this attribute. Default: undefined. +- **requestRequestId** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Each request attempt should have (with high probability) a unique request id. Default: ''. +- **requestSessionId** A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) should have (with high probability) a single unique session ID. Default: ''. +- **requestTestSource** Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''. +- **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''. + + +### Aria.f4a7d46e472049dfba756e11bdbbc08f.Microsoft.WebBrowser.SystemInfo.Config + +This config event sends basic device connectivity and configuration information from Microsoft Edge about the current data collection consent, app version, and installation state to keep Microsoft Edge up to date and secure. + +The following fields are available: + +- **app_sample_rate** A number representing how often the client sends telemetry, expressed as a percentage. Low values indicate that said client sends more events and high values indicate that said client sends fewer events. +- **app_version** The internal Edge build version string, taken from the UMA metrics field system_profile.app_version. +- **appConsentState** Bit flags describing consent for data collection on the machine or zero if the state was not retrieved. The following are true when the associated bit is set: consent was granted (0x1), consent was communicated at install (0x2), diagnostic data consent granted (0x20000), browsing data consent granted (0x40000). +- **Channel** An integer indicating the channel of the installation (Canary or Dev). +- **client_id** A unique identifier with which all other diagnostic client data is associated, taken from the UMA metrics provider. This ID is effectively unique per device, per OS user profile, per release channel (e.g. Canary/Dev/Beta/Stable). client_id is not durable, based on user preferences. client_id is initialized on the first application launch under each OS user profile. client_id is linkable, but not unique across devices or OS user profiles. client_id is reset whenever UMA data collection is disabled, or when the application is uninstalled. +- **ConnectionType** The first reported type of network connection currently connected. This can be one of Unknown, Ethernet, WiFi, 2G, 3G, 4G, None, or Bluetooth. +- **container_client_id** The client ID of the container, if in WDAG mode. This will be different from the UMA log client ID, which is the client ID of the host in WDAG mode. +- **container_session_id** The session ID of the container, if in WDAG mode. This will be different from the UMA log session ID, which is the session ID of the host in WDAG mode. +- **Etag** Etag is an identifier representing all service applied configurations and experiments for the current browser session. This field is left empty when Windows diagnostic level is set to Basic or lower or when consent for diagnostic data has been denied. +- **EventInfo.Level** The minimum Windows diagnostic data level required for the event where 1 is basic, 2 is enhanced, and 3 is full. +- **install_date** The date and time of the most recent installation in seconds since midnight on January 1, 1970 UTC, rounded down to the nearest hour. +- **installSource** An enumeration representing the source of this installation: source was not retrieved (0), unspecified source (1), website installer (2), enterprise MSI (3), Windows update (4), Edge updater (5), scheduled or timed task (6, 7), uninstall (8), Edge about page (9), self-repair (10), other install command line (11), reserved (12), unknown source (13). +- **PayloadClass** The base class used to serialize and deserialize the Protobuf binary payload. +- **PayloadGUID** A random identifier generated for each original monolithic Protobuf payload, before the payload is potentially broken up into manageably-sized chunks for transmission. +- **PayloadLogType** The log type for the event correlating with 0 for unknown, 1 for stability, 2 for on-going, 3 for independent, 4 for UKM, or 5 for instance level. +- **pop_sample** A value indicating how the device's data is being sampled. +- **reconsentConfigs** A comma separated list of all reconsent configurations the current installation has received. Each configuration follows a well-defined format: 2DigitMonth-2DigitYear-3LetterKeyword. +- **session_id** An identifier that is incremented each time the user launches the application, irrespective of any client_id changes. session_id is seeded during the initial installation of the application. session_id is effectively unique per client_id value. Several other internal identifier values, such as window or tab IDs, are only meaningful within a particular session. The session_id value is forgotten when the application is uninstalled, but not during an upgrade. +- **utc_flags** Event Tracing for Windows (ETW) flags required for the event as part of the data collection process. + + +### Microsoft.WebBrowser.Installer.EdgeUpdate.Ping + +This event sends hardware and software inventory information about the Microsoft Edge Update service, Microsoft Edge applications, and the current system environment, including app configuration, update configuration, and hardware capabilities. It's used to measure the reliability and performance of the EdgeUpdate service and if Microsoft Edge applications are up to date + +The following fields are available: + +- **appAp** Microsoft Edge Update parameters, including channel, architecture, platform, and additional parameters identifying the release of Microsoft Edge to update and how to install it. Example: 'beta-arch_x64-full'. Default: ''." +- **appAppId** The GUID that identifies the product channels such as Edge Canary, Dev, Beta, Stable, and Edge Update. +- **appBrandCode** The 4-digit brand code under which the the product was installed, if any. Possible values: 'GGLS' (default), 'GCEU' (enterprise install), and '' (unknown). +- **appChannel** An integer indicating the channel of the installation (e.g. Canary or Dev). +- **appClientId** A generalized form of the brand code that can accept a wider range of values and is used for similar purposes. Default: ''. +- **appCohort** A machine-readable string identifying the release channel that the app belongs to. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appCohortHint** A machine-readable enum indicating that the client has a desire to switch to a different release cohort. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appCohortName** A stable non-localized human-readable enum indicating which (if any) set of messages the app should display to the user. For example, an app with a cohort name of 'beta' might display beta-specific branding to the user. Limited to ASCII characters 32 to 127 (inclusive) and a maximum length of 1024 characters. Default: ''. +- **appConsentState** Bit flags describing the diagnostic data disclosure and response flow where 1 indicates the affirmative and 0 indicates the negative or unspecified data. Bit 1 indicates consent was given, bit 2 indicates data originated from the download page, bit 18 indicates choice for sending data about how the browser is used, and bit 19 indicates choice for sending data about websites visited. +- **appDayOfInstall** The date-based counting equivalent of appInstallTimeDiffSec (the numeric calendar day that the app was installed on). This value is provided by the server in the response to the first request in the installation flow. Default: '-2' (Unknown). +- **appExperiments** A semicolon-delimited key/value list of experiment identifiers and treatment groups. This field is unused and always empty in Edge Update. Default: ''. +- **appIid** A GUID that identifies a particular installation flow. For example, each download of a product installer is tagged with a unique GUID. Attempts to install using that installer can then be grouped. A client SHOULD NOT persist the IID GUID after the installation flow of a product is complete. +- **appInstallTimeDiffSec** The difference between the current time and the install date in seconds. '0' if unknown. Default: '-1'. +- **appLang** The language of the product install, in IETF BCP 47 representation. Default: ''. +- **appNextVersion** The version of the app that the update attempted to reach, regardless of the success or failure of the update operation. Default: '0.0.0.0'. +- **appPingEventAppSize** The total number of bytes of all downloaded packages. Default: '0'. +- **appPingEventDownloadMetricsDownloadedBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. +- **appPingEventDownloadMetricsDownloader** A string identifying the download algorithm