From 0fb1f3a6d086c2561064575f86cb32c6f99f9792 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Wed, 19 Jul 2023 15:59:08 -0700 Subject: [PATCH 001/219] draft new deploy hub --- windows/deployment/index.yml | 231 ++++++++++++++++++++++------------- 1 file changed, 146 insertions(+), 85 deletions(-) diff --git a/windows/deployment/index.yml b/windows/deployment/index.yml index c2e2672c36..5c0c980f84 100644 --- a/windows/deployment/index.yml +++ b/windows/deployment/index.yml @@ -1,106 +1,167 @@ -### YamlMime:Landing +### YamlMime:Hub -title: Windows client deployment resources and documentation # < 60 chars -summary: Learn about deploying and keeping Windows client devices up to date. # < 160 chars +title: Windows client deployment documentation # < 60 chars +summary: Learn about deploying and updating Windows client devices in your organization # < 160 chars metadata: - title: Windows client deployment resources and documentation # Required; page title displayed in search results. Include the brand. < 60 chars. - description: Learn about deploying Windows and keeping it up to date in your organization. # Required; article description that is displayed in search results. < 160 chars. - ms.topic: landing-page - ms.technology: itpro-deploy + title: Windows client deployment documentation # Required; page title displayed in search results. Include the brand. < 60 chars. + description: Learn about deploying and updating Windows client devices in your organization. # Required; article description that is displayed in search results. < 160 chars. + ms.topic: hub-page ms.prod: windows-client + ms.technology: itpro-deploy ms.collection: - highpri - tier1 - author: frankroj - ms.author: frankroj - manager: aaroncz - ms.date: 10/31/2022 + author: aczechowski + ms.author: aaroncz + manager: dansimp + ms.date: 07/19/2023 localization_priority: medium # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new -landingContent: -# Cards and links should be based on top customer tasks or top subjects -# Start card title with a verb - # Card (optional) - - title: Plan - linkLists: - - linkListType: overview - links: - - text: Create a deployment plan - url: update/create-deployment-plan.md - - text: Define readiness criteria - url: update/plan-define-readiness.md - - text: Evaluate infrastructure and tools - url: update/eval-infra-tools.md - - text: Define your servicing strategy - url: update/plan-define-strategy.md +# common graphics: https://review.learn.microsoft.com/content-production-service/internal/image-gallery?branch=main - # Card (optional) - - title: Prepare - linkLists: - - linkListType: how-to-guide +productDirectory: + title: Get started + items: + - title: Plan + imageSrc: /media/common/i_overview.svg + links: + - text: Create a deployment plan + url: update/create-deployment-plan.md + - text: Define readiness criteria + url: update/plan-define-readiness.md + - text: Evaluate infrastructure and tools + url: update/eval-infra-tools.md + - text: Define your servicing strategy + url: update/plan-define-strategy.md + + - title: Prepare + imageSrc: media/common/i_tasks.svg + links: + - text: Prepare to deploy Windows updates + url: update/prepare-deploy-windows.md + - text: Prepare updates using Windows Update for Business + url: update/waas-manage-updates-wufb.md + - text: Prepare for Zero Touch Installation of Windows 10 with Configuration Manager + url: deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md + - text: Set up Delivery Optimization for Windows client updates + url: do/index.yml + + + - title: Deploy + imageSrc: /media/common/i_deploy.svg + links: + - text: Deploy Windows with Autopilot + url: /mem/autopilot + - text: Assign devices to servicing channels + url: update/waas-servicing-channels-windows-10-updates.md + - text: Deploy Windows updates with Configuration Manager + url: update/deploy-updates-configmgr.md + +additionalContent: + sections: + - title: Solutions + items: + + - title: Windows Autopilot links: - - text: Prepare to deploy Windows updates - url: update/prepare-deploy-windows.md - - text: Prepare updates using Windows Update for Business + - text: Overview + url: /mem/autopilot/windows-autopilot + - text: Scenarios + url: /mem/autopilot/tutorial/autopilot-scenarios + - text: Device registration + url: /mem/autopilot/registration-overview + - text: Learn more about Windows Autopilot > + url: /mem/autopilot + + - title: Windows Autopatch + links: + - text: What is Windows Autopatch? + url: windows-autopatch/overview/windows-autopatch-overview.md + - text: Frequently asked questions (FAQ) + url: windows-autopatch/overview/windows-autopatch-faq.yml + - text: Prerequisites + url: windows-autopatch/prepare/windows-autopatch-prerequisites.md + - text: Learn more about Windows Autopatch > + url: windows-autopatch/index.yml + + - title: Windows Update for Business + links: + - text: What is Windows Update for Business? url: update/waas-manage-updates-wufb.md - - text: Prepare for Zero Touch Installation of Windows 10 with Configuration Manager - url: deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md - - text: Set up Delivery Optimization for Windows client updates + - text: Windows Update for Business deployment service + url: update/deployment-service-overview.md + - text: Manage additional Windows Update settings + url: update/waas-wu-settings.md + - text: Windows Update for Business reports overview + url: update/wufb-reports-overview.md + + - title: Optimize and cache content + links: + - text: What is Delivery Optimization? + url: do/waas-delivery-optimization.md + - text: What is Microsoft Connected Cache? + url: do/waas-microsoft-connected-cache.md + - text: Frequently asked questions + url: do/waas-delivery-optimization-faq.yml + - text: Learn more about Delivery Optimization > url: do/index.yml - # Card (optional) - - title: Deploy - linkLists: - - linkListType: deploy + - title: In-place upgrade and imaging links: - - text: Deploy Windows 10 with Autopilot - url: /mem/autopilot - - text: Assign devices to servicing channels - url: update/waas-servicing-channels-windows-10-updates.md - - text: Deploy Windows updates with Configuration Manager - url: update/deploy-updates-configmgr.md - - # Card - - title: Overview - linkLists: - - linkListType: overview - links: - - text: What's new in Windows deployment - url: deploy-whats-new.md - - text: Windows 11 overview - url: /windows/whats-new/windows-11 - - text: Windows client deployment scenarios - url: windows-10-deployment-scenarios.md - - text: Basics of Windows updates, channels, and tools - url: update/get-started-updates-channels-tools.md - - text: Overview of Windows Autopilot - url: /mem/autopilot/windows-autopilot + - text: Upgrade Windows using Configuration Manager + url: deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md + - text: Deploy a Windows image using Configuration Manager + url: deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md + - text: Convert a disk from MBR to GPT + url: mbr-to-gpt.md + - text: Resolve Windows upgrade errors + url: upgrade/resolve-windows-10-upgrade-errors.md - # Card - - title: Support remote work - linkLists: - - linkListType: concept + - title: Licensing and activation links: - - text: Deploy Windows 10 for a remote world - url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/deploying-a-new-version-of-windows-10-in-a-remote-world/ba-p/1419846 - - text: Empower remote workers with Microsoft 365 - url: /microsoft-365/solutions/empower-people-to-work-remotely - - text: Top 12 tasks for security teams to support working from home - url: /microsoft-365/security/top-security-tasks-for-remote-work - - text: Support your remote workforce - url: /microsoftteams/faq-support-remote-workforce + - text: Plan for volume activation + url: volume-activation/plan-for-volume-activation-client.md + - text: Subscription activation + url: windows-10-subscription-activation.md + - text: Volume activation management tool (VAMT) + url: volume-activation/introduction-vamt.md + - text: Windows commercial licensing overview + url: /windows/whats-new/windows-licensing - # Card (optional) - - title: Microsoft Learn training - linkLists: - - linkListType: learn + - title: More resources + items: + + - title: Release and lifecycle links: - - text: Plan to deploy updates for Windows 10 and Microsoft 365 Apps - url: /training/modules/windows-plan - - text: Prepare to deploy updates for Windows 10 and Microsoft 365 Apps - url: /training/modules/windows-prepare/ - - text: Deploy updates for Windows 10 and Microsoft 365 Apps - url: /training/modules/windows-deploy + - text: Windows release health dashboard + url: /windows/release-health + - text: Windows client features lifecycle + url: /windows/whats-new/feature-lifecycle + - text: Lifecycle FAQ - Windows + url: /lifecycle/faq/windows + + - title: Windows hardware + links: + - text: Download and install the Windows ADK + url: /windows-hardware/get-started/adk-install +# - text: +# url: +# - text: +# url: +# - text: +# url: + +# - title: Release and lifecycle +# links: +# - text: Windows release health dashboard +# url: /windows/release-health +# - text: +# url: +# - text: +# url: +# - text: +# url: + From 28cc64d17523c081a539f3c564414e074c3dafa3 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Mon, 24 Jul 2023 18:05:01 -0700 Subject: [PATCH 002/219] fix broken image --- windows/deployment/index.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/deployment/index.yml b/windows/deployment/index.yml index 5c0c980f84..304cd2990e 100644 --- a/windows/deployment/index.yml +++ b/windows/deployment/index.yml @@ -1,10 +1,10 @@ ### YamlMime:Hub -title: Windows client deployment documentation # < 60 chars -summary: Learn about deploying and updating Windows client devices in your organization # < 160 chars +title: Deploy and update Windows # < 60 chars; shows at top of hub page +summary: Learn about deploying and updating Windows client devices in your organization. # < 160 chars metadata: - title: Windows client deployment documentation # Required; page title displayed in search results. Include the brand. < 60 chars. + title: Windows client deployment documentation # Required; browser tab title displayed in search results. Include the brand. < 60 chars. description: Learn about deploying and updating Windows client devices in your organization. # Required; article description that is displayed in search results. < 160 chars. ms.topic: hub-page ms.prod: windows-client @@ -15,10 +15,8 @@ metadata: author: aczechowski ms.author: aaroncz manager: dansimp - ms.date: 07/19/2023 + ms.date: 07/24/2023 localization_priority: medium - -# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new # common graphics: https://review.learn.microsoft.com/content-production-service/internal/image-gallery?branch=main @@ -38,7 +36,7 @@ productDirectory: url: update/plan-define-strategy.md - title: Prepare - imageSrc: media/common/i_tasks.svg + imageSrc: /media/common/i_tasks.svg links: - text: Prepare to deploy Windows updates url: update/prepare-deploy-windows.md @@ -126,8 +124,10 @@ additionalContent: url: volume-activation/plan-for-volume-activation-client.md - text: Subscription activation url: windows-10-subscription-activation.md - - text: Volume activation management tool (VAMT) + - text: Volume activation management tool (VAMT) url: volume-activation/introduction-vamt.md + - text: Activate using key management service (KMS) + url: volume-activation/activate-using-key-management-service-vamt.md - text: Windows commercial licensing overview url: /windows/whats-new/windows-licensing From 1bd09ea873daa97aa62bd985eaf48e7cef4c56de Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 25 Jul 2023 16:55:23 -0700 Subject: [PATCH 003/219] revise links --- windows/deployment/index.yml | 45 +++++++++++++++++++++++------------- 1 file changed, 29 insertions(+), 16 deletions(-) diff --git a/windows/deployment/index.yml b/windows/deployment/index.yml index 304cd2990e..48e2e6c6f4 100644 --- a/windows/deployment/index.yml +++ b/windows/deployment/index.yml @@ -26,37 +26,50 @@ productDirectory: - title: Plan imageSrc: /media/common/i_overview.svg links: + - text: Plan for Windows 11 + url: /windows/whats-new/windows-11-plan?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json - text: Create a deployment plan url: update/create-deployment-plan.md - text: Define readiness criteria url: update/plan-define-readiness.md - - text: Evaluate infrastructure and tools - url: update/eval-infra-tools.md - text: Define your servicing strategy - url: update/plan-define-strategy.md + url: update/plan-define-strategy.md + - text: Determine application readiness + url: update/plan-determine-app-readiness.md + - text: Plan for volume activation + url: volume-activation/plan-for-volume-activation-client.md - title: Prepare imageSrc: /media/common/i_tasks.svg links: + - text: Prepare for Windows 11 + url: /windows/whats-new/windows-11-prepare?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json - text: Prepare to deploy Windows updates url: update/prepare-deploy-windows.md - text: Prepare updates using Windows Update for Business url: update/waas-manage-updates-wufb.md - - text: Prepare for Zero Touch Installation of Windows 10 with Configuration Manager - url: deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md + - text: Evaluate and update infrastructure + url: update/update-policies.md - text: Set up Delivery Optimization for Windows client updates - url: do/index.yml - + url: do/waas-delivery-optimization-setup.md?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json + - text: Prepare for imaging with Configuration Manager + url: deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md - title: Deploy imageSrc: /media/common/i_deploy.svg links: - text: Deploy Windows with Autopilot - url: /mem/autopilot + url: /mem/autopilot/tutorial/autopilot-scenarios - text: Assign devices to servicing channels url: update/waas-servicing-channels-windows-10-updates.md + - text: Deploy updates with Intune + url: update/deploy-updates-intune.md - text: Deploy Windows updates with Configuration Manager url: update/deploy-updates-configmgr.md + - text: Upgrade Windows using Configuration Manager + url: deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md + - text: Check release health + url: update/check-release-health.md additionalContent: sections: @@ -147,19 +160,19 @@ additionalContent: links: - text: Download and install the Windows ADK url: /windows-hardware/get-started/adk-install -# - text: -# url: + - text: Deployment tools + url: /windows-hardware/manufacture/desktop/boot-and-install-windows # - text: # url: # - text: # url: -# - title: Release and lifecycle -# links: -# - text: Windows release health dashboard -# url: /windows/release-health -# - text: -# url: + - title: Community + links: + - text: Windows IT pro blog + url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog + - text: Windows office hours + url: https://aka.ms/windows/officehours # - text: # url: # - text: From 743ce9df77c9a7af439774d6552f223020f3a056 Mon Sep 17 00:00:00 2001 From: Narkis Engler <41025789+narkissit@users.noreply.github.com> Date: Tue, 7 Nov 2023 15:29:05 -0800 Subject: [PATCH 004/219] Update mcc-enterprise-prerequisites.md add link to EFLOW docs --- windows/deployment/do/mcc-enterprise-prerequisites.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/deployment/do/mcc-enterprise-prerequisites.md b/windows/deployment/do/mcc-enterprise-prerequisites.md index 2fa49f91cc..43df0089f7 100644 --- a/windows/deployment/do/mcc-enterprise-prerequisites.md +++ b/windows/deployment/do/mcc-enterprise-prerequisites.md @@ -36,6 +36,7 @@ ms.date: 05/01/2023 **EFLOW requires Hyper-V support** - On Windows client, enable the Hyper-V feature - On Windows Server, install the Hyper-V role and create a default network switch + - See [EFLOW requirements](/azure/iot-edge/iot-edge-for-linux-on-windows?view=iotedge-1.4#prerequisites) for additional requirements Disk recommendations: - Using an SSD is recommended as cache read speed of SSD is superior to HDD From 017d03d40f9e8f634a1addf24cd2337ba8c92b47 Mon Sep 17 00:00:00 2001 From: Narkis Engler <41025789+narkissit@users.noreply.github.com> Date: Tue, 7 Nov 2023 15:35:32 -0800 Subject: [PATCH 005/219] Update mcc-enterprise-appendix.md clarification on installation on vmware --- windows/deployment/do/mcc-enterprise-appendix.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/deployment/do/mcc-enterprise-appendix.md b/windows/deployment/do/mcc-enterprise-appendix.md index 1192eaf675..d3bc3a6169 100644 --- a/windows/deployment/do/mcc-enterprise-appendix.md +++ b/windows/deployment/do/mcc-enterprise-appendix.md @@ -37,10 +37,9 @@ Most customers choose to install their cache node on a Windows Server with a nes ### Installing on VMware -We've seen that Microsoft Connected Cache for Enterprise and Education can be successfully installed on VMware. To do so, there are a couple of additional configurations to be made: - 1. Ensure that you're using ESX. In the VM settings, turn on the option **Expose hardware assisted virtualization to the guest OS**. -1. Using the Hyper-V Manager, create an external switch. For the external switch to have internet connection, ensure **"Allow promiscuous mode"**, **"Allow forged transmits"**, and **"Allow MAC changes"** are all switched to **Yes**. +1. Microsoft Connected Cache for Enterprise and Education can be successfully installed on VMware. To do so, there are a couple of additional configurations to be made. Please ensure the VM is turned off prior to making the configuration changes: +Using the Hyper-V Manager, create an external switch. For the external switch to have internet connection, ensure **"Allow promiscuous mode"** is switched to **Yes**. ### Installing on Hyper-V @@ -136,4 +135,4 @@ To verify that the Delivery Optimization client can download content using MCC, - [Install Azure IoT Edge for Linux on Windows](/azure/iot-edge/how-to-provision-single-device-linux-on-windows-symmetric#install-iot-edge) - [PowerShell functions for Azure IoT Edge for Linux on Windows](/azure/iot-edge/reference-iot-edge-for-linux-on-windows-functions) - EFLOW FAQ and Support: [Support · Azure/iotedge-eflow Wiki (github.com)](https://github.com/Azure/iotedge-eflow/wiki/Support#how-can-i-apply-updates-to-eflow) -- [Now ready for Production: Linux IoT Edge Modules on Windows - YouTube](https://www.youtube.com/watch?v=pgqVCg6cxVU&ab_channel=MicrosoftIoTDevelopers) \ No newline at end of file +- [Now ready for Production: Linux IoT Edge Modules on Windows - YouTube](https://www.youtube.com/watch?v=pgqVCg6cxVU&ab_channel=MicrosoftIoTDevelopers) From b13fd08db3d75a5e767e5ed4b67ba10f4b09287a Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 8 Nov 2023 07:44:06 -0800 Subject: [PATCH 006/219] dep-mixreal-8412877 --- windows/whats-new/deprecated-features.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index 2e3845bfba..092fdb3496 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -1,7 +1,7 @@ --- title: Deprecated features in the Windows client description: Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11. -ms.date: 11/07/2023 +ms.date: 12/18/2023 ms.prod: windows-client ms.technology: itpro-fundamentals ms.localizationpriority: medium @@ -36,6 +36,7 @@ The features in this article are no longer being actively developed, and might b |Feature | Details and mitigation | Deprecation announced | | --- | --- | --- | +| Windows Mixed Reality | [Windows Mixed Reality](/windows/mixed-reality/enthusiast-guide/before-you-start) is deprecated and might be removed in a future release. This deprecation includes the [Mixed Reality Portal](/windows/mixed-reality/enthusiast-guide/install-windows-mixed-reality) app, and [Windows Mixed Reality for SteamVR](/windows/mixed-reality/enthusiast-guide/using-steamvr-with-windows-mixed-reality) and Steam VR Beta. | November 2023 | | Tips | The Tips app is deprecated and will be removed in a future release of Windows. Content in the app will continue to be updated with information about new Windows features until the app is removed. | November 2023 | | Computer Browser | The Computer Browser driver and service are deprecated. The browser (browser protocol and service) is a dated and insecure device location protocol. This protocol, service, and driver were first disabled by default in Windows 10 with the removal of the SMB1 service. For more information on Computer Browser, see [MS-BRWS Common Internet File System](/openspecs/windows_protocols/ms-brws/3cfbad92-09b3-4abc-808f-c6f6347d5677). | November 2023 | | Webclient (WebDAV) Service | The Webclient (WebDAV) service is deprecated. The Webclient service isn't started by default in Windows. For more information on WebDAV, see [WebDAV - Win32 apps](/windows/win32/webdav/webdav-portal). | November 2023 | From c284a269234cf9a561672dc4d70afb6bac72ee1c Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 8 Nov 2023 07:50:06 -0800 Subject: [PATCH 007/219] dep-mixreal-8412877 --- windows/whats-new/deprecated-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index 092fdb3496..effd231347 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -36,7 +36,7 @@ The features in this article are no longer being actively developed, and might b |Feature | Details and mitigation | Deprecation announced | | --- | --- | --- | -| Windows Mixed Reality | [Windows Mixed Reality](/windows/mixed-reality/enthusiast-guide/before-you-start) is deprecated and might be removed in a future release. This deprecation includes the [Mixed Reality Portal](/windows/mixed-reality/enthusiast-guide/install-windows-mixed-reality) app, and [Windows Mixed Reality for SteamVR](/windows/mixed-reality/enthusiast-guide/using-steamvr-with-windows-mixed-reality) and Steam VR Beta. | November 2023 | +| Windows Mixed Reality | [Windows Mixed Reality](/windows/mixed-reality/enthusiast-guide/before-you-start) is deprecated and might be removed in a future release of Windows. This deprecation includes the [Mixed Reality Portal](/windows/mixed-reality/enthusiast-guide/install-windows-mixed-reality) app, and [Windows Mixed Reality for SteamVR](/windows/mixed-reality/enthusiast-guide/using-steamvr-with-windows-mixed-reality) and Steam VR Beta. | November 2023 | | Tips | The Tips app is deprecated and will be removed in a future release of Windows. Content in the app will continue to be updated with information about new Windows features until the app is removed. | November 2023 | | Computer Browser | The Computer Browser driver and service are deprecated. The browser (browser protocol and service) is a dated and insecure device location protocol. This protocol, service, and driver were first disabled by default in Windows 10 with the removal of the SMB1 service. For more information on Computer Browser, see [MS-BRWS Common Internet File System](/openspecs/windows_protocols/ms-brws/3cfbad92-09b3-4abc-808f-c6f6347d5677). | November 2023 | | Webclient (WebDAV) Service | The Webclient (WebDAV) service is deprecated. The Webclient service isn't started by default in Windows. For more information on WebDAV, see [WebDAV - Win32 apps](/windows/win32/webdav/webdav-portal). | November 2023 | From 394ae3cd0bc8dc6e87255122915c873b9d2f8028 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Wed, 8 Nov 2023 07:53:03 -0800 Subject: [PATCH 008/219] dep-mixreal-8412877 --- windows/whats-new/deprecated-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index effd231347..92815fbb9f 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium author: mestew ms.author: mstewart manager: aaroncz -ms.topic: conceptual +ms.topic: reference ms.collection: - highpri - tier1 From 96dea49d2644c03745a061c184fa1c28d8c436ba Mon Sep 17 00:00:00 2001 From: Narkis Engler <41025789+narkissit@users.noreply.github.com> Date: Wed, 8 Nov 2023 13:12:48 -0800 Subject: [PATCH 009/219] Update windows/deployment/do/mcc-enterprise-appendix.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/do/mcc-enterprise-appendix.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/mcc-enterprise-appendix.md b/windows/deployment/do/mcc-enterprise-appendix.md index d3bc3a6169..e91fea47b8 100644 --- a/windows/deployment/do/mcc-enterprise-appendix.md +++ b/windows/deployment/do/mcc-enterprise-appendix.md @@ -38,7 +38,7 @@ Most customers choose to install their cache node on a Windows Server with a nes ### Installing on VMware 1. Ensure that you're using ESX. In the VM settings, turn on the option **Expose hardware assisted virtualization to the guest OS**. -1. Microsoft Connected Cache for Enterprise and Education can be successfully installed on VMware. To do so, there are a couple of additional configurations to be made. Please ensure the VM is turned off prior to making the configuration changes: +1. Microsoft Connected Cache for Enterprise and Education can be successfully installed on VMware. To do so, there are a couple of additional configurations to be made. Ensure the VM is turned off before making the configuration changes: Using the Hyper-V Manager, create an external switch. For the external switch to have internet connection, ensure **"Allow promiscuous mode"** is switched to **Yes**. ### Installing on Hyper-V From 49e5a30f1a56cf19eeda0ecbdc6b1c6e4c1e11d4 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 13 Nov 2023 15:58:22 -0800 Subject: [PATCH 010/219] tweaks --- windows/whats-new/deprecated-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index 92815fbb9f..22a8e247df 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -36,7 +36,7 @@ The features in this article are no longer being actively developed, and might b |Feature | Details and mitigation | Deprecation announced | | --- | --- | --- | -| Windows Mixed Reality | [Windows Mixed Reality](/windows/mixed-reality/enthusiast-guide/before-you-start) is deprecated and might be removed in a future release of Windows. This deprecation includes the [Mixed Reality Portal](/windows/mixed-reality/enthusiast-guide/install-windows-mixed-reality) app, and [Windows Mixed Reality for SteamVR](/windows/mixed-reality/enthusiast-guide/using-steamvr-with-windows-mixed-reality) and Steam VR Beta. | November 2023 | +| Windows Mixed Reality | [Windows Mixed Reality](/windows/mixed-reality/enthusiast-guide/before-you-start) is deprecated and will be removed in a future release of Windows. This deprecation includes the [Mixed Reality Portal](/windows/mixed-reality/enthusiast-guide/install-windows-mixed-reality) app, and [Windows Mixed Reality for SteamVR](/windows/mixed-reality/enthusiast-guide/using-steamvr-with-windows-mixed-reality) and Steam VR Beta. | December 2023 | | Tips | The Tips app is deprecated and will be removed in a future release of Windows. Content in the app will continue to be updated with information about new Windows features until the app is removed. | November 2023 | | Computer Browser | The Computer Browser driver and service are deprecated. The browser (browser protocol and service) is a dated and insecure device location protocol. This protocol, service, and driver were first disabled by default in Windows 10 with the removal of the SMB1 service. For more information on Computer Browser, see [MS-BRWS Common Internet File System](/openspecs/windows_protocols/ms-brws/3cfbad92-09b3-4abc-808f-c6f6347d5677). | November 2023 | | Webclient (WebDAV) Service | The Webclient (WebDAV) service is deprecated. The Webclient service isn't started by default in Windows. For more information on WebDAV, see [WebDAV - Win32 apps](/windows/win32/webdav/webdav-portal). | November 2023 | From 6b14cc384792ed47710898e7d2ff0681a5ba32fe Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Mon, 4 Dec 2023 21:00:49 -0500 Subject: [PATCH 011/219] Freshness 04-12-2023 --- windows/deployment/index.yml | 2 +- ...rted-with-the-user-state-migration-tool.md | 45 ++++++++++++------- windows/deployment/usmt/usmt-overview.md | 8 ++-- .../usmt-recognized-environment-variables.md | 14 +++--- 4 files changed, 42 insertions(+), 27 deletions(-) diff --git a/windows/deployment/index.yml b/windows/deployment/index.yml index b72aa8d9ad..d19db5c412 100644 --- a/windows/deployment/index.yml +++ b/windows/deployment/index.yml @@ -15,7 +15,7 @@ metadata: author: frankroj ms.author: frankroj manager: aaroncz - ms.date: 10/31/2022 + ms.date: 12/05/2023 localization_priority: medium # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md index 9eebdd0921..a8247916bf 100644 --- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md +++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md @@ -1,5 +1,5 @@ --- -title: User State Migration Tool (USMT) - Getting Started (Windows 10) +title: User State Migration Tool (USMT) - Getting Started description: Plan, collect, and prepare your source computer for migration using the User State Migration Tool (USMT). manager: aaroncz ms.author: frankroj @@ -7,7 +7,7 @@ ms.prod: windows-client author: frankroj ms.topic: article ms.technology: itpro-deploy -ms.date: 11/01/2022 +ms.date: 12/05/2023 --- # Getting started with the User State Migration Tool (USMT) @@ -20,21 +20,29 @@ This article outlines the general process that you should follow to migrate file 1. [Determine What to Migrate](usmt-determine-what-to-migrate.md). Data you might consider migrating includes end-user information, applications settings, operating-system settings, files, folders, and registry keys. -1. Determine where to store data. Depending on the size of your migration store, you can store the data remotely, locally in a hard-link migration store or on a local external storage device, or directly on the destination computer. For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md). +1. Determine where to store data. Depending on the size of your migration store, you can store the data in one of the following locations: -1. Use the `/GenMigXML` command-line option to determine which files will be included in your migration, and to determine whether any modifications are necessary. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md) + - Remotely. + - Locally in a hard-link migration store or on a local external storage device. + - Directly on the destination computer. -1. Modify copies of the `Migration.xml` and `MigDocs.xml` files and create custom .xml files, if it's required. To modify the migration behavior, such as migrating the **Documents** folder but not the **Music** folder, you can create a custom .xml file or modify the rules in the existing migration .xml files. The document finder, or `MigXmlHelper.GenerateDocPatterns` helper function, can be used to automatically find user documents on a computer without creating extensive custom migration .xml files. + For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md). + +1. Use the `/GenMigXML` command-line option to determine which files are included in your migration, and to determine whether any modifications are necessary. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md) + +1. If necessary, modify copies of the `Migration.xml` and `MigDocs.xml` files and create custom .xml files. To modify the migration behavior, such as migrating the **Documents** folder but not the **Music** folder, you can create a custom .xml file or modify the rules in the existing migration .xml files. The document finder, or `MigXmlHelper.GenerateDocPatterns` helper function, can be used to automatically find user documents on a computer without creating extensive custom migration .xml files. > [!IMPORTANT] - > We recommend that you always make and modify copies of the .xml files included in User State Migration Tool (USMT) 10.0. Never modify the original .xml files. + > + > We recommend that you always make and modify copies of the .xml files included in User State Migration Tool (USMT). Never modify the original .xml files. You can use the `MigXML.xsd` file to help you write and validate the .xml files. For more information about how to modify these files, see [USMT XML Reference](usmt-xml-reference.md). 1. Create a [Config.xml File](usmt-configxml-file.md) if you want to exclude any components from the migration. To create this file, run the `ScanState.exe` command with the following options: + - [/genconfig](usmt-scanstate-syntax.md#migration-rule-options). - [/i](usmt-scanstate-syntax.md#migration-rule-options) - as arguments specify the .xml files that you plan to use with `ScanState.exe`. - + For example, the following command creates a `Config.xml` file by using the `MigDocs.xml` and `MigApp.xml` files: ```cmd @@ -50,7 +58,8 @@ This article outlines the general process that you should follow to migrate file 1. Close all applications. If some applications are running when you run the `ScanState.exe` command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files. > [!NOTE] - > USMT will fail if it cannot migrate a file or setting unless you specify the `/C` option. When you specify the `/C` option, USMT will ignore the errors, and log an error every time that it encounters a file that is being used that USMT did not migrate. You can use the `` section in the `Config.xml` file to specify which errors should be ignored, and which should cause the migration to fail. + > + > USMT fails if it can't migrate a file or setting unless you specify the `/c` option. When you specify the `/c` option, USMT ignores the errors, and log an error every time that it encounters a file that is being used that USMT didn't migrate. You can use the `` section in the `Config.xml` file to specify which errors should be ignored, and which should cause the migration to fail. 1. Run the `ScanState.exe` command on the source computer to collect files and settings. You should specify all of the .xml files that you want the `ScanState.exe` command to use. For example, @@ -59,7 +68,8 @@ This article outlines the general process that you should follow to migrate file ``` > [!NOTE] - > If the source computer is running Windows 7, or Windows 8, you must run the `ScanState.exe` command in **Administrator** mode. To run in **Administrator** mode, right-click **Command Prompt**, and then select **Run As Administrator**. For more information about the how the `ScanState.exe` command processes and stores the data, see [How USMT Works](usmt-how-it-works.md). + > + > If the source computer is running Windows 7 or Windows 8, you must run the `ScanState.exe` command in **Administrator** mode. To run in **Administrator** mode, right-click **Command Prompt**, and then select **Run As Administrator**. For more information about how the `ScanState.exe` command processes and stores the data, see [How USMT Works](usmt-how-it-works.md). 1. Run the `UsmtUtils.exe` command with the `/Verify` option to ensure that the store you created isn't corrupted. @@ -67,17 +77,19 @@ This article outlines the general process that you should follow to migrate file 1. Install the operating system on the destination computer. -1. Install all applications that were on the source computer. Although it isn't always required, we recommend installing all applications on the destination computer before you restore the user state. This makes sure that migrated settings are preserved. +1. Install all applications that were on the source computer. Although it isn't always required, we recommend installing all applications on the destination computer before you restore the user state. Installing all applications before restoring user state makes sure that migrated settings are preserved. > [!NOTE] - > The application version that is installed on the destination computer should be the same version as the one on the source computer. USMT does not support migrating the settings for an older version of an application to a newer version. The exception to this is Microsoft Office, which USMT can migrate from an older version to a newer version. + > + > The application version that is installed on the destination computer should be the same version as the one on the source computer. USMT doesn't support migrating the settings for an older version of an application to a newer version. The exception for this rule is Microsoft Office. USMT can migrate from an older version of Microsoft Office to a newer version of Microsoft Office. -1. Close all applications. If some applications are running when you run the `LoadState.exe ` command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files. +1. Close all applications. If some applications are running when you run the `LoadState.exe` command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files. > [!NOTE] - > Use `/C` to continue your migration if errors are encountered, and use the `` section in the `Config.xml` file to specify which errors should be ignored, and which errors should cause the migration to fail. + > + > Use `/c` to continue your migration if errors are encountered, and use the `` section in the `Config.xml` file to specify which errors should be ignored, and which errors should cause the migration to fail. -1. Run the `LoadState.exe ` command on the destination computer. Specify the same set of .xml files that you specified when you used the `ScanState.exe` command. However, you don't have to specify the `Config.xml` file, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. To do this, modify the `Config.xml` file and specify the updated file by using the `LoadState.exe ` command. Then, the `LoadState.exe ` command will migrate only the files and settings that you want to migrate. For more information about how the `LoadState.exe ` command processes and migrates data, see [How USMT Works](usmt-how-it-works.md). +1. Run the `LoadState.exe` command on the destination computer. Specify the same set of .xml files that you specified when you used the `ScanState.exe` command. However, the `Config.xml` file doesn't always need to be specified. The `Config.xml` file only needs to be specified when you wanted to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. For example, modify the `Config.xml` file and specify the updated file by using the `LoadState.exe` command. Then, the `LoadState.exe` command migrates only the files and settings that you want to migrate. For more information about how the `LoadState.exe` command processes and migrates data, see [How USMT Works](usmt-how-it-works.md). For example, the following command migrates the files and settings: @@ -86,6 +98,7 @@ This article outlines the general process that you should follow to migrate file ``` > [!NOTE] - > Run the `LoadState.exe ` command in administrator mode. To do this, right-click **Command Prompt**, and then click **Run As Administrator**. + > + > Run the `LoadState.exe` command in administrator mode. To do this, right-click **Command Prompt**, and then select **Run As Administrator**. -5. Sign out after you run the `LoadState.exe ` command. Some settings, such as fonts, wallpaper, and screen saver settings, won't take effect until the next time that the user logs on. +1. Sign out after you run the `LoadState.exe` command. Some settings, such as fonts, wallpaper, and screen saver settings, won't take effect until the next time that the user logs on. diff --git a/windows/deployment/usmt/usmt-overview.md b/windows/deployment/usmt/usmt-overview.md index dae39a70bd..1f861519be 100644 --- a/windows/deployment/usmt/usmt-overview.md +++ b/windows/deployment/usmt/usmt-overview.md @@ -1,12 +1,12 @@ --- title: User State Migration Tool (USMT) overview -description: Learn about using User State Migration Tool (USMT) 10.0 to streamline and simplify user state migration during large deployments of Windows operating systems. +description: Learn about using User State Migration Tool (USMT) to streamline and simplify user state migration during large deployments of Windows operating systems. ms.prod: windows-client ms.technology: itpro-deploy author: frankroj manager: aaroncz ms.author: frankroj -ms.date: 11/01/2022 +ms.date: 12/05/2023 ms.topic: overview ms.collection: - highpri @@ -15,12 +15,14 @@ ms.collection: # User State Migration Tool (USMT) overview -You can use User State Migration Tool (USMT) 10.0 to streamline and simplify user state migration during large deployments of Windows operating systems. USMT captures user accounts, user files, operating system settings, and application settings, and then migrates them to a new Windows installation. You can use USMT for both PC replacement and PC refresh migrations. For more information, see [Common migration scenarios](usmt-common-migration-scenarios.md). +You can use User State Migration Tool (USMT) to streamline and simplify user state migration during large deployments of Windows operating systems. USMT captures user accounts, user files, operating system settings, and application settings, and then migrates them to a new Windows installation. You can use USMT for both PC replacement and PC refresh migrations. For more information, see [Common migration scenarios](usmt-common-migration-scenarios.md). USMT enables you to do the following actions: - Configure your migration according to your business needs by using the migration rule (.xml) files to control exactly which files and settings are migrated and how they're migrated. For more information about how to modify these files, see [USMT XML reference](usmt-xml-reference.md). + - Fit your customized migration into your automated deployment process by using the **ScanState** and **LoadState** tools, which control collecting and restoring the user files and settings. For more information, see [User State Migration Tool (USMT) command-line syntax](usmt-command-line-syntax.md). + - Perform offline migrations. You can run migrations offline by using the ScanState command in Windows Preinstallation Environment (WinPE) or you can perform migrations from previous installations of Windows contained in Windows.old directories. For more information about migration types, see [Choose a migration store Type](usmt-choose-migration-store-type.md) and [Offline migration reference](offline-migration-reference.md). ## Benefits diff --git a/windows/deployment/usmt/usmt-recognized-environment-variables.md b/windows/deployment/usmt/usmt-recognized-environment-variables.md index 7e377402d1..ed457c0724 100644 --- a/windows/deployment/usmt/usmt-recognized-environment-variables.md +++ b/windows/deployment/usmt/usmt-recognized-environment-variables.md @@ -1,12 +1,12 @@ --- title: Recognized environment variables -description: Learn how to use environment variables to identify folders that may be different on different computers. +description: Learn how to use environment variables to identify folders that can be different on different computers. ms.prod: windows-client ms.technology: itpro-deploy manager: aaroncz ms.author: frankroj author: frankroj -ms.date: 11/01/2022 +ms.date: 12/05/2023 ms.topic: conceptual ms.collection: - highpri @@ -15,7 +15,7 @@ ms.collection: # Recognized environment variables -When using the XML files `MigDocs.xml`, `MigApp.xml`, and `MigUser.xml`, you can use environment variables to identify folders that may be different on different computers. Constant special item ID list (CSIDL) values provide a way to identify folders that applications use frequently but may not have the same name or location on any given computer. For example, the **Documents** folder may be `C:\Users\\My Documents` on one computer and `C:\Documents and Settings\\My Documents` on another. You can use the asterisk (\*) wildcard character in `MigUser.xml`, `MigApp.xml` and `MigDoc.xml` files. However, you can't use the asterisk (\*) wildcard characters in the `Config.xml` file. +When using the XML files `MigDocs.xml`, `MigApp.xml`, and `MigUser.xml`, you can use environment variables to identify folders that can be different on different computers. Constant special item ID list (CSIDL) values provide a way to identify folders that applications use frequently but could have different names or locations on any given computer. For example, the **Documents** folder could be `C:\Users\\My Documents` on one computer and `C:\Documents and Settings\\My Documents` on another. You can use the asterisk (\*) wildcard character in `MigUser.xml`, `MigApp.xml` and `MigDoc.xml` files. However, you can't use the asterisk (\*) wildcard characters in the `Config.xml` file. ## Variables that are processed for the operating system and in the context of each user @@ -40,8 +40,8 @@ You can use these variables within sections in the .xml files with `context=User |*CSIDL_COMMON_STARTUP*|The file-system directory that contains the programs that appear in the Startup folder for all users. A typical path is `C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup`.| |*CSIDL_COMMON_TEMPLATES*|The file-system directory that contains the templates that are available to all users. A typical path is `C:\ProgramData\Microsoft\Windows\Templates`.| |*CSIDL_COMMON_VIDEO*|The file-system directory that serves as a repository for video files common to all users. A typical path is `C:\Users\Public\Videos`.| -|*CSIDL_DEFAULT_APPDATA*|Refers to the Appdata folder inside `%DEFAULTUSERPROFILE%`.| -|C*SIDL_DEFAULT_LOCAL_APPDATA*|Refers to the local Appdata folder inside `%DEFAULTUSERPROFILE%`.| +|*CSIDL_DEFAULT_APPDATA*|Refers to the `Appdata` folder inside `%DEFAULTUSERPROFILE%`.| +|C*SIDL_DEFAULT_LOCAL_APPDATA*|Refers to the local `Appdata` folder inside `%DEFAULTUSERPROFILE%`.| |*CSIDL_DEFAULT_COOKIES*|Refers to the Cookies folder inside `%DEFAULTUSERPROFILE%`.| |*CSIDL_DEFAULT_CONTACTS*|Refers to the Contacts folder inside `%DEFAULTUSERPROFILE%`.| |*CSIDL_DEFAULT_DESKTOP*|Refers to the Desktop folder inside `%DEFAULTUSERPROFILE%`.| @@ -99,7 +99,7 @@ You can use these variables in the .xml files within sections with `context=User |*CSIDL_COOKIES*|The file-system directory that serves as a common repository for Internet cookies. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Cookies`.| |*CSIDL_DESKTOP*|The virtual folder representing the Windows desktop.| |*CSIDL_DESKTOPDIRECTORY*|The file-system directory used to physically store file objects on the desktop, which shouldn't be confused with the desktop folder itself. A typical path is `C:\Users\\Desktop`.| -|*CSIDL_DRIVES*|The virtual folder representing My Computer that contains everything on the local computer: storage devices, printers, and Control Panel. The folder may also contain mapped network drives.| +|*CSIDL_DRIVES*|The virtual folder representing My Computer that contains everything on the local computer: storage devices, printers, and Control Panel. The folder could also contain mapped network drives.| |*CSIDL_FAVORITES*|The file-system directory that serves as a common repository for the user's favorites. A typical path is `C:\Users\\Favorites`.| |*CSIDL_HISTORY*|The file-system directory that serves as a common repository for Internet history items.| |*CSIDL_INTERNET*|A virtual folder for Internet Explorer.| @@ -109,7 +109,7 @@ You can use these variables in the .xml files within sections with `context=User |*CSIDL_MYMUSIC*|The file-system directory that serves as a common repository for music files. A typical path is `C:\Users\\Music`.| |*CSIDL_MYPICTURES*|The file-system directory that serves as a common repository for image files. A typical path is `C:\Users\\Pictures`.| |*CSIDL_MYVIDEO*|The file-system directory that serves as a common repository for video files. A typical path is `C:\Users\\Videos`.| -|*CSIDL_NETHOOD*|A file-system directory that contains the link objects that may exist in the My Network Places virtual folder. It isn't the same as *CSIDL_NETWORK*, which represents the network namespace root. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Network Shortcuts`.| +|*CSIDL_NETHOOD*|A file-system directory that contains the link objects that could exist in the My Network Places virtual folder. It isn't the same as *CSIDL_NETWORK*, which represents the network namespace root. A typical path is `C:\Users\\AppData\Roaming\Microsoft\Windows\Network Shortcuts`.| |*CSIDL_NETWORK*|A virtual folder representing My Network Places, the root of the network namespace hierarchy.| |*CSIDL_PERSONAL*|The virtual folder representing the My Documents desktop item. This value is equivalent to **CSIDL_MYDOCUMENTS**. A typical path is `C:\Documents and Settings\\My Documents`.| |*CSIDL_PLAYLISTS*|The virtual folder used to store play albums, typically `C:\Users\\My Music\Playlists`.| From 85ab8cfd737d1ab52e97279ca193a7db5752f34b Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Mon, 4 Dec 2023 21:55:06 -0500 Subject: [PATCH 012/219] Freshness 04-12-2023 2 --- ...rted-with-the-user-state-migration-tool.md | 12 +-- .../usmt/migrate-application-settings.md | 88 +++++++++++-------- 2 files changed, 56 insertions(+), 44 deletions(-) diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md index a8247916bf..0360c09dda 100644 --- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md +++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md @@ -30,18 +30,18 @@ This article outlines the general process that you should follow to migrate file 1. Use the `/GenMigXML` command-line option to determine which files are included in your migration, and to determine whether any modifications are necessary. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md) -1. If necessary, modify copies of the `Migration.xml` and `MigDocs.xml` files and create custom .xml files. To modify the migration behavior, such as migrating the **Documents** folder but not the **Music** folder, you can create a custom .xml file or modify the rules in the existing migration .xml files. The document finder, or `MigXmlHelper.GenerateDocPatterns` helper function, can be used to automatically find user documents on a computer without creating extensive custom migration .xml files. +1. If necessary, modify copies of the `Migration.xml` and `MigDocs.xml` files and create custom **.xml** files. To modify the migration behavior, such as migrating the **Documents** folder but not the **Music** folder, you can create a custom **.xml** file or modify the rules in the existing migration **.xml** files. The document finder, or `MigXmlHelper.GenerateDocPatterns` helper function, can be used to automatically find user documents on a computer without creating extensive custom migration **.xml** files. > [!IMPORTANT] > - > We recommend that you always make and modify copies of the .xml files included in User State Migration Tool (USMT). Never modify the original .xml files. + > We recommend that you always make and modify copies of the **.xml** files included in User State Migration Tool (USMT). Never modify the original **.xml** files. - You can use the `MigXML.xsd` file to help you write and validate the .xml files. For more information about how to modify these files, see [USMT XML Reference](usmt-xml-reference.md). + You can use the `MigXML.xsd` file to help you write and validate the **.xml** files. For more information about how to modify these files, see [USMT XML Reference](usmt-xml-reference.md). 1. Create a [Config.xml File](usmt-configxml-file.md) if you want to exclude any components from the migration. To create this file, run the `ScanState.exe` command with the following options: - [/genconfig](usmt-scanstate-syntax.md#migration-rule-options). - - [/i](usmt-scanstate-syntax.md#migration-rule-options) - as arguments specify the .xml files that you plan to use with `ScanState.exe`. + - [/i](usmt-scanstate-syntax.md#migration-rule-options) - as arguments specify the **.xml** files that you plan to use with `ScanState.exe`. For example, the following command creates a `Config.xml` file by using the `MigDocs.xml` and `MigApp.xml` files: @@ -61,7 +61,7 @@ This article outlines the general process that you should follow to migrate file > > USMT fails if it can't migrate a file or setting unless you specify the `/c` option. When you specify the `/c` option, USMT ignores the errors, and log an error every time that it encounters a file that is being used that USMT didn't migrate. You can use the `` section in the `Config.xml` file to specify which errors should be ignored, and which should cause the migration to fail. -1. Run the `ScanState.exe` command on the source computer to collect files and settings. You should specify all of the .xml files that you want the `ScanState.exe` command to use. For example, +1. Run the `ScanState.exe` command on the source computer to collect files and settings. You should specify all of the **.xml** files that you want the `ScanState.exe` command to use. For example, ```cmd ScanState.exe \\server\migration\mystore /config:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:ScanState.log @@ -89,7 +89,7 @@ This article outlines the general process that you should follow to migrate file > > Use `/c` to continue your migration if errors are encountered, and use the `` section in the `Config.xml` file to specify which errors should be ignored, and which errors should cause the migration to fail. -1. Run the `LoadState.exe` command on the destination computer. Specify the same set of .xml files that you specified when you used the `ScanState.exe` command. However, the `Config.xml` file doesn't always need to be specified. The `Config.xml` file only needs to be specified when you wanted to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. For example, modify the `Config.xml` file and specify the updated file by using the `LoadState.exe` command. Then, the `LoadState.exe` command migrates only the files and settings that you want to migrate. For more information about how the `LoadState.exe` command processes and migrates data, see [How USMT Works](usmt-how-it-works.md). +1. Run the `LoadState.exe` command on the destination computer. Specify the same set of **.xml** files that you specified when you used the `ScanState.exe` command. However, the `Config.xml` file doesn't always need to be specified. The `Config.xml` file only needs to be specified when you wanted to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. For example, modify the `Config.xml` file and specify the updated file by using the `LoadState.exe` command. Then, the `LoadState.exe` command migrates only the files and settings that you want to migrate. For more information about how the `LoadState.exe` command processes and migrates data, see [How USMT Works](usmt-how-it-works.md). For example, the following command migrates the files and settings: diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md index f8c2dded9b..d1e03c90ea 100644 --- a/windows/deployment/usmt/migrate-application-settings.md +++ b/windows/deployment/usmt/migrate-application-settings.md @@ -1,32 +1,32 @@ --- -title: Migrate Application Settings (Windows 10) +title: Migrate Application Settings description: Learn how to author a custom migration .xml file that migrates the settings of an application that isn't migrated by default using MigApp.xml. manager: aaroncz ms.author: frankroj ms.prod: windows-client author: frankroj -ms.date: 11/01/2022 +ms.date: 12/05/2023 ms.topic: article ms.technology: itpro-deploy --- # Migrate Application Settings -You can create a custom .xml file to migrate specific line-of-business application settings or to change the default migration behavior of the User State Migration Tool (USMT) 10.0. For ScanState and LoadState to use this file, you must specify the custom .xml file on both command lines. +You can create a custom **.xml** file to migrate specific line-of-business application settings or to change the default migration behavior of the User State Migration Tool (USMT). For ScanState and LoadState to use this file, you must specify the custom **.xml** file on both command lines. -This article defines how to author a custom migration .xml file that migrates the settings of an application that isn't migrated by default using `MigApp.xml`. You should migrate the settings after you install the application, but before the user runs the application for the first time. +This article defines how to author a custom migration **.xml** file that migrates the settings of an application that isn't migrated by default using `MigApp.xml`. You should migrate the settings after you install the application, but before the user runs the application for the first time. This article doesn't contain information about how to migrate applications that store settings in an application-specific store, only the applications that store the information in files or in the registry. It also doesn't contain information about how to migrate the data that users create using the application. For example, if the application creates .doc files using a specific template, this article doesn't discuss how to migrate the .doc files and templates themselves. ## Before you begin -You should identify a test computer that contains the operating system of your source computers, and the application whose settings you want to migrate. For example, if you're planning on migrating from Windows 7 to Windows 10, install Windows 7 on your test computer and then install the application. +You should identify a test computer that contains the operating system of your source computers, and the application whose settings you want to migrate. For example, if you're planning on migrating from Windows 10 to Windows 11, install Windows 10 on your test computer and then install the application. ## Step 1: Verify that the application is installed on the source computer, and that it's the same version as the version to be installed on the destination computer -Before USMT migrates the settings, you need it to check whether the application is installed on the source computer, and that it's the correct version. If the application isn't installed on the source computer, you probably don't want USMT to spend time searching for the application's settings. More importantly, if USMT collects settings for an application that isn't installed, it may migrate settings that will cause the destination computer to function incorrectly. You should also investigate whether there's more than one version of the application because the new version may not store the settings in the same place. Mismatched application versions may lead to unexpected results on the destination computer. +Before USMT migrates the settings, you need it to check whether the application is installed on the source computer, and that it's the correct version. If the application isn't installed on the source computer, you probably don't want USMT to spend time searching for the application's settings. More importantly, if USMT collects settings for an application that isn't installed, it could migrate settings that cause the destination computer to function incorrectly. You should also investigate whether there's more than one version of the application because the new version could store the settings in a different location. Mismatched application versions could lead to unexpected results on the destination computer. -There are many ways to detect if an application is installed. The best practice is to check for an application uninstall key in the registry, and then search the computer for the executable file that installed the application. It's important that you check for both of these items, because sometimes different versions of the same application share the same uninstall key. So even if the key is there, it may not correspond to the version of the application that you want. +There are many ways to detect if an application is installed. The best practice is to check for an application uninstall key in the registry, and then search the computer for the executable file that installed the application. It's important that you check for both of these items, because sometimes different versions of the same application share the same uninstall key. Even if the key is there, it could correspond to a different version of the application that you want. ### Check the registry for an application uninstall key @@ -48,69 +48,84 @@ for the name of the application, the name of the application executable file, or ### Check the file system for the application executable file -You should also check the application binaries for the executable that installed the application. To check for application binaries, you'll first need to determine where the application is installed and what the name of the executable is. Most applications store the installation location of the application binaries in the registry. You should search the registry for the name of the application, the name of the application executable, or for the name of the company that makes the application, until you find the registry value that contains the installation path. Once you've determined the path to the application executable, you can use the `DoesFileVersionMatch` helper function to check for the correct version of the application executable. For an example of how to use the `DoesFileVersionMatch` helper function, see the Windows Live™ Messenger section of the `MigApp.xml` file. +You should also check the application binaries for the executable that installed the application. To check for application binaries, determine where the application is installed and what the name of the executable is. Most applications store the installation location of the application binaries in the registry. You should search the registry on one of the following items until you find the registry value that contains the installation path: + +- The name of the application. +- The name of the application executable. +- The name of the company that makes the application. + +Once the path to the application executable is determined, you can use the `DoesFileVersionMatch` helper function to check for the correct version of the application executable. For an example of how to use the `DoesFileVersionMatch` helper function, see the Windows Live™ Messenger section of the `MigApp.xml` file. ## Step 2: Identify settings to collect and determine where each setting is stored on the computer -Next, you should go through the user interface and make a list of all of the available settings. You can reduce the list if there are settings that you don't want to migrate. To determine where each setting is stored, you'll need to change each setting and monitor the activity on the registry and the file system. You don't need to migrate the binary files and registry settings that are made when the application is installed because you'll need to reinstall the application onto the destination computer. You only need to migrate those settings that are customizable. +Next, you should go through the user interface and make a list of all of the available settings. You can reduce the list if there are settings that you don't want to migrate. To determine where each setting is stored, change the setting. As the setting is changed, monitor the activity on the registry and the file system. You don't need to migrate the binary files and registry settings that are created when the application is installed. When the application is reinstalled onto the destination computer, it recreates those settings. You only need to migrate the settings that are customized. ### How to determine where each setting is stored -1. Download a file and registry monitoring tool, such as the Regmon and Filemon tools, from the [Windows Sysinternals Web site](/sysinternals/). +1. Download a file and registry monitoring tool, such as [Process Monitor (Procmon)](/sysinternals/downloads/procmon), from the [Sysinternals Web site](/sysinternals/). -2. Shut down as many applications as possible to limit the registry and file system activity on the computer. +1. Shut down as many applications as possible to limit the registry and file system activity on the computer. -3. Filter the output of the tools so it only displays changes being made by the application. +1. Filter the output of the tools so it only displays changes being made by the application. > [!NOTE] - > Most applications store their settings under the user profile. That is, the settings stored in the file system are under the `%UserProfile%` directory, and the settings stored in the registry are under the `HKEY_CURRENT_USER` hive. For these applications you can filter the output of the file and registry monitoring tools to show activity only under these locations. This will considerably reduce the amount of output that you will need to examine. + > + > Most applications store their settings under the user profile. That is, the settings stored in the file system are under the `%UserProfile%` directory, and the settings stored in the registry are under the `HKEY_CURRENT_USER` hive. For these applications, you can filter the output of the file and registry monitoring tools to show activity only under these locations. This filtering considerably reduces the amount of output that needs to be examined. -4. Start the monitoring tool(s), change a setting, and look for registry and file system writes that occurred when you changed the setting. Make sure the changes you make actually take effect. For example, if you're changing a setting in Microsoft Word by selecting a check box in the **Options** dialog box, the change typically won't take effect until you close the dialog box by clicking **OK**. +1. Start the monitoring tool(s), change a setting, and look for registry and file system writes that occurred when you changed the setting. Make sure the changes you make actually take effect. For example, if you're changing a setting in Microsoft Word by selecting a check box in the **Options** dialog box, the change typically doesn't take effect until you close the dialog box by selecting **OK**. -5. When the setting is changed, note the changes to the file system and registry. There may be more than one file or registry values for each setting. You should identify the minimal set of file and registry changes that are required to change this setting. This set of files and registry keys is what you will need to migrate in order to migrate the setting. +1. When the setting is changed, note the changes to the file system and registry. There could be more than one file or registry values for each setting. You should identify the minimal set of file and registry changes that are required to change this setting. This set of files and registry keys is what you need to migrate in order to migrate the setting. > [!NOTE] + > > Changing an application setting invariably leads to writing to registry keys. If possible, filter the output of the file and registry monitor tool to display only writes to files and registry keys/values. ## Step 3: Identify how to apply the gathered settings -If the version of the application on the source computer is the same as the one on the destination computer, then you don't have to modify the collected files and registry keys. By default, USMT migrates the files and registry keys from the source location to the corresponding location on the destination computer. For example, if a file was collected from the `C:\Documents and Settings\User1\My Documents` folder and the profile directory on the destination computer is located at `D:\Users\User1`, then USMT will automatically migrate the file to `D:\Users\User1\My Documents`. However, you may need to modify the location of some settings in the following three cases: +If the version of the application on the source computer is the same as the one on the destination computer, then you don't have to modify the collected files and registry keys. By default, USMT migrates the files and registry keys from the source location to the corresponding location on the destination computer. For example, if a file was collected from the `C:\Documents and Settings\User1\My Documents` folder and the profile directory on the destination computer is located at `D:\Users\User1`, then USMT automatically migrates the file to `D:\Users\User1\My Documents`. However, you may need to modify the location of some settings in the following three cases: ### Case 1: The version of the application on the destination computer is newer than the one on the source computer In this case, the newer version of the application may be able to read the settings from the source computer without modification. That is, the data collected from an older version of the application is sometimes compatible with the newer version of the application. However, you may need to modify the setting location if either of the following conditions is true: -- **The newer version of the application has the ability to import settings from an older version.** This mapping usually happens the first time a user runs the newer version after the settings have been migrated. Some applications import settings automatically after settings are migrated. However, other applications will only do import settings if the application was upgraded from the older version. When the application is upgraded, a set of files and/or registry keys is installed that indicates the older version of the application was previously installed. If you perform a clean installation of the newer version (which is the case in most migrations), the computer doesn't contain this set of files and registry keys so the mapping doesn't occur. In order to trick the newer version of the application into initiating this import process, your migration script may need to create these files and/or registry keys on the destination computer. +- **The newer version of the application has the ability to import settings from an older version.** This mapping usually happens the first time a user runs the newer version after the settings are migrated. Some applications import settings automatically after settings are migrated. However, other applications only import settings if the application was upgraded from the older version. When the application is upgraded, a set of files and/or registry keys is installed that indicates the older version of the application was previously installed. If you perform a clean installation of the newer version, the computer doesn't contain these files and registry keys. If the files and registry keys aren't present, the mapping doesn't occur. In order to trick the newer version of the application into initiating this import process, your migration script may need to create these files and/or registry keys on the destination computer. - To identify which files and/or registry keys/values need to be created to cause the import, you should upgrade the older version of the application to the newer one and monitor the changes made to the file system and registry by using the same process described in [How to determine where each setting is stored](#how-to-determine-where-each-setting-is-stored). Once you know the set of files that the computer needs, you can use the **<addObjects>** element to add them to the destination computer. + To identify which files and/or registry keys/values need to be created so that the import works: -- **The newer version of the application can't read settings from the source computer and it's also unable to import the settings into the new format.** In this case, you'll need to create a mapping for each setting from the old locations to the new locations. To create the mapping, determine where the newer version stores each setting using the process described in [How to determine where each setting is stored](#how-to-determine-where-each-setting-is-stored). After you've created the mapping, apply the settings to the new location on the destination computer using the **<locationModify>** element, and the `RelativeMove` and `ExactMove` helper functions. + 1. Upgrade the older version of the application to the newer one. + 1. Monitor the changes made to the file system and registry by using the same process described in [How to determine where each setting is stored](#how-to-determine-where-each-setting-is-stored). + + Once you know the set of files that the computer needs, you can use the **<addObjects>** element to add them to the destination computer. + +- **The newer version of the application can't read settings from the source computer and it's also unable to import the settings into the new format.** In this case, create a mapping for each setting from the old locations to the new locations. To create the mapping, determine where the newer version stores each setting using the process described in [How to determine where each setting is stored](#how-to-determine-where-each-setting-is-stored). After creating the mapping, apply the settings to the new location on the destination computer using the **<locationModify>** element, and the `RelativeMove` and `ExactMove` helper functions. ### Case 2: The destination computer already contains settings for the application We recommend that you migrate the settings after you install the application, but before the user runs the application for the first time. We recommend this process because this process ensures that there are no settings on the destination computer when you migrate the settings. If you must install the application before the migration, you should delete any existing settings using the **<destinationCleanup>** element. If for any reason you want to preserve the settings that are on the destination computer, you can use the **<merge>** element and `DestinationPriority` helper function. -### Case 3: The application overwrites settings when it's installed +### Case 3: The application overwrites settings when installed We recommend that you migrate the settings after you install the application, but before the user runs the application for the first time. We recommend this process because this process ensures that there are no settings on the destination computer when you migrate the settings. Also, when some applications are installed, they overwrite any existing settings that are on the computer. In this scenario, if you migrated the data before you installed the application, your customized settings would be overwritten. This scenario is common for applications that store settings in locations that are outside of the user profile (typically these settings are settings that apply to all users). These universal settings are sometimes overwritten when an application is installed, and they're replaced by default values. To avoid this problem, you must install these applications before migrating the files and settings to the destination computer. By default with USMT, data from the source computer overwrites data that already exists in the same location on the destination computer. ## Step 4: Create the migration XML component for the application -After you have completed steps 1 through 3, you'll need to create a custom migration .xml file that migrates the application based on the information that you now have. You can use the `MigApp.xml` file as a model because it contains examples of many of the concepts discussed in this article. You can also see [Custom XML Examples](usmt-custom-xml-examples.md) for another sample .xml file. +After completing steps 1 through 3, create a custom migration **.xml** file that migrates the application based on the information that you now have. You can use the `MigApp.xml` file as a model because it contains examples of many of the concepts discussed in this article. You can also see [Custom XML Examples](usmt-custom-xml-examples.md) for another sample **.xml** file. - > [!NOTE] - > We recommend that you create a separate .xml file instead of adding your script to the `MigApp.xml` file. This is because the `MigApp.xml` file is a very large file and it will be difficult to read and edit. In addition, if you reinstall USMT for some reason, the `MigApp.xml` file will be overwritten by the default version of the file and you will lose your customized version. +> [!NOTE] +> +> We recommend creating a separate **.xml** file instead of adding a script to the `MigApp.xml` file. A separate **.xml** file is recommended because the `MigApp.xml` file is a large file and it's difficult to read and edit. In addition, if USMT is reinstalled, the `MigApp.xml` file is overwritten with the default version of the file and the customized version is lost. > [!IMPORTANT] -> Some applications store information in the user profile, such as application installation paths, the computer name, etc., should not be migrated. You should make sure to exclude these files and registry keys from the migration. +> +> Some applications store information in the user profile, such as application installation paths, the computer name, etc., shouldn't be migrated. You should make sure to exclude these files and registry keys from the migration. Your script should do the following actions: -1. Check whether the application and correct version is installed by: +1. Check if the correct version of the application is installed: - - Searching for the installation uninstall key under `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall` using the `DoesObjectExist` helper function. + - Search for the installation uninstall key under `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall` using the `DoesObjectExist` helper function. - - Checking for the correct version of the application executable file using the `DoesFileVersionMatch` helper function. + - Check for the correct version of the application executable file using the `DoesFileVersionMatch` helper function. 