and/or stack. Example values include: 'bits', 'direct', 'winhttp', 'p2p'. Sent in events that have an event type of '14' only. Default: ''. +- **appPingEventDownloadMetricsDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. +- **appPingEventDownloadMetricsError** The error code (if any) of the operation, encoded as a signed base-10 integer. Default: '0'. +- **appPingEventDownloadMetricsServerIpHint** For events representing a download, the CDN Host IP address that corresponds to the update file server. The CDN host is controlled by Microsoft servers and always maps to IP addresses hosting *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. +- **appPingEventDownloadMetricsTotalBytes** For events representing a download, the number of bytes expected to be downloaded. For events representing an entire update flow, the sum of all such expected bytes over the course of the update flow. Default: '0'. +- **appPingEventDownloadMetricsUrl** For events representing a download, the CDN URL provided by the update server for the client to download the update, the URL is controlled by Microsoft servers and always maps back to either *.delivery.mp.microsoft.com or msedgesetup.azureedge.net. Default: ''. +- **appPingEventDownloadTimeMs** For events representing a download, the time elapsed between the start of the download and the end of the download, in milliseconds. For events representing an entire update flow, the sum of all such download times over the course of the update flow. Sent in events that have an event type of '1', '2', '3', and '14' only. Default: '0'. +- **appPingEventErrorCode** The error code (if any) of the operation, encoded as a signed, base-10 integer. Default: '0'. +- **appPingEventEventResult** An enumeration indicating the result of the event. Common values are '0' (Error) and '1' (Success). Default: '0' (Error). +- **appPingEventEventType** An enumeration indicating the type of the event and the event stage. Default: '0' (Unknown). +- **appPingEventExtraCode1** Additional numeric information about the operation's result, encoded as a signed, base-10 integer. Default: '0'. +- **appPingEventInstallTimeMs** For events representing an install, the time elapsed between the start of the install and the end of the install, in milliseconds. For events representing an entire update flow, the sum of all such durations. Sent in events that have an event type of '2' and '3' only. Default: '0'. +- **appPingEventNumBytesDownloaded** The number of bytes downloaded for the specified application. Default: '0'. +- **appPingEventSequenceId** An ID that uniquely identifies particular events within one requestId. Since a request can contain multiple ping events, this field is necessary to uniquely identify each possible event. +- **appPingEventSourceUrlIndex** For events representing a download, the position of the download URL in the list of URLs supplied by the server in a tag. +- **appPingEventUpdateCheckTimeMs** For events representing an entire update flow, the time elapsed between the start of the update check and the end of the update check, in milliseconds. Sent in events that have an event type of '2' and '3' only. Default: '0'. +- **appUpdateCheckIsUpdateDisabled** The state of whether app updates are restricted by group policy. True if updates have been restricted by group policy or false if they have not. +- **appUpdateCheckTargetVersionPrefix** A component-wise prefix of a version number, or a complete version number suffixed with the $ character. The prefix is interpreted a dotted-tuple that specifies the exactly-matching elements; it is not a lexical prefix (for example, '1.2.3' MUST match '1.2.3.4' but MUST NOT match '1.2.34'). Default: ''. +- **appUpdateCheckTtToken** An opaque access token that can be used to identify the requesting client as a member of a trusted-tester group. If non-empty, the request is sent over SSL or another secure protocol. This field is unused by Edge Update and always empty. Default: ''. +- **appVersion** The version of the product install. Default: '0.0.0.0'. +- **eventType** A string representation of appPingEventEventType indicating the type of the event. +- **hwHasAvx** '1' if the client's hardware supports the AVX instruction set. '0' if the client's hardware does not support the AVX instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse** '1' if the client's hardware supports the SSE instruction set. '0' if the client's hardware does not support the SSE instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse2** '1' if the client's hardware supports the SSE2 instruction set. '0' if the client's hardware does not support the SSE2 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse3** '1' if the client's hardware supports the SSE3 instruction set. '0' if the client's hardware does not support the SSE3 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse41** '1' if the client's hardware supports the SSE4.1 instruction set. '0' if the client's hardware does not support the SSE4.1 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSse42** '1' if the client's hardware supports the SSE4.2 instruction set. '0' if the client's hardware does not support the SSE4.2 instruction set. '-1' if unknown. Default: '-1'. +- **hwHasSsse3** '1' if the client's hardware supports the SSSE3 instruction set. '0' if the client's hardware does not support the SSSE3 instruction set. '-1' if unknown. Default: '-1'. +- **hwPhysmemory** The physical memory available to the client, truncated down to the nearest gibibyte. '-1' if unknown. This value is intended to reflect the maximum theoretical storage capacity of the client, not including any hard drive or paging to a hard drive or peripheral. Default: '-1'. +- **isMsftDomainJoined** '1' if the client is a member of a Microsoft domain. '0' otherwise. Default: '0'. +- **osArch** The architecture of the operating system (e.g. 'x86', 'x64', 'arm'). '' if unknown. Default: ''. +- **osPlatform** The operating system family that the within which the Omaha client is running (e.g. 'win', 'mac', 'linux', 'ios', 'android'). '' if unknown. The operating system name should be transmitted in lowercase with minimal formatting. Default: ''. +- **osServicePack** The secondary version of the operating system. '' if unknown. Default: ''. +- **osVersion** The primary version of the operating system. '' if unknown. Default: ''. +- **requestCheckPeriodSec** The update interval in seconds. The value is read from the registry. Default: '-1'. +- **requestDlpref** A comma-separated list of values specifying the preferred download URL behavior. The first value is the highest priority, further values reflect secondary, tertiary, et cetera priorities. Legal values are '' (in which case the entire list must be empty, indicating unknown or no-preference) or 'cacheable' (the server should prioritize sending URLs that are easily cacheable). Default: ''. +- **requestDomainJoined** '1' if the device is part of a managed enterprise domain. Otherwise '0'. +- **requestInstallSource** A string specifying the cause of the update flow. For example: 'ondemand', or 'scheduledtask'. Default: ''. +- **requestIsMachine** '1' if the client is known to be installed with system-level or administrator privileges. '0' otherwise. Default: '0'. +- **requestOmahaShellVersion** The version of the Omaha installation folder. Default: ''. +- **requestOmahaVersion** The version of the Omaha updater itself (the entity sending this request). Default: '0.0.0.0'. +- **requestProtocolVersion** The version of the Omaha protocol. Compatible clients MUST provide a value of '3.0'. Compatible clients MUST always transmit this attribute. Default: undefined. +- **requestRequestId** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha request. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''. +- **requestSessionCorrelationVectorBase** A client generated random MS Correlation Vector base code used to correlate the update session with update and CDN servers. Default: ''. +- **requestSessionId** A randomly-generated (uniformly distributed) GUID. Each single update flow (e.g. update check, update application, event ping sequence) SHOULD have (with high probability) a single unique session ID. Default: ''. +- **requestTestSource** Either '', 'dev', 'qa', 'prober', 'auto', or 'ossdev'. Any value except '' indicates that the request is a test and should not be counted toward normal metrics. Default: ''. +- **requestUid** A randomly-generated (uniformly distributed) GUID, corresponding to the Omaha user. Each request attempt SHOULD have (with high probability) a unique request id. Default: ''. + + +## MUI events + +### MuiResourceLoaderTraceLogging.MapAndVerifyResourceFileFailure + +This event is logged when LdrMapAndVerifyResourceFile fails for an overlay module. + +The following fields are available: + +- **Culture** Language tag. +- **DevicePath** True if file path is a device path. +- **Flags** Flags used for verification in LdrMapAndVerifyResourceFile. +- **ResourceFileName** DLL path and name. +- **Status** Failing status code. + + +### MuiResourceLoaderTraceLogging.VerifyAlternateResourceModuleWithServiceChecksumFailure + +This event logs a failure when a MUI has an incompatible service checksum. + +The following fields are available: + +- **ActualServiceChecksum** The checksum in the MUI file. +- **ExpectedServiceChecksum** The checksum in the neutral binary. +- **ResourceFileName** DLL path and name which has a failing service checksum. + + +### NetworkTelemetry.AccessPointData + +This event describes the wireless access point to which the Xbox is connected. Collected when a wireless network is joined. + + + +### NetworkTelemetry.FlightControllerInitialize + +This event is logged when the flight controller attempts to write the hosts file. + + + +## Sediment events + +### Microsoft.Windows.Sediment.OSRSS.CheckingOneSettings + +This event indicates the parameters that the Operating System Remediation System Service (OSRSS) uses for a secure ping to Microsoft to help ensure Windows is up to date. + +The following fields are available: + +- **CustomVer** The registry value for targeting. +- **IsMetered** TRUE if the machine is on a metered network. +- **LastVer** The version of the last successful run. +- **ServiceVersionMajor** The Major version information of the component. +- **ServiceVersionMinor** The Minor version information of the component. +- **Time** The system time at which the event occurred. + + +## Setup events + +### SetupPlatformTel.SetupPlatformTelActivityEvent + +This event sends basic metadata about the SetupPlatform update installation process, to help keep Windows up to date. + +The following fields are available: + +- **FieldName** Retrieves the event name/data point. Examples: InstallStartTime, InstallEndtime, OverallResult etc. +- **GroupName** Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc. +- **Value** Value associated with the corresponding event name. For example, time-related events will include the system time + + +## Software update events + +### SoftwareUpdateClientTelemetry.Uninstall + +Uninstall event for target update on Windows Update Client. See EventScenario field for specifics (for example, Started/Failed/Succeeded). + +The following fields are available: + +- **BundleId** The identifier associated with the specific content bundle. This should not be all zeros if the bundleID was found. +- **BundleRepeatFailCount** Indicates whether this particular update bundle previously failed. +- **BundleRevisionNumber** Identifies the revision number of the content bundle. +- **CallerApplicationName** Name of the application making the Windows Update request. Used to identify context of request. +- **ClassificationId** Classification identifier of the update content. +- **ClientVersion** Version number of the software distribution client. +- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. There is no value being reported in this field right now. Expected value for this field is 0. +- **DeploymentMutexId** Mutex identifier of the deployment operation. +- **DeploymentProviderHostModule** Name of the module which is hosting the Update Deployment Provider for deployment operation. +- **DeploymentProviderMode** The mode of operation of the Update Deployment Provider. +- **DriverPingBack** Contains information about the previous driver and system state. +- **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers when a recovery is required. +- **EventInstanceID** A globally unique identifier for event instance. +- **EventScenario** Indicates the purpose of the event (a scan started, succeded, failed, etc.). +- **EventType** Indicates the event type. Possible values are "Child", "Bundle", "Release" or "Driver". +- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode is not specific enough. +- **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. +- **FlightBuildNumber** Indicates the build number of the flight. +- **FlightId** The specific ID of the flight the device is getting. +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.). +- **HardwareId** If the download was for a driver targeted to a particular device model, this ID indicates the model of the device. +- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process. +- **IsFirmware** Indicates whether an update was a firmware update. +- **IsSuccessFailurePostReboot** Indicates whether an initial success was then a failure after a reboot. +- **IsWUfBDualScanEnabled** Flag indicating whether WU-for-Business dual scan is enabled on the device. +- **IsWUfBEnabled** Flag indicating whether WU-for-Business is enabled on the device. +- **IsWUfBTargetVersionEnabled** Flag that indicates if the WU-for-Business target version policy is enabled on the device. +- **MergedUpdate** Indicates whether an OS update and a BSP update were merged for install. +- **ProcessName** Process name of the caller who initiated API calls into the software distribution client. +- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. +- **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one. +- **RepeatFailCount** Indicates whether this specific piece of content previously failed. +- **RevisionNumber** Identifies the revision number of this specific piece of content. +- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc). +- **StatusCode** Result code of the event (success, cancellation, failure code HResult). +- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. +- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. +- **UpdateId** Identifier associated with the specific piece of content. +- **UpdateImportance** Indicates the importance of a driver and why it received that importance level (0-Unknown, 1-Optional, 2-Important-DNF, 3-Important-Generic, 4-Important-Other, 5-Recommended). +- **UsedSystemVolume** Indicates whether the device’s main system storage drive or an alternate storage drive was used. +- **WUDeviceID** Unique device ID controlled by the software distribution client. + + +## Update events + +### Update360Telemetry.UpdateAgentReboot + +This event sends information indicating that a request has been sent to suspend an update. + +The following fields are available: + +- **ErrorCode** The error code returned for the current reboot. +- **FlightId** Unique ID for the flight (test instance version). +- **IsSuspendable** Indicates whether the update has the ability to be suspended and resumed at the time of reboot. When the machine is rebooted and the update is in middle of Predownload or Install and Setup.exe is running, this field is TRUE, if not its FALSE. +- **ObjectId** The unique value for each Update Agent mode. +- **Reason** Indicates the HResult why the machine could not be suspended. If it is successfully suspended, the result is 0. +- **RelatedCV** The correlation vector value generated from the latest USO (Update Service Orchestrator) scan. +- **ScenarioId** The ID of the update scenario. +- **SessionId** The ID of the update attempt. +- **UpdateId** The ID of the update. +- **UpdateState** Indicates the state of the machine when Suspend is called. For example, Install, Download, Commit. + + +## Upgrade events + +### Setup360Telemetry.Setup360 + +This event sends data about OS deployment scenarios, to help keep Windows up-to-date. + +The following fields are available: + +- **FieldName** Retrieves the data point. +- **FlightData** Specifies a unique identifier for each group of Windows Insider builds. +- **InstanceId** Retrieves a unique identifier for each instance of a setup session. +- **ReportId** Retrieves the report ID. +- **ScenarioId** Retrieves the deployment scenario. +- **Value** Retrieves the value associated with the corresponding FieldName. + + +### Setup360Telemetry.UnexpectedEvent + +This event sends data indicating that the device has invoked the unexpected event phase of the upgrade, to help keep Windows up to date. + +The following fields are available: + +- **ClientId** With Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **HostOSBuildNumber** The build number of the previous OS. +- **HostOsSkuName** The OS edition which is running Setup360 instance (previous OS). +- **InstanceId** A unique GUID that identifies each instance of setuphost.exe +- **ReportId** With Windows Update, this is the updateID that is passed to