2. If the correct version of the application is installed, then ensure that each setting is migrated to the appropriate location on the destination computer. @@ -122,26 +137,23 @@ Your script should do the following actions: - If you must install the application before migrating the settings, delete any settings that are already on the destination computer using the **<destinationCleanup>** element. -For information about the .xml elements and helper functions, see [XML Elements Library](usmt-xml-elements-library.md). +For information about the **.xml** elements and helper functions, see [XML Elements Library](usmt-xml-elements-library.md). ## Step 5: Test the application settings migration -On a test computer, install the operating system that will be installed on the destination computers. For example, if you're planning on migrating from Windows 7 to Windows 10, install Windows 10 and the application. Next, run LoadState on the test computer and verify that all settings migrate. Make corrections if necessary and repeat the process until all the necessary settings are migrated correctly. +On a test computer, install the operating system that will be installed on the destination computers. For example, if you're planning on migrating from Windows 10 to Windows 11, install Windows 11, and then install the application in Windows 11. Next, run LoadState on the test computer and verify that all settings migrate. Make corrections if necessary and repeat the process until all the necessary settings are migrated correctly. -To speed up the time it takes to collect and migrate the data, you can migrate only one user at a time, and you can exclude all other components from the migration except the application that you're testing. To specify only **User1** in the migration, enter: +To speed up the time it takes to collect and migrate the data, you can migrate only one user at a time. You can also exclude all other components from the migration except the application that you're testing. To specify only **User1** in the migration, enter: ```cmd /ue:*\* /ui:user1 ``` -For more information, see the [Exclude files and settings](usmt-exclude-files-and-settings.md) article and the [User options](usmt-scanstate-syntax.md#user-options) section in the [ScanState syntax](usmt-scanstate-syntax.md) article. To troubleshoot a problem, check the progress log, and the ScanState and LoadState logs, which contain warnings and errors that may point to problems with the migration. +For more information, see the [Exclude files and settings](usmt-exclude-files-and-settings.md) article and the [User options](usmt-scanstate-syntax.md#user-options) section in the [ScanState syntax](usmt-scanstate-syntax.md) article. To troubleshoot a problem, check the progress log, the ScanState log, and the LoadState log. The logs contain warnings and errors that could point to problems with the migration. ## Related articles -[USMT XML reference](usmt-xml-reference.md) - -[Conflicts and precedence](usmt-conflicts-and-precedence.md) - -[XML elements library](usmt-xml-elements-library.md) - -[Log files](usmt-log-files.md) +- [USMT XML reference](usmt-xml-reference.md) +- [Conflicts and precedence](usmt-conflicts-and-precedence.md) +- [XML elements library](usmt-xml-elements-library.md) +- [Log files](usmt-log-files.md) From b20bb2c13985ce8573857bf5452eab968d36d57e Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 5 Dec 2023 11:50:13 -0800 Subject: [PATCH 013/219] fix merge conflict --- windows/whats-new/deprecated-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index 51b1467402..7d9a9ad664 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium author: mestew ms.author: mstewart manager: aaroncz -ms.topic: reference +ms.topic: conceptual ms.collection: - highpri - tier1 From dbbd51bf8af0f2e21e24ee68e36a951444438775 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Tue, 5 Dec 2023 15:49:20 -0500 Subject: [PATCH 014/219] Freshness 04-12-2023 3 --- .../usmt/migration-store-types-overview.md | 31 ++++++++++------ .../usmt/offline-migration-reference.md | 37 ++++++++++--------- 2 files changed, 40 insertions(+), 28 deletions(-) diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md index 25d04bc4c2..d879b8e5d7 100644 --- a/windows/deployment/usmt/migration-store-types-overview.md +++ b/windows/deployment/usmt/migration-store-types-overview.md @@ -5,14 +5,14 @@ manager: aaroncz ms.author: frankroj ms.prod: windows-client author: frankroj -ms.date: 11/01/2022 +ms.date: 12/05/2023 ms.topic: article ms.technology: itpro-deploy --- # Migration Store Types Overview -When planning your migration, you should determine which migration store type best meets your needs. As part of these considerations, determine how much space is required to run the User State Migration Tool (USMT) 10.0 components on your source and destination computers. You should also determine the space needed to create and host the migration store, whether you're using a local share, network share, or storage device. +When planning your migration, you should determine which migration store type best meets your needs. As part of these considerations, determine how much space is required to run the User State Migration Tool (USMT) components on your source and destination computers. You should also determine the space needed to create and host the migration store, whether you're using a local share, network share, or storage device. ## Migration store types @@ -28,9 +28,9 @@ The compressed migration store is a single image file that contains all files be ### Hard-Link -A hard-link migration store functions as a map that defines how a collection of bits on the hard disk are "wired" into the file system. You use the new USMT hard-link migration store in the PC Refresh scenario only. You only use hard-link migration stores in Refresh scenarios because the hard-link migration store is maintained on the local computer while the old operating system is removed and the new operating system is installed. Using a hard-link migration store saves network bandwidth and minimizes the server use needed to accomplish the migration. +A hard-link migration store functions as a map that defines how a collection of bits on the hard disk are "wired" into the file system. You use the new USMT hard-link migration store in the PC Refresh scenario only. Hard-link migration stores are only used in Refresh scenarios because the hard-link migration store is maintained on the local computer. The hard-link store is maintained on the computer while the old operating system is removed and the new operating system is installed. Using a hard-link migration store saves network bandwidth and minimizes the server use needed to accomplish the migration. -You use the command-line option `/hardlink` to create a hard-link migration store, which functions the same as an uncompressed migration store. Files aren't duplicated on the local computer when user state is captured, nor are they duplicated when user state is restored. For more information, see [Hard-Link Migration Store](usmt-hard-link-migration-store.md). +You use the command-line option `/hardlink` to create a hard-link migration store, which functions the same as an uncompressed migration store. Files aren't duplicated on the local computer when user state is captured. They also aren't duplicated when user state is restored. For more information, see [Hard-Link Migration Store](usmt-hard-link-migration-store.md). The following flowchart illustrates the procedural differences between a local migration store and a remote migration store. In this example, a hard-link migration store is used for the local store. @@ -38,18 +38,27 @@ The following flowchart illustrates the procedural differences between a local m ## Local store vs. remote store -If you have enough space and you're migrating the user state back to the same computer, storing data on a local device is normally the best option to reduce server storage costs and network performance issues. You can store the data locally either on a different partition or on a removable device such as a USB flash drive (UFD). Also, depending on the imaging technology that you're using, you might be able to store the data on the partition that is being re-imaged, if the data will be protected from deletion during the process. To increase performance, store the data on high-speed drives that use a high-speed network connection. It's also good practice to ensure that the migration is the only task the server is performing. +If you have enough space and you're migrating the user state back to the same computer, storing data on a local device is normally the best option to reduce server storage costs and network performance issues. You can store the data locally either on a different partition or on a removable device such as a USB flash drive (UFD). Also, depending on the imaging technology that you're using, you might be able to store the data on the partition that is being re-imaged if the data can be protected from deletion during the process. To increase performance, store the data on high-speed drives that use a high-speed network connection. It's also good practice to ensure that the migration is the only task the server is performing. -If there isn't enough local disk space, or if you're moving the user state to another computer, then you must store the data remotely such as on a shared folder, on removable media, or you can store it directly on the destination computer. For example: +If there isn't enough local disk space, or if you're moving the user state to another computer, then you must store the data remotely such as in one of the following destinations: -1. Create and share `C:\store` on the destination computer -2. Run the `ScanState.exe` command on the source computer and save the files and settings to `\\\store` -3. Run the `LoadState.exe ` command on the destination computer and specify `C:\Store` as the store location. +- Shared folder. +- Removable media. +- Directly on the destination computer. + +For example: + +1. Create and share `C:\store` on the destination computer. + +1. Run the `ScanState.exe` command on the source computer and save the files and settings to `\\\store`. + +1. Run the `LoadState.exe` command on the destination computer and specify `C:\Store` as the store location. By doing this process, you don't need to save the files to a server. > [!IMPORTANT] -> If possible, have users store their data within their `%UserProfile%\My Documents` and `%UserProfile%\Application Data` folders. This will reduce the chance of USMT missing critical user data that is located in a directory that USMT is not configured to check. +> +> If possible, have users store their data within their `%UserProfile%\My Documents` and `%UserProfile%\Application Data` folders. Having users store their data at these locations reduces the chance of USMT missing critical user data that is located in a directory that USMT isn't configured to check. ### The /localonly command-line option @@ -57,4 +66,4 @@ You should use this option to exclude the data from removable drives and network ## Related articles -[Plan your migration](usmt-plan-your-migration.md) +- [Plan your migration](usmt-plan-your-migration.md). diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md index c4c1311fb0..d6da8fc33a 100644 --- a/windows/deployment/usmt/offline-migration-reference.md +++ b/windows/deployment/usmt/offline-migration-reference.md @@ -1,11 +1,11 @@ --- -title: Offline Migration Reference (Windows 10) +title: Offline Migration Reference description: Offline migration enables the ScanState tool to run inside a different Windows OS than the Windows OS from which ScanState is gathering files and settings. manager: aaroncz ms.author: frankroj ms.prod: windows-client author: frankroj -ms.date: 11/01/2022 +ms.date: 12/05/2023 ms.topic: article ms.technology: itpro-deploy --- @@ -16,17 +16,17 @@ Offline migration enables the ScanState tool to run inside a different Windows o - **Windows PE.** The ScanState tool can be run from within Windows PE, gathering files and settings from the offline Windows operating system on that machine. -- **Windows.old.** The ScanState tool can now gather files and settings from the Windows.old directory that is created during Windows installation on a partition that contains a previous installation of Windows. For example, the ScanState tool can run in Windows 10, gathering files from a previous Windows 7or Windows 8 installation contained in the Windows.old directory. +- **Windows.old.** The ScanState tool can gather files and settings from the Windows.old directory. The Windows.old directory is created during Windows installation on a partition that contains a previous installation of Windows. For example, the ScanState tool can run in Windows, gathering files from a previous Windows installation contained in the Windows.old directory. -When you use User State Migration Tool (USMT) 10.0 to gather and restore user state, offline migration reduces the cost of deployment by: +When you use User State Migration Tool (USMT) to gather and restore user state, offline migration reduces the cost of deployment by: - **Reducing complexity.** In computer-refresh scenarios, migrations from the Windows.old directory reduce complexity by eliminating the need for the ScanState tool to be run before the operating system is deployed. Also, migrations from the Windows.old directory enable ScanState and LoadState to be run successively. -- **Improving performance.** When USMT runs in an offline Windows Preinstallation Environment (WinPE) environment, it has better access to the hardware resources. Running USMT in WinPE may increase performance on older machines with limited hardware resources and numerous installed software applications. +- **Improving performance.** When USMT runs in an offline Windows Preinstallation Environment (WinPE) environment, it has better access to the hardware resources. Running USMT in WinPE can increase performance on older machines with limited hardware resources and numerous installed software applications. - **New recovery scenario.** In scenarios where a machine no longer restarts properly, it might be possible to gather user state with the ScanState tool from within WinPE. -## What will migrate offline? +## What migrates offline? The following user data and settings migrate offline, similar to an online migration: @@ -46,15 +46,18 @@ For exceptions to what you can migrate offline, see [What Does USMT Migrate?](us ## What offline environments are supported? +All currently supported + The following table defines the supported combination of online and offline operating systems in USMT. |Running Operating System|Offline Operating System| -|--- |--- | -|WinPE 5.0 or greater, with the MSXML library|Windows 7, Windows 8, Windows 10| -|Windows 7, Windows 8, Windows 10|Windows.old directory| +|---|---| +|Currently supported version of WinPE, with the MSXML library|Windows 7, Windows 8, Windows 10, Windows 11| +|Windows 7, Windows 8, Windows 10, Windows 11|Windows.old directory| > [!NOTE] -> It is possible to run the ScanState tool while the drive remains encrypted by suspending Windows BitLocker Drive Encryption before booting into WinPE. For more information, see [this Microsoft site](/previous-versions/windows/it-pro/windows-7/ee424315(v=ws.10)). +> +> It is possible to run the ScanState tool while the drive remains encrypted by suspending Windows BitLocker Drive Encryption before booting into WinPE. For more information, see [BitLocker operations guide: Suspend and resume](/windows/security/operating-system-security/data-protection/bitlocker/operations-guide#suspend-and-resume). If using a Microsoft Configuration Manager task sequence, see [Task sequence steps: Disable BitLocker](/mem/configmgr/osd/understand/task-sequence-steps#BKMK_DisableBitLocker). ## User-group membership and profile control @@ -86,18 +89,18 @@ An offline migration can either be enabled by using a configuration file on the |--- |--- |--- | |*ScanState.exe*|**/offline:***<path to Offline.xml>*|This command-line option enables the offline-migration mode and requires a path to an Offline.xml configuration file.| |*ScanState.exe*|**/offlineWinDir:***<Windows directory>*|This command-line option enables the offline-migration mode and starts the migration from the location specified. It's only for use in WinPE offline scenarios where the migration is occurring from a Windows directory.| -|*ScanState.exe*|**/OfflineWinOld:***<Windows.old directory>*|This command-line option enables the offline migration mode and starts the migration from the location specified. It's only intended to be used in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.| +|*ScanState.exe*|**/OfflineWinOld:***<Windows.old directory>*|This command-line option enables the offline migration mode and starts the migration from the location specified. Only use in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.| You can use only one of the `/offline`, `/offlineWinDir`, or `/OfflineWinOld` command-line options at a time. USMT doesn't support using more than one together. ## Environment variables -The following system environment variables are necessary in the scenarios outlined below. +System environment variables are necessary in the scenarios outlined in the following table: |Variable|Value|Scenario| |--- |--- |--- | -|*USMT_WORKING_DIR*|Full path to a working directory|Required when USMT binaries are located on read-only media, which doesn't support the creation of log files or temporary storage. To set the system environment variable, at a command prompt type the following command: 
Set USMT_WORKING_DIR=[path to working directory]
| -*|MIG_OFFLINE_PLATFORM_ARCH*|32 or 64|While operating offline, this environment variable defines the architecture of the offline system, if the system doesn't match the WinPE and `ScanState.exe` architecture. This environment variable enables the 32-bit ScanState application to gather data from a computer with 64-bit architecture, or the 64-bit ScanState application to gather data from a computer with 32-bit architecture. Specifying the architecture is required when auto-detection of the offline architecture doesn't function properly. For example, to set this system environment variable for a 32-bit architecture, at a command prompt type the following command: 
Set MIG_OFFLINE_PLATFORM_ARCH=32
| +|*USMT_WORKING_DIR*|Full path to a working directory|Required when USMT binaries are located on read-only media, which doesn't support the creation of log files or temporary storage. To set the system environment variable, at a command prompt type the following command:
`Set USMT_WORKING_DIR=`| +*|MIG_OFFLINE_PLATFORM_ARCH*|32 or 64|While operating offline, this environment variable defines the architecture of the offline system, if the system doesn't match the WinPE and `ScanState.exe` architecture. This environment variable enables the 32-bit ScanState application to gather data from a computer with 64-bit architecture, or the 64-bit ScanState application to gather data from a computer with 32-bit architecture. Specifying the architecture is required when auto-detection of the offline architecture doesn't function properly. For example, to set this system environment variable for a 32-bit architecture, at a command prompt type the following command:
`Set MIG_OFFLINE_PLATFORM_ARCH=32`| ## Offline.xml elements @@ -111,7 +114,7 @@ Syntax: `` `` ### <winDir> -This element is a required child of **<offline>** and contains information about how the offline volume can be selected. The migration will be performed from the first element of **<winDir>** that contains a valid Windows system volume. +This element is a required child of **<offline>** and contains information about how the offline volume can be selected. The migration is performed from the first element of **<winDir>** that contains a valid Windows system volume. Syntax: `` `` @@ -127,7 +130,7 @@ Syntax, when used with the **<mappings>** element: ` C:\, D:\ ` `` @@ -158,4 +161,4 @@ The following XML example illustrates some of the elements discussed earlier in ## Related articles -[Plan your migration](usmt-plan-your-migration.md) +- [Plan your migration](usmt-plan-your-migration.md). From 9fa70848e9b2a8e9650fbb0de25f5af7783fd818 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Tue, 5 Dec 2023 16:02:11 -0500 Subject: [PATCH 015/219] Freshness 04-12-2023 4 --- windows/deployment/usmt/offline-migration-reference.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md index d6da8fc33a..fbc13962b7 100644 --- a/windows/deployment/usmt/offline-migration-reference.md +++ b/windows/deployment/usmt/offline-migration-reference.md @@ -99,8 +99,8 @@ System environment variables are necessary in the scenarios outlined in the foll |Variable|Value|Scenario| |--- |--- |--- | -|*USMT_WORKING_DIR*|Full path to a working directory|Required when USMT binaries are located on read-only media, which doesn't support the creation of log files or temporary storage. To set the system environment variable, at a command prompt type the following command:
`Set USMT_WORKING_DIR=`| -*|MIG_OFFLINE_PLATFORM_ARCH*|32 or 64|While operating offline, this environment variable defines the architecture of the offline system, if the system doesn't match the WinPE and `ScanState.exe` architecture. This environment variable enables the 32-bit ScanState application to gather data from a computer with 64-bit architecture, or the 64-bit ScanState application to gather data from a computer with 32-bit architecture. Specifying the architecture is required when auto-detection of the offline architecture doesn't function properly. For example, to set this system environment variable for a 32-bit architecture, at a command prompt type the following command:
`Set MIG_OFFLINE_PLATFORM_ARCH=32`| +|*USMT_WORKING_DIR*|Full path to a working directory|Required when USMT binaries are located on read-only media, which doesn't support the creation of log files or temporary storage. To set the system environment variable, at a command prompt type the following command:

`Set USMT_WORKING_DIR=`| +*|MIG_OFFLINE_PLATFORM_ARCH*|32 or 64|While operating offline, this environment variable defines the architecture of the offline system, if the system doesn't match the WinPE and `ScanState.exe` architecture. This environment variable enables the 32-bit ScanState application to gather data from a computer with 64-bit architecture, or the 64-bit ScanState application to gather data from a computer with 32-bit architecture. Specifying the architecture is required when auto-detection of the offline architecture doesn't function properly. For example, to set this system environment variable for a 32-bit architecture, at a command prompt type the following command:

`Set MIG_OFFLINE_PLATFORM_ARCH=32`| ## Offline.xml elements From f9c4e0667790b13f1da992d4ea7c8575aa86bb10 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Tue, 5 Dec 2023 16:21:25 -0500 Subject: [PATCH 016/219] Freshness 04-12-2023 5 --- .../usmt/offline-migration-reference.md | 38 +++++++++++++------ 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md index fbc13962b7..2dfc7c7125 100644 --- a/windows/deployment/usmt/offline-migration-reference.md +++ b/windows/deployment/usmt/offline-migration-reference.md @@ -99,8 +99,8 @@ System environment variables are necessary in the scenarios outlined in the foll |Variable|Value|Scenario| |--- |--- |--- | -|*USMT_WORKING_DIR*|Full path to a working directory|Required when USMT binaries are located on read-only media, which doesn't support the creation of log files or temporary storage. To set the system environment variable, at a command prompt type the following command:

`Set USMT_WORKING_DIR=`| -*|MIG_OFFLINE_PLATFORM_ARCH*|32 or 64|While operating offline, this environment variable defines the architecture of the offline system, if the system doesn't match the WinPE and `ScanState.exe` architecture. This environment variable enables the 32-bit ScanState application to gather data from a computer with 64-bit architecture, or the 64-bit ScanState application to gather data from a computer with 32-bit architecture. Specifying the architecture is required when auto-detection of the offline architecture doesn't function properly. For example, to set this system environment variable for a 32-bit architecture, at a command prompt type the following command:

`Set MIG_OFFLINE_PLATFORM_ARCH=32`| +|**USMT_WORKING_DIR**|Full path to a working directory|Required when USMT binaries are located on read-only media, which doesn't support the creation of log files or temporary storage. To set the system environment variable, at a command prompt type the following command:

`Set USMT_WORKING_DIR=`| +|**MIG_OFFLINE_PLATFORM_ARCH**|32 or 64|While operating offline, this environment variable defines the architecture of the offline system, if the system doesn't match the WinPE and `ScanState.exe` architecture. This environment variable enables the 32-bit ScanState application to gather data from a computer with 64-bit architecture, or the 64-bit ScanState application to gather data from a computer with 32-bit architecture. Specifying the architecture is required when auto-detection of the offline architecture doesn't function properly. For example, to set this system environment variable for a 32-bit architecture, at a command prompt type the following command:

`Set MIG_OFFLINE_PLATFORM_ARCH=32`| ## Offline.xml elements @@ -110,45 +110,59 @@ Use an `Offline.xml` file when running the ScanState tool on a computer that has This element contains other elements that define how an offline migration is to be performed. -Syntax: `` `` +```XML + +``` ### <winDir> This element is a required child of **<offline>** and contains information about how the offline volume can be selected. The migration is performed from the first element of **<winDir>** that contains a valid Windows system volume. -Syntax: `` `` +```XML + +``` ### <path> This element is a required child of **<winDir>** and contains a file path pointing to a valid Windows directory. Relative paths are interpreted from the ScanState tool's working directory. -Syntax: ` C:\Windows ` +```XML + C:\Windows +``` --or- +or when used with the **<mappings>** element: -Syntax, when used with the **<mappings>** element: ` C:\, D:\ ` +```XML + C:\, D:\ +``` ### <mappings> This element is an optional child of **<offline>**. When specified, the **<mappings>** element overrides the automatically detected WinPE drive mappings. Each child **<path>** element provides a mapping from one system volume to another. Additionally, mappings between folders can be provided, since an entire volume can be mounted to a specific folder. -Syntax: `` `` +```XML + +``` ### <failOnMultipleWinDir> This element is an optional child of **<offline>**. The **<failOnMultipleWinDir>** element allows the user to specify that the migration should fail when USMT detects that there are multiple instances of Windows installed on the source machine. When the **<failOnMultipleWinDir>** element isn't present, the default behavior is that the migration doesn't fail. -Syntax: `1` +```XML +1 +``` --or- +or -Syntax: `0` +```XML +0 +``` ### Offline .xml Example The following XML example illustrates some of the elements discussed earlier in this article. -```xml +```XML C:\Windows From 28b36af35b949f35ae10397b8638fe865db1c7aa Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Tue, 5 Dec 2023 17:04:01 -0500 Subject: [PATCH 017/219] Freshness 04-12-2023 6 --- windows/deployment/index.yml | 2 +- ...rted-with-the-user-state-migration-tool.md | 2 +- .../usmt/migrate-application-settings.md | 13 +-- .../usmt/migration-store-types-overview.md | 2 +- .../usmt/offline-migration-reference.md | 2 +- .../usmt/understanding-migration-xml-files.md | 101 ++++++++++-------- windows/deployment/usmt/usmt-overview.md | 4 +- .../usmt-recognized-environment-variables.md | 2 +- 8 files changed, 73 insertions(+), 55 deletions(-) diff --git a/windows/deployment/index.yml b/windows/deployment/index.yml index d19db5c412..379b95339b 100644 --- a/windows/deployment/index.yml +++ b/windows/deployment/index.yml @@ -15,7 +15,7 @@ metadata: author: frankroj ms.author: frankroj manager: aaroncz - ms.date: 12/05/2023 + ms.date: 12/06/2023 localization_priority: medium # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md index 0360c09dda..42c9a952fc 100644 --- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md +++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md @@ -7,7 +7,7 @@ ms.prod: windows-client author: frankroj ms.topic: article ms.technology: itpro-deploy -ms.date: 12/05/2023 +ms.date: 12/06/2023 --- # Getting started with the User State Migration Tool (USMT) diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md index d1e03c90ea..5c002f301f 100644 --- a/windows/deployment/usmt/migrate-application-settings.md +++ b/windows/deployment/usmt/migrate-application-settings.md @@ -5,7 +5,7 @@ manager: aaroncz ms.author: frankroj ms.prod: windows-client author: frankroj -ms.date: 12/05/2023 +ms.date: 12/06/2023 ms.topic: article ms.technology: itpro-deploy --- @@ -132,7 +132,8 @@ Your script should do the following actions: - If the versions of the applications are the same on both the source and destination computers, migrate each setting using the **<include>** and **<exclude>** elements. - If the version of the application on the destination computer is newer than the one on the source computer, and the application can't import the settings, your script should either: - 1. Add the set of files that trigger the import using the **<addObjects>** element + + 1. Add the set of files that trigger the import using the **<addObjects>** element. 2. Create a mapping that applies the old settings to the correct location on the destination computer using the **<locationModify>** element, and the `RelativeMove` and `ExactMove` helper functions. - If you must install the application before migrating the settings, delete any settings that are already on the destination computer using the **<destinationCleanup>** element. @@ -153,7 +154,7 @@ For more information, see the [Exclude files and settings](usmt-exclude-files-an ## Related articles -- [USMT XML reference](usmt-xml-reference.md) -- [Conflicts and precedence](usmt-conflicts-and-precedence.md) -- [XML elements library](usmt-xml-elements-library.md) -- [Log files](usmt-log-files.md) +- [USMT XML reference](usmt-xml-reference.md). +- [Conflicts and precedence](usmt-conflicts-and-precedence.md). +- [XML elements library](usmt-xml-elements-library.md). +- [Log files](usmt-log-files.md). diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md index d879b8e5d7..4fcafdffb2 100644 --- a/windows/deployment/usmt/migration-store-types-overview.md +++ b/windows/deployment/usmt/migration-store-types-overview.md @@ -5,7 +5,7 @@ manager: aaroncz ms.author: frankroj ms.prod: windows-client author: frankroj -ms.date: 12/05/2023 +ms.date: 12/06/2023 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md index 2dfc7c7125..77432ed7d7 100644 --- a/windows/deployment/usmt/offline-migration-reference.md +++ b/windows/deployment/usmt/offline-migration-reference.md @@ -5,7 +5,7 @@ manager: aaroncz ms.author: frankroj ms.prod: windows-client author: frankroj -ms.date: 12/05/2023 +ms.date: 12/06/2023 ms.topic: article ms.technology: itpro-deploy --- diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index d39b9bf79e..65da75ee02 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -1,38 +1,40 @@ --- -title: Understanding Migration XML Files (Windows 10) -description: Learn how to modify the behavior of a basic User State Migration Tool (USMT) 10.0 migration by using XML files. +title: Understanding Migration XML Files +description: Learn how to modify the behavior of a basic User State Migration Tool (USMT) migration by using XML files. manager: aaroncz ms.author: frankroj ms.prod: windows-client author: frankroj -ms.date: 11/23/2022 +ms.date: 12/06/2023 ms.topic: article ms.technology: itpro-deploy --- # Understanding migration XML files -You can modify the behavior of a basic User State Migration Tool (USMT) 10.0 migration by using XML files; these files provide instructions on where and how the USMT tools should gather and apply files and settings. USMT includes three XML files that you can use to customize a basic migration: the `MigDocs.xml` and `MigUser.xml` files, which modify how files are discovered on the source computer, and the MigApps.xml file, which is required in order to migrate supported application settings. You can also create and edit custom XML files and a `Config.xml` file to further customize your migration. +You can modify the behavior of a basic User State Migration Tool (USMT) migration by using XML files; these files provide instructions on where and how the USMT tools should gather and apply files and settings. USMT includes three XML files that you can use to customize a basic migration: the `MigDocs.xml` and `MigUser.xml` files, which modify how files are discovered on the source computer, and the MigApps.xml file, which is required in order to migrate supported application settings. You can also create and edit custom XML files and a `Config.xml` file to further customize your migration. This article provides an overview of the default and custom migration XML files and includes guidelines for creating and editing a customized version of the `MigDocs.xml` file. The `MigDocs.xml` file uses the new `GenerateDocPatterns` function available in USMT to automatically find user documents on a source computer. ## Overview of the Config.xml file -The `Config.xml` file is the configuration file created by the `/genconfig` option of the ScanState tool; it can be used to modify which operating-system components are migrated by USMT. The `Config.xml` file can be used with other XML files, such as in the following example: +The `Config.xml` file is the configuration file created by the `/genconfig` option of the ScanState tool. You can use it to modify which operating-system components USMT migrates. The `Config.xml` file can be used with other XML files, such as in the following example: `ScanState.exe /i:migapps.xml /i:MigDocs.xml /genconfig:c:\myFolder\Config.xml` When used this way, the `Config.xml` file tightly controls aspects of the migration, including user profiles, data, and settings, without modifying or creating other XML files. For more information about the `Config.xml` file, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md). > [!NOTE] -> When modifying the XML elements in the `Config.xml` file, you should edit an element and set the **migrate** property to **no**, rather than deleting the element from the file. If you delete the element instead of setting the property, the component may still be migrated by rules in other XML files. +> +> When modifying the XML elements in the `Config.xml` file, you should edit an element and set the **migrate** property to **no**, rather than deleting the element from the file. If you delete the element instead of setting the property, rules in other XML files can still migrate the component. ## Overview of the MigApp.xml file The `MigApp.xml` file installed with USMT includes instructions to migrate the settings for the applications listed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md). You must include the `MigApp.xml` file when using the ScanState and LoadState tools, by using the `/i` option in order to migrate application settings. The `MigDocs.xml` and `MigUser.xml` files don't migrate application settings. You can create a custom XML file to include additional applications. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md). > [!IMPORTANT] -> The MigApps.xml file will only detect and migrate .pst files that are linked to Microsoft Office Outlook. For more information about migrating .pst files that are not linked to Outlook, see [Sample migration rules for customized versions of XML files](#sample-migration-rules-for-customized-versions-of-xml-files). +> +> The `MigApps.xml` file only detects and migrates .pst files that are linked to Microsoft Office Outlook. For more information about migrating .pst files that aren't linked to Outlook, see [Sample migration rules for customized versions of XML files](#sample-migration-rules-for-customized-versions-of-xml-files). ## Overview of the MigDocs.xml file @@ -42,11 +44,11 @@ The default `MigDocs.xml` file migrates the following data: - All files on the root of the drive except `%WINDIR%`, `%PROGRAMFILES%`, `%PROGRAMDATA%`, or `%USERS%`. -- All folders in the root directory of all fixed drives. For example: `c:\data_mail\*[*]` +- All folders in the root directory of all fixed drives. For example: `c:\data_mail\*[*]`. -- All files from the root of the Profiles folder, except for files in the system profile. For example: `c:\users\name[mail.pst]` +- All files from the root of the Profiles folder, except for files in the system profile. For example: `c:\users\name[mail.pst]`. -- All folders from the root of the Profiles folder, except for the system-profile folders. For example: `c:\users\name\new folder\*[*]` +- All folders from the root of the Profiles folder, except for the system-profile folders. For example: `c:\users\name\new folder\*[*]`. - Standard shared folders: @@ -92,7 +94,7 @@ The default `MigDocs.xml` file migrates the following data: - FOLDERID_RecordedTV -The default `MigDocs.xml` file won't migrate the following data: +The default `MigDocs.xml` file doesn't migrate the following data: - Files tagged with both the **hidden** and **system** attributes. @@ -102,11 +104,11 @@ The default `MigDocs.xml` file won't migrate the following data: - Folders that contain installed applications. -You can also use the `/genmigxml` option with the ScanState tool to review and modify what files will be migrated. +You can also use the `/genmigxml` option with the ScanState tool to review and modify what files are migrated. ## Overview of the MigUser.xml file -The `MigUser.xml` file includes instructions for USMT to migrate user files based on file name extensions. You can use the `MigUser.xml` file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions. The `MigUser.xml` file will gather all files from the standard user-profile folders, and any files on the computer with the specified file name extensions. +The `MigUser.xml` file includes instructions for USMT to migrate user files based on file name extensions. You can use the `MigUser.xml` file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions. The `MigUser.xml` file gathers all files from the standard user-profile folders, and any files on the computer with the specified file name extensions. The default `MigUser.xml` file migrates the following data: @@ -133,25 +135,28 @@ The default `MigUser.xml` file migrates the following data: `.accdb`, `.ch3`, `.csv`, `.dif`, `.doc*`, `.dot*`, `.dqy`, `.iqy`, `.mcw`, `.mdb*`, `.mpp`, `.one*`, `.oqy`, `.or6`, `.pot*`, `.ppa`, `.pps*`, `.ppt*`, `.pre`, `.pst`, `.pub`, `.qdf`, `.qel`, `.qph`, `.qsd`, `.rqy`, `.rtf`, `.scd`, `.sh3`, `.slk`, `.txt`, `.vl*`, `.vsd`, `.wk*`, `.wpd`, `.wps`, `.wq1`, `.wri`, `.xl*`, `.xla`, `.xlb`, `.xls*` > [!NOTE] + > > The asterisk (`*`) stands for zero or more characters. > [!NOTE] + > > The OpenDocument extensions (`*.odt`, `*.odp`, `*.ods`) that Microsoft Office applications can use aren't migrated by default. The default `MigUser.xml` file doesn't migrate the following data: - Files tagged with both the **Hidden** and **System** attributes. -- Files and folders on removable drives, +- Files and folders on removable drives. - Data from the `%WINDIR%`, `%PROGRAMFILES%`, `%PROGRAMDATA%` folders. - ACLS for files in folders outside the user profile. -You can make a copy of the `MigUser.xml` file and modify it to include or exclude standard user-profile folders and file name extensions. If you know all of the extensions for the files you want to migrate from the source computer, use the `MigUser.xml` file to move all of your relevant data, regardless of the location of the files. However, this provision may result in a migration that contains more files than intended. For example, if you choose to migrate all .jpg files, you may migrate image files such as thumbnails and logos from legacy applications that are installed on the source computer. +You can make a copy of the `MigUser.xml` file and modify it to include or exclude standard user-profile folders and file name extensions. If you know all of the extensions for the files you want to migrate from the source computer, use the `MigUser.xml` file to move all of your relevant data, regardless of the location of the files. However, this provision can result in a migration that contains more files than intended. For example, if you choose to migrate all .jpg files, it can also migrate image files such as thumbnails and logos from legacy applications that are installed on the source computer. > [!NOTE] -> Each file name extension you include in the rules within the `MigUser.xml` file increases the amount of time needed for the ScanState tool to gather the files for the migration. If you are migrating more than 300 file types, you may experience a slow migration. For more information about other ways to organize the migration of your data, see the [Using multiple XML files](#using-multiple-xml-files) section of this article. +> +> Each file name extension you include in the rules within the `MigUser.xml` file increases the amount of time needed for the ScanState tool to gather the files for the migration. If you're migrating more than 300 file types, the migration experience can be slow. For more information about other ways to organize the migration of your data, see the [Using multiple XML files](#using-multiple-xml-files) section of this article. ## Using multiple XML files @@ -159,10 +164,10 @@ You can use multiple XML files with the ScanState and LoadState tools. Each of t |XML migration file|Modifies the following components:| |--- |--- | -|*Config.xml file*|Operating-system components such as desktop wallpaper and background theme.
You can also overload `Config.xml` to include some application and document settings by generating the `Config.xml` file with the other default XML files. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md).| -|*MigApps.xml file*|Applications settings.| -|*MigUser.xml* or *MigDocs.xml* files|User files and profile settings.| -|*Custom XML files*|Application settings, user profile settings, or user files, beyond the rules contained in the other XML files.| +|**Config.xml file**|Operating-system components such as desktop wallpaper and background theme.
You can also overload `Config.xml` to include some application and document settings by generating the `Config.xml` file with the other default XML files. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md).| +|**MigApps.xml file**|Applications settings.| +|**MigUser.xml** or **MigDocs.xml** files|User files and profile settings.| +|**Custom XML files**|Application settings, user profile settings, or user files, beyond the rules contained in the other XML files.| For example, you can use all of the XML migration file types for a single migration, as in the following example: @@ -173,35 +178,42 @@ ScanState.exe /config:c:\myFolder\Config.xml /i:migapps.xml /i:MigDocs.x ### XML rules for migrating user files > [!IMPORTANT] -> You should not use the `MigUser.xml` and `MigDocs.xml` files together in the same command. Using both XML files can result in duplication of some migrated files. This occurs when conflicting target-location instructions are given in each XML file. The target file will be stored once during the migration, but will be applied by each XML file to a different location on the destination computer. +> +> You shouldn't use the `MigUser.xml` and `MigDocs.xml` files together in the same command. Using both XML files can result in duplication of some migrated files. Duplication of some migrated files can occur when conflicting target-location instructions are given in each XML file. The target file is stored once during the migration, but each XML file applies the file to a different location on the destination computer. -If your data set is unknown or if many files are stored outside of the standard user-profile folders, the `MigDocs.xml` is a better choice than the `MigUser.xml` file, because the `MigDocs.xml` file will gather a broader scope of data. The `MigDocs.xml` file migrates folders of data based on location. The `MigUser.xml` file migrates only the files with the specified file name extensions. +If your data set is unknown or if many files are stored outside of the standard user-profile folders, the `MigDocs.xml` is a better choice than the `MigUser.xml` file, because the `MigDocs.xml` file gathers a broader scope of data. The `MigDocs.xml` file migrates folders of data based on location. The `MigUser.xml` file migrates only the files with the specified file name extensions. -If you want more control over the migration, you can create custom XML files. See [Creating and editing a custom XML file](#creating-and-editing-a-custom-xml-file) for more information. +If you want more control over the migration, you can create custom XML files. For more information on creating custom XML files, see [Creating and editing a custom XML file](#creating-and-editing-a-custom-xml-file) for more information. ## Creating and editing a custom XML file -You can use the `/genmigxml` command-line option to determine which files will be included in your migration. The `/genmigxml` option creates a file in a location you specify, so that you can review the XML rules and make modifications as necessary. +You can use the `/genmigxml` command-line option to determine which files are included in your migration. The `/genmigxml` option creates a file in a location you specify, so that you can review the XML rules and make modifications as necessary. > [!NOTE] -> If you reinstall USMT, the default migration XML files will be overwritten and any customizations you make directly to these files will be lost. Consider creating separate XML files for your custom migration rules and saving them in a secure location. +> +> If you reinstall USMT, the default migration XML files are overwritten and any customizations you make directly to these files are lost. Consider creating separate XML files for your custom migration rules and saving them in a secure location. To generate the XML migration rules file for a source computer: 1. Select **Start** > **All Programs** > **Accessories** -2. Right-click **Command Prompt**, and then select **Run as**. +1. Right-click **Command Prompt**, and then select **Run as**. -3. Select an account with administrator privileges, supply a password, and then select **OK**. +1. Select an account with administrator privileges, supply a password, and then select **OK**. -4. At the command prompt, enter: +1. At the command prompt, enter: ```cmd cd /d ScanState.exe /genmigxml: ``` - Where *<USMTpath>* is the location on your source computer where you've saved the USMT files and tools, and *<filepath.xml>* is the full path to a file where you can save the report. For example, enter: + Where: + + - **<USMTpath>** - location on your source computer of the saved USMT files and tools. + - **<filepath.xml>** - full path to a file where you can save the report. + + For example, enter: ```cmd cd /d c:\USMT @@ -220,7 +232,7 @@ The `MigDocs.xml` file calls the `GenerateDocPatterns` function, which takes thr `C:\Program Files\Microsoft Office[.doc]` - If a child folder of an included folder contains an installed application, ScanProgramFiles will also create an exclusion rule for the child folder. All folders under the application folder will be scanned recursively for registered file name extensions. + If a child folder of an included folder contains an installed application, `ScanProgramFiles` also creates an exclusion rule for the child folder. All folders under the application folder are scanned recursively for registered file name extensions. - `IncludePatterns`: This argument determines whether to generate exclude or include patterns in the XML. When this argument is set to **TRUE**, the `GenerateDocPatterns` function generates include patterns, and the function must be added under the `` element. Changing this argument to **FALSE** generates exclude patterns and the function must be added under the `` element. @@ -268,7 +280,10 @@ To create exclude data patterns: ### Understanding the system and user context -The migration XML files contain two <component> elements with different **context** settings. The system context applies to files on the computer that aren't stored in the User Profiles directory, while the user context applies to files that are particular to an individual user. +The migration XML files contain two <component> elements with different **context** settings: + +- The system context applies to files on the computer that aren't stored in the User Profiles directory. +- The user context applies to files that are particular to an individual user. #### System context @@ -319,23 +334,25 @@ The user context includes rules for data in the User Profiles directory. When ca - FOLDERID_RecordedTV > [!NOTE] -> Rules contained in a component that is assigned the user context will be run for each user profile on the computer. Files that are scanned multiple times by the `MigDocs.xml` files will only be copied to the migration store once; however, a large number of rules in the user context can slow down the migration. Use the system context when it is applicable. +> +> Rules contained in a component that is assigned the user context runs for each user profile on the computer. Files that are scanned multiple times by the `MigDocs.xml` files are only copied to the migration store once. However, a large number of rules in the user context can slow down the migration. Use the system context when it's applicable. ### Sample migration rules for customized versions of XML files -> [!NOTE] +> [!TIP] +> > For best practices and requirements for customized XML files in USMT, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [General Conventions](usmt-general-conventions.md). ### Exclude rules usage examples -In the examples below, the source computer has a .txt file called "new text document" in a directory called "new folder". The default `MigDocs.xml` behavior migrates the new text document.txt file and all files contained in the "new folder" directory. The rules generated by the function are: +In the following examples, the source computer has a .txt file called `new text document` in a directory called `new folder`. The default `MigDocs.xml` behavior migrates the new text `document.txt` file and all files contained in the `new folder` directory. The rules generated by the function are: | Rule | Syntax | |--- |--- | |Rule 1|`d:\new folder[new text document.txt]`| |Rule 2|`d:\new folder[]`| -To exclude the new text document.txt file and any .txt files in "new folder", you can do the following modification: +To exclude the new text `document.txt` file and any .txt files in `new folder`, you can do the following modification: #### Example 1: Exclude all .txt files in a folder @@ -352,7 +369,7 @@ To exclude Rule 1, there needs to be an exact match of the file name. However, f #### Example 2: Use the UnconditionalExclude element to give a rule precedence over include rules -If you don't know the file name or location of the file, but you do know the file name extension, you can use the `GenerateDrivePatterns` function. However, the rule will be less specific than the default include rule generated by the `MigDocs.xml` file, so it will not have precedence. You must use the <UnconditionalExclude> element to give this rule precedence over the default include rule. For more information about the order of precedence for XML migration rules, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). +If you don't know the file name or location of the file, but you do know the file name extension, you can use the `GenerateDrivePatterns` function. However, the rule is less specific than the default include rule generated by the `MigDocs.xml` file, so it doesn't have precedence. You must use the <UnconditionalExclude> element to give this rule precedence over the default include rule. For more information about the order of precedence for XML migration rules, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). ```xml @@ -364,7 +381,7 @@ If you don't know the file name or location of the file, but you do know the fil #### Example 3: Use a UserandSystem context component to run rules in both contexts -If you want the **<UnconditionalExclude>** element to apply to both the system and user context, you can create a third component using the **UserandSystem** context. Rules in this component will be run in both contexts. +If you want the **<UnconditionalExclude>** element to apply to both the system and user context, you can create a third component using the **UserandSystem** context. Rules in this component run in both contexts. ```xml @@ -389,7 +406,7 @@ The application data directory is the most common location that you would need t #### Example 1: Include a file name extension in a known user folder -This rule will include .pst files that are located in the default location, but aren't linked to Microsoft Outlook. Use the user context to run this rule for each user on the computer. +This rule includes .pst files that are located in the default location, but aren't linked to Microsoft Outlook. Use the user context to run this rule for each user on the computer. ```xml @@ -413,7 +430,8 @@ For locations outside the user profile, such as the Program Files folder, you ca For more examples of include rules that you can use in custom migration XML files, see [Include Files and Settings](usmt-include-files-and-settings.md). -> [!NOTE] +> [!TIP] +> > For more information about the order of precedence for XML migration rules, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). ## Next steps @@ -424,6 +442,5 @@ You can use an XML schema (MigXML.xsd) file to validate the syntax of your custo ## Related articles -[Exclude files and settings](usmt-exclude-files-and-settings.md) - -[Include files and settings](usmt-include-files-and-settings.md) +- [Exclude files and settings](usmt-exclude-files-and-settings.md). +- [Include files and settings](usmt-include-files-and-settings.md). diff --git a/windows/deployment/usmt/usmt-overview.md b/windows/deployment/usmt/usmt-overview.md index 1f861519be..a121f4c8cf 100644 --- a/windows/deployment/usmt/usmt-overview.md +++ b/windows/deployment/usmt/usmt-overview.md @@ -6,7 +6,7 @@ ms.technology: itpro-deploy author: frankroj manager: aaroncz ms.author: frankroj -ms.date: 12/05/2023 +ms.date: 12/06/2023 ms.topic: overview ms.collection: - highpri @@ -47,4 +47,4 @@ There are some scenarios in which the use of USMT isn't recommended. These scena ## Related articles -- [User State Migration Tool (USMT) technical reference](usmt-technical-reference.md) +- [User State Migration Tool (USMT) technical reference](usmt-technical-reference.md). diff --git a/windows/deployment/usmt/usmt-recognized-environment-variables.md b/windows/deployment/usmt/usmt-recognized-environment-variables.md index ed457c0724..46b0d25ce2 100644 --- a/windows/deployment/usmt/usmt-recognized-environment-variables.md +++ b/windows/deployment/usmt/usmt-recognized-environment-variables.md @@ -6,7 +6,7 @@ ms.technology: itpro-deploy manager: aaroncz ms.author: frankroj author: frankroj -ms.date: 12/05/2023 +ms.date: 12/06/2023 ms.topic: conceptual ms.collection: - highpri From acdc9a8615632b5cea1aa69168024c79725ebe50 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Wed, 6 Dec 2023 13:16:59 -0500 Subject: [PATCH 018/219] Freshness 04-12-2023 7 --- .../usmt/offline-migration-reference.md | 30 +++-- .../usmt/understanding-migration-xml-files.md | 2 +- .../deployment/usmt/usmt-best-practices.md | 40 +++--- .../usmt/usmt-choose-migration-store-type.md | 16 ++- .../usmt/usmt-command-line-syntax.md | 6 +- .../usmt/usmt-common-migration-scenarios.md | 59 ++++---- .../deployment/usmt/usmt-configxml-file.md | 127 ++++++++++++++---- 7 files changed, 188 insertions(+), 92 deletions(-) diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md index 77432ed7d7..59839bc84f 100644 --- a/windows/deployment/usmt/offline-migration-reference.md +++ b/windows/deployment/usmt/offline-migration-reference.md @@ -110,7 +110,9 @@ Use an `Offline.xml` file when running the ScanState tool on a computer that has This element contains other elements that define how an offline migration is to be performed. -```XML +Syntax: + +```xml ``` @@ -118,7 +120,9 @@ This element contains other elements that define how an offline migration is to This element is a required child of **<offline>** and contains information about how the offline volume can be selected. The migration is performed from the first element of **<winDir>** that contains a valid Windows system volume. -```XML +Syntax: + +```xml ``` @@ -126,13 +130,17 @@ This element is a required child of **<offline>** and contains information This element is a required child of **<winDir>** and contains a file path pointing to a valid Windows directory. Relative paths are interpreted from the ScanState tool's working directory. -```XML +Syntax: + +```xml C:\Windows ``` or when used with the **<mappings>** element: -```XML +Syntax: + +```xml C:\, D:\ ``` @@ -140,7 +148,9 @@ or when used with the **<mappings>** element: This element is an optional child of **<offline>**. When specified, the **<mappings>** element overrides the automatically detected WinPE drive mappings. Each child **<path>** element provides a mapping from one system volume to another. Additionally, mappings between folders can be provided, since an entire volume can be mounted to a specific folder. -```XML +Syntax: + +```xml ``` @@ -148,13 +158,17 @@ This element is an optional child of **<offline>**. When specified, the ** This element is an optional child of **<offline>**. The **<failOnMultipleWinDir>** element allows the user to specify that the migration should fail when USMT detects that there are multiple instances of Windows installed on the source machine. When the **<failOnMultipleWinDir>** element isn't present, the default behavior is that the migration doesn't fail. -```XML +Syntax: + +```xml 1 ``` or -```XML +Syntax: + +```xml 0 ``` @@ -162,7 +176,7 @@ or The following XML example illustrates some of the elements discussed earlier in this article. -```XML +```xml C:\Windows diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index 65da75ee02..f7211f54b1 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -208,7 +208,7 @@ To generate the XML migration rules file for a source computer: ScanState.exe /genmigxml: ``` - Where: + where: - **<USMTpath>** - location on your source computer of the saved USMT files and tools. - **<filepath.xml>** - full path to a file where you can save the report. diff --git a/windows/deployment/usmt/usmt-best-practices.md b/windows/deployment/usmt/usmt-best-practices.md index 98f95d0597..b35eb34a95 100644 --- a/windows/deployment/usmt/usmt-best-practices.md +++ b/windows/deployment/usmt/usmt-best-practices.md @@ -1,18 +1,18 @@ --- -title: USMT Best Practices (Windows 10) -description: This article discusses general and security-related best practices when using User State Migration Tool (USMT) 10.0. +title: USMT Best Practices +description: This article discusses general and security-related best practices when using User State Migration Tool (USMT). manager: aaroncz ms.author: frankroj ms.prod: windows-client author: frankroj -ms.date: 11/01/2022 +ms.date: 12/06/2023 ms.topic: article ms.technology: itpro-deploy --- # USMT best practices -This article discusses general and security-related best practices when using User State Migration Tool (USMT) 10.0. +This article discusses general and security-related best practices when using User State Migration Tool (USMT). ## General best practices @@ -22,15 +22,15 @@ This article discusses general and security-related best practices when using Us - **Don't use MigUser.xml and MigDocs.xml together** - If you use both .xml files, some migrated files may be duplicated if conflicting instructions are given about target locations. You can use the `/genmigxml` command-line option to determine which files will be included in your migration, and to determine if any modifications are necessary. For more information, see [Identify file types, files, and folders](usmt-identify-file-types-files-and-folders.md). + If you use both **.xml** files, some migrated files can be duplicated if conflicting instructions are given about target locations. You can use the `/genmigxml` command-line option to determine which files are included in your migration, and to determine if any modifications are necessary. For more information, see [Identify file types, files, and folders](usmt-identify-file-types-files-and-folders.md). - **Use MigDocs.xml for a better migration experience** - If your data set is unknown or if many files are stored outside of the standard user-profile folders, the `MigDocs.xml` file is a better choice than the `MigUser.xml` file, because the `MigDocs.xml` file will gather a broader scope of data. The `MigDocs.xml` file migrates folders of data based on location, and on registered file type by querying the registry for registered application extensions. The `MigUser.xml` file migrates only the files with the specified file extensions. + If your data set is unknown or if many files are stored outside of the standard user-profile folders, the `MigDocs.xml` file is a better choice than the `MigUser.xml` file, because the `MigDocs.xml` file gathers a broader scope of data. The `MigDocs.xml` file migrates folders of data based on location, and on registered file type by querying the registry for registered application extensions. The `MigUser.xml` file migrates only the files with the specified file extensions. - **Close all applications before running either the ScanState or LoadState tools** - Although using the `/vsc` switch can allow the migration of many files that are open with another application, it's a best practice to close all applications in order to ensure all files and settings migrate. Without the `/vsc` or `/c` switch USMT will fail when it can't migrate a file or setting. When you use the `/c` option, USMT will ignore any files or settings that it can't migrate and log an error each time. + Although using the `/vsc` switch can allow the migration of many files that are open with another application, it's a best practice to close all applications in order to ensure all files and settings migrate. Without the `/vsc` or `/c` switch, USMT fails when it can't migrate a file or setting. When you use the `/c` option, USMT ignores any files or settings that it can't migrate and log an error each time. - **Log off after you run the LoadState** @@ -38,7 +38,7 @@ This article discusses general and security-related best practices when using Us - **Managed environment** - To create a managed environment, you can move all of the end user's documents into My Documents (%CSIDL\_PERSONAL%). We recommend that you migrate files into the smallest-possible number of folders on the destination computer. Minimizing folders will help you to clean up files on the destination computer, if the `LoadState.exe` command fails before completion. + To create a managed environment, you can move all of the end user's documents into My Documents (%CSIDL\_PERSONAL%). We recommend that you migrate files into the smallest-possible number of folders on the destination computer. Minimizing folders helps to clean up files on the destination computer if the `LoadState.exe` command fails before completion. - **Chkdsk.exe** @@ -46,7 +46,7 @@ This article discusses general and security-related best practices when using Us - **Migrate in groups** - If you decide to perform the migration while users are using the network, it's best to migrate user accounts in groups. To minimize the impact on network performance, determine the size of the groups based on the size of each user account. Migrating in phases also allows you to make sure each phase is successful before starting the next phase. Using this method, you can make any necessary modifications to your plan between groups. + If you decide to perform the migration while users are using the network, it's best to migrate user accounts in groups. To minimize the effect on network performance, determine the size of the groups based on the size of each user account. Migrating in phases also allows you to make sure each phase is successful before starting the next phase. Using this method, you can make any necessary modifications to your plan between groups. ## Security best practices @@ -57,7 +57,8 @@ As the authorized administrator, it is your responsibility to protect the privac Take extreme caution when migrating encrypted files, because the end user doesn't need to be logged on to capture the user state. By default, USMT fails if an encrypted file is found. For specific instructions about EFS best practices, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md). > [!NOTE] - > If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration. + > + > If you migrate an encrypted file without also migrating the certificate, end users won't be able to access the file after the migration. - **Encrypt the store** @@ -73,7 +74,7 @@ As the authorized administrator, it is your responsibility to protect the privac - **Password Migration** - To ensure the privacy of the end users, USMT doesn't migrate passwords, including passwords for applications such as Windows Live™ Mail, Microsoft Internet Explorer®, and Remote Access Service (RAS) connections and mapped network drives. It's important to make sure that end users know their passwords. + To ensure the privacy of the end users, USMT doesn't migrate passwords, including passwords for applications or mapped network drives. It's important to make sure that end users know their passwords. - **Local Account Creation** @@ -96,11 +97,11 @@ As the authorized administrator, it is your responsibility to protect the privac - **Use the XML Schema (MigXML.xsd) when authoring .xml files to validate syntax** - The `MigXML.xsd` schema file shouldn't be included on the command line or in any of the .xml files. + The `MigXML.xsd` schema file shouldn't be included on the command line or in any of the **.xml** files. - **Use the default migration XML files as models** - To create a custom .xml file, you can use the migration .xml files as models to create your own. If you need to migrate user data files, model your custom .xml file on `MigUser.xml`. To migrate application settings, model your custom .xml file on the `MigApp.xml` file. + To create a custom **.xml** file, you can use the migration **.xml** files as models to create your own. If you need to migrate user data files, model your custom **.xml** file on `MigUser.xml`. To migrate application settings, model your custom **.xml** file on the `MigApp.xml` file. - **Consider the impact on performance when using the <context> parameter** @@ -113,7 +114,8 @@ As the authorized administrator, it is your responsibility to protect the privac In the **UserAndSystem** context, a rule is processed one time for each user on the system and one time for the system. > [!NOTE] - > The number of times a rule is processed does not affect the number of times a file is migrated. The USMT migration engine ensures that each file migrates only once. + > + > The number of times a rule is processed doesn't affect the number of times a file is migrated. The USMT migration engine ensures that each file migrates only once. - **We recommend that you create a separate .xml file instead of adding your .xml code to one of the existing migration .xml files** @@ -121,15 +123,15 @@ As the authorized administrator, it is your responsibility to protect the privac - **You should not create custom .xml files to alter the operating system settings that are migrated** - These settings are migrated by manifests and you can't modify those files. If you want to exclude certain operating system settings from the migration, you should create and modify a `Config.xml` file. + Manifest files determine what settings are migrated. Manifest files can't be modified. Since manifest files can't be modified, to exclude certain operating system settings from the migration, create and modify a `Config.xml` file instead. - **You can use the asterisk (\*) wildcard character in any migration XML file that you create** > [!NOTE] - > The question mark is not valid as a wildcard character in USMT .xml files. + > + > The question mark isn't valid as a wildcard character in USMT **.xml** files. ## Related articles -[Migration store encryption](usmt-migration-store-encryption.md) - -[Plan your migration](usmt-plan-your-migration.md) +- [Migration store encryption](usmt-migration-store-encryption.md). +- [Plan your migration](usmt-plan-your-migration.md). diff --git a/windows/deployment/usmt/usmt-choose-migration-store-type.md b/windows/deployment/usmt/usmt-choose-migration-store-type.md index ab33c29403..a610a20904 100644 --- a/windows/deployment/usmt/usmt-choose-migration-store-type.md +++ b/windows/deployment/usmt/usmt-choose-migration-store-type.md @@ -1,18 +1,23 @@ --- -title: Choose a Migration Store Type (Windows 10) +title: Choose a Migration Store Type description: Learn how to choose a migration store type and estimate the amount of disk space needed for computers in your organization. manager: aaroncz ms.author: frankroj ms.prod: windows-client author: frankroj -ms.date: 11/01/2022 +ms.date: 12/06/2023 ms.topic: article ms.technology: itpro-deploy --- # Choose a migration store type -One of the main considerations for planning your migration is to determine which migration store type best meets your needs. As part of these considerations, determine how much space is required to run the User State Migration Tool (USMT) 10.0 components on your source and destination computers, and how much space is needed to create and host the migration store, whether you're using a local share, network share, or storage device. The final consideration is ensuring that user date integrity is maintained by encrypting the migration store. +One of the main considerations for planning your migration is to determine which migration store type best meets your needs. As part of these considerations, determine the following items: + +- How much space is required to run the User State Migration Tool (USMT) components on your source and destination computers. +- How much space is needed to create and host the migration store. +- Whether a local share, network share, or storage device should be used. +- Ensure that user date integrity is maintained by encrypting the migration store. ## In this section @@ -25,6 +30,5 @@ One of the main considerations for planning your migration is to determine which ## Related articles -[Plan your migration](usmt-plan-your-migration.md) - -[User State Migration Tool (USMT) how-to topics](usmt-how-to.md) +- [Plan your migration](usmt-plan-your-migration.md) +- [User State Migration Tool (USMT) how-articles](usmt-how-to.md) diff --git a/windows/deployment/usmt/usmt-command-line-syntax.md b/windows/deployment/usmt/usmt-command-line-syntax.md index 55cfe5e69c..74b8931c12 100644 --- a/windows/deployment/usmt/usmt-command-line-syntax.md +++ b/windows/deployment/usmt/usmt-command-line-syntax.md @@ -1,18 +1,18 @@ --- -title: User State Migration Tool (USMT) Command-line Syntax (Windows 10) +title: User State Migration Tool (USMT) Command-line Syntax description: Learn about the User State Migration Tool (USMT) command-line syntax for using the ScanState tool, LoadState tool, and UsmtUtils tool. manager: aaroncz ms.author: frankroj ms.prod: windows-client author: frankroj -ms.date: 11/01/2022 +ms.date: 12/06/2023 ms.topic: article ms.technology: itpro-deploy --- # User State Migration Tool (USMT) command-line syntax -The User State Migration Tool (USMT) 10.0 migrates user files and settings during large deployments of Windows. To improve and simplify the migration process, USMT captures desktop, network, and application settings in addition to a user's files. USMT then migrates these items to a new Windows installation. +The User State Migration Tool (USMT) migrates user files and settings during large deployments of Windows. To improve and simplify the migration process, USMT captures desktop, network, and application settings in addition to a user's files. USMT then migrates these items to a new Windows installation. ## In this Section diff --git a/windows/deployment/usmt/usmt-common-migration-scenarios.md b/windows/deployment/usmt/usmt-common-migration-scenarios.md index 183565827a..da3dacc34c 100644 --- a/windows/deployment/usmt/usmt-common-migration-scenarios.md +++ b/windows/deployment/usmt/usmt-common-migration-scenarios.md @@ -1,62 +1,71 @@ --- -title: Common Migration Scenarios (Windows 10) -description: See how the User State Migration Tool (USMT) 10.0 is used when planning hardware and/or operating system upgrades. +title: Common Migration Scenarios +description: See how the User State Migration Tool (USMT) is used when planning hardware and/or operating system upgrades. manager: aaroncz ms.author: frankroj ms.prod: windows-client author: frankroj -ms.date: 11/01/2022 +ms.date: 12/23/2023 ms.topic: article ms.technology: itpro-deploy --- # Common Migration Scenarios -You use the User State Migration Tool (USMT) 10.0 when hardware and/or operating system upgrades are planned for a large number of computers. USMT manages the migration of an end-user's digital identity by capturing the user's operating-system settings, application settings, and personal files from a source computer and reinstalling them on a destination computer after the upgrade has occurred. +You use the User State Migration Tool (USMT) when hardware and/or operating system upgrades are planned for a large number of computers. USMT manages the migration of an end-user's digital identity by capturing from a source computer the following user's items: -One common scenario is when the operating system is upgraded on existing hardware without the hardware being replaced. This scenario is referred to as *PC-refresh*. A second common scenario is known as *PC replacement*, where one piece of hardware is being replaced, typically by newer hardware and a newer operating system. +- Operating-system settings. +- Application settings. +- Personal files. + +Once these items are capture, they're reinstalled on a destination computer after the upgrade completes. + +One common scenario is when the operating system is upgraded on existing hardware without the hardware being replaced. This scenario is referred to as **PC-refresh**. A second common scenario is known as **PC replacement**, where one piece of hardware is being replaced, typically by newer hardware and a newer operating system. ## PC-refresh -The following diagram shows a PC-refresh migration, also known as a computer refresh migration. First, the administrator migrates the user state from a source computer to an intermediate store. After installing the operating system, the administrator migrates the user state back to the source computer. +The following diagram shows a PC-refresh migration, also known as a computer refresh migration. First, the administrator migrates the user state from a source computer to an intermediate store. After the administrator installs the operating system, they migrate the user state back to the source computer. ![usmt pc refresh scenario.](images/dep-win8-l-usmt-pcrefresh.jpg) ### Scenario One: PC-refresh offline using Windows PE and a hard-link migration store -A company has received funds to update the operating system on all of its computers in the accounting department to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, the update is being handled offline, without a network connection. An administrator uses Windows Preinstallation Environment (WinPE) and a hard-link migration store to save each user state to their respective computer. +A company receives funds to update the operating system on all of its computers in the accounting department to the latest supported version of Windows. Each employee keeps the same computer, but the operating system on each computer will be updated. In this scenario, the update is being handled offline, without a network connection. An administrator uses Windows Preinstallation Environment (WinPE) and a hard-link migration store to save each user state to their respective computer. 1. On each computer, the administrator boots the machine into WinPE and runs the **ScanState** command-line tool, specifying the `/hardlink /nocompress` command-line options. **ScanState** saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic and minimizing migration failures on computers with limited space available on the hard drive. -2. On each computer, the administrator installs the company's standard operating environment (SOE) which includes Windows 10 and other company applications. +2. On each computer, the administrator installs the company's standard operating environment (SOE) which includes the latest supported version of Windows and other company applications. 3. The administrator runs the **LoadState** command-line tool on each computer. **LoadState** restores each user state back to each computer. ### Scenario Two: PC-refresh using a compressed migration store -A company has received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a compressed migration store to save the user states to a server. +A company receives funds to update the operating system on all of its computers to the latest supported version of Windows. Each employee keeps the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a compressed migration store to save the user states to a server. 1. The administrator runs the **ScanState** command-line tool on each computer. **ScanState** saves each user state to a server. -2. On each computer, the administrator installs the company's standard SOE that includes Windows 10 and other company applications. +2. On each computer, the administrator installs the company's standard SOE that includes the latest supported version of Windows and other company applications. 3. The administrator runs the **LoadState** command-line tool on each source computer, and **LoadState** restores each user state back to the computer. ### Scenario Three: PC-refresh using a hard-link migration store -A company has received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a hard-link migration store to save each user state to their respective computer. +A company receives funds to update the operating system on all of its computers to the latest supported version of Windows. Each employee keeps the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a hard-link migration store to save each user state to their respective computer. 1. The administrator runs the **ScanState** command-line tool on each computer, specifying the `/hardlink /nocompress` command-line options. **ScanState** saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic and minimizing migration failures on computers with limited space available on the hard drive. -2. On each computer, the administrator installs the company's SOE that includes Windows 10 and other company applications. +2. On each computer, the administrator installs the company's SOE that includes the latest supported version of Windows and other company applications. 3. The administrator runs the **LoadState** command-line tool on each computer. **LoadState** restores each user state back on each computer. ### Scenario Four: PC-refresh using Windows.old folder and a hard-link migration store -A company has decided to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses Windows.old and a hard-link migration store to save each user state to their respective computer. +A company decides to update the operating system on all of its computers to the latest supported version of Windows. Each employee keeps the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses Windows.old and a hard-link migration store to save each user state to their respective computer. -1. The administrator clean installs Windows 10 on each computer, making sure that the Windows.old directory is created by installing Windows 10 without formatting or repartitioning and by selecting a partition that contains the previous version of Windows. +1. The administrator clean installs the latest supported version of Windows on each computer. During the install, they make sure that the Windows.old directory is created by taking the following actions: + + - Performing the install without formatting or repartitioning the disk. + - Selecting a partition that contains the previous version of Windows. 2. On each computer, the administrator installs the company's SOE that includes company applications. @@ -64,7 +73,7 @@ A company has decided to update the operating system on all of its computers to ## PC-replacement -The following diagram shows a PC-replacement migration. First, the administrator migrates the user state from the source computer to an intermediate store. After installing the operating system on the destination computer, the administrator migrates the user state from the store to the destination computer. +The following diagram shows a PC-replacement migration. First, the administrator migrates the user state from the source computer to an intermediate store. After the administrator installs the operating system on the destination computer, they migrate the user state from the store to the destination computer. ![usmt pc replace scenario.](images/dep-win8-l-usmt-pcreplace.jpg) @@ -74,7 +83,7 @@ A company is allocating 20 new computers to users in the accounting department. 1. On each source computer, an administrator boots the machine into WinPE and runs **ScanState** to collect the user state to either a server or an external hard disk. -2. On each new computer, the administrator installs the company's SOE that includes Windows 10 and other company applications. +2. On each new computer, the administrator installs the company's SOE that includes the latest supported version of Windows and other company applications. 3. On each of the new computers, the administrator runs the **LoadState** tool, restoring each user state from the migration store to one of the new computers. @@ -84,11 +93,11 @@ A company receives 50 new laptops for their managers and needs to reallocate 50 1. The administrator runs the **ScanState** tool on each of the manager's old laptops, and saves each user state to a server. -2. On the new laptops, the administrator installs the company's SOE, which includes Windows 10 and other company applications. +1. On the new laptops, the administrator installs the company's SOE, which includes the latest supported version of Windows and other company applications. -3. The administrator runs the **LoadState** tool on the new laptops to migrate the managers' user states to the appropriate computer. The new laptops are now ready for the managers to use. +1. The administrator runs the **LoadState** tool on the new laptops to migrate the managers' user states to the appropriate computer. The new laptops are now ready for the managers to use. -4. On the old computers, the administrator installs the company's SOE, which includes Windows 10, Microsoft Office, and other company applications. The old computers are now ready for the new employees to use. +1. On the old computers, the administrator installs the company's SOE, which includes the latest supported version of Windows, Microsoft Office, and other company applications. The old computers are now ready for the new employees to use. ### Scenario Three: Managed network migration @@ -96,14 +105,12 @@ A company is allocating 20 new computers to users in the accounting department. 