Setup. In media setup, this is the GUID for the install.wim. +- **Setup360Extended** Detailed information about the phase/action when the potential failure occurred. +- **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. +- **Setup360Result** The result of Setup360. This is an HRESULT error code that can be used used to diagnose errors. +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. +- **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). +- **State** The exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. +- **TestId** A string to uniquely identify a group of events. +- **WuId** This is the Windows Update Client ID. With Windows Update, this is the same as the clientId. + + +## Windows Update CSP events + +### Microsoft.Windows.UpdateCsp.ExecuteRollBackFeatureFailed + +This event sends basic telemetry on the failure of the Feature Rollback. + +The following fields are available: + +- **current** Result of currency check. +- **dismOperationSucceeded** Dism uninstall operation status. +- **hResult** Failure error code. +- **oSVersion** Build number of the device. +- **paused** Indicates whether the device is paused. +- **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status. +- **sacDevice** This is the device info. +- **wUfBConnected** Result of WUfB connection check. + + +## Windows Update events + +### Microsoft.Windows.Update.DataMigrationFramework.DmfMigrationStarted + +This event sends data collected at the beginning of the Data Migration Framework (DMF) and parameters involved in its invocation, to help keep Windows up to date. + +The following fields are available: + +- **MigrationMicrosoftPhases** The number of Microsoft-authored migrators scheduled to be ran by DMF for this upgrade +- **MigrationOEMPhases** The number of OEM-authored migrators scheduled to be ran by DMF for this upgrade +- **MigrationStartTime** The timestamp representing the beginning of the DMF migration +- **WuClientId** The GUID of the Windows Update client invoking DMF + + +## XBOX events + +### Microsoft.Gaming.Install.ResurrectedInstall + +This event is logged when app installation resumes on Xbox console. + +The following fields are available: + +- **InstanceId** App install instance ID. +- **Result** App install resume result. + + +### Microsoft.Xbox.XceBridge.CS.1.0.0.9.0.2.SFR.ConnectedStandbyEnterEnd + +This event is triggered when connected standby is finished activating. + + + +### NuiServiceTelemetryProvider.DriverSensorFirmwareVersion + +This event reports the version of the currently installed firmware. + + + +### NuiServiceTelemetryProvider.DriverSensorHardwareVersion + +This event reports basic and raw hardware version of the NUI sensor. Also reports serial number. + + + +### NuiServiceTelemetryProvider.SensorFirmwareDeviceError + +This event reports sensor firmware device error. + + + +### SignInArbiter.AutoPairingGeneralInfo + +This event is reported at various times to note system state. + + + +### XceDiagnosticUploadable.UploaderPerfHeartbeat + +This event reports a digest of a number of different counters that are tracked locally by the uploader. + + + +## XDE events + +### Microsoft.Emulator.Xde.RunTime.XdeStarted + +This event sends basic information regarding the XDE process to address problems with emulator start. + +The following fields are available: + +- **addUserToHyperVAdmins** True if user added to Hyper-V admin group. +- **addUserToPerformanceLogUsersGroup** True if user added to performance group. +- **automateFeatures** True if automation is being used. +- **bootLanguage** Boot language for guest. +- **bootToSnapshot** True if should attempt to boot to snapshot. +- **com1PipeName** COM1 pipe name. +- **com2PipeName** COM2 pipe name. +- **diffDiskVhd** Diff disk name. +- **displayName** Display name. +- **fastShutdown** True if should try to shutdown quickly. +- **language** Language to use for UI. +- **memSize** Memory size. +- **natDisabled** True if NAT is to be disabled. +- **noStart** True if VM shouldn't be started. +- **originalVideoResolution** Original video resolution. +- **remoteFxDisabled** Disable GPU. +- **screenDiagonalSize** Screen diagonal size. +- **sensorsEnabled** Sensors to enable in guest. +- **showName** True if display name should appear on UI. +- **showUsage** True if usage was shown. +- **silentSnapshot** True if a silent snapshot was taken. +- **silentUi** True if message boxes should be suppressed. +- **sku** The emulator sku to use +- **startedBy** The program that started the emulator. +- **version** Emulator version. +- **versionLong** Long format of emulator version. +- **vhdPath** VHD path. +- **videoResolution** Video resolution to use. +- **virtualMachineName** VM name. +- **waitForClientConnection** True if we should wait for client connection. +- **wp81NetworkStackDisabled** WP 8.1 networking stack disabled. + + + diff --git a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md index 6c12907b28..ae96f09ed1 100644 --- a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md +++ b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md @@ -14,11 +14,13 @@ ms.collection: M365-identity-device-management ms.topic: article ms.reviewer: --- + # Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool ```powershell -# Script to find out if machine is Device Guard compliant -# requires driver verifier on system. +# Script to find out if a machine is Device Guard compliant. +# The script requires a driver verifier present on the system. + param([switch]$Capable, [switch]$Ready, [switch]$Enable, [switch]$Disable, $SIPolicyPath, [switch]$AutoReboot, [switch]$DG, [switch]$CG, [switch]$HVCI, [switch]$HLK, [switch]$Clear, [switch]$ResetVerifier) $path = "C:\DGLogs\" @@ -36,7 +38,7 @@ $DGVerifySuccess = New-Object System.Text.StringBuilder $Sys32Path = "$env:windir\system32" $DriverPath = "$env:windir\system32\drivers" -#generated by certutil -encode +#generated by certutil -encode $SIPolicy_Encoded = "BQAAAA43RKLJRAZMtVH2AW5WMHbk9wcuTBkgTbfJb0SmxaI0BACNkAgAAAAAAAAA HQAAAAIAAAAAAAAAAAAKAEAAAAAMAAAAAQorBgEEAYI3CgMGDAAAAAEKKwYBBAGC NwoDBQwAAAABCisGAQQBgjc9BAEMAAAAAQorBgEEAYI3PQUBDAAAAAEKKwYBBAGC @@ -114,7 +116,7 @@ function LogAndConsoleSuccess($message) function LogAndConsoleError($message) { - Write-Host $message -foregroundcolor "Red" + Write-Host $message -foregroundcolor "Red" Log $message } @@ -132,16 +134,16 @@ function IsExempted([System.IO.FileInfo] $item) Log $cert.ToString() return 0 } -} +} function CheckExemption($_ModName) { $mod1 = Get-ChildItem $Sys32Path $_ModName $mod2 = Get-ChildItem $DriverPath $_ModName if($mod1) - { + { Log "NonDriver module" + $mod1.FullName - return IsExempted($mod1) + return IsExempted($mod1) } elseif($mod2) { @@ -184,15 +186,15 @@ function CheckFailedDriver($_ModName, $CIStats) } if($Result.Contains("PASS")) { - $CompatibleModules.AppendLine($_ModName.Trim()) | Out-Null + $CompatibleModules.AppendLine($_ModName.Trim()) | Out-Null } elseif($FailingStat.Trim().Contains("execute-write")) { - $FailingExecuteWriteCheck.AppendLine("Module: "+ $_ModName.Trim() + "`r`n`tReason: " + $FailingStat.Trim() ) | Out-Null + $FailingExecuteWriteCheck.AppendLine("Module: "+ $_ModName.Trim() + "`r`n`tReason: " + $FailingStat.Trim() ) | Out-Null } else { - $FailingModules.AppendLine("Module: "+ $_ModName.Trim() + "`r`n`tReason: " + $FailingStat.Trim() ) | Out-Null + $FailingModules.AppendLine("Module: "+ $_ModName.Trim() + "`r`n`tReason: " + $FailingStat.Trim() ) | Out-Null } Log "Result: " $Result } @@ -204,7 +206,7 @@ function ListCIStats($_ModName, $str1) { Log "String := " $str1 Log "Warning! CI Stats are missing for " $_ModName - return + return } $temp_str1 = $str1.Substring($i1) $CIStats = $temp_str1.Substring(0).Trim() @@ -245,7 +247,7 @@ function ListDrivers($str) } $DriverScanCompletedMessage = "Completed scan. List of Compatible Modules can be found at " + $LogFile - LogAndConsole $DriverScanCompletedMessage + LogAndConsole $DriverScanCompletedMessage if($FailingModules.Length -gt 0 -or $FailingExecuteWriteCheck.Length -gt 0 ) { @@ -254,7 +256,7 @@ function ListDrivers($str) { LogAndConsoleError $WarningMessage } - else + else { LogAndConsoleWarning $WarningMessage } @@ -321,7 +323,7 @@ function ListSummary() } else { - LogAndConsoleSuccess "Machine is Device Guard / Credential Guard Ready.`n" + LogAndConsoleSuccess "Machine is Device Guard / Credential Guard Ready.`n" if(!$HVCI -and !