1. On each source computer, the administrator runs the **ScanState** tool using Microsoft Configuration Manager, Microsoft Deployment Toolkit (MDT), a sign-in script, a batch file, or a non-Microsoft management technology. **ScanState** collects the user state from each source computer and then saves it to a server. -2. On each new computer, the administrator installs the company's SOE, which includes Windows 10 and other company applications. +1. On each new computer, the administrator installs the company's SOE, which includes the latest supported version of Windows and other company applications. -3. On each of the new computers, the administrator runs the **LoadState** tool using Microsoft Configuration Manager, a sign-in script, a batch file, or a non-Microsoft management technology. **LoadState** migrates each user state from the migration store to one of the new computers. +1. On each of the new computers, the administrator runs the **LoadState** tool using Microsoft Configuration Manager, a sign-in script, a batch file, or a non-Microsoft management technology. **LoadState** migrates each user state from the migration store to one of the new computers. ## Related articles -[Plan your migration](usmt-plan-your-migration.md) - -[Choose a migration store type](usmt-choose-migration-store-type.md) - -[Offline migration reference](offline-migration-reference.md) +- [Plan your migration](usmt-plan-your-migration.md). +- [Choose a migration store type](usmt-choose-migration-store-type.md). +- [Offline migration reference](offline-migration-reference.md). diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md index a144f93cd4..38a5310e93 100644 --- a/windows/deployment/usmt/usmt-configxml-file.md +++ b/windows/deployment/usmt/usmt-configxml-file.md @@ -1,22 +1,22 @@ --- -title: Config.xml File (Windows 10) -description: Learn how the Config.xml file is an optional User State Migration Tool (USMT) 10.0 file that you can create using the /genconfig option with the ScanState.exe tool. +title: Config.xml File +description: Learn how the Config.xml file is an optional User State Migration Tool (USMT) file that you can create using the /genconfig option with the ScanState.exe tool. manager: aaroncz ms.author: frankroj ms.prod: windows-client author: frankroj -ms.date: 11/01/2022 +ms.date: 12/06/2023 ms.topic: article ms.technology: itpro-deploy --- # Config.xml File -The `Config.xml` file is an optional User State Migration Tool (USMT) 10.0 file that you can create using the `/genconfig` option with the ScanState tool. If you want to include all of the default components, and don't want to change the default store-creation or profile-migration behavior, you don't need to create a `Config.xml` file. +The `Config.xml` file is an optional User State Migration Tool (USMT) file that you can create using the `/genconfig` option with the ScanState tool. If you want to include all of the default components, and don't want to change the default store-creation or profile-migration behavior, you don't need to create a `Config.xml` file. -However, if you're satisfied with the default migration behavior defined in the `MigApp.xml`, `MigUser.xml` and `MigDocs.xml` files, but you want to exclude certain components, you can create and modify a `Config.xml` file and leave the other .xml files unchanged. For example, you must create and modify the `Config.xml` file if you want to exclude any of the operating-system settings that are migrated. It's necessary to create and modify this file if you want to change any of the default store-creation or profile-migration behavior. +However, if you're satisfied with the default migration behavior defined in the `MigApp.xml`, `MigUser.xml` and `MigDocs.xml` files, but you want to exclude certain components, you can create and modify a `Config.xml` file and leave the other **.xml** files unchanged. For example, you must create and modify the `Config.xml` file if you want to exclude any of the operating-system settings that are migrated. It's necessary to create and modify this file if you want to change any of the default store-creation or profile-migration behavior. -The `Config.xml` file has a different format than the other migration .xml files, because it doesn't contain any migration rules. It contains only a list of the operating-system components, applications, user documents that can be migrated, and user-profile policy and error-control policy. For this reason, excluding components using the `Config.xml` file is easier than modifying the migration .xml files, because you don't need to be familiar with the migration rules and syntax. However, you can't use wildcard characters in this file. +The `Config.xml` file has a different format than the other migration **.xml** files, because it doesn't contain any migration rules. It contains only a list of the operating-system components, applications, user documents that can be migrated, and user-profile policy and error-control policy. For this reason, excluding components using the `Config.xml` file is easier than modifying the migration **.xml** files, because you don't need to be familiar with the migration rules and syntax. However, you can't use wildcard characters in this file. For more information about using the `Config.xml` file with other migration files, such as the `MigDocs.xml` and `MigApps.xml` files, see [Understanding Migration XML Files](understanding-migration-xml-files.md). @@ -25,13 +25,17 @@ For more information about using the `Config.xml` file with other migration file ## Migration Policies -In USMT there are new migration policies that can be configured in the `Config.xml` file. For example, you can configure additional **<ErrorControl>**, **<ProfileControl>**, and **<HardLinkStoreControl>** options. The following elements and parameters are for use in the `Config.xml` file only. +In USMT, there are migration policies that can be configured in the `Config.xml` file. For example, you can configure **<ErrorControl>**, **<ProfileControl>**, and **<HardLinkStoreControl>** options. The following elements and parameters are for use in the `Config.xml` file only. ### <Policies> The **<Policies>** element contains elements that describe the policies that USMT follows while creating a migration store. Valid children of the **<Policies>** element are **<ErrorControl>** and **<HardLinkStoreControl>**. The **<Policies>** element is a child of **<Configuration>**. -Syntax: `` `` +Syntax: + +```xml + +``` ### <ErrorControl> @@ -43,9 +47,13 @@ The **<ErrorControl>** element is an optional element you can configure in - **Child elements**: The **<fileError>** and **<registryError>** element -Syntax: `` `` +Syntax: -The following example specifies that all locked files, regardless of their location (including files in C:\\Users), should be ignored. However, the migration fails if any file in C:\\Users can't be accessed because of any other reason. In the example below, the **<ErrorControl>** element ignores any problems in migrating registry keys that match the supplied pattern, and it resolves them to an **Access denied** error. +```xml + +``` + +The following example specifies that all locked files, regardless of their location (including files in C:\\Users), should be ignored. However, the migration fails if any file in C:\\Users can't be accessed because of any other reason. In the following example, the **<ErrorControl>** element ignores any problems in migrating registry keys that match the supplied pattern, and it resolves them to an **Access denied** error. Additionally, the order in the **<ErrorControl>** section implies priority. In this example, the first **<nonFatal>** tag takes precedence over the second **<fatal>** tag. This precedence is applied, regardless of how many tags are listed. @@ -74,7 +82,11 @@ The **<fatal>** element isn't required. - **Child elements**: None. -Syntax: `` *<pattern>* `` +Syntax: + +```xml + <*pattern*> +``` |Parameter|Required|Value| |--- |--- |--- | @@ -92,7 +104,11 @@ The **<fileError>** element isn't required. - **Child elements**: **<nonFatal>** and **<fatal>** -Syntax: `` `` +Syntax: + +```xml + +``` You use the **<fileError>** element to represent the behavior associated with file errors. @@ -106,7 +122,11 @@ The **<nonFatal>** element isn't required. - **Child elements**: None. -Syntax: `` *<pattern>* `` +Syntax: + +```xml + <*pattern*> +``` |Parameter|Required|Value| |--- |--- |--- | @@ -124,7 +144,11 @@ The **<registryError>** element isn't required. - **Child elements**: **<nonfatal>** and **<fatal>** -Syntax: `` `` +Syntax: + +```xml + +``` |Parameter|Required|Value| |--- |--- |--- | @@ -136,7 +160,11 @@ You use the **<registryError>** element to specify that errors matching a The **<HardLinkStoreControl>** element contains elements that describe how to handle files during the creation of a hard-link migration store. Its only valid child is **<fileLocked>**. -Syntax: `` `` +Syntax: + +```xml + +``` - **Number of occurrences**: Once for each component @@ -144,9 +172,13 @@ Syntax: `` `` - **Child elements**: **<fileLocked>** -Syntax: `` `` +Syntax: -The **<HardLinkStoreControl>** sample code below specifies that hard links can be created to locked files only if the locked file resides somewhere under C:\\Users\\. Otherwise, a file-access error occurs when a locked file is encountered that can't be copied, even though is technically possible for the link to be created. +```xml + +``` + +The following **<HardLinkStoreControl>** sample code specifies that hard links can be created to locked files only if the locked file resides somewhere under C:\\Users\\. Otherwise, a file-access error occurs when a locked file is encountered that can't be copied, even though is technically possible for the link to be created. > [!IMPORTANT] > The **<ErrorControl>** section can be configured to conditionally ignore file access errors, based on the file's location. @@ -169,37 +201,61 @@ The **<HardLinkStoreControl>** sample code below specifies that hard links The **<fileLocked>** element contains elements that describe how to handle files that are locked for editing. The rules defined by the **<fileLocked>** element are processed in the order in which they appear in the XML file. -Syntax: `` `` +Syntax: + +```xml + +``` ### <createHardLink> The **<createHardLink>** element defines a standard MigXML pattern that describes file paths where hard links should be created, even if the file is locked for editing by another application. -Syntax: `` *<pattern>* `` +Syntax: + +```xml + <*pattern*> +``` ### <errorHardLink> -The **<errorHardLink>** element defines a standard MigXML pattern that describes file paths where hard links shouldn't be created if the file is locked for editing by another application. USMT will attempt to copy files under these paths into the migration store. However, if that isn't possible, **Error\_Locked** is thrown. This error is a standard Windows application programming interface (API) error that can be captured by the **<ErrorControl>** section to either cause USMT to skip the file or abort the migration. +The **<errorHardLink>** element defines a standard MigXML pattern that describes file paths where hard links shouldn't be created if the file is locked for editing by another application. USMT attempts to copy files under these paths into the migration store. However, if that isn't possible, **Error\_Locked** is thrown. This error is a standard Windows application programming interface (API) error that can be captured by the **<ErrorControl>** section to either cause USMT to skip the file or abort the migration. -Syntax: `` *<pattern>* `` +Syntax: + +```xml + <*pattern*> +``` ### <ProfileControl> This element is used to contain other elements that establish rules for migrating profiles, users, and policies around local group membership during the migration. **<ProfileMigration>** is a child of **<Configuration>**. -Syntax: <`ProfileControl>` `` +Syntax: + +```xml +` ` +``` ### <localGroups> This element is used to contain other elements that establish rules for how to migrate local groups. **<localGroups>** is a child of **<ProfileControl>**. -Syntax: `` `` +Syntax: + +```xml + +``` ### <mappings> This element is used to contain other elements that establish mappings between groups. -Syntax: `` `` +Syntax: + +```xml + +``` ### <changeGroup> @@ -213,23 +269,36 @@ This element describes the source and destination groups for a local group membe The valid and required children of **<changeGroup>** are **<include>** and **<exclude>**. Although both can be children at the same time, only one is required. -Syntax: `` `` +Syntax: + +```xml + +``` ### <include> This element specifies that its required child, *<pattern>*, should be included in the migration. -Syntax: `` `` +Syntax: + +```xml + +``` ### <exclude> This element specifies that its required child, *<pattern>*, should be excluded from the migration. -Syntax: `` `` +Syntax: + +```xml + +``` ## Sample Config.xml File -Refer to the following sample `Config.xml` file for more details about items you can choose to exclude from a migration. +The following sample `Config.xml` file contains detailed examples about items you can choose to exclude from a migration. +

@@ -430,4 +499,4 @@ Refer to the following sample `Config.xml` file for more details about items you ## Related articles -[USMT XML reference](usmt-xml-reference.md) +- [USMT XML reference](usmt-xml-reference.md). From f9d7df1d7445160b54caf41bdad2969cbe28cfd0 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Wed, 6 Dec 2023 13:43:24 -0500 Subject: [PATCH 019/219] Freshness 04-12-2023 8 --- windows/deployment/usmt/usmt-configxml-file.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md index 38a5310e93..22bde617dc 100644 --- a/windows/deployment/usmt/usmt-configxml-file.md +++ b/windows/deployment/usmt/usmt-configxml-file.md @@ -61,7 +61,7 @@ Additionally, the order in the **<ErrorControl>** section implies priority * [*] - C:\Users\* [*] + C:\Users\* [*] HKCU\SOFTWARE\Microsoft\* [*] @@ -85,12 +85,12 @@ The **<fatal>** element isn't required. Syntax: ```xml - <*pattern*> + ``` |Parameter|Required|Value| |--- |--- |--- | -|errorCode|No|"any" or "*specify system error message here*"| +|errorCode|No|*Specify system error message here*| You use the **<fatal>** element to specify that errors matching a specific pattern should cause USMT to halt the migration. @@ -125,12 +125,12 @@ The **<nonFatal>** element isn't required. Syntax: ```xml - <*pattern*> + ``` |Parameter|Required|Value| |--- |--- |--- | -|**<errorCode>**|No|"any" or "*specify system error message here*". If system error messages aren't specified, the default behavior applies the parameter to all system error messages.| +|**<errorCode>**|No|*Specify system error message here*. If system error messages aren't specified, the default behavior applies the parameter to all system error messages.| You use the **<nonFatal>** element to specify that errors matching a specific pattern shouldn't cause USMT to halt the migration. @@ -152,7 +152,7 @@ Syntax: |Parameter|Required|Value| |--- |--- |--- | -|**<errorCode>**|No|"any" or "*specify system error message here*". If system error messages aren't specified, the default behavior applies the parameter to all system error messages.| +|**<errorCode>**|No|*Specify system error message here*. If system error messages aren't specified, the default behavior applies the parameter to all system error messages.| You use the **<registryError>** element to specify that errors matching a specific pattern shouldn't cause USMT to halt the migration. @@ -214,7 +214,7 @@ The **<createHardLink>** element defines a standard MigXML pattern that de Syntax: ```xml - <*pattern*> + ``` ### <errorHardLink> @@ -224,7 +224,7 @@ The **<errorHardLink>** element defines a standard MigXML pattern that des Syntax: ```xml - <*pattern*> + ``` ### <ProfileControl> @@ -457,7 +457,7 @@ The following sample `Config.xml` file contains detailed examples about items yo * [*] - C:\Users\* [*] + C:\Users\* [*] * [*] From f783aa8982a5f89153669b8221ce39e09386dd21 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Wed, 6 Dec 2023 16:16:20 -0500 Subject: [PATCH 020/219] Freshness 04-12-2023 9 --- .../deployment/usmt/usmt-configxml-file.md | 27 ++++++++++--------- 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md index 22bde617dc..bf2cec70b9 100644 --- a/windows/deployment/usmt/usmt-configxml-file.md +++ b/windows/deployment/usmt/usmt-configxml-file.md @@ -21,7 +21,8 @@ The `Config.xml` file has a different format than the other migration **.xml** f For more information about using the `Config.xml` file with other migration files, such as the `MigDocs.xml` and `MigApps.xml` files, see [Understanding Migration XML Files](understanding-migration-xml-files.md). > [!NOTE] -> To exclude a component from the `Config.xml` file, set the **migrate** value to **no**. Deleting the XML tag for the component from the `Config.xml` file will not exclude the component from your migration. +> +> To exclude a component from the `Config.xml` file, set the **migrate** value to **no**. Deleting the XML tag for the component from the `Config.xml` file doesn't exclude the component from your migration. ## Migration Policies @@ -61,7 +62,7 @@ Additionally, the order in the **<ErrorControl>** section implies priority * [*] - C:\Users\* [*] + C:\Users\* [*] HKCU\SOFTWARE\Microsoft\* [*] @@ -70,6 +71,7 @@ Additionally, the order in the **<ErrorControl>** section implies priority ``` > [!IMPORTANT] +> > The configurable **<ErrorControl>** rules support only the environment variables for the operating system that is running and the currently logged-on user. As a workaround, you can specify a path using the (\*) wildcard character. ### <fatal> @@ -85,12 +87,12 @@ The **<fatal>** element isn't required. Syntax: ```xml - + ``` |Parameter|Required|Value| |--- |--- |--- | -|errorCode|No|*Specify system error message here*| +|errorCode|No|"any" or "*specify system error message here*"| You use the **<fatal>** element to specify that errors matching a specific pattern should cause USMT to halt the migration. @@ -125,12 +127,12 @@ The **<nonFatal>** element isn't required. Syntax: ```xml - + ``` |Parameter|Required|Value| |--- |--- |--- | -|**<errorCode>**|No|*Specify system error message here*. If system error messages aren't specified, the default behavior applies the parameter to all system error messages.| +|**<errorCode>**|No|"any" or "*specify system error message*". If system error messages aren't specified, the default behavior applies the parameter to all system error messages.| You use the **<nonFatal>** element to specify that errors matching a specific pattern shouldn't cause USMT to halt the migration. @@ -147,12 +149,12 @@ The **<registryError>** element isn't required. Syntax: ```xml - + ``` |Parameter|Required|Value| |--- |--- |--- | -|**<errorCode>**|No|*Specify system error message here*. If system error messages aren't specified, the default behavior applies the parameter to all system error messages.| +|**<errorCode>**|No|"any" or "*specify system error message here*". If system error messages aren't specified, the default behavior applies the parameter to all system error messages.| You use the **<registryError>** element to specify that errors matching a specific pattern shouldn't cause USMT to halt the migration. @@ -181,6 +183,7 @@ Syntax: The following **<HardLinkStoreControl>** sample code specifies that hard links can be created to locked files only if the locked file resides somewhere under C:\\Users\\. Otherwise, a file-access error occurs when a locked file is encountered that can't be copied, even though is technically possible for the link to be created. > [!IMPORTANT] +> > The **<ErrorControl>** section can be configured to conditionally ignore file access errors, based on the file's location. ```xml @@ -214,7 +217,7 @@ The **<createHardLink>** element defines a standard MigXML pattern that de Syntax: ```xml - + ``` ### <errorHardLink> @@ -224,7 +227,7 @@ The **<errorHardLink>** element defines a standard MigXML pattern that des Syntax: ```xml - + ``` ### <ProfileControl> @@ -234,7 +237,7 @@ This element is used to contain other elements that establish rules for migratin Syntax: ```xml -` ` + ``` ### <localGroups> @@ -457,7 +460,7 @@ The following sample `Config.xml` file contains detailed examples about items yo * [*] - C:\Users\* [*] + C:\Users\* [*] * [*] From e2c864856fa7e33bfbd275948c64c15a68ee99aa Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Wed, 6 Dec 2023 17:26:48 -0500 Subject: [PATCH 021/219] CSP Updates for November 2023 --- .../mdm/activesync-ddf-file.md | 4 +- .../mdm/applicationcontrol-csp-ddf.md | 4 +- .../mdm/applocker-ddf-file.md | 4 +- .../mdm/assignedaccess-ddf.md | 4 +- .../mdm/bitlocker-ddf-file.md | 4 +- .../mdm/certificatestore-ddf-file.md | 4 +- .../mdm/clientcertificateinstall-ddf-file.md | 6 +- .../mdm/clouddesktop-ddf-file.md | 4 +- .../mdm/declaredconfiguration-ddf-file.md | 4 +- windows/client-management/mdm/defender-csp.md | 191 ++++++++++- windows/client-management/mdm/defender-ddf.md | 159 +++++++++- .../mdm/devdetail-ddf-file.md | 4 +- .../mdm/devicemanageability-ddf.md | 4 +- .../mdm/devicepreparation-ddf-file.md | 4 +- .../client-management/mdm/devicestatus-ddf.md | 4 +- .../client-management/mdm/devinfo-ddf-file.md | 4 +- .../mdm/diagnosticlog-ddf.md | 4 +- .../client-management/mdm/dmacc-ddf-file.md | 4 +- .../mdm/dmclient-ddf-file.md | 6 +- .../client-management/mdm/email2-ddf-file.md | 4 +- ...enterprisedesktopappmanagement-ddf-file.md | 6 +- .../mdm/enterprisemodernappmanagement-ddf.md | 6 +- .../client-management/mdm/euiccs-ddf-file.md | 4 +- .../mdm/firewall-ddf-file.md | 4 +- .../mdm/healthattestation-ddf.md | 4 +- .../mdm/language-pack-management-ddf-file.md | 4 +- .../client-management/mdm/networkproxy-ddf.md | 4 +- .../mdm/networkqospolicy-ddf.md | 4 +- .../mdm/nodecache-ddf-file.md | 6 +- windows/client-management/mdm/office-ddf.md | 6 +- .../mdm/passportforwork-ddf.md | 6 +- .../mdm/personaldataencryption-ddf-file.md | 4 +- .../mdm/personalization-ddf.md | 4 +- .../mdm/policies-in-policy-csp-admx-backed.md | 4 +- ...in-policy-csp-supported-by-group-policy.md | 5 +- .../mdm/policy-csp-accounts.md | 13 +- .../mdm/policy-csp-admx-terminalserver.md | 4 +- .../mdm/policy-csp-applicationdefaults.md | 4 +- .../mdm/policy-csp-authentication.md | 6 +- .../mdm/policy-csp-deliveryoptimization.md | 8 +- .../mdm/policy-csp-filesystem.md | 6 +- ...policy-csp-localpoliciessecurityoptions.md | 163 +++++++++- .../mdm/policy-csp-networklistmanager.md | 296 +++++++++++++++++- .../mdm/policy-csp-remotedesktopservices.md | 102 +++++- .../mdm/printerprovisioning-ddf-file.md | 4 +- .../client-management/mdm/reboot-ddf-file.md | 4 +- .../mdm/rootcacertificates-ddf-file.md | 6 +- .../mdm/secureassessment-ddf-file.md | 4 +- .../mdm/sharedpc-ddf-file.md | 4 +- .../client-management/mdm/supl-ddf-file.md | 4 +- .../client-management/mdm/vpnv2-ddf-file.md | 6 +- .../client-management/mdm/wifi-ddf-file.md | 6 +- ...indowsdefenderapplicationguard-ddf-file.md | 4 +- .../mdm/windowslicensing-ddf-file.md | 4 +- .../mdm/wirednetwork-ddf-file.md | 6 +- 55 files changed, 1021 insertions(+), 130 deletions(-) diff --git a/windows/client-management/mdm/activesync-ddf-file.md b/windows/client-management/mdm/activesync-ddf-file.md index 06f77c27b9..c187d411e2 100644 --- a/windows/client-management/mdm/activesync-ddf-file.md +++ b/windows/client-management/mdm/activesync-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 07/06/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the A 10.0.10240 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/applicationcontrol-csp-ddf.md b/windows/client-management/mdm/applicationcontrol-csp-ddf.md index 199adf8620..6bb9fd8585 100644 --- a/windows/client-management/mdm/applicationcontrol-csp-ddf.md +++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the A 10.0.18362 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/applocker-ddf-file.md b/windows/client-management/mdm/applocker-ddf-file.md index 9ffbf897b8..313a0a7700 100644 --- a/windows/client-management/mdm/applocker-ddf-file.md +++ b/windows/client-management/mdm/applocker-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the A 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md index 5ef69490c0..30739845c8 100644 --- a/windows/client-management/mdm/assignedaccess-ddf.md +++ b/windows/client-management/mdm/assignedaccess-ddf.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the A 10.0.10240 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md index fb912358e4..c53badbdcb 100644 --- a/windows/client-management/mdm/bitlocker-ddf-file.md +++ b/windows/client-management/mdm/bitlocker-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 11/06/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the B 10.0.15063 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/certificatestore-ddf-file.md b/windows/client-management/mdm/certificatestore-ddf-file.md index 5c819f96bc..b4b03dd331 100644 --- a/windows/client-management/mdm/certificatestore-ddf-file.md +++ b/windows/client-management/mdm/certificatestore-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -49,7 +49,7 @@ The following XML file contains the device description framework (DDF) for the C 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md index c5b24365ff..d51b9201d5 100644 --- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md +++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the C 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; @@ -1129,7 +1129,7 @@ Valid values are: 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/clouddesktop-ddf-file.md b/windows/client-management/mdm/clouddesktop-ddf-file.md index daaccf8c6c..e6d9ecd91e 100644 --- a/windows/client-management/mdm/clouddesktop-ddf-file.md +++ b/windows/client-management/mdm/clouddesktop-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 10/25/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the C 99.9.99999 9.9 - 0x4;0x30;0x31;0x7E;0x87;0x88;0x88*;0xA1;0xA2;0xA4;0xA5;0xB4;0xBC;0xBD;0xBF; + 0x4;0x30;0x31;0x7E;0x88;0xA1;0xA2;0xA4;0xA5;0xBC;0xBF;0xCD; diff --git a/windows/client-management/mdm/declaredconfiguration-ddf-file.md b/windows/client-management/mdm/declaredconfiguration-ddf-file.md index a60936f654..1eb9b29930 100644 --- a/windows/client-management/mdm/declaredconfiguration-ddf-file.md +++ b/windows/client-management/mdm/declaredconfiguration-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 11/06/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the D 99.9.99999 9.9 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index ee424411b4..be3cc79720 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -4,7 +4,7 @@ description: Learn more about the Defender CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 11/06/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -80,6 +80,8 @@ The following list shows the Defender configuration service provider nodes: - [RandomizeScheduleTaskTimes](#configurationrandomizescheduletasktimes) - [ScanOnlyIfIdleEnabled](#configurationscanonlyifidleenabled) - [SchedulerRandomizationTime](#configurationschedulerrandomizationtime) + - [ScheduleSecurityIntelligenceUpdateDay](#configurationschedulesecurityintelligenceupdateday) + - [ScheduleSecurityIntelligenceUpdateTime](#configurationschedulesecurityintelligenceupdatetime) - [SecuredDevicesConfiguration](#configurationsecureddevicesconfiguration) - [SecurityIntelligenceLocationUpdateAtScheduledTimeOnly](#configurationsecurityintelligencelocationupdateatscheduledtimeonly) - [SecurityIntelligenceUpdatesChannel](#configurationsecurityintelligenceupdateschannel) @@ -101,6 +103,8 @@ The following list shows the Defender configuration service provider nodes: - [ComputerState](#healthcomputerstate) - [DefenderEnabled](#healthdefenderenabled) - [DefenderVersion](#healthdefenderversion) + - [DeviceControl](#healthdevicecontrol) + - [State](#healthdevicecontrolstate) - [EngineVersion](#healthengineversion) - [FullScanOverdue](#healthfullscanoverdue) - [FullScanRequired](#healthfullscanrequired) @@ -350,7 +354,7 @@ Control whether network protection can improve performance by switching from rea | Value | Description | |:--|:--| | 1 | Allow switching to asynchronous inspection. | -| 0 (Default) | Don't allow asynchronous inspection. | +| 0 (Default) | Don’t allow asynchronous inspection. | @@ -1980,7 +1984,7 @@ Allows an administrator to explicitly disable network packet inspection made by |:--|:--| | Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | -| Allowed Values | List (Delimiter: `|`) | +| Allowed Values | Regular Expression: `^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(?::[0-9a-fA-F]{1,4}){1,2}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(?::[0-9a-fA-F]{1,4}){1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(?::[0-9a-fA-F]{1,4}){1,4}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(?::[0-9a-fA-F]{1,4}){1,5}$|^[0-9a-fA-F]{1,4}(?::[0-9a-fA-F]{1,4}){1,6}$|^::1$|^::$` | @@ -2470,7 +2474,7 @@ This setting allows you to scan excluded files and directories during quick scan | Value | Description | |:--|:--| | 0 (Default) | If you set this setting to 0 or don't configure it, exclusions aren't scanned during quick scans. | -| 1 | If you set this setting to 1, all files and directories that are excluded from real-time protection using contextual exclusions are scanned during a quick scan. Exclusions that contain wildcards aren't supported and aren't scanned. | +| 1 | If you set this setting to 1, all files and directories that are excluded from real-time protection using contextual exclusions are scanned during a quick scan. | @@ -2618,6 +2622,103 @@ This setting allows you to configure the scheduler randomization in hours. The r + +### Configuration/ScheduleSecurityIntelligenceUpdateDay + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later | + + + +```Device +./Device/Vendor/MSFT/Defender/Configuration/ScheduleSecurityIntelligenceUpdateDay +``` + + + + +This setting allows you to specify the day of the week on which to check for security intelligence updates. By default, this setting is configured to never check for security intelligence updates. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 8 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 | Daily. | +| 1 | Sunday. | +| 2 | Monday. | +| 3 | Tuesday. | +| 4 | Wednesday. | +| 5 | Thursday. | +| 6 | Friday. | +| 7 | Saturday. | +| 8 (Default) | Never. | + + + + + + + + + +### Configuration/ScheduleSecurityIntelligenceUpdateTime + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later | + + + +```Device +./Device/Vendor/MSFT/Defender/Configuration/ScheduleSecurityIntelligenceUpdateTime +``` + + + + +This setting allows you to specify the time of day at which to check for security intelligence updates. The time value is represented as the number of minutes past midnight (00:00). For example, 120 is equivalent to 02:00 AM. By default, this setting is configured to check for security intelligence updates 15 minutes before the scheduled scan time. The schedule is based on local time on the computer where the check is occurring. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Allowed Values | Range: `[0-1439]` | +| Default Value | 105 | + + + + + + + + ### Configuration/SecuredDevicesConfiguration @@ -2635,7 +2736,7 @@ This setting allows you to configure the scheduler randomization in hours. The r -Defines what are the devices primary ids that should be secured by Defender Device Control. The primary id values should be pipe (|) separated. Example: RemovableMediaDevices|CdRomDevices. If this configuration isn't set the default value will be applied, meaning all of the supported devices will be secured. +Defines which device's primary ids should be secured by Defender Device Control. The primary id values should be pipe (|) separated. Example: RemovableMediaDevices|CdRomDevices. If this configuration isn't set the default value will be applied, meaning all supported devices will be secured. Currently supported primary ids are: RemovableMediaDevices, CdRomDevices, WpdDevices, PrinterDevices. @@ -2649,7 +2750,7 @@ Defines what are the devices primary ids that should be secured by Defender Devi |:--|:--| | Format | `chr` (string) | | Access Type | Add, Delete, Get, Replace | -| Allowed Values | List (Delimiter: `|`) | +| Allowed Values | Regular Expression: `^RemovableMediaDevices|CdRomDevices|WpdDevices|PrinterDevices$` | @@ -3645,6 +3746,84 @@ Version number of Windows Defender on the device. + +### Health/DeviceControl + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later | + + + +```Device +./Device/Vendor/MSFT/Defender/Health/DeviceControl +``` + + + + +An interior node to group information about Device Cotrol health status. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `chr` (string) | +| Access Type | Get | + + + + + + + + + +#### Health/DeviceControl/State + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later | + + + +```Device +./Device/Vendor/MSFT/Defender/Health/DeviceControl/State +``` + + + + +Provide the current state of the Device Control. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Get | + + + + + + + + ### Health/EngineVersion diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md index 60fd484a13..e46a86acbd 100644 --- a/windows/client-management/mdm/defender-ddf.md +++ b/windows/client-management/mdm/defender-ddf.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 11/06/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the D 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; @@ -305,6 +305,52 @@ The following XML file contains the device description framework (DDF) for the D + + DeviceControl + + + + + An interior node to group information about Device Cotrol health status. + + + + + + + + + + + + + + + State + + + + + + + + + + + + + + + + + + + 10.0.17763 + 1.3 + + + + ProductStatus @@ -1059,7 +1105,8 @@ The following XML file contains the device description framework (DDF) for the D 10.0.14393 1.3 - + + ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$|^(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}$|^(?:[0-9a-fA-F]{1,4}:){1,5}(?::[0-9a-fA-F]{1,4}){1,2}$|^(?:[0-9a-fA-F]{1,4}:){1,4}(?::[0-9a-fA-F]{1,4}){1,3}$|^(?:[0-9a-fA-F]{1,4}:){1,3}(?::[0-9a-fA-F]{1,4}){1,4}$|^(?:[0-9a-fA-F]{1,4}:){1,2}(?::[0-9a-fA-F]{1,4}){1,5}$|^[0-9a-fA-F]{1,4}(?::[0-9a-fA-F]{1,4}){1,6}$|^::1$|^::$ @@ -2141,7 +2188,7 @@ The following XML file contains the device description framework (DDF) for the D 1 - If you set this setting to 1, all files and directories that are excluded from real-time protection using contextual exclusions are scanned during a quick scan. Exclusions that contain wildcards are not supported and are not scanned. + If you set this setting to 1, all files and directories that are excluded from real-time protection using contextual exclusions are scanned during a quick scan. @@ -2185,6 +2232,105 @@ The following XML file contains the device description framework (DDF) for the D + + ScheduleSecurityIntelligenceUpdateTime + + + + + + + + 105 + This setting allows you to specify the time of day at which to check for security intelligence updates. The time value is represented as the number of minutes past midnight (00:00). For example, 120 is equivalent to 02:00 AM. By default, this setting is configured to check for security intelligence updates 15 minutes before the scheduled scan time. The schedule is based on local time on the computer where the check is occurring. + + + + + + + + + + + + + + 10.0.14393 + 1.3 + + + [0-1439] + + + + + ScheduleSecurityIntelligenceUpdateDay + + + + + + + + 8 + This setting allows you to specify the day of the week on which to check for security intelligence updates. By default, this setting is configured to never check for security intelligence updates. + + + + + + + + + + + + + + 10.0.14393 + 1.3 + + + + 0 + Daily + + + 1 + Sunday + + + 2 + Monday + + + 3 + Tuesday + + + 4 + Wednesday + + + 5 + Thursday + + + 6 + Friday + + + 7 + Saturday + + + 8 + Never + + + + ThrottleForScheduledScanOnly @@ -2355,7 +2501,7 @@ The following XML file contains the device description framework (DDF) for the D - Defines what are the devices primary ids that should be secured by Defender Device Control. The primary id values should be pipe (|) separated. Example: RemovableMediaDevices|CdRomDevices. If this configuration is not set the default value will be applied, meaning all of the supported devices will be secured. + Defines which device's primary ids should be secured by Defender Device Control. The primary id values should be pipe (|) separated. Example: RemovableMediaDevices|CdRomDevices. If this configuration is not set the default value will be applied, meaning all supported devices will be secured. Currently supported primary ids are: RemovableMediaDevices, CdRomDevices, WpdDevices, PrinterDevices. @@ -2372,7 +2518,8 @@ The following XML file contains the device description framework (DDF) for the D 10.0.17763 1.3 - + + ^RemovableMediaDevices|CdRomDevices|WpdDevices|PrinterDevices$ diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md index 542ddf9b2d..776cc046d4 100644 --- a/windows/client-management/mdm/devdetail-ddf-file.md +++ b/windows/client-management/mdm/devdetail-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the D 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/devicemanageability-ddf.md b/windows/client-management/mdm/devicemanageability-ddf.md index 9c0d424446..49511db516 100644 --- a/windows/client-management/mdm/devicemanageability-ddf.md +++ b/windows/client-management/mdm/devicemanageability-ddf.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -49,7 +49,7 @@ The following XML file contains the device description framework (DDF) for the D 10.0.14393 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/devicepreparation-ddf-file.md b/windows/client-management/mdm/devicepreparation-ddf-file.md index ed2c59bec4..eb4efc4afa 100644 --- a/windows/client-management/mdm/devicepreparation-ddf-file.md +++ b/windows/client-management/mdm/devicepreparation-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 11/06/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the D 99.9.99999 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md index 231f3f5a26..7cdf8548eb 100644 --- a/windows/client-management/mdm/devicestatus-ddf.md +++ b/windows/client-management/mdm/devicestatus-ddf.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the D 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md index f28018452e..05179d6f55 100644 --- a/windows/client-management/mdm/devinfo-ddf-file.md +++ b/windows/client-management/mdm/devinfo-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -48,7 +48,7 @@ The following XML file contains the device description framework (DDF) for the D 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md index 3308eaf8c9..3a34db6c8a 100644 --- a/windows/client-management/mdm/diagnosticlog-ddf.md +++ b/windows/client-management/mdm/diagnosticlog-ddf.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the D 10.0.10586 1.2 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md index 8f0a89e31b..7dd6bd406e 100644 --- a/windows/client-management/mdm/dmacc-ddf-file.md +++ b/windows/client-management/mdm/dmacc-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the D 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md index 8ab416c84b..58c838fddb 100644 --- a/windows/client-management/mdm/dmclient-ddf-file.md +++ b/windows/client-management/mdm/dmclient-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 11/06/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the D 10.0.10240 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; @@ -484,7 +484,7 @@ The following XML file contains the device description framework (DDF) for the D 10.0.10240 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md index fd201ec09e..6b3314bab0 100644 --- a/windows/client-management/mdm/email2-ddf-file.md +++ b/windows/client-management/mdm/email2-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the E 10.0.10240 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md index b20f68bf7f..013c40e935 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the E 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; @@ -407,7 +407,7 @@ The following XML file contains the device description framework (DDF) for the E 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md index 9067ae0893..d9aaa1e1a1 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the E 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; @@ -2594,7 +2594,7 @@ The following XML file contains the device description framework (DDF) for the E 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md index 5a070577f7..8e6dcafd38 100644 --- a/windows/client-management/mdm/euiccs-ddf-file.md +++ b/windows/client-management/mdm/euiccs-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 08/29/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -50,7 +50,7 @@ The following XML file contains the device description framework (DDF) for the e 10.0.16299 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md index 1d38c29221..c550d02adf 100644 --- a/windows/client-management/mdm/firewall-ddf-file.md +++ b/windows/client-management/mdm/firewall-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 10/03/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the F 10.0.16299 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md index 7207f7cd68..55bf10d11f 100644 --- a/windows/client-management/mdm/healthattestation-ddf.md +++ b/windows/client-management/mdm/healthattestation-ddf.