$DG) { ExecuteCommandAndLog 'REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "CG_Capable" /t REG_DWORD /d 2 /f ' @@ -336,56 +338,56 @@ function ListSummary() function Instantiate-Kernel32 { - try + try { Add-Type -TypeDefinition @" using System; using System.Diagnostics; using System.Runtime.InteropServices; - + public static class Kernel32 { [DllImport("kernel32", SetLastError=true, CharSet = CharSet.Ansi)] public static extern IntPtr LoadLibrary( [MarshalAs(UnmanagedType.LPStr)]string lpFileName); - + [DllImport("kernel32", CharSet=CharSet.Ansi, ExactSpelling=true, SetLastError=true)] public static extern IntPtr GetProcAddress( IntPtr hModule, string procName); } - + "@ } catch { - Log $_.Exception.Message + Log $_.Exception.Message LogAndConsole "Instantiate-Kernel32 failed" } } function Instantiate-HSTI { - try + try { Add-Type -TypeDefinition @" using System; using System.Diagnostics; using System.Runtime.InteropServices; using System.Net; - + public static class HstiTest3 { [DllImport("hstitest.dll", CharSet = CharSet.Unicode)] - public static extern int QueryHSTIdetails( - ref HstiOverallError pHstiOverallError, + public static extern int QueryHSTIdetails( + ref HstiOverallError pHstiOverallError, [In, Out] HstiProviderErrorDuple[] pHstiProviderErrors, ref uint pHstiProviderErrorsCount, byte[] hstiPlatformSecurityBlob, ref uint pHstiPlatformSecurityBlobBytes); [DllImport("hstitest.dll", CharSet = CharSet.Unicode)] - public static extern int QueryHSTI(ref bool Pass); - + public static extern int QueryHSTI(ref bool Pass); + [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct HstiProviderErrorDuple { @@ -397,7 +399,7 @@ function Instantiate-HSTI { [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 4096)] internal string ErrorString; } - + [FlagsAttribute] public enum HstiProviderErrors : int { @@ -425,8 +427,8 @@ function Instantiate-HSTI { BlobVersionMismatch = 0x00000080, PlatformSecurityVersionMismatch = 0x00000100, ProviderError = 0x00000200 - } - + } + } "@ @@ -434,9 +436,9 @@ function Instantiate-HSTI { $FuncHandle = [Kernel32]::GetProcAddress($LibHandle, "QueryHSTIdetails") $FuncHandle2 = [Kernel32]::GetProcAddress($LibHandle, "QueryHSTI") - if ([System.IntPtr]::Size -eq 8) + if ([System.IntPtr]::Size -eq 8) { - #assuming 64 bit + #assuming 64 bit Log "`nKernel32::LoadLibrary 64bit --> 0x$("{0:X16}" -f $LibHandle.ToInt64())" Log "HstiTest2::QueryHSTIdetails 64bit --> 0x$("{0:X16}" -f $FuncHandle.ToInt64())" } @@ -450,7 +452,7 @@ function Instantiate-HSTI { $hr = [HstiTest3]::QueryHSTIdetails([ref] $overallError, $null, [ref] $providerErrorDupleCount, $null, [ref] $blobByteSize) [byte[]]$blob = New-Object byte[] $blobByteSize - [HstiTest3+HstiProviderErrorDuple[]]$providerErrors = New-Object HstiTest3+HstiProviderErrorDuple[] $providerErrorDupleCount + [HstiTest3+HstiProviderErrorDuple[]]$providerErrors = New-Object HstiTest3+HstiProviderErrorDuple[] $providerErrorDupleCount $hr = [HstiTest3]::QueryHSTIdetails([ref] $overallError, $providerErrors, [ref] $providerErrorDupleCount, $blob, [ref] $blobByteSize) $string = $null $blob | foreach { $string = $string + $_.ToString("X2")+"," } @@ -479,7 +481,7 @@ function Instantiate-HSTI { LogAndConsoleError $ErrorMessage $DGVerifyCrit.AppendLine($ErrorMessage) | Out-Null } - else + else { LogAndConsoleWarning $ErrorMessage $DGVerifyWarn.AppendLine("HSTI is absent") | Out-Null @@ -487,9 +489,9 @@ function Instantiate-HSTI { } } - catch + catch { - LogAndConsoleError $_.Exception.Message + LogAndConsoleError $_.Exception.Message LogAndConsoleError "Instantiate-HSTI failed" } } @@ -613,10 +615,10 @@ function ExecuteCommandAndLog($_cmd) $CmdOutput = Invoke-Expression $_cmd | Out-String Log "Output: $CmdOutput" } - catch + catch { Log "Exception while exectuing $_cmd" - Log $_.Exception.Message + Log $_.Exception.Message } @@ -676,7 +678,7 @@ function CheckDriverCompat verifier.exe /flags 0x02000000 /all /log.code_integrity LogAndConsole "Enabling Driver Verifier and Rebooting system" - Log $verifier_state + Log $verifier_state LogAndConsole "Please re-execute this script after reboot...." if($AutoReboot) { @@ -692,7 +694,7 @@ function CheckDriverCompat else { LogAndConsole "Driver verifier already enabled" - Log $verifier_state + Log $verifier_state ListDrivers($verifier_state.Trim().ToLowerInvariant()) } } @@ -700,23 +702,23 @@ function IsDomainController { $_isDC = 0 $CompConfig = Get-WmiObject Win32_ComputerSystem - foreach ($ObjItem in $CompConfig) + foreach ($ObjItem in $CompConfig) { $Role = $ObjItem.DomainRole Log "Role=$Role" - Switch ($Role) + Switch ($Role) { 0 { Log "Standalone Workstation" } 1 { Log "Member Workstation" } 2 { Log "Standalone Server" } 3 { Log "Member Server" } - 4 + 4 { Log "Backup Domain Controller" $_isDC=1 break } - 5 + 5 { Log "Primary Domain Controller" $_isDC=1 @@ -735,7 +737,7 @@ function CheckOSSKU Log "OSNAME:$osname" $SKUarray = @("Enterprise", "Education", "IoT", "Windows Server", "Pro", "Home") $HLKAllowed = @("microsoft windows 10 pro") - foreach ($SKUent in $SKUarray) + foreach ($SKUent in $SKUarray) { if($osname.ToString().Contains($SKUent.ToLower())) { @@ -762,7 +764,7 @@ function CheckOSSKU } ExecuteCommandAndLog 'REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "OSSKU" /t REG_DWORD /d 2 /f ' } - else + else { LogAndConsoleError "This PC edition is Unsupported for Device Guard" $DGVerifyCrit.AppendLine("OS SKU unsupported") | Out-Null @@ -773,14 +775,14 @@ function CheckOSSKU function CheckOSArchitecture { $OSArch = $(gwmi win32_operatingsystem).OSArchitecture.ToLower() - Log $OSArch - if($OSArch.Contains("64-bit")) + Log $OSArch + if($OSArch -match ("^64\-?\s?bit")) { - LogAndConsoleSuccess "64 bit archictecture" + LogAndConsoleSuccess "64 bit architecture" } - elseif($OSArch.Contains("32-bit")) + elseif($OSArch -match ("^32\-?\s?bit")) { - LogAndConsoleError "32 bit archictecture" + LogAndConsoleError "32 bit architecture" $DGVerifyCrit.AppendLine("32 Bit OS, OS Architecture failure.") | Out-Null } else @@ -878,7 +880,7 @@ function CheckTPM function CheckSecureMOR { $isSecureMOR = CheckDGFeatures(4) - Log "isSecureMOR= $isSecureMOR " + Log "isSecureMOR= $isSecureMOR " if($isSecureMOR -eq 1) { LogAndConsoleSuccess "Secure MOR is available" @@ -904,7 +906,7 @@ function CheckSecureMOR function CheckNXProtection { $isNXProtected = CheckDGFeatures(5) - Log "isNXProtected= $isNXProtected " + Log "isNXProtected= $isNXProtected " if($isNXProtected -eq 1) { LogAndConsoleSuccess "NX Protector is available" @@ -921,7 +923,7 @@ function CheckNXProtection function CheckSMMProtection { $isSMMMitigated = CheckDGFeatures(6) - Log "isSMMMitigated= $isSMMMitigated " + Log "isSMMMitigated= $isSMMMitigated " if($isSMMMitigated -eq 1) { LogAndConsoleSuccess "SMM Mitigation is available" @@ -938,15 +940,15 @@ function CheckSMMProtection function CheckHSTI { LogAndConsole "Copying HSTITest.dll" - try + try { $HSTITest_Decoded = [System.Convert]::FromBase64String($HSTITest_Encoded) [System.IO.File]::WriteAllBytes("$env:windir\System32\hstitest.dll",$HSTITest_Decoded) } - catch + catch { - LogAndConsole $_.Exception.Message + LogAndConsole $_.Exception.Message LogAndConsole "Copying and loading HSTITest.dll failed" } @@ -959,7 +961,7 @@ function PrintToolVersion LogAndConsole "" LogAndConsole "###########################################################################" LogAndConsole "" - LogAndConsole "Readiness Tool Version 3.7.1 Release. `nTool to check if your device is capable to run Device Guard and Credential Guard." + LogAndConsole "Readiness Tool Version 3.7.2 Release. `nTool to check if your device is capable to run Device Guard and Credential Guard." LogAndConsole "" LogAndConsole "###########################################################################" LogAndConsole "" @@ -1030,7 +1032,7 @@ if(!($Ready) -and !($Capable) -and !($Enable) -and !($Disable) -and !($Clear) -a } $user = [Security.Principal.WindowsIdentity]::GetCurrent(); -$TestForAdmin = (New-Object Security.Principal.WindowsPrincipal $user).IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator) +$TestForAdmin = (New-Object Security.Principal.WindowsPrincipal $user).IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator) if(!