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the H 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/language-pack-management-ddf-file.md b/windows/client-management/mdm/language-pack-management-ddf-file.md index 5c5c679379..1f48c2ef24 100644 --- a/windows/client-management/mdm/language-pack-management-ddf-file.md +++ b/windows/client-management/mdm/language-pack-management-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -49,7 +49,7 @@ The following XML file contains the device description framework (DDF) for the L 99.9.9999 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/networkproxy-ddf.md b/windows/client-management/mdm/networkproxy-ddf.md index 72d1c7936d..0226954189 100644 --- a/windows/client-management/mdm/networkproxy-ddf.md +++ b/windows/client-management/mdm/networkproxy-ddf.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the N 10.0.15063 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md index 170cfe0fae..ede5bc6be0 100644 --- a/windows/client-management/mdm/networkqospolicy-ddf.md +++ b/windows/client-management/mdm/networkqospolicy-ddf.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the N 10.0.19042 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md index e2d509178e..f9d3be9b4f 100644 --- a/windows/client-management/mdm/nodecache-ddf-file.md +++ b/windows/client-management/mdm/nodecache-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the N 10.0.15063 1.1 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; @@ -301,7 +301,7 @@ The following XML file contains the device description framework (DDF) for the N 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/office-ddf.md b/windows/client-management/mdm/office-ddf.md index e3301499dc..7314007057 100644 --- a/windows/client-management/mdm/office-ddf.md +++ b/windows/client-management/mdm/office-ddf.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the O 10.0.15063 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; @@ -218,7 +218,7 @@ The following XML file contains the device description framework (DDF) for the O 10.0.15063 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md index fa9e278d82..69d5da6ba2 100644 --- a/windows/client-management/mdm/passportforwork-ddf.md +++ b/windows/client-management/mdm/passportforwork-ddf.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 11/06/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the P 10.0.10586 1.2 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; @@ -572,7 +572,7 @@ If you do not configure this policy setting, Windows Hello for Business requires 10.0.10586 1.2 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/personaldataencryption-ddf-file.md b/windows/client-management/mdm/personaldataencryption-ddf-file.md index b2f9432892..38478d9041 100644 --- a/windows/client-management/mdm/personaldataencryption-ddf-file.md +++ b/windows/client-management/mdm/personaldataencryption-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the P 10.0.22621 1.0 - 0x4;0x1B;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0xAB;0xAC;0xBC;0xBF;0xCD; + 0x4;0x1B;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0xAB;0xAC;0xBC;0xBF;0xCD;0xCF; diff --git a/windows/client-management/mdm/personalization-ddf.md b/windows/client-management/mdm/personalization-ddf.md index d9f8bf627c..58e55cae6a 100644 --- a/windows/client-management/mdm/personalization-ddf.md +++ b/windows/client-management/mdm/personalization-ddf.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 10/25/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -49,7 +49,7 @@ The following XML file contains the device description framework (DDF) for the P 10.0.16299 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 8ca51cb2f9..2bfe37f037 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -4,7 +4,7 @@ description: Learn about the ADMX-backed policies in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 11/06/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -2541,6 +2541,8 @@ This article lists the ADMX-backed policies in Policy CSP. - [RequireSecureRPCCommunication](policy-csp-remotedesktopservices.md) - [ClientConnectionEncryptionLevel](policy-csp-remotedesktopservices.md) - [DoNotAllowWebAuthnRedirection](policy-csp-remotedesktopservices.md) +- [DisconnectOnLockBasicAuthn](policy-csp-remotedesktopservices.md) +- [DisconnectOnLockWebAccountAuthn](policy-csp-remotedesktopservices.md) ## RemoteManagement diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md index aec0cd363b..8aa6de5b01 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md @@ -4,7 +4,7 @@ description: Learn about the policies in Policy CSP supported by Group Policy. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 11/06/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -390,6 +390,9 @@ This article lists the policies in Policy CSP that have a group policy mapping. - [DomainMember_DisableMachineAccountPasswordChanges](policy-csp-localpoliciessecurityoptions.md) - [DomainMember_MaximumMachineAccountPasswordAge](policy-csp-localpoliciessecurityoptions.md) - [DomainMember_RequireStrongSessionKey](policy-csp-localpoliciessecurityoptions.md) +- [MinimumPasswordLength](policy-csp-localpoliciessecurityoptions.md) +- [MinimumPasswordLengthAudit](policy-csp-localpoliciessecurityoptions.md) +- [RelaxMinimumPasswordLengthLimits](policy-csp-localpoliciessecurityoptions.md) - [InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked](policy-csp-localpoliciessecurityoptions.md) - [InteractiveLogon_DoNotRequireCTRLALTDEL](policy-csp-localpoliciessecurityoptions.md) - [InteractiveLogon_DoNotDisplayLastSignedIn](policy-csp-localpoliciessecurityoptions.md) diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md index 58df4beaf2..5af247868d 100644 --- a/windows/client-management/mdm/policy-csp-accounts.md +++ b/windows/client-management/mdm/policy-csp-accounts.md @@ -4,7 +4,7 @@ description: Learn more about the Accounts Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 08/10/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -230,7 +230,7 @@ Allows IT Admins the ability to disable the Microsoft Account Sign-In Assistant - + This setting determines whether to only allow enterprise device authentication for the Microsoft Account Sign-in Assistant service (wlidsvc). By default, this setting is disabled and allows both user and device authentication. When the value is set to 1, only allow device authentication, and block user authentication. @@ -263,8 +263,13 @@ Most restricted value is 1. | Name | Value | |:--|:--| -| Name | MicrosoftAccount_RestrictToDeviceAuthenticationOnly | -| Path | MSAPolicy > AT > WindowsComponents > MicrosoftAccountCategory | +| Name | MicrosoftAccount_RestrictToEnterpriseDeviceAuthenticationOnly | +| Friendly Name | Only allow device authentication for the Microsoft Account Sign-In Assistant | +| Location | Computer Configuration | +| Path | Windows Components > Microsoft account | +| Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System | +| Registry Value Name | EnterpriseDeviceAuthOnly | +| ADMX File Name | MSAPolicy.admx | diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md index d7950d1ff0..a278a237c3 100644 --- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md +++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md @@ -4,7 +4,7 @@ description: Learn more about the ADMX_TerminalServer Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 11/06/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -1368,7 +1368,7 @@ Note: 1. For connections from client computers that are using Remote Desktop Protocol 7.1 or earlier versions that are connecting to computers running at least Windows 8 or Windows Server 2012, the minimum of the following values is used as the color depth format: -a. Value specified by this policy setting b. Maximum color depth supported by the client c. Value requested by the client. +a. Value specified by this policy setting b. Maximum color depth supported by the client c. Value requested by the client. If the client doesn't support at least 16 bits, the connection is terminated. diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md index f51f27e3ee..abed7ece97 100644 --- a/windows/client-management/mdm/policy-csp-applicationdefaults.md +++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md @@ -4,7 +4,7 @@ description: Learn more about the ApplicationDefaults Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 11/06/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -37,7 +37,7 @@ ms.topic: reference -This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc. xml), and then needs to be base64 encoded before being added to SyncML. If policy is enabled and the client machine is Microsoft Entra joined, the associations assigned in SyncML will be processed and default associations will be applied. +This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml). The file can be further edited by adding attributes to control how often associations are applied by the policy. The file then needs to be base64 encoded before being added to SyncML. If policy is enabled and the client machine is Microsoft Entra joined, the associations assigned in SyncML will be processed and default associations will be applied. diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md index 792538bcd5..dd50a84d62 100644 --- a/windows/client-management/mdm/policy-csp-authentication.md +++ b/windows/client-management/mdm/policy-csp-authentication.md @@ -4,7 +4,7 @@ description: Learn more about the Authentication Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 10/24/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -16,8 +16,6 @@ ms.topic: reference # Policy CSP - Authentication -[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] - @@ -402,7 +400,7 @@ This policy is intended for use on Shared PCs to enable a quick first sign-in ex | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 23H2 [10.0.22631.2506] and later | diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 5e4f2838af..b79f7e2e0d 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -4,7 +4,7 @@ description: Learn more about the DeliveryOptimization Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 11/06/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -18,6 +18,8 @@ ms.topic: reference [!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)] +[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)] + @@ -507,7 +509,7 @@ The recommended value is 1 minute (60). | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2361] and later
✅ Windows Insider Preview | @@ -1687,7 +1689,7 @@ This policy allows an IT Admin to define the following details: | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2361] and later
✅ Windows Insider Preview | diff --git a/windows/client-management/mdm/policy-csp-filesystem.md b/windows/client-management/mdm/policy-csp-filesystem.md index 57ec3f91e0..b3c3aa2084 100644 --- a/windows/client-management/mdm/policy-csp-filesystem.md +++ b/windows/client-management/mdm/policy-csp-filesystem.md @@ -4,7 +4,7 @@ description: Learn more about the FileSystem Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 08/30/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -30,7 +30,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2338] and later
✅ Windows Insider Preview | @@ -86,7 +86,7 @@ A reboot is required for this setting to take effect. | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2338] and later
✅ Windows Insider Preview | diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 3edee263b1..00bb621743 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -4,7 +4,7 @@ description: Learn more about the LocalPoliciesSecurityOptions Area in Policy CS author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 11/06/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -2125,6 +2125,109 @@ Microsoft network server: Server SPN target name validation level This policy se + +## MinimumPasswordLength + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/MinimumPasswordLength +``` + + + + +This security setting determines the least number of characters that a password for a user account may contain. The maximum value for this setting depends on the value of the Relax minimum password length limits setting. If the Relax minimum password length limits setting isn't defined, this setting may be configured from 0 to 14. If the Relax minimum password length limits setting is defined and disabled, this setting may be configured from 0 to 14. If the Relax minimum password length limits setting is defined and enabled, this setting may be configured from 0 to 128. Setting the required number of characters to 0 means that no password is required. + +> [!NOTE] +> By default, member computers follow the configuration of their domain controllers. Default values: 7 on domain controllers 0 on stand-alone servers Configuring this setting larger than 14 may affect compatibility with clients, services, and applications. We recommend that you only configure this setting larger than 14 after you use the Minimum password length audit setting to test for potential incompatibilities at the new setting. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Allowed Values | Range: `[0-128]` | +| Default Value | 0 | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | Minimum password length | +| Path | Windows Settings > Security Settings > Account Policies > Password Policy | + + + + + + + + + +## MinimumPasswordLengthAudit + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/MinimumPasswordLengthAudit +``` + + + + +This security setting determines the minimum password length for which password length audit warning events are issued. This setting may be configured from 1 to 128. You should only enable and configure this setting when you try to determine the potential effect of increasing the minimum password length setting in your environment. If this setting isn't defined, audit events won't be issued. If this setting is defined and is less than or equal to the minimum password length setting, audit events won't be issued. If this setting is defined and is greater than the minimum password length setting, and the length of a new account password is less than this setting, an audit event will be issued. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Allowed Values | Range: `[1-128]` | +| Default Value | 4294967295 | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | Minimum password length audit | +| Path | Windows Settings > Security Settings > Account Policies > Password Policy | + + + + + + + + ## NetworkAccess_AllowAnonymousSIDOrNameTranslation @@ -3569,6 +3672,64 @@ Recovery console: Allow floppy copy and access to all drives and all folders Ena + +## RelaxMinimumPasswordLengthLimits + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/RelaxMinimumPasswordLengthLimits +``` + + + + +This setting controls whether the minimum password length setting can be increased beyond the legacy limit of 14. If this setting isn't defined, minimum password length may be configured to no more than 14. If this setting is defined and disabled, minimum password length may be configured to no more than 14. If this setting is defined and enabled, minimum password length may be configured more than 14. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | Disabled. | +| 1 | Enabled. | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | Relax minimum password length | +| Path | Windows Settings > Security Settings > Account Policies > Password Policy | + + + + + + + + ## Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md index ecc77167b9..8b5b22dbeb 100644 --- a/windows/client-management/mdm/policy-csp-networklistmanager.md +++ b/windows/client-management/mdm/policy-csp-networklistmanager.md @@ -4,7 +4,7 @@ description: Learn more about the NetworkListManager Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 08/10/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -20,6 +20,153 @@ ms.topic: reference + +## AllNetworks_NetworkIcon + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/NetworkListManager/AllNetworks_NetworkIcon +``` + + + + +This policy setting allows you to specify whether users can change the network icon for all networks to which the user connects. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | User can change icon. | +| 1 | User can't change icon. | + + + + + + + + + +## AllNetworks_NetworkLocation + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/NetworkListManager/AllNetworks_NetworkLocation +``` + + + + +This policy setting allows you to specify whether users can change the network location for all networks to which the user connects. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | User can change location. | +| 1 | User can't change location. | + + + + + + + + + +## AllNetworks_NetworkName + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/NetworkListManager/AllNetworks_NetworkName +``` + + + + +This policy setting allows you to specify whether users can change the network name for all networks to which the user connects. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | User can change name. | +| 1 | User can't change name. | + + + + + + + + ## AllowedTlsAuthenticationEndpoints @@ -114,6 +261,153 @@ This policy setting provides the string that names a network. If this setting is + +## IdentifyingNetworks_LocationType + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/NetworkListManager/IdentifyingNetworks_LocationType +``` + + + + +This policy setting allows you to configure the Network Location for networks that are in a temporary state while Windows works to identify the network and location type. A network location identifies the type of network that a computer is connected to and automatically sets the appropriate firewall settings for that location. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | Public. | +| 1 | Private. | + + + + + + + + + +## UnidentifiedNetworks_LocationType + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/NetworkListManager/UnidentifiedNetworks_LocationType +``` + + + + +This policy setting allows you to configure the Network Location type for networks that Windows can't identify due to a network issue or a lack of identifiable characters in the network information received by the operating system from the network. A network location identifies the type of network that a computer is connected to and automatically sets the appropriate firewall settings for that location. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | Public. | +| 1 | Private. | + + + + + + + + + +## UnidentifiedNetworks_UserPermissions + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
❌ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/NetworkListManager/UnidentifiedNetworks_UserPermissions +``` + + + + +This policy setting allows you to configure the Network Location user permissions for networks that Windows can't identify due to a network issue or a lack of identifiable characters in the network information received by the operating system from the network. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | User can change location. | +| 1 | User can't change location. | + + + + + + + + diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md index a2eceff277..e56b901ad4 100644 --- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md +++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md @@ -4,7 +4,7 @@ description: Learn more about the RemoteDesktopServices Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 11/06/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -157,6 +157,106 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp + +## DisconnectOnLockBasicAuthn + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/DisconnectOnLockBasicAuthn +``` + + + + + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `chr` (string) | +| Access Type | Add, Delete, Get, Replace | + + + + +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] + +**ADMX mapping**: + +| Name | Value | +|:--|:--| +| Name | TS_DISCONNECT_ON_LOCK_POLICY | +| ADMX File Name | terminalserver.admx | + + + + + + + + + +## DisconnectOnLockWebAccountAuthn + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/DisconnectOnLockWebAccountAuthn +``` + + + + + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `chr` (string) | +| Access Type | Add, Delete, Get, Replace | + + + + +[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)] + +**ADMX mapping**: + +| Name | Value | +|:--|:--| +| Name | TS_DISCONNECT_ON_LOCK_AAD_POLICY | +| ADMX File Name | terminalserver.admx | + + + + + + + + ## DoNotAllowDriveRedirection diff --git a/windows/client-management/mdm/printerprovisioning-ddf-file.md b/windows/client-management/mdm/printerprovisioning-ddf-file.md index d7306bda75..fb871d05c8 100644 --- a/windows/client-management/mdm/printerprovisioning-ddf-file.md +++ b/windows/client-management/mdm/printerprovisioning-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the P 10.0.22000, 10.0.19044.1806, 10.0.19043.1806, 10.0.19042.1806 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/reboot-ddf-file.md b/windows/client-management/mdm/reboot-ddf-file.md index c7de504eb0..68b6e64ef9 100644 --- a/windows/client-management/mdm/reboot-ddf-file.md +++ b/windows/client-management/mdm/reboot-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the R 10.0.14393 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md index bf1c7db754..fbfb864c26 100644 --- a/windows/client-management/mdm/rootcacertificates-ddf-file.md +++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the R 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; @@ -1074,7 +1074,7 @@ The following XML file contains the device description framework (DDF) for the R 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/secureassessment-ddf-file.md b/windows/client-management/mdm/secureassessment-ddf-file.md index b7e824c5f7..01eaf192bc 100644 --- a/windows/client-management/mdm/secureassessment-ddf-file.md +++ b/windows/client-management/mdm/secureassessment-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 07/06/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the S 10.0.15063 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md index d04d885895..b652268570 100644 --- a/windows/client-management/mdm/sharedpc-ddf-file.md +++ b/windows/client-management/mdm/sharedpc-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the S 10.0.14393 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md index 6bb8f708d1..3d0aa1baf9 100644 --- a/windows/client-management/mdm/supl-ddf-file.md +++ b/windows/client-management/mdm/supl-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -49,7 +49,7 @@ The following XML file contains the device description framework (DDF) for the S 10.0.10240 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md index 2bb3347699..20a3da3401 100644 --- a/windows/client-management/mdm/vpnv2-ddf-file.md +++ b/windows/client-management/mdm/vpnv2-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the V 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; @@ -3272,7 +3272,7 @@ The following XML file contains the device description framework (DDF) for the V 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md index 269f95f3c7..6fe4d9867a 100644 --- a/windows/client-management/mdm/wifi-ddf-file.md +++ b/windows/client-management/mdm/wifi-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 07/06/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the W 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; @@ -329,7 +329,7 @@ The following XML file contains the device description framework (DDF) for the W 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md index fd77cfe61d..233de242bb 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the W 10.0.16299 1.1 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md index 2fc871423e..fae5beb908 100644 --- a/windows/client-management/mdm/windowslicensing-ddf-file.md +++ b/windows/client-management/mdm/windowslicensing-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 08/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the W 10.0.10586 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCD;0xCF; diff --git a/windows/client-management/mdm/wirednetwork-ddf-file.md b/windows/client-management/mdm/wirednetwork-ddf-file.md index bfe5dc35f3..e59398aa57 100644 --- a/windows/client-management/mdm/wirednetwork-ddf-file.md +++ b/windows/client-management/mdm/wirednetwork-ddf-file.md @@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF) author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 06/02/2023 +ms.date: 12/06/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the W 10.0.17763 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; @@ -125,7 +125,7 @@ The following XML file contains the device description framework (DDF) for the W 10.0.17763 1.0 - 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD; + 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF; From 44b2256d55a1b736282d93f29f94466fb747043a Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Thu, 7 Dec 2023 10:57:45 -0500 Subject: [PATCH 022/219] Update WindowsAI CSP --- windows/client-management/mdm/policy-csp-windowsai.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md index bf5ad5e22a..e712051b23 100644 --- a/windows/client-management/mdm/policy-csp-windowsai.md +++ b/windows/client-management/mdm/policy-csp-windowsai.md @@ -4,7 +4,7 @@ description: Learn more about the WindowsAI Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 11/06/2023 +ms.date: 12/07/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2360] and later
✅ Windows 11, version 23H2 [10.0.22631] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 21H2 [10.0.19044.3758] and later
✅ Windows 10, version 22H2 [10.0.19045.3758] and later
✅ Windows 11, version 22H2 [10.0.22621.2361] and later
✅ Windows 11, version 23H2 [10.0.22631] and later | From 2c097e54a98fc3ab450e1758429e5f68cac49ea4 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Thu, 7 Dec 2023 12:31:15 -0500 Subject: [PATCH 023/219] Changes for BCE rebranding --- .../manage-windows-copilot.md | 97 ++++++++++--------- 1 file changed, 50 insertions(+), 47 deletions(-) diff --git a/windows/client-management/manage-windows-copilot.md b/windows/client-management/manage-windows-copilot.md index 1b811341cb..0547f35be8 100644 --- a/windows/client-management/manage-windows-copilot.md +++ b/windows/client-management/manage-windows-copilot.md @@ -3,18 +3,19 @@ title: Manage Copilot in Windows description: Learn how to manage Copilot in Windows for commercial environments using MDM and group policy. Learn about the chat providers available to Copilot in Windows. ms.topic: conceptual ms.technology: itpro-windows-copilot -ms.date: 11/06/2023 +ms.date: 12/06/2023 ms.author: mstewart -author: mestew +author: mestew appliesto: - ✅ Windows 11, version 22H2 or later --- # Manage Copilot in Windows + >**Looking for consumer information?** See [Welcome to Copilot in Windows](https://support.microsoft.com/windows/welcome-to-copilot-in-windows-675708af-8c16-4675-afeb-85a5a476ccb0). -Copilot in Windows provides centralized generative AI assistance to your users right from the Windows desktop. Copilot in Windows appears as a side bar docked on the Windows desktop. It's designed to help your users get things done in Windows. Copilot in Windows can perform common tasks in Windows like changing Windows settings, which makes it different from the browser-based [Copilot in Edge](/bing-chat-enterprise/edge). However, both user experiences, Copilot in Windows and Copilot in Edge, can share the same underlying chat provider platform. It's important for organizations to properly configure the chat provider platform that Copilot in Windows uses, since it is possible for users to copy and paste sensitive information into the chat provider. +Copilot in Windows provides centralized generative AI assistance to your users right from the Windows desktop. Copilot in Windows appears as a side bar docked on the Windows desktop and is designed to help users get things done in Windows. Copilot in Windows can perform common tasks in Windows like changing Windows settings, which makes it different from the browser-based [Copilot in Edge](/bing-chat-enterprise/edge). However, both user experiences, Copilot in Windows and Copilot in Edge, can share the same underlying chat provider platform. It's important for organizations to properly configure the chat provider platform that Copilot in Windows uses, since it's possible for users to copy and paste sensitive information into the chat. > [!Note] > - Copilot in Windows is currently available as a preview. We will continue to experiment with new ideas and methods using your feedback. @@ -39,62 +40,63 @@ Organizations that aren't ready to use Copilot in Windows can disable it until t ## Chat provider platforms for Copilot in Windows -Copilot in Windows can use either Bing Chat or Bing Chat Enterprise as its chat provider platform. The chat provider platform is the underlying service that Copilot in Windows uses to communicate with the user. The chat provider platform that Copilot in Windows uses is important because it is possible for users to copy and paste sensitive information into the chat provider. Each chat provider platform has different privacy and security protections. +Copilot in Windows can use either Microsoft Copilot or Copilot with commercial data protection as its chat provider platform. The chat provider platform is the underlying service that Copilot in Windows uses to communicate with the user. The chat provider platform is important because it's possible for users to copy and paste sensitive information into the chat. Each chat provider platform has different privacy and security protections. -**Bing Chat**: +### Copilot -[Bing Chat](https://www.microsoft.com/bing/do-more-with-ai/what-is-bing-chat-and-how-can-you-use-it) is a consumer experience and if a user isn't signed in with their Microsoft account, the number of chat queries per user has a daily limit. Bing Chat doesn't offer the same commercial data protection as Bing Chat Enterprise does. The following privacy and security protections apply for Bing Chat: - - [Copilot in Windows: Your data and privacy](https://support.microsoft.com/windows/3e265e82-fc76-4d0a-afc0-4a0de528b73a) - - The privacy statement for using Bing Chat follows the [Microsoft privacy statement](https://privacy.microsoft.com/privacystatement) including the product specific guidance in the Microsoft privacy statement for **Bing** under the **Search, Microsoft Edge, and artificial intelligence** section. +[Copilot](https://www.microsoft.com/bing/do-more-with-ai/what-is-bing-chat-and-how-can-you-use-it) is a consumer experience and has a daily limit on the number of chat queries per user when not signed in with a Microsoft account. It doesn't offer the same data protection as Copilot with commercial data protection. + +- [Copilot in Windows: Your data and privacy](https://support.microsoft.com/windows/3e265e82-fc76-4d0a-afc0-4a0de528b73a) +- The privacy statement for using Copilot follows the [Microsoft privacy statement](https://privacy.microsoft.com/privacystatement) including the product specific guidance in the Microsoft privacy statement for **Bing** under the **Search, Microsoft Edge, and artificial intelligence** section. -**Bing Chat Enterprise**: +### Copilot with commercial data protection -[Bing Chat Enterprise](/bing-chat-enterprise/overview) is intended for commercial use scenarios and offers commercial data protection. The following privacy and security protections apply for Bing Chat Enterprise: +[Copilot with commercial data protection](/copilot/overview) is intended for commercial use scenarios and offers commercial data protection. The following privacy and security protections apply for Copilot with commercial data protection: -- With [Bing Chat Enterprise](/bing-chat-enterprise/overview), user and organizational data is protected, chat data isn't saved, and your data isn't used to train the underlying large language models. Because of this protection, chat history, 3rd-party plugins, and the Bing mobile app for iOS or Android aren't currently supported. Bing Chat Enterprise is accessible from mobile browsers, including Edge mobile on iOS and Android. Review the Bing Chat Enterprise [privacy statement](/bing-chat-enterprise/privacy-and-protections). -- Bing Chat Enterprise is available, at no additional cost, for the following licenses: +- User and organizational data is protected, chat data isn't saved, and your data isn't used to train the underlying large language models. Because of this protection, chat history, 3rd-party plugins, and the Bing app for iOS or Android aren't currently supported. Copilot with commercial data protection is accessible from mobile browsers, including Edge mobile on iOS and Android. Review the Copilot with commercial data protection [privacy statement](/copilot/privacy-and-protections). +- Copilot with commercial data protection is available, at no additional cost, for the following licenses: - Microsoft 365 E3 or E5 - Microsoft 365 A3 or A5 for faculty - Microsoft 365 Business Standard - Microsoft 365 Business Premium > [!Note] - > Bing Chat Enterprise and Bing Chat don't have access to Microsoft Graph, unlike [Microsoft 365 Copilot](/microsoft-365-copilot/microsoft-365-copilot-overview) which can be used in the Microsoft 365 apps. This means that Bing Chat Enterprise and Bing Chat can't access Microsoft 365 Apps data, such as email, calendar, or files. + > Copilot doesn't have access to Microsoft 365 Apps data, such as email, calendar, or files using Microsoft Graph, unlike [Copilot for Microsoft 365](/microsoft-365-copilot/microsoft-365-copilot-overview) which can be used in the Microsoft 365 apps. ## Configure the chat provider platform that Copilot in Windows uses -Configuring the correct chat provider platform for Copilot in Windows is important because it is possible for users to copy and paste sensitive information into the chat provider. Each chat provider platform has different privacy and security protections. Once you have selected the chat provider platform that you want to use for Copilot in Windows, ensure it's configured for your organization's users. The following sections describe how to configure the chat provider platform that Copilot in Windows uses. +Configuring the correct chat provider platform for Copilot in Windows is important because it's possible for users to copy and paste sensitive information into the chat. Each chat provider platform has different privacy and security protections. Once you select the chat provider platform that you want to use for Copilot in Windows, ensure it's configured for your organization's users. The following sections describe how to configure the chat provider platform that Copilot in Windows uses. -### Bing Chat as the chat provider platform +### Microsoft Copilot as the chat provider platform -Bing Chat is used as the default chat provider platform for Copilot in Windows when any of the following conditions occur: +Copilot is used as the default chat provider platform for Copilot in Windows when any of the following conditions occur: -- Bing Chat Enterprise isn't configured for the user -- The user isn't assigned a license that includes Bing Chat Enterprise -- Bing Chat Enterprise is [turned off](/bing-chat-enterprise/manage) -- The user isn't signed in with a Microsoft Entra account that's licensed for Bing Chat Enterprise +- Commercial data protection isn't configured for the user. +- Commercial data protection is [turned off](/copilot/manage). +- The user isn't assigned a license that includes Copilot with commercial data protection. +- The user isn't signed in with a Microsoft Entra account that's licensed for Copilot with commercial data protection. -### Bing Chat Enterprise as the chat provider platform (recommended for commercial environments) +### Copilot with commercial data protection as the chat provider platform (recommended for commercial environments) -To verify that Bing Chat Enterprise is enabled for the user as the chat provider platform for Copilot in Windows, use the following instructions: +To verify that Copilot with commercial data protection is enabled for the user as the chat provider platform for Copilot in Windows, use the following instructions: 1. Sign into the [Microsoft 365 admin center](https://admin.microsoft.com/). -1. In the admin center, select **Users** > **Active users** and verify that users are assigned a license that includes Bing Chat Enterprise. Bing Chat Enterprise is included and enabled by default for users that are assigned one of the following licenses: +1. In the admin center, select **Users** > **Active users** and verify that users are assigned a license that includes **Copilot**. Copilot with commercial data protection is included and enabled by default for users that are assigned one of the following licenses: - Microsoft 365 E3 or E5 - Microsoft 365 A3 or A5 for faculty - - Currently, Microsoft 365 A3 and A5 for faculty requires additional configuration. For more information, see [Manage Bing Chat Enterprise](/bing-chat-enterprise/manage). + - Currently, Microsoft 365 A3 and A5 for faculty requires additional configuration. For more information, see [Manage Copilot](/copilot/manage). - Microsoft 365 Business Standard - Microsoft 365 Business Premium -1. To verify that Bing Chat Enterprise is enabled for the user, select the user's **Display name** to open the flyout menu. +1. To verify that commercial data protection is enabled for the user, select the user's **Display name** to open the flyout menu. 1. In the flyout, select the **Licenses & apps** tab, then expand the **Apps** list. -1. Verify that **Bing Chat Enterprise** is enabled for the user. -1. If you prefer to view a user's licenses from the [Azure portal](https://portal.azure.com), you will find it under **Microsoft Entra ID** > **Users**. Select the user's name, then **Licenses**. Select a license that includes Bing Chat Enterprise, and verify that it's listed as **On**. +1. Verify that **Copilot** is enabled for the user. +1. If you prefer to view a user's licenses from the [Azure portal](https://portal.azure.com), you'll find it under **Microsoft Entra ID** > **Users**. Select the user's name, then **Licenses**. Select a license that includes **Copilot**, and verify that it's listed as **On**. > [!Note] - > If you previously disabled Bing Chat Enterprise using the URL, `https://aka.ms/TurnOffBCE`, see [Manage Bing Chat Enterprise](/bing-chat-enterprise/manage) for verifying that Bing Chat Enterprise is enabled for your users. + > If you previously disabled Copilot with commercial data protection (formerly Bing Chat Enterprise) using the URL, `https://aka.ms/TurnOffBCE`, see [Manage Copilot](/copilot/manage) for verifying that commercial data protection is enabled for your users. -The following sample PowerShell script connects to Microsoft Graph and lists which users that have Bing Chat Enterprise enabled and disabled: +The following sample PowerShell script connects to Microsoft Graph and lists which users that have Copilot with commercial data protection enabled and disabled: ```powershell # Install Microsoft Graph module @@ -108,20 +110,20 @@ Connect-MgGraph -Scopes 'User.Read.All' # Get all users $users = Get-MgUser -All -ConsistencyLevel eventual -Property Id, DisplayName, Mail, UserPrincipalName, AssignedPlans -# Users with Bing Chat Enterprise enabled +# Users with Copilot with commercial data protection enabled $users | Where-Object { $_.AssignedPlans -and $_.AssignedPlans.Service -eq "Bing" -and $_.AssignedPlans.CapabilityStatus -eq "Enabled" } | Format-Table -# Users without Bing Chat Enterprise enabled +# Users without Copilot with commercial data protection enabled $users | Where-Object { -not $_.AssignedPlans -or ($_.AssignedPlans.Service -eq "Bing" -and $_.AssignedPlans.CapabilityStatus -ne "Enabled") } | Format-Table ``` -When Bing Chat Enterprise is the chat provider platform, the user experience clearly states that **Your personal and company data are protected in this chat**. There's also a shield symbol labeled **Protected** at the top of the Copilot in Windows sidebar and the provider is listed under the Copilot logo when the sidebar is first opened. The following image shows the message that's displayed when Bing Chat Enterprise is the chat provider platform for Copilot in Windows: +When Copilot with commercial data protection is the chat provider platform, the user experience clearly states that **Your personal and company data are protected in this chat**. There's also a shield symbol labeled **Protected** at the top of the Copilot in Windows sidebar and the provider is listed under the Copilot logo when the sidebar is first opened. The following image shows the message that's displayed in this scenario: -:::image type="content" source="images/bing-chat-enterprise-chat-provider.png" alt-text="Screenshot of the Copilot in Windows user experience when Bing Chat Enterprise is the chat provider." lightbox="images/bing-chat-enterprise-chat-provider.png"::: +:::image type="content" source="images/bing-chat-enterprise-chat-provider.png" alt-text="Screenshot of the Copilot in Windows user experience when Copilot with commercial data protection is the chat provider." lightbox="images/bing-chat-enterprise-chat-provider.png"::: ## Ensure the Copilot in Windows user experience is enabled -Once you've configured the chat provider platform that Copilot in Windows uses, you need to ensure that the Copilot in Windows user experience is enabled. Ensuring the Copilot in Windows user experience is enabled varies by the Windows version. +Once you've configured the chat provider platform that Copilot in Windows uses, you need to ensure that the Copilot in Windows user experience is enabled. Ensuring the Copilot in Windows user experience is enabled varies by the Windows version. ### Enable the Copilot in Windows user experience for Windows 11, version 22H2 clients @@ -142,7 +144,7 @@ To enable Copilot in Windows for managed Windows 11, version 22H2 devices, you n - **Group Policy:** Computer Configuration\Administrative Templates\Windows Components\Windows Update\Windows Update for Business\\**Allow updates to Windows optional features** - **CSP**: ./Device/Vendor/MSFT/Policy/Config/Update/[AllowOptionalUpdates](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowoptionalupdates) - In the Intune [settings catalog](/mem/intune/configuration/settings-catalog), this setting is named **Allow optional updates** under the **Windows Update for Business** category. - + The optional updates policy applies to Windows 11, version 22H2 with [KB5029351](https://support.microsoft.com/help/5029351) and later. When setting policy for [optional updates](/windows/deployment/update/waas-configure-wufb#enable-optional-updates), ensure you select one of the following options that includes CFRs: - Automatically receive optional updates (including CFRs) - This selection places devices into an early CFR phase @@ -152,9 +154,9 @@ To enable Copilot in Windows for managed Windows 11, version 22H2 devices, you n ### Enable the Copilot in Windows user experience for Windows 11, version 23H2 clients -Once a managed device installs the version 23H2 update, the [temporary enterprise control](/windows/whats-new/temporary-enterprise-feature-control) for Copilot in Windows will be removed. This means that Copilot in Windows will be enabled by default for these devices. +Once a managed device installs the version 23H2 update, the [temporary enterprise control](/windows/whats-new/temporary-enterprise-feature-control) for Copilot in Windows is removed. This means that Copilot in Windows is enabled by default for these devices. -While the user experience for Copilot in Windows is enabled by default, you still need to verify that the correct chat provider platform configured for Copilot in Windows. While every effort has been made to ensure that Bing Chat Enterprise is the default chat provider for commercial organizations, it's still possible that Bing Chat might still be used if the configuration is incorrect, or if other settings are affecting Copilot in Windows. For more information, see: +While the user experience for Copilot in Windows is enabled by default, you still need to verify that the correct chat provider platform configured for Copilot in Windows. While every effort is made to ensure that Copilot with commercial data protection is the default chat provider for commercial organizations, it's still possible that Copilot might still be used if the configuration is incorrect, or if other settings are affecting Copilot in Windows. For more information, see: - [Configure the chat provider platform that Copilot in Windows uses](#configure-the-chat-provider-platform-that-copilot-in-windows-uses) - [Other settings that might affect Copilot in Windows and its underlying chat provider](#other-settings-that-might-affect-copilot-in-windows-and-its-underlying-chat-provider) @@ -165,25 +167,26 @@ Organizations that aren't ready to use Copilot in Windows can disable it until t ## Other settings that might affect Copilot in Windows and its underlying chat provider -Copilot in Windows and [Copilot in Edge](/bing-chat-enterprise/edge), can share the same underlying chat provider platform. This also means that some settings that affect Bing Chat, Bing Chat Enterprise, and Copilot in Edge can also affect Copilot in Windows. The following common settings might affect Copilot in Windows and its underlying chat provider: +Copilot in Windows and [Copilot in Edge](/copilot/edge), can share the same underlying chat provider platform. This also means that some settings that affect Copilot, Copilot with commercial data protection, and Copilot in Edge can also affect Copilot in Windows. The following common settings might affect Copilot in Windows and its underlying chat provider: ### Bing settings -- If [SafeSearch](https://support.microsoft.com/topic/946059ed-992b-46a0-944a-28e8fb8f1814) is enabled for Bing, it can block chat providers for Copilot in Windows. The following network changes block the chat providers for Copilot in Windows and Copilot in Edge: - - mapping `www.bing.com` to `strict.bing.com` - - mapping `edgeservices.bing.com` to `strict.bing.com` - - blocking `bing.com` +- If [SafeSearch](https://support.microsoft.com/topic/946059ed-992b-46a0-944a-28e8fb8f1814) is enabled for Bing, it can block chat providers for Copilot in Windows. The following network changes block the chat providers for Copilot in Windows and Edge: -- If Bing Chat Enterprise is turned on for your organization, users will be able to access it through Edge mobile when signed in with their work account. If you would like to remove the Bing Chat button from the Edge mobile interface, you can use an [Intune Mobile Application Management (MAM) policy for Microsoft Edge](/mem/intune/apps/manage-microsoft-edge) to remove it: + - Mapping `www.bing.com` to `strict.bing.com` + - Mapping `edgeservices.bing.com` to `strict.bing.com` + - Blocking `bing.com` - |Key |Value | - |:---------|:------------| - |com.microsoft.intune.mam.managedbrowser.Chat| **true** (default) shows the interface