$TestForAdmin) { @@ -1065,7 +1067,7 @@ if($Ready) { Log "_CGState: $_CGState" PrintCGDetails $_CGState - + if($_CGState) { ExecuteCommandAndLog 'REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "CG_Running" /t REG_DWORD /d 1 /f' @@ -1077,28 +1079,28 @@ if($Ready) } elseif($DG) { - Log "_HVCIState: $_HVCIState, _ConfigCIState: $_ConfigCIState" + Log "_HVCIState: $_HVCIState, _ConfigCIState: $_ConfigCIState" PrintHVCIDetails $_HVCIState - PrintConfigCIDetails $_ConfigCIState + PrintConfigCIDetails $_ConfigCIState if($_ConfigCIState -and $_HVCIState) { LogAndConsoleSuccess "HVCI, and Config-CI are enabled and running." - + ExecuteCommandAndLog 'REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "DG_Running" /t REG_DWORD /d 1 /f' } else { LogAndConsoleWarning "Not all services are running." - + ExecuteCommandAndLog 'REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Capabilities\" /v "DG_Running" /t REG_DWORD /d 0 /f' } } - else + else { - Log "_CGState: $_CGState, _HVCIState: $_HVCIState, _ConfigCIState: $_ConfigCIState" - + Log "_CGState: $_CGState, _HVCIState: $_HVCIState, _ConfigCIState: $_ConfigCIState" + PrintCGDetails $_CGState PrintHVCIDetails $_HVCIState PrintConfigCIDetails $_ConfigCIState @@ -1147,7 +1149,7 @@ if($Enable) { ExecuteCommandAndLog 'REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "HypervisorEnforcedCodeIntegrity" /t REG_DWORD /d 1 /f' } - else + else { ExecuteCommandAndLog 'REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 1 /f' ExecuteCommandAndLog 'REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 0 /f' @@ -1158,8 +1160,8 @@ if($Enable) { if(!$HVCI -and !$CG) { - if(!$SIPolicyPath) - { + if(!$SIPolicyPath) + { Log "Writing Decoded SIPolicy.p7b" $SIPolicy_Decoded = [System.Convert]::FromBase64String($SIPolicy_Encoded) [System.IO.File]::WriteAllBytes("$env:windir\System32\CodeIntegrity\SIPolicy.p7b",$SIPolicy_Decoded) @@ -1182,7 +1184,7 @@ if($Enable) if(!$_isRedstone) { LogAndConsole "OS Not Redstone, enabling IsolatedUserMode separately" - #Enable/Disable IOMMU seperately + #Enable/Disable IOMMU separately ExecuteCommandAndLog 'DISM.EXE /Online /Enable-Feature:IsolatedUserMode /NoRestart' } $CmdOutput = DISM.EXE /Online /Enable-Feature:Microsoft-Hyper-V-Hypervisor /All /NoRestart | Out-String @@ -1251,7 +1253,7 @@ if($Disable) if(!$_isRedstone) { LogAndConsole "OS Not Redstone, disabling IsolatedUserMode separately" - #Enable/Disable IOMMU seperately + #Enable/Disable IOMMU separately ExecuteCommandAndLog 'DISM.EXE /Online /disable-Feature /FeatureName:IsolatedUserMode /NoRestart' } $CmdOutput = DISM.EXE /Online /disable-Feature /FeatureName:Microsoft-Hyper-V-Hypervisor /NoRestart | Out-String @@ -1270,7 +1272,7 @@ if($Disable) } #set of commands to run SecConfig.efi to delete UEFI variables if were set in pre OS - #these steps can be performed even if the UEFI variables were not set - if not set it will lead to No-Op but this can be run in general always + #these steps can be performed even if the UEFI variables were not set - if not set it will lead to No-Op but this can be run in general always #this requires a reboot and accepting the prompt in the Pre-OS which is self explanatory in the message that is displayed in pre-OS $FreeDrive = ls function:[s-z]: -n | ?{ !(test-path $_) } | random Log "FreeDrive=$FreeDrive" @@ -1314,7 +1316,7 @@ if($Capable) } $_StepCount = 1 if(!$CG) - { + { LogAndConsole " ====================== Step $_StepCount Driver Compat ====================== " $_StepCount++ CheckDriverCompat @@ -1323,15 +1325,15 @@ if($Capable) LogAndConsole " ====================== Step $_StepCount Secure boot present ====================== " $_StepCount++ CheckSecureBootState - + if(!$HVCI -and !$DG -and !$CG) - { + { #check only if sub-options are absent LogAndConsole " ====================== Step $_StepCount MS UEFI HSTI tests ====================== " $_StepCount++ CheckHSTI } - + LogAndConsole " ====================== Step $_StepCount OS Architecture ====================== " $_StepCount++ CheckOSArchitecture @@ -1345,11 +1347,11 @@ if($Capable) CheckVirtualization if(!$HVCI -and !$DG) - { + { LogAndConsole " ====================== Step $_StepCount TPM version ====================== " $_StepCount++ CheckTPM - + LogAndConsole " ====================== Step $_StepCount Secure MOR ====================== " $_StepCount++ CheckSecureMOR @@ -1358,11 +1360,11 @@ if($Capable) LogAndConsole " ====================== Step $_StepCount NX Protector ====================== " $_StepCount++ CheckNXProtection - + LogAndConsole " ====================== Step $_StepCount SMM Mitigation ====================== " $_StepCount++ CheckSMMProtection - + LogAndConsole " ====================== End Check ====================== " LogAndConsole " ====================== Summary ====================== " @@ -1371,7 +1373,6 @@ if($Capable) } - # SIG # Begin signature block ## REPLACE # SIG # End signature block diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 20e50b5d3a..0f6cbee626 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -63,7 +63,7 @@ The Windows Hello for Business deployment depends on an enterprise public key in Key trust deployments do not need client issued certificates for on-premises authentication. Active Directory user accounts are automatically configured for public key mapping by Azure AD Connect synchronizing the public key of the registered Windows Hello for Business credential to an attribute on the user's Active Directory object. -The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party enterprise certification authority. The detailed requirements for the Domain Controller certificate are shown below. +The minimum required Enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party Enterprise certification authority. The requirements for the domain controller certificate are shown below. For more details, see [Requirements for domain controller certificates from a third-party CA](https://support.microsoft.com/help/291010/requirements-for-domain-controller-certificates-from-a-third-party-ca). * The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL. * The certificate Subject section should contain the directory path of the server object (the distinguished name). @@ -71,7 +71,7 @@ The minimum required enterprise certificate authority that can be used with Wind * Optionally, the certificate Basic Constraints section should contain: [Subject Type=End Entity, Path Length Constraint=None]. * The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1), and KDC Authentication (1.3.6.1.5.2.3.5). * The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name. -* The certificate template must have an extension that has the BMP data value "DomainController". +* The certificate template must have an extension that has the value "DomainController", encoded as a [BMPstring](https://docs.microsoft.com/windows/win32/seccertenroll/about-bmpstring). If you are using Windows Server Enterprise Certificate Authority, this extension is already included in the domain controller certificate template. * The domain controller certificate must be installed in the local computer's certificate store. diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index 3fc752f3ca..1e2b9fade3 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -145,8 +145,8 @@ This table provides info about the most common problems you might encounter whil > [!NOTE] > When corporate data is written to disk, WIP uses the Windows-provided Encrypting File System (EFS) to protect it and associate it with your enterprise identity. One caveat to keep in mind is that the Preview Pane in File Explorer will not work for encrypted files. -> [!NOTE] -> Chromium-based versions of Microsoft Edge (versions since 79) don't fully support WIP yet. The functionality could be partially enabled by going to the local page **edge://flags/#edge-dataprotection** and setting the **Windows Information Protection** flag to **enabled**. + + > [!NOTE] > Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to our content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md index d9b5265f75..a7f80d6745 100644 --- a/windows/security/threat-protection/auditing/event-4624.md +++ b/windows/security/threat-protection/auditing/event-4624.md @@ -230,7 +230,7 @@ This event generates when a logon session is created (on destination machine). I **Network Information:** -- **Workstation Name** \[Type = UnicodeString\]**:** machine name from which logon attempt was performed. +- **Workstation Name** \[Type = UnicodeString\]**:** machine name to which logon attempt was performed. - **Source Network Address** \[Type = UnicodeString\]**:** IP address of machine from which logon attempt was performed. diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md index 3c7b1fa724..531278a14a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md @@ -76,7 +76,7 @@ Create custom rules to control when alerts are suppressed, or resolved. You can * URL - wildcard supported * Command line - wildcard supported -3. Select the **Trigerring IOC**. +3. Select the **Triggering IOC**. 4. Specify the action and scope on the alert.
You can automatically resolve an alert or hide it from the portal. Alerts that are automatically resolved will appear in the resolved section of the alerts queue, alert page, and machine timeline and will appear as resolved across Microsoft Defender ATP APIs.