**false** hides the interface | +- If Copilot with commercial data protection is turned on for your organization, users can access it through Edge mobile when signed in with their work account. If you would like to remove the Bing Chat button from the Edge mobile interface, you can use an [Intune Mobile Application Management (MAM) policy for Microsoft Edge](/mem/intune/apps/manage-microsoft-edge) to remove it: + + | Key | Value | + |:---------------------------------------------|:---------------------------------------------------------------------------| + | com.microsoft.intune.mam.managedbrowser.Chat | **true** (default) shows the interface
**false** hides the interface | ### Microsoft Edge policies - If [HubsSidebarEnabled](/deployedge/microsoft-edge-policies#hubssidebarenabled) is set to `disabled`, it blocks Copilot in Edge from being displayed. -- If [DiscoverPageContextEnabled](/deployedge/microsoft-edge-policies#discoverpagecontextenabled) is set to `disabled`, it blocks Bing Chat and Bing Chat Enterprise from reading the current webpage context. The chat providers need access to the current webpage context for providing page summarizations and sending user selected strings from the webpage into the chat provider. +- If [DiscoverPageContextEnabled](/deployedge/microsoft-edge-policies#discoverpagecontextenabled) is set to `disabled`, it blocks Copilot from reading the current webpage context. The chat providers need access to the current webpage context for providing page summarizations and sending user selected strings from the webpage into the chat provider. ### Search settings From d53bd64b98127b2e4ebff38408b304d7e24bc2b3 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Fri, 8 Dec 2023 15:18:15 -0500 Subject: [PATCH 024/219] DisableCatchup Defender CSP changes --- .../mdm/policy-csp-defender.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index bca45399aa..b191cca03e 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -4,7 +4,7 @@ description: Learn more about the Defender Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 11/06/2023 +ms.date: 12/08/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -1081,7 +1081,7 @@ This policy setting allows you to configure the maximum percentage CPU utilizati > [!NOTE] > If you enable both of the following policies, then Windows ignores the value of **AvgCPULoadFactor**: -> +> > - [ScanOnlyIfIdle](defender-csp.md#configurationscanonlyifidleenabled): Instructs the product to scan only when the computer isn't in use. > - [DisableCpuThrottleOnIdleScans](defender-csp.md#configurationdisablecputhrottleonidlescans): Instructs the product to disable CPU throttling on idle scans. @@ -1550,12 +1550,12 @@ This policy setting defines the number of days items should be kept in the Quara - + This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that's initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. -- If you enable this setting, catch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. +- If you disable or don't configure this setting, catch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. -- If you disable or don't configure this setting, catch-up scans for scheduled full scans will be turned off. +- If you enable this setting, catch-up scans for scheduled full scans will be disabled. @@ -1616,16 +1616,16 @@ This policy setting allows you to configure catch-up scans for scheduled full sc - -This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that's initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. - -- If you enable this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. - -- If you disable or don't configure this setting, catch-up scans for scheduled quick scans will be turned off. + +This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that's initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time. + +- If you disable or don't configure this setting, catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be no catch-up scan run. + +- If you enable this setting, catch-up scans for scheduled quick scans will be disabled. From 07c22ece5b7bb24c9d77aeaf3bedd544e64899f1 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Fri, 8 Dec 2023 17:05:49 -0500 Subject: [PATCH 025/219] Minor updates --- windows/client-management/manage-windows-copilot.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/manage-windows-copilot.md b/windows/client-management/manage-windows-copilot.md index 0547f35be8..68ebefcaf3 100644 --- a/windows/client-management/manage-windows-copilot.md +++ b/windows/client-management/manage-windows-copilot.md @@ -15,7 +15,7 @@ appliesto: >**Looking for consumer information?** See [Welcome to Copilot in Windows](https://support.microsoft.com/windows/welcome-to-copilot-in-windows-675708af-8c16-4675-afeb-85a5a476ccb0). -Copilot in Windows provides centralized generative AI assistance to your users right from the Windows desktop. Copilot in Windows appears as a side bar docked on the Windows desktop and is designed to help users get things done in Windows. Copilot in Windows can perform common tasks in Windows like changing Windows settings, which makes it different from the browser-based [Copilot in Edge](/bing-chat-enterprise/edge). However, both user experiences, Copilot in Windows and Copilot in Edge, can share the same underlying chat provider platform. It's important for organizations to properly configure the chat provider platform that Copilot in Windows uses, since it's possible for users to copy and paste sensitive information into the chat. +Copilot in Windows provides centralized generative AI assistance to your users right from the Windows desktop. Copilot in Windows appears as a side bar docked on the Windows desktop and is designed to help users get things done in Windows. Copilot in Windows can perform common tasks in Windows like changing Windows settings, which makes it different from the browser-based [Copilot in Edge](/copilot/edge). However, both user experiences, Copilot in Windows and Copilot in Edge, can share the same underlying chat provider platform. It's important for organizations to properly configure the chat provider platform that Copilot in Windows uses, since it's possible for users to copy and paste sensitive information into the chat. > [!Note] > - Copilot in Windows is currently available as a preview. We will continue to experiment with new ideas and methods using your feedback. @@ -44,7 +44,7 @@ Copilot in Windows can use either Microsoft Copilot or Copilot with commercial d ### Copilot -[Copilot](https://www.microsoft.com/bing/do-more-with-ai/what-is-bing-chat-and-how-can-you-use-it) is a consumer experience and has a daily limit on the number of chat queries per user when not signed in with a Microsoft account. It doesn't offer the same data protection as Copilot with commercial data protection. +Copilot is a consumer experience and has a daily limit on the number of chat queries per user when not signed in with a Microsoft account. It doesn't offer the same data protection as Copilot with commercial data protection. - [Copilot in Windows: Your data and privacy](https://support.microsoft.com/windows/3e265e82-fc76-4d0a-afc0-4a0de528b73a) - The privacy statement for using Copilot follows the [Microsoft privacy statement](https://privacy.microsoft.com/privacystatement) including the product specific guidance in the Microsoft privacy statement for **Bing** under the **Search, Microsoft Edge, and artificial intelligence** section. From 7d4ff193ed628d911d7b3a9a737b42d7930955ae Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 12 Dec 2023 10:47:25 -0500 Subject: [PATCH 026/219] Fix URL --- windows/client-management/manage-windows-copilot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/manage-windows-copilot.md b/windows/client-management/manage-windows-copilot.md index 68ebefcaf3..a45b3e5f36 100644 --- a/windows/client-management/manage-windows-copilot.md +++ b/windows/client-management/manage-windows-copilot.md @@ -132,7 +132,7 @@ Copilot in Windows isn't technically enabled by default for managed Windows 11, To enable Copilot in Windows for managed Windows 11, version 22H2 devices, you need to enable features under temporary enterprise control for these devices. Since enabling features behind [temporary enterprise control](/windows/whats-new/temporary-enterprise-feature-control) can be impactful, you should test this change before deploying it broadly. To enable Copilot in Windows for managed Windows 11, version 22H2 devices, use the following instructions: 1. Verify that the user accounts have the correct chat provider platform configured for Copilot in Windows. For more information, see the [Configure the chat provider platform that Copilot in Windows uses](#configure-the-chat-provider-platform-that-copilot-in-windows-uses) section. -1. Apply a policy to enable features under temporary enterprise control for managed clients. The following polices apply to Windows 11, version 22H2 with [KB5022845](https://support.microsoft.com/en-us/topic/february-14-2023-kb5022845-os-build-22621-1265-90a807f4-d2e8-486e-8a43-d09e66319f38) and later: +1. Apply a policy to enable features under temporary enterprise control for managed clients. The following polices apply to Windows 11, version 22H2 with [KB5022845](https://support.microsoft.com/topic/february-14-2023-kb5022845-os-build-22621-1265-90a807f4-d2e8-486e-8a43-d09e66319f38) and later: - **Group Policy:** Computer Configuration\Administrative Templates\Windows Components\Windows Update\Manage end user experience\\**Enable features introduced via servicing that are off by default** - **CSP**: ./Device/Vendor/MSFT/Policy/Config/Update/[AllowTemporaryEnterpriseFeatureControl](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowtemporaryenterprisefeaturecontrol) From 22b776341b6433acedc8089b3819c1929036c01d Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 12 Dec 2023 12:29:46 -0500 Subject: [PATCH 027/219] MDAG for Edge deprecation notice --- .../configure-md-app-guard.md | 4 +++- .../faq-md-app-guard.yml | 6 ++++-- .../install-md-app-guard.md | 4 +++- .../md-app-guard-browser-extension.md | 4 +++- .../md-app-guard-overview.md | 4 +++- .../reqs-md-app-guard.md | 4 +++- .../test-scenarios-md-app-guard.md | 4 +++- .../security/includes/mdag-edge-deprecation-notice.md | 9 +++++++++ 8 files changed, 31 insertions(+), 8 deletions(-) create mode 100644 windows/security/includes/mdag-edge-deprecation-notice.md diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md index 5b544490b0..af3c364839 100644 --- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md +++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md @@ -2,10 +2,12 @@ title: Configure the Group Policy settings for Microsoft Defender Application Guard description: Learn about the available Group Policy settings for Microsoft Defender Application Guard. ms.localizationpriority: medium -ms.date: 07/11/2023 +ms.date: 12/12/2023 ms.topic: how-to --- +[!INCLUDE [mdag-edge-deprecation-notice](../../../includes/mdag-edge-deprecation-notice.md)] + # Configure Microsoft Defender Application Guard policy settings Microsoft Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a Group Policy Object, which is linked to a domain, and then apply all those settings to every endpoint in the domain. diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/faq-md-app-guard.yml b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/faq-md-app-guard.yml index 5f3515a26b..43f2f31197 100644 --- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/faq-md-app-guard.yml +++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/faq-md-app-guard.yml @@ -1,14 +1,16 @@ ### YamlMime:FAQ metadata: - title: FAQ - Microsoft Defender Application Guard (Windows 10) + title: FAQ - Microsoft Defender Application Guard description: Learn about the commonly asked questions and answers for Microsoft Defender Application Guard. ms.localizationpriority: medium ms.topic: faq - ms.date: 07/11/2023 + ms.date: 12/12/2023 title: Frequently asked questions - Microsoft Defender Application Guard summary: | + [!INCLUDE [mdag-edge-deprecation-notice](../../../includes/mdag-edge-deprecation-notice.md)] + This article lists frequently asked questions with answers for Microsoft Defender Application Guard (Application Guard). Questions span features, integration with the Windows operating system, and general configuration. ## Frequently Asked Questions diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard.md index 5deab8192a..26c3b54123 100644 --- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard.md +++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard.md @@ -1,10 +1,12 @@ --- title: Enable hardware-based isolation for Microsoft Edge description: Learn about the Microsoft Defender Application Guard modes (Standalone or Enterprise-managed), and how to install Application Guard in your enterprise. -ms.date: 07/11/2023 +ms.date: 12/12/2023 ms.topic: how-to --- +[!INCLUDE [mdag-edge-deprecation-notice](../../../includes/mdag-edge-deprecation-notice.md)] + # Prepare to install Microsoft Defender Application Guard Before you continue, review [System requirements for Microsoft Defender Application Guard](reqs-md-app-guard.md) to review the hardware and software installation requirements for Microsoft Defender Application Guard. diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-browser-extension.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-browser-extension.md index 79a92c0c24..f39c513ff2 100644 --- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-browser-extension.md +++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-browser-extension.md @@ -2,10 +2,12 @@ title: Microsoft Defender Application Guard Extension description: Learn about the Microsoft Defender Application Guard browser extension, which extends Application Guard's protection to more web browsers. ms.localizationpriority: medium -ms.date: 07/11/2023 +ms.date: 12/12/2023 ms.topic: conceptual --- +[!INCLUDE [mdag-edge-deprecation-notice](../../../includes/mdag-edge-deprecation-notice.md)] + # Microsoft Defender Application Guard Extension [Microsoft Defender Application Guard Extension](https://www.microsoft.com/security/blog/2019/05/23/new-browser-extensions-for-integrating-microsofts-hardware-based-isolation/) is a web browser add-on available for [Chrome](https://chrome.google.com/webstore/detail/application-guard-extensi/mfjnknhkkiafjajicegabkbimfhplplj/) and [Firefox](https://addons.mozilla.org/en-US/firefox/addon/application-guard-extension/). diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md index 8b2235111a..224d05d963 100644 --- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md +++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md @@ -1,10 +1,12 @@ --- title: Microsoft Defender Application Guard description: Learn about Microsoft Defender Application Guard and how it helps combat malicious content and malware out on the Internet. -ms.date: 07/11/2023 +ms.date: 12/12/2023 ms.topic: conceptual --- +[!INCLUDE [mdag-edge-deprecation-notice](../../../includes/mdag-edge-deprecation-notice.md)] + # Microsoft Defender Application Guard overview Microsoft Defender Application Guard (MDAG) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete. diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/reqs-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/reqs-md-app-guard.md index e27e886eea..5b2bc250af 100644 --- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/reqs-md-app-guard.md +++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/reqs-md-app-guard.md @@ -3,9 +3,11 @@ title: System requirements for Microsoft Defender Application Guard description: Learn about the system requirements for installing and running Microsoft Defender Application Guard. ms.topic: overview ms.localizationpriority: medium -ms.date: 07/11/2023 +ms.date: 12/12/2023 --- +[!INCLUDE [mdag-edge-deprecation-notice](../../../includes/mdag-edge-deprecation-notice.md)] + # System requirements for Microsoft Defender Application Guard The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Microsoft Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive. diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md index 03756108fa..bfb85a54e6 100644 --- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md +++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md @@ -2,10 +2,12 @@ title: Testing scenarios with Microsoft Defender Application Guard description: Suggested testing scenarios for Microsoft Defender Application Guard, showing how it works in both Standalone and Enterprise-managed mode. ms.localizationpriority: medium -ms.date: 07/11/2023 +ms.date: 12/12/2023 ms.topic: conceptual --- +[!INCLUDE [mdag-edge-deprecation-notice](../../../includes/mdag-edge-deprecation-notice.md)] + # Application Guard testing scenarios We've come up with a list of scenarios that you can use to test hardware-based isolation in your organization. diff --git a/windows/security/includes/mdag-edge-deprecation-notice.md b/windows/security/includes/mdag-edge-deprecation-notice.md new file mode 100644 index 0000000000..03cc1de3e9 --- /dev/null +++ b/windows/security/includes/mdag-edge-deprecation-notice.md @@ -0,0 +1,9 @@ +--- +author: vinaypamnani-msft +ms.author: vinpa +ms.date: 12/12/2023 +ms.topic: include +--- + +> [!WARNING] +> Microsoft Defender Application Guard for Edge is being deprecated and is no longer being updated. This deprecation also includes the [Windows Isolated App Launcher APIs](/win32/api/isolatedapplauncher/) that are used for Microsoft Defender Application Guard for Edge. You are still using a secure enterprise browser buy using Microsoft Edge for Business. Download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more. From 425a215f99b81a0f707917f0e2a87d0207c0a878 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 12 Dec 2023 12:35:31 -0500 Subject: [PATCH 028/219] Fix include reference --- .../configure-md-app-guard.md | 3 ++- .../install-md-app-guard.md | 4 ++-- .../md-app-guard-browser-extension.md | 4 ++-- .../md-app-guard-overview.md | 4 ++-- .../test-scenarios-md-app-guard.md | 4 ++-- 5 files changed, 10 insertions(+), 9 deletions(-) diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md index af3c364839..2a40f36ead 100644 --- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md +++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md @@ -6,10 +6,11 @@ ms.date: 12/12/2023 ms.topic: how-to --- -[!INCLUDE [mdag-edge-deprecation-notice](../../../includes/mdag-edge-deprecation-notice.md)] # Configure Microsoft Defender Application Guard policy settings +[!INCLUDE [mdag-edge-deprecation-notice](../../../includes/mdag-edge-deprecation-notice.md)] + Microsoft Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a Group Policy Object, which is linked to a domain, and then apply all those settings to every endpoint in the domain. Application Guard uses both network isolation and application-specific settings. diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard.md index 26c3b54123..33375dd2a1 100644 --- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard.md +++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard.md @@ -5,10 +5,10 @@ ms.date: 12/12/2023 ms.topic: how-to --- -[!INCLUDE [mdag-edge-deprecation-notice](../../../includes/mdag-edge-deprecation-notice.md)] - # Prepare to install Microsoft Defender Application Guard +[!INCLUDE [mdag-edge-deprecation-notice](../../../includes/mdag-edge-deprecation-notice.md)] + Before you continue, review [System requirements for Microsoft Defender Application Guard](reqs-md-app-guard.md) to review the hardware and software installation requirements for Microsoft Defender Application Guard. > [!NOTE] diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-browser-extension.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-browser-extension.md index f39c513ff2..f841705678 100644 --- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-browser-extension.md +++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-browser-extension.md @@ -6,10 +6,10 @@ ms.date: 12/12/2023 ms.topic: conceptual --- -[!INCLUDE [mdag-edge-deprecation-notice](../../../includes/mdag-edge-deprecation-notice.md)] - # Microsoft Defender Application Guard Extension +[!INCLUDE [mdag-edge-deprecation-notice](../../../includes/mdag-edge-deprecation-notice.md)] + [Microsoft Defender Application Guard Extension](https://www.microsoft.com/security/blog/2019/05/23/new-browser-extensions-for-integrating-microsofts-hardware-based-isolation/) is a web browser add-on available for [Chrome](https://chrome.google.com/webstore/detail/application-guard-extensi/mfjnknhkkiafjajicegabkbimfhplplj/) and [Firefox](https://addons.mozilla.org/en-US/firefox/addon/application-guard-extension/). [Microsoft Defender Application Guard](md-app-guard-overview.md) provides Hyper-V isolation on Windows 10 and Windows 11, to protect users from potentially harmful content on the web. The extension helps Application Guard protect users running other web browsers. diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md index 224d05d963..109331df35 100644 --- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md +++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md @@ -5,10 +5,10 @@ ms.date: 12/12/2023 ms.topic: conceptual --- -[!INCLUDE [mdag-edge-deprecation-notice](../../../includes/mdag-edge-deprecation-notice.md)] - # Microsoft Defender Application Guard overview +[!INCLUDE [mdag-edge-deprecation-notice](../../../includes/mdag-edge-deprecation-notice.md)] + Microsoft Defender Application Guard (MDAG) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete. ## What is Application Guard and how does it work? diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md index bfb85a54e6..f63bfb9f1f 100644 --- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md +++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md @@ -6,10 +6,10 @@ ms.date: 12/12/2023 ms.topic: conceptual --- -[!INCLUDE [mdag-edge-deprecation-notice](../../../includes/mdag-edge-deprecation-notice.md)] - # Application Guard testing scenarios +[!INCLUDE [mdag-edge-deprecation-notice](../../../includes/mdag-edge-deprecation-notice.md)] + We've come up with a list of scenarios that you can use to test hardware-based isolation in your organization. ## Application Guard in standalone mode From 4a6cc35fb42f5004dd73e9b90e8c32e71df1eeef Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 12 Dec 2023 12:48:58 -0500 Subject: [PATCH 029/219] Fix include reference --- .../microsoft-defender-application-guard/reqs-md-app-guard.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/reqs-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/reqs-md-app-guard.md index 5b2bc250af..ff5414fd19 100644 --- a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/reqs-md-app-guard.md +++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/reqs-md-app-guard.md @@ -6,10 +6,10 @@ ms.localizationpriority: medium ms.date: 12/12/2023 --- -[!INCLUDE [mdag-edge-deprecation-notice](../../../includes/mdag-edge-deprecation-notice.md)] - # System requirements for Microsoft Defender Application Guard +[!INCLUDE [mdag-edge-deprecation-notice](../../../includes/mdag-edge-deprecation-notice.md)] + The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Microsoft Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive. > [!NOTE] From 3a0c8d4780e784fed262d2536648d7fbf12b36d8 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 12 Dec 2023 12:56:06 -0500 Subject: [PATCH 030/219] Update notice --- windows/security/includes/mdag-edge-deprecation-notice.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/includes/mdag-edge-deprecation-notice.md b/windows/security/includes/mdag-edge-deprecation-notice.md index 03cc1de3e9..2115c49a7a 100644 --- a/windows/security/includes/mdag-edge-deprecation-notice.md +++ b/windows/security/includes/mdag-edge-deprecation-notice.md @@ -6,4 +6,4 @@ ms.topic: include --- > [!WARNING] -> Microsoft Defender Application Guard for Edge is being deprecated and is no longer being updated. This deprecation also includes the [Windows Isolated App Launcher APIs](/win32/api/isolatedapplauncher/) that are used for Microsoft Defender Application Guard for Edge. You are still using a secure enterprise browser buy using Microsoft Edge for Business. Download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more. +> Microsoft Defender Application Guard for Edge is being deprecated and is no longer being updated. This deprecation also includes the [Windows Isolated App Launcher APIs](/win32/api/isolatedapplauncher/) that are used for Microsoft Defender Application Guard for Edge. You are still using a secure enterprise browser by using Microsoft Edge for Business. Download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more. From 41ac0c26e62233f5cd913d0d5d6289392befdb86 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 12 Dec 2023 12:58:30 -0500 Subject: [PATCH 031/219] Fix link --- windows/security/includes/mdag-edge-deprecation-notice.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/includes/mdag-edge-deprecation-notice.md b/windows/security/includes/mdag-edge-deprecation-notice.md index 2115c49a7a..f04b22774d 100644 --- a/windows/security/includes/mdag-edge-deprecation-notice.md +++ b/windows/security/includes/mdag-edge-deprecation-notice.md @@ -6,4 +6,4 @@ ms.topic: include --- > [!WARNING] -> Microsoft Defender Application Guard for Edge is being deprecated and is no longer being updated. This deprecation also includes the [Windows Isolated App Launcher APIs](/win32/api/isolatedapplauncher/) that are used for Microsoft Defender Application Guard for Edge. You are still using a secure enterprise browser by using Microsoft Edge for Business. Download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more. +> Microsoft Defender Application Guard for Edge is being deprecated and is no longer being updated. This deprecation also includes the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/) that are used for Microsoft Defender Application Guard for Edge. You are still using a secure enterprise browser by using Microsoft Edge for Business. Download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more. From 79c4db60f227b962d75ca3d101b6215d69bbb084 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 12 Dec 2023 13:14:59 -0500 Subject: [PATCH 032/219] Update deprecated features --- windows/whats-new/deprecated-features.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index f24e8b23a2..f2fc0fbefd 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -36,19 +36,20 @@ The features in this article are no longer being actively developed, and might b |Feature | Details and mitigation | Deprecation announced | |---|---|---| +| Microsoft Defender Application Guard for Edge | Microsoft Defender Application Guard for Edge is being deprecated and is no longer being updated. This deprecation also includes the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/) that are used for Microsoft Defender Application Guard for Edge. You are still using a secure enterprise browser by using Microsoft Edge for Business. Download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more. | December 2023 | | Windows speech recognition | [Windows speech recognition](https://support.microsoft.com/windows/83ff75bd-63eb-0b6c-18d4-6fae94050571) is being deprecated and will no longer being developed. This feature is being replaced with [voice access](https://support.microsoft.com/en-us/topic/4dcd23ee-f1b9-4fd1-bacc-862ab611f55d). Voice access is available for Windows 11, version 22H2, or later devices. Currently, voice access supports five English locales: English - US, English - UK, English - India, English - New Zealand, English - Canada, and English - Australia. For more information, see [Setup voice access](https://support.microsoft.com/en-us/topic/set-up-voice-access-9fc44e29-12bf-4d86-bc4e-e9bb69df9a0e). | December 2023 | | Microsoft Defender Application Guard for Office | [Microsoft Defender Application Guard for Office](/microsoft-365/security/office-365-security/app-guard-for-office-install) is being deprecated and is no longer being updated. This deprecation also includes the [Windows.Security.Isolation APIs](/uwp/api/windows.security.isolation) that are used for Microsoft Defender Application Guard for Office. We recommend transitioning to Microsoft Defender for Endpoint [attack surface reduction rules](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction) along with [Protected View](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365#global-settings-for-safe-attachments) and [Windows Defender Application Control](/windows/security/application-security/application-control/windows-defender-application-control/wdac). | November 2023 | | Steps Recorder (psr.exe) | Steps Recorder is no longer being updated and will be removed in a future release of Windows. For screen recording, we recommend the Snipping Tool, Xbox Game Bar, or Microsoft Clipchamp. | November 2023 | | Tips | The Tips app is deprecated and will be removed in a future release of Windows. Content in the app will continue to be updated with information about new Windows features until the app is removed. | November 2023 | -| Computer Browser | The Computer Browser driver and service are deprecated. The browser (browser protocol and service) is a dated and insecure device location protocol. This protocol, service, and driver were first disabled by default in Windows 10 with the removal of the SMB1 service. For more information on Computer Browser, see [MS-BRWS Common Internet File System](/openspecs/windows_protocols/ms-brws/3cfbad92-09b3-4abc-808f-c6f6347d5677). | November 2023 | +| Computer Browser | The Computer Browser driver and service are deprecated. The browser (browser protocol and service) is a dated and insecure device location protocol. This protocol, service, and driver were first disabled by default in Windows 10 with the removal of the SMB1 service. For more information on Computer Browser, see [MS-BRWS Common Internet File System](/openspecs/windows_protocols/ms-brws/3cfbad92-09b3-4abc-808f-c6f6347d5677). | November 2023 | | Webclient (WebDAV) Service | The Webclient (WebDAV) service is deprecated. The Webclient service isn't started by default in Windows. For more information on WebDAV, see [WebDAV - Win32 apps](/windows/win32/webdav/webdav-portal). | November 2023 | -| Remote Mailslots | Remote Mailslots are deprecated. The Remote Mailslot protocol is a dated, simple, unreliable, insecure IPC method first introduced in MS DOS. This protocol was first disabled by default in [Windows 11 Insider Preview Build ](https://blogs.windows.com/windows-insider/2023/03/08/announcing-windows-11-insider-preview-build-25314/). For more information on Remote Mailslots, see [About Mailslots](/windows/win32/ipc/about-mailslots) and [[MS-MAIL]: Remote Mailslot Protocol](/openspecs/windows_protocols/ms-mail/8ea19aa4-6e5a-4aed-b628-0b5cd75a1ab9).| November 2023 | +| Remote Mailslots | Remote Mailslots are deprecated. The Remote Mailslot protocol is a dated, simple, unreliable, insecure IPC method first introduced in MS DOS. This protocol was first disabled by default in [Windows 11 Insider Preview Build ](https://blogs.windows.com/windows-insider/2023/03/08/announcing-windows-11-insider-preview-build-25314/). For more information on Remote Mailslots, see [About Mailslots](/windows/win32/ipc/about-mailslots) and [[MS-MAIL]: Remote Mailslot Protocol](/openspecs/windows_protocols/ms-mail/8ea19aa4-6e5a-4aed-b628-0b5cd75a1ab9).| November 2023 | | Timeline for Microsoft Entra accounts | Cross-device syncing of Microsoft Entra user activity history will stop starting in January 2024. Microsoft will stop storing this data in the cloud, aligning with [the previous change for Microsoft accounts (MSA)](https://blogs.windows.com/windows-insider/2021/04/14/announcing-windows-10-insider-preview-build-21359) in 2021. The timeline user experience was retired in Windows 11, although it remains in Windows 10. The timeline user experience and all your local activity history still remains on Windows 10 devices. Users can access web history using their browser and access recent files through OneDrive and Office. | October 2023 | | VBScript | VBScript is deprecated. In future releases of Windows, VBScript will be available as a feature on demand before its removal from the operating system. For more information, see [Resources for deprecated features](deprecated-features-resources.md#vbscript). | October 2023 | | WordPad | WordPad is no longer being updated and will be removed in a future release of Windows. We recommend Microsoft Word for rich text documents like .doc and .rtf and Windows Notepad for plain text documents like .txt. | September 1, 2023 | | AllJoyn | Microsoft's implementation of AllJoyn, which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) has been deprecated. [AllJoyn](https://openconnectivity.org/technology/reference-implementation/alljoyn/), sponsored by AllSeen Alliance, was an open source discovery and communication protocol for Internet of Things scenarios such as turning on/off lights or reading temperatures.AllSeen Alliance promoted the AllJoyn project from 2013 until 2016 when it merged with the Open Connectivity Foundation (OCF), the sponsors of [Iotivity.org](https://iotivity.org/), another protocol for Internet of Things scenarios. Customers should refer to the [Iotivity.org](https://iotivity.org/) website for alternatives such as [Iotivity Lite](https://github.com/iotivity/iotivity-lite) or [Iotivity](https://github.com/iotivity/iotivity). | August 17, 2023 | -| TLS 1.0 and 1.1 | Over the past several years, internet standards and regulatory bodies have [deprecated or disallowed](https://www.ietf.org/rfc/rfc8996.html) TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds for September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 will be disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | August 1, 2023| -| Cortana in Windows | Cortana in Windows as a standalone app is deprecated. This change only impacts Cortana in Windows, and your productivity assistant, Cortana, will continue to be available in Outlook mobile, Teams mobile, Microsoft Teams display, and Microsoft Teams rooms. | June 2023 | +| TLS 1.0 and 1.1 | Over the past several years, internet standards and regulatory bodies have [deprecated or disallowed](https://www.ietf.org/rfc/rfc8996.html) TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds for September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 will be disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | August 1, 2023| +| Cortana in Windows | Cortana in Windows as a standalone app is deprecated. This change only impacts Cortana in Windows, and your productivity assistant, Cortana, will continue to be available in Outlook mobile, Teams mobile, Microsoft Teams display, and Microsoft Teams rooms. | June 2023 | | Microsoft Support Diagnostic Tool (MSDT) | [MSDT](/windows-server/administration/windows-commands/msdt) is deprecated and will be removed in a future release of Windows. MSDT is used to gather diagnostic data for analysis by support professionals. For more information, see [Resources for deprecated features](deprecated-features-resources.md) | January 2023 | | Universal Windows Platform (UWP) Applications for 32-bit Arm | This change is applicable only to devices with an Arm processor, for example Snapdragon processors from Qualcomm. If you have a PC built with a processor from Intel or AMD, this content isn't applicable. If you aren't sure which type of processor you have, check **Settings** > **System** > **About**.