Alerts that are marked as hidden will be suppressed from the entire system, both on the machine's associated alerts and from the dashboard and will not be streamed across Microsoft Defender ATP APIs. diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md index e29bf3379b..1f798a3ece 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md @@ -40,7 +40,7 @@ For more information about onboarding methods, see the following articles: - [Onboard servers to the Microsoft Defender ATP service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-2008-r2-sp1--windows-server-2012-r2-and-windows-server-2016) - [Configure machine proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#configure-the-proxy-server-manually-using-a-registry-based-static-proxy) -## On-premise machines +## On-premises machines - Setup Azure Log Analytics (formerly known as OMS Gateway) to act as proxy or hub: - [Azure Log Analytics Agent](https://docs.microsoft.com/azure/azure-monitor/platform/gateway#download-the-log-analytics-gateway) diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md index c2a4429c26..3e320c90a9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md @@ -144,6 +144,9 @@ Appendix section in this document for the URLs Whitelisting or on [Microsoft Docs](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server). +> [!NOTE] +> For a detailed list of URLs that need to be whitelisted, please see [this article](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus). + **Manual static proxy configuration:** - Registry based configuration diff --git a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md index e361acf1d9..c07cb74837 100644 --- a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md +++ b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md @@ -82,7 +82,7 @@ When a local setting is greyed out, it indicates that a GPO currently controls t ### Command-line tools -This setting can be used in conjunction with a symbolic link file system setting that can be manipulated with the command-line tool to control the kinds of symlinks that are allowed on the device. For more info, type **fsutil behavior set symlinkevalution /?** at the command prompt. +This setting can be used in conjunction with a symbolic link file system setting that can be manipulated with the command-line tool to control the kinds of symlinks that are allowed on the device. For more info, type **fsutil behavior set symlinkevaluation /?** at the command prompt. ## Security considerations diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md index 3aa61ca9b4..1c74391497 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 06/27/2019 +ms.date: 05/29/2020 --- # Domain member: Maximum machine account password age @@ -42,8 +42,7 @@ For more information, see [Machine Account Password Process](https://techcommuni ### Best practices -1. We recommend that you set **Domain member: Maximum machine account password age** to about 30 days. Setting the value to fewer days can increase replication and affect domain controllers. For example, in Windows NT domains, machine passwords were changed every 7 days. The additional replication churn would affect domain controllers in large organizations that have many computers or slow links between sites. -2. Some organizations pre-build computers and then store them for later use or ship them to remote locations. When a computer is turned on after being offline more than 30 days, the Netlogon service notices the password age and initiates a secure channel to a domain controller to change it. If the secure channel cannot be established, the computer does not authenticate with the domain. For this reason, some organizations might want to create a special organizational unit (OU) for computers that are prebuilt, and then configure the value for this policy setting to a greater number of days. +We recommend that you set **Domain member: Maximum machine account password age** to about 30 days. Setting the value to fewer days can increase replication and affect domain controllers. For example, in Windows NT domains, machine passwords were changed every 7 days. The additional replication churn would affect domain controllers in large organizations that have many computers or slow links between sites. ### Location diff --git a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md index e702402c80..ebb66d445a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md @@ -14,7 +14,7 @@ author: jsuther1974 ms.reviewer: isbrahm ms.author: dansimp manager: dansimp -ms.date: 05/14/2019 +ms.date: 05/29/2020 --- # Manage Packaged Apps with Windows Defender Application Control @@ -65,8 +65,10 @@ Below are the list of steps you can follow to block one or more packaged apps in 1. Get the app identifier for an installed package ```powershell - $package = Get-AppxPackage -name + $package = Get-AppxPackage -name ** ``` + Where the name of the app is surrounded by asterisks, for example *windowsstore* + 2. Make a rule by using the New-CIPolicyRule cmdlet ```powershell @@ -119,9 +121,9 @@ If the app you intend to block is not installed on the system you are using the 3. Copy the GUID in the URL for the app - Example: the GUID for the Microsoft To-Do app is 9nblggh5r558 - - https://www.microsoft.com/p/microsoft-to-do-list-task-reminder/9nblggh5r558?activetab=pivot:overviewtab + - `https://www.microsoft.com/p/microsoft-to-do-list-task-reminder/9nblggh5r558?activetab=pivot:overviewtab` 4. Use the GUID in the following REST query URL to retrieve the identifiers for the app - - Example: for the Microsoft To-Do app, the URL would be https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9nblggh5r558/applockerdata + - Example: for the Microsoft To-Do app, the URL would be `https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9nblggh5r558/applockerdata` - The URL will return: ``` @@ -141,4 +143,4 @@ The method for allowing specific packaged apps is similar to the method outlined $Rule = New-CIPolicyRule -Package $package -allow ``` -Since a lot of system apps are packaged apps, it is generally advised that customers rely on the sample policies in C:\Windows\schemas\CodeIntegrity\ExamplePolicies to help allow all inbox apps by the Store signature already included in the policies and control apps with deny rules. +Since a lot of system apps are packaged apps, it is generally advised that customers rely on the sample policies in `C:\Windows\schemas\CodeIntegrity\ExamplePolicies` to help allow all inbox apps by the Store signature already included in the policies and control apps with deny rules. diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md index 02dad7adfd..7f723913e2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md @@ -14,7 +14,7 @@ author: denisebmsft ms.reviewer: isbrahm ms.author: deniseb manager: dansimp -ms.date: 04/15/2020 +ms.date: 05/26/2020 ms.custom: asr --- @@ -43,12 +43,12 @@ Windows 10 includes two technologies that can be used for application control de ## In this section -| Topic | Description | -| - | - | -| [WDAC and AppLocker Overview](plan-windows-defender-application-control-management.md) | This topic describes the decisions you need to make to establish the processes for managing and maintaining WDAC policies. | -| [WDAC and AppLocker Feature Availability](understand-windows-defender-application-control-policy-design-decisions.md) | This topic lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies. | +| Article | Description | +| --- | --- | +| [WDAC and AppLocker Overview](wdac-and-applocker-overview.md) | This article describes the decisions you need to make to establish the processes for managing and maintaining WDAC policies. | +| [WDAC and AppLocker Feature Availability](feature-availability.md) | This article lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies. | -## See also +## Related articles - [WDAC design guide](windows-defender-application-control-design-guide.md) - [WDAC deployment guide](windows-defender-application-control-deployment-guide.md) diff --git a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md index 7826641e1f..5020c63596 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb -ms.date: 10/17/2017 +ms.date: 05/27/2020 ms.reviewer: manager: dansimp ms.custom: asr @@ -53,9 +53,9 @@ These settings, located at **Computer Configuration\Administrative Templates\Win |Name|Supported versions|Description|Options| |-----------|------------------|-----------|-------| |Configure Windows Defender Application Guard clipboard settings|Windows 10 Enterprise, 1709 or higher

Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:
-Disable the clipboard functionality completely when Virtualization Security is enabled.
- Enable copying of certain content from Application Guard into Microsoft Edge.
- Enable copying of certain content from Microsoft Edge into Application Guard. **Important:** Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.

**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.| -|Configure Windows Defender Application Guard print settings|Windows 10 Enterprise, 1709 or higher

Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:
- Enable Application Guard to print into the XPS format.
- Enable Application Guard to print into the PDF format.
- Enable Application Guard to print to locally attached printers.
- Enable Application Guard to print from previously connected network printers. Employees can't search for additional printers.

**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.| -|Block enterprise websites to load non-enterprise content in IE and Edge|Windows 10 Enterprise, 1709 or higher|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container. **Note:** This may also block assets cached by CDNs and references to analytics sites. Please add them to the trusted enterprise resources to avoid broken pages.

**Disabled or not configured.** Prevents Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard. | -|Allow Persistence|Windows 10 Enterprise, 1709 or higher

Windows 10 Pro, 1803 or higher|Determines whether data persists across different sessions in Windows Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.

**Disabled or not configured.** All user data within Application Guard is reset between sessions.

**Note**
If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.
**To reset the container:**
1. Open a command-line program and navigate to `Windows/System32`.
2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.
3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.| +|Configure Windows Defender Application Guard print settings|Windows 10 Enterprise, 1709 or higher

Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:
- Enable Application Guard to print into the XPS format.
- Enable Application Guard to print into the PDF format.
- Enable Application Guard to print to locally attached printers.
- Enable Application Guard to print from previously connected network printers. Employees can't search for additional printers.

**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.

**Note**
Network printers must be published by Active Directory to work in Application Guard.| +|Block enterprise websites to load non-enterprise content in IE and Edge|Windows 10 Enterprise, 1709 or higher|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container. **Note:** This may also block assets cached by CDNs and references to analytics sites. Please add them to the trusted enterprise resources to avoid broken pages.

**Disabled or not configured.** Prevents Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard.

**Note**
This policy is no longer supported in the 2004 update and later.| +|Allow Persistence|Windows 10 Enterprise, 1709 or higher

Windows 10 Pro, 1803 or higher|Determines whether data persists across different sessions in Windows Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.

**Disabled or not configured.** All user data within Application Guard is reset between sessions.

**Note**
If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.

**To reset the container:**
1. Open a command-line program and navigate to `Windows/System32`.
2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.
3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.| |Turn on Windows Defender Application Guard in Managed Mode|Windows 10 Enterprise, 1809 or higher|Determines whether to turn on Application Guard for Microsoft Edge and Microsoft Office.|**Enabled.** Turns on Application Guard for Microsoft Edge and/or Microsoft Office, honoring the network isolation settings, rendering non-enterprise domains in the Application Guard container. Be aware that Application Guard won't actually be turned On unless the required prerequisites and network isolation settings are already set on the device. Available options:
- Enable Windows Defender Application Guard only for Microsoft Edge
- Enable Windows Defender Application Guard only for Microsoft Office
- Enable Windows Defender Application Guard for both Microsoft Edge and Microsoft Office

**Disabled.** Turns Off Application Guard, allowing all apps to run in Microsoft Edge and Microsoft Office.| |Allow files to download to host operating system|Windows 10 Enterprise, 1803 or higher|Determines whether to save downloaded files to the host operating system from the Windows Defender Application Guard container.|**Enabled.** Allows users to save downloaded files from the Windows Defender Application Guard container to the host operating system.

**Disabled or not configured.** Users are not able to saved downloaded files from Application Guard to the host operating system.| |Allow hardware-accelerated rendering for Windows Defender Application Guard|Windows 10 Enterprise, 1803 or higher

Windows 10 Pro, 1803 or higher|Determines whether Windows Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** Windows Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Windows Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Windows Defender Application Guard will automatically revert to software-based (CPU) rendering. **Important:** Be aware that enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.

**Disabled or not configured.** Windows Defender Application Guard uses software-based (CPU) rendering and won’t load any third-party graphics drivers or interact with any connected graphics hardware.| diff --git a/windows/security/threat-protection/windows-security-baselines.md b/windows/security/threat-protection/windows-security-baselines.md index 1c44d0d42f..a0f657a331 100644 --- a/windows/security/threat-protection/windows-security-baselines.md +++ b/windows/security/threat-protection/windows-security-baselines.md @@ -22,6 +22,7 @@ ms.reviewer: - Windows 10 - Windows Server - Microsoft 365 Apps for enterprise +- Microsoft Edge ## Using security baselines in your organization diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md index 5da24d91f6..e231fecb9a 100644 --- a/windows/whats-new/whats-new-windows-10-version-2004.md +++ b/windows/whats-new/whats-new-windows-10-version-2004.md @@ -40,7 +40,7 @@ With this improvement, the OS can detect a higher level of SMM compliance, enabl ![System Guard](images/system-guard2.png) -### Widows Defender Application Guard +### Windows Defender Application Guard [Windows Defender Application Guard](https://docs.microsoft.com/deployedge/microsoft-edge-security-windows-defender-application-guard) has been available for Chromium-based Edge since early 2020.
- + Read what's new in Windows 10
What's New?