Support for 32-bit Arm versions of applications will be removed in a future release of Windows 11. After this change, for the small number of applications affected, app features might be different and you might notice a difference in performance. For more technical details about this change, see [Update app architecture from Arm32 to Arm64](/windows/arm/arm32-to-arm64). | January 2023 | | Update Compliance | [Update Compliance](/windows/deployment/update/update-compliance-monitor), a cloud-based service for the Windows client, is no longer being developed. This service has been replaced with [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview), which provides reporting on client compliance with Microsoft updates from the Azure portal. | November 2022| From 78a6a1b567c490cc9f5d3abd14a5a53f0b420f78 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Wed, 13 Dec 2023 12:48:40 -0500 Subject: [PATCH 033/219] Update deprecation notice --- windows/security/includes/mdag-edge-deprecation-notice.md | 2 +- windows/whats-new/deprecated-features.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/includes/mdag-edge-deprecation-notice.md b/windows/security/includes/mdag-edge-deprecation-notice.md index f04b22774d..374f553247 100644 --- a/windows/security/includes/mdag-edge-deprecation-notice.md +++ b/windows/security/includes/mdag-edge-deprecation-notice.md @@ -6,4 +6,4 @@ ms.topic: include --- > [!WARNING] -> Microsoft Defender Application Guard for Edge is being deprecated and is no longer being updated. This deprecation also includes the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/) that are used for Microsoft Defender Application Guard for Edge. You are still using a secure enterprise browser by using Microsoft Edge for Business. Download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more. +> Microsoft Defender Application Guard, including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), will be deprecated for Microsoft Edge for Business and will no longer be updated. Please download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more about Edge for Business security capabilities. \ No newline at end of file diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index f2fc0fbefd..07f57feca8 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -1,7 +1,7 @@ --- title: Deprecated features in the Windows client description: Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11. -ms.date: 12/07/2023 +ms.date: 12/13/2023 ms.prod: windows-client ms.technology: itpro-fundamentals ms.localizationpriority: medium @@ -36,7 +36,7 @@ The features in this article are no longer being actively developed, and might b |Feature | Details and mitigation | Deprecation announced | |---|---|---| -| Microsoft Defender Application Guard for Edge | Microsoft Defender Application Guard for Edge is being deprecated and is no longer being updated. This deprecation also includes the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/) that are used for Microsoft Defender Application Guard for Edge. You are still using a secure enterprise browser by using Microsoft Edge for Business. Download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more. | December 2023 | +| Microsoft Defender Application Guard for Edge | Microsoft Defender Application Guard, including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), will be deprecated for Microsoft Edge for Business and will no longer be updated. Please download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more about Edge for Business security capabilities. | December 2023 | | Windows speech recognition | [Windows speech recognition](https://support.microsoft.com/windows/83ff75bd-63eb-0b6c-18d4-6fae94050571) is being deprecated and will no longer being developed. This feature is being replaced with [voice access](https://support.microsoft.com/en-us/topic/4dcd23ee-f1b9-4fd1-bacc-862ab611f55d). Voice access is available for Windows 11, version 22H2, or later devices. Currently, voice access supports five English locales: English - US, English - UK, English - India, English - New Zealand, English - Canada, and English - Australia. For more information, see [Setup voice access](https://support.microsoft.com/en-us/topic/set-up-voice-access-9fc44e29-12bf-4d86-bc4e-e9bb69df9a0e). | December 2023 | | Microsoft Defender Application Guard for Office | [Microsoft Defender Application Guard for Office](/microsoft-365/security/office-365-security/app-guard-for-office-install) is being deprecated and is no longer being updated. This deprecation also includes the [Windows.Security.Isolation APIs](/uwp/api/windows.security.isolation) that are used for Microsoft Defender Application Guard for Office. We recommend transitioning to Microsoft Defender for Endpoint [attack surface reduction rules](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction) along with [Protected View](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365#global-settings-for-safe-attachments) and [Windows Defender Application Control](/windows/security/application-security/application-control/windows-defender-application-control/wdac). | November 2023 | | Steps Recorder (psr.exe) | Steps Recorder is no longer being updated and will be removed in a future release of Windows. For screen recording, we recommend the Snipping Tool, Xbox Game Bar, or Microsoft Clipchamp. | November 2023 | From d429bf6b94b3d0e9566ea9f2dc3041fb7c133ef6 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Wed, 13 Dec 2023 16:05:56 -0500 Subject: [PATCH 034/219] Switch to NOTE --- windows/security/includes/mdag-edge-deprecation-notice.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/includes/mdag-edge-deprecation-notice.md b/windows/security/includes/mdag-edge-deprecation-notice.md index 374f553247..57318679e8 100644 --- a/windows/security/includes/mdag-edge-deprecation-notice.md +++ b/windows/security/includes/mdag-edge-deprecation-notice.md @@ -1,9 +1,9 @@ --- author: vinaypamnani-msft ms.author: vinpa -ms.date: 12/12/2023 +ms.date: 12/13/2023 ms.topic: include --- -> [!WARNING] +> [!NOTE] > Microsoft Defender Application Guard, including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), will be deprecated for Microsoft Edge for Business and will no longer be updated. Please download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more about Edge for Business security capabilities. \ No newline at end of file From 8a0397f0b42ebe4dc220bcc60ce03ba84b17b2b7 Mon Sep 17 00:00:00 2001 From: "Vinay Pamnani (from Dev Box)" Date: Thu, 14 Dec 2023 10:28:09 -0500 Subject: [PATCH 035/219] Remove 21H2 --- windows/client-management/mdm/policy-csp-windowsai.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md index e712051b23..879c8ba6b4 100644 --- a/windows/client-management/mdm/policy-csp-windowsai.md +++ b/windows/client-management/mdm/policy-csp-windowsai.md @@ -4,7 +4,7 @@ description: Learn more about the WindowsAI Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 12/07/2023 +ms.date: 12/14/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -26,7 +26,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 21H2 [10.0.19044.3758] and later
✅ Windows 10, version 22H2 [10.0.19045.3758] and later
✅ Windows 11, version 22H2 [10.0.22621.2361] and later
✅ Windows 11, version 23H2 [10.0.22631] and later | +| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 22H2 [10.0.19045.3758] and later
✅ Windows 11, version 22H2 [10.0.22621.2361] and later
✅ Windows 11, version 23H2 [10.0.22631] and later | From 5fe6b2ac07a88887c4ec9b5c589adc8943c74d92 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Thu, 14 Dec 2023 11:15:59 -0800 Subject: [PATCH 036/219] add legacy console (8577271) --- windows/whats-new/deprecated-features.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index f24e8b23a2..bfcbd377cd 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -1,7 +1,7 @@ --- title: Deprecated features in the Windows client description: Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11. -ms.date: 12/07/2023 +ms.date: 12/14/2023 ms.prod: windows-client ms.technology: itpro-fundamentals ms.localizationpriority: medium @@ -36,6 +36,7 @@ The features in this article are no longer being actively developed, and might b |Feature | Details and mitigation | Deprecation announced | |---|---|---| +| Legacy console mode | The [legacy console mode](/windows/console/legacymode) is deprecated and no longer being updated. In future Windows releases, it will be available as an optional [Feature on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). This feature won't be installed by default. | December 2023 | | Windows speech recognition | [Windows speech recognition](https://support.microsoft.com/windows/83ff75bd-63eb-0b6c-18d4-6fae94050571) is being deprecated and will no longer being developed. This feature is being replaced with [voice access](https://support.microsoft.com/en-us/topic/4dcd23ee-f1b9-4fd1-bacc-862ab611f55d). Voice access is available for Windows 11, version 22H2, or later devices. Currently, voice access supports five English locales: English - US, English - UK, English - India, English - New Zealand, English - Canada, and English - Australia. For more information, see [Setup voice access](https://support.microsoft.com/en-us/topic/set-up-voice-access-9fc44e29-12bf-4d86-bc4e-e9bb69df9a0e). | December 2023 | | Microsoft Defender Application Guard for Office | [Microsoft Defender Application Guard for Office](/microsoft-365/security/office-365-security/app-guard-for-office-install) is being deprecated and is no longer being updated. This deprecation also includes the [Windows.Security.Isolation APIs](/uwp/api/windows.security.isolation) that are used for Microsoft Defender Application Guard for Office. We recommend transitioning to Microsoft Defender for Endpoint [attack surface reduction rules](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction) along with [Protected View](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365#global-settings-for-safe-attachments) and [Windows Defender Application Control](/windows/security/application-security/application-control/windows-defender-application-control/wdac). | November 2023 | | Steps Recorder (psr.exe) | Steps Recorder is no longer being updated and will be removed in a future release of Windows. For screen recording, we recommend the Snipping Tool, Xbox Game Bar, or Microsoft Clipchamp. | November 2023 | From 5bd0a1891aaae1b319201cd86cecb684b76df75d Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Thu, 14 Dec 2023 14:07:06 -0800 Subject: [PATCH 037/219] Updated What's new --- .../whats-new/windows-autopatch-whats-new-2023.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md index 64d5a76d3e..c47bb6418b 100644 --- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md +++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md @@ -1,7 +1,7 @@ --- title: What's new 2023 description: This article lists the 2023 feature releases and any corresponding Message center post numbers. -ms.date: 12/04/2023 +ms.date: 12/14/2023 ms.prod: windows-client ms.technology: itpro-updates ms.topic: whats-new @@ -29,6 +29,13 @@ Minor corrections such as typos, style, or formatting issues aren't listed. | ----- | ----- | | [Prerequisites](../prepare/windows-autopatch-prerequisites.md#more-about-licenses) | Added F SKU licenses to the [More about licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses) section. Also see [FAQ](../overview/windows-autopatch-faq.yml)
  • [MC690609](https://admin.microsoft.com/adminportal/home#/MessageCenter)
| +## December service release + +| Message center post number | Description | +| ----- | ----- | +| [MC697414](https://admin.microsoft.com/adminportal/home#/MessageCenter) | New Feature: Alerts for Windows Autopatch policy conflicts Public Preview announcement | +| [MC695483](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Planned Maintenance: Windows Autopatch configuration update – December 2023 | + ## November service release | Message center post number | Description | From 14a6ff35dccd4bc8cc5c91b3628ad69417a35877 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 14 Dec 2023 16:10:35 -0800 Subject: [PATCH 038/219] Acrolinx: "will no longer being" --- windows/whats-new/deprecated-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index bfcbd377cd..af5cdbdbe5 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -37,7 +37,7 @@ The features in this article are no longer being actively developed, and might b |Feature | Details and mitigation | Deprecation announced | |---|---|---| | Legacy console mode | The [legacy console mode](/windows/console/legacymode) is deprecated and no longer being updated. In future Windows releases, it will be available as an optional [Feature on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). This feature won't be installed by default. | December 2023 | -| Windows speech recognition | [Windows speech recognition](https://support.microsoft.com/windows/83ff75bd-63eb-0b6c-18d4-6fae94050571) is being deprecated and will no longer being developed. This feature is being replaced with [voice access](https://support.microsoft.com/en-us/topic/4dcd23ee-f1b9-4fd1-bacc-862ab611f55d). Voice access is available for Windows 11, version 22H2, or later devices. Currently, voice access supports five English locales: English - US, English - UK, English - India, English - New Zealand, English - Canada, and English - Australia. For more information, see [Setup voice access](https://support.microsoft.com/en-us/topic/set-up-voice-access-9fc44e29-12bf-4d86-bc4e-e9bb69df9a0e). | December 2023 | +| Windows speech recognition | [Windows speech recognition](https://support.microsoft.com/windows/83ff75bd-63eb-0b6c-18d4-6fae94050571) is being deprecated and is no longer being developed. This feature is being replaced with [voice access](https://support.microsoft.com/en-us/topic/4dcd23ee-f1b9-4fd1-bacc-862ab611f55d). Voice access is available for Windows 11, version 22H2, or later devices. Currently, voice access supports five English locales: English - US, English - UK, English - India, English - New Zealand, English - Canada, and English - Australia. For more information, see [Setup voice access](https://support.microsoft.com/en-us/topic/set-up-voice-access-9fc44e29-12bf-4d86-bc4e-e9bb69df9a0e). | December 2023 | | Microsoft Defender Application Guard for Office | [Microsoft Defender Application Guard for Office](/microsoft-365/security/office-365-security/app-guard-for-office-install) is being deprecated and is no longer being updated. This deprecation also includes the [Windows.Security.Isolation APIs](/uwp/api/windows.security.isolation) that are used for Microsoft Defender Application Guard for Office. We recommend transitioning to Microsoft Defender for Endpoint [attack surface reduction rules](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction) along with [Protected View](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365#global-settings-for-safe-attachments) and [Windows Defender Application Control](/windows/security/application-security/application-control/windows-defender-application-control/wdac). | November 2023 | | Steps Recorder (psr.exe) | Steps Recorder is no longer being updated and will be removed in a future release of Windows. For screen recording, we recommend the Snipping Tool, Xbox Game Bar, or Microsoft Clipchamp. | November 2023 | | Tips | The Tips app is deprecated and will be removed in a future release of Windows. Content in the app will continue to be updated with information about new Windows features until the app is removed. | November 2023 | From ac6a6fb7532422f810ccc0a0a5ad2d20f6772d9e Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 15 Dec 2023 07:37:56 -0500 Subject: [PATCH 039/219] Cert trust deployment guides refresh --- .../hello-cert-trust-adfs.md | 5 ++- .../hello-cert-trust-policy-settings.md | 3 +- .../hello-cert-trust-validate-ad-prereq.md | 33 ---------------- .../hello-cert-trust-validate-deploy-mfa.md | 4 +- .../hello-cert-trust-validate-pki.md | 1 + .../hello-deployment-cert-trust.md | 33 ++++++++++++---- .../hello-hybrid-cert-trust-validate-pki.md | 2 +- .../hello-hybrid-cert-trust.md | 6 +-- .../hello-hybrid-cert-whfb-provision.md | 2 +- .../hello-hybrid-cert-whfb-settings-adfs.md | 3 +- .../includes/dc-certificate-deployment.md | 2 +- .../includes/dc-certificate-supersede.md | 3 +- .../includes/dc-certificate-template.md | 33 ++++++---------- .../includes/dc-certificate-validate.md | 2 +- .../enrollment-agent-certificate-template.md | 2 +- .../includes/hello-cloud.md | 2 +- .../includes/hello-deployment-cloud.md | 2 +- .../includes/hello-deployment-hybrid.md | 2 +- .../includes/hello-deployment-onpremises.md | 2 +- .../includes/hello-hybrid-cert-trust-aad.md | 2 +- .../includes/hello-hybrid-cert-trust.md | 2 +- .../includes/hello-hybrid-cloudkerb-trust.md | 2 +- .../includes/hello-hybrid-key-trust.md | 2 +- .../hello-hybrid-keycert-trust-aad.md | 2 +- .../includes/hello-intro.md | 2 +- .../includes/hello-join-aad.md | 2 +- .../includes/hello-join-domain.md | 2 +- .../includes/hello-join-hybrid.md | 2 +- .../includes/hello-on-premises-cert-trust.md | 2 +- .../includes/lab-based-pki-deploy.md | 2 +- .../unpublish-superseded-templates.md | 3 +- .../web-server-certificate-template.md | 39 +++++++------------ .../hello-for-business/toc.yml | 2 - 33 files changed, 84 insertions(+), 124 deletions(-) delete mode 100644 windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index dbdfe3cab6..4a9f5f7e9c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -1,7 +1,7 @@ --- title: Prepare and deploy Active Directory Federation Services in an on-premises certificate trust model description: Learn how to configure Active Directory Federation Services to support the Windows Hello for Business on-premises certificate trust model. -ms.date: 09/07/2023 +ms.date: 12/15/2023 appliesto: - ✅ Windows 11 - ✅ Windows 10 @@ -29,6 +29,7 @@ Prepare the AD FS deployment by installing and **updating** two Windows Servers. Typically, a federation service is an edge facing role. However, the federation services and instance used with the on-premises deployment of Windows Hello for Business does not need Internet connectivity. The AD FS role needs a *server authentication* certificate for the federation services, and you can use a certificate issued by your enterprise (internal) CA. The server authentication certificate should have the following names included in the certificate, if you are requesting an individual certificate for each node in the federation farm: + - **Subject Name**: the internal FQDN of the federation server - **Subject Alternate Name**: the federation service name (e.g. *sts.corp.contoso.com*) or an appropriate wildcard entry (e.g. *\*.corp.contoso.com*) @@ -318,4 +319,4 @@ Each file in this folder represents a certificate in the service account's Perso For detailed information about the certificate, use `Certutil -q -v `. > [!div class="nextstepaction"] -> [Next: validate and deploy multi-factor authentication (MFA)](hello-cert-trust-validate-deploy-mfa.md) \ No newline at end of file +> [Next: validate and deploy multi-factor authentication (MFA) >](hello-cert-trust-validate-deploy-mfa.md) \ No newline at end of file diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md index 830d49e11a..7488f93b1a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md @@ -1,7 +1,7 @@ --- title: Configure Windows Hello for Business Policy settings in an on-premises certificate trust description: Configure Windows Hello for Business Policy settings for Windows Hello for Business in an on-premises certificate trust scenario -ms.date: 09/07/2023 +ms.date: 12/15/2023 ms.topic: tutorial --- # Configure Windows Hello for Business group policy settings - on-premises certificate Trust @@ -9,6 +9,7 @@ ms.topic: tutorial [!INCLUDE [hello-on-premises-cert-trust](./includes/hello-on-premises-cert-trust.md)] On-premises certificate-based deployments of Windows Hello for Business need three Group Policy settings: + - Enable Windows Hello for Business - Use certificate for on-premises authentication - Enable automatic enrollment of certificates diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md deleted file mode 100644 index 220079357a..0000000000 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -title: Validate Active Directory prerequisites in an on-premises certificate trust -description: Validate Active Directory prerequisites when deploying Windows Hello for Business in a certificate trust model. -ms.date: 09/07/2023 -appliesto: -- ✅ Windows 11 -- ✅ Windows 10 -- ✅ Windows Server 2022 -- ✅ Windows Server 2019 -- ✅ Windows Server 2016 -ms.topic: tutorial ---- -# Validate Active Directory prerequisites - on-premises certificate trust - -[!INCLUDE [hello-on-premises-cert-trust](./includes/hello-on-premises-cert-trust.md)] - -The key registration process for the on-premises deployment of Windows Hello for Business requires the Windows Server 2016 Active Directory or later schema. - -## Create the Windows Hello for Business Users security group - -The *Windows Hello for Business Users* group is used to make it easy to deploy Windows Hello for Business in phases. You assign Group Policy permissions to this group to simplify the deployment by adding the users to the group. This provides users with the proper permissions to provision Windows Hello for Business. - -Sign-in to a domain controller or to a management workstation with a *Domain Administrator* equivalent credentials. - -1. Open **Active Directory Users and Computers** -1. Select **View > Advanced Features** -1. Expand the domain node from the navigation pane -1. Right-click the **Users** container. Select **New > Group** -1. Type *Windows Hello for Business Users* in the **Group Name** -1. Select **OK** - -> [!div class="nextstepaction"] -> [Next: validate and configure PKI >](hello-cert-trust-validate-pki.md) \ No newline at end of file diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md index 087d2813e3..9c22949b67 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md @@ -1,7 +1,7 @@ --- title: Validate and Deploy MFA for Windows Hello for Business with certificate trust description: Validate and deploy multifactor authentication (MFA) for Windows Hello for Business in an on-premises certificate trust model. -ms.date: 09/07/2023 +ms.date: 12/15/2023 appliesto: - ✅ Windows 11 - ✅ Windows 10 @@ -28,4 +28,4 @@ For information about third-party authentication methods, see [Configure Additio Follow the integration and deployment guide for the authentication provider you plan to integrate to AD FS. Make sure that the authentication provider is selected as a multifactor authentication option in the AD FS authentication policy. For information on configuring AD FS authentication policies, see [Configure Authentication Policies](/windows-server/identity/ad-fs/operations/configure-authentication-policies). > [!div class="nextstepaction"] -> [Next: configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md) +> [Next: configure Windows Hello for Business Policy settings >](hello-cert-trust-policy-settings.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md index e98fede731..2b4e0e988c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md @@ -10,6 +10,7 @@ appliesto: - ✅ Windows Server 2016 ms.topic: tutorial --- + # Configure and validate the Public Key Infrastructure - on-premises certificate trust [!INCLUDE [hello-on-premises-cert-trust](./includes/hello-on-premises-cert-trust.md)] diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md index 04edf25531..6e3a9ccc04 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md @@ -1,7 +1,7 @@ --- title: Windows Hello for Business deployment guide for the on-premises certificate trust model description: Learn how to deploy Windows Hello for Business in an on-premises, certificate trust model. -ms.date: 09/07/2023 +ms.date: 12/15/2023 appliesto: - ✅ Windows 11 - ✅ Windows 10 @@ -14,10 +14,29 @@ ms.topic: tutorial [!INCLUDE [hello-on-premises-cert-trust](./includes/hello-on-premises-cert-trust.md)] -Windows Hello for Business replaces username and password authentication to Windows with an asymmetric key pair. This deployment guide provides the information to deploy Windows Hello for Business in an on-premises environment: +Windows Hello for Business replaces username and password authentication to Windows with an asymmetric key pair. This deployment guide provides the information to deploy Windows Hello for Business in an on-premises environment. -1. [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md) -2. [Validate and configure a PKI](hello-cert-trust-validate-pki.md) -3. [Prepare and deploy AD FS](hello-cert-trust-adfs.md) -4. [Validate and deploy multi-factor authentication (MFA)](hello-cert-trust-validate-deploy-mfa.md) -5. [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md) \ No newline at end of file +There are four steps to deploying Windows Hello for Business in an on-premises certificate trust model: + +1. [Validate and configure a PKI](hello-cert-trust-validate-pki.md) +1. [Prepare and deploy AD FS](hello-cert-trust-adfs.md) +1. [Validate and deploy multi-factor authentication (MFA)](hello-cert-trust-validate-deploy-mfa.md) +1. [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md) + +## Create the Windows Hello for Business Users security group + +While this is not a required step, it is recommended to create a security group to simplify the deployment. + +The *Windows Hello for Business Users* group is used to make it easy to deploy Windows Hello for Business in phases. You assign certificate templates and group policy permissions to this group to simplify the deployment by adding the users to the group. This provides users with the proper permissions to provision Windows Hello for Business. + +Sign-in to a domain controller or to a management workstation with a *Domain Administrator* equivalent credentials. + +1. Open **Active Directory Users and Computers** +1. Select **View > Advanced Features** +1. Expand the domain node from the navigation pane +1. Right-click the **Users** container. Select **New > Group** +1. Type *Windows Hello for Business Users* in the **Group Name** +1. Select **OK** + +> [!div class="nextstepaction"] +> [Next: validate and configure a PKI >](hello-cert-trust-validate-pki.md) \ No newline at end of file diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-validate-pki.md index e3340a65c2..5c1373aff0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-validate-pki.md @@ -1,7 +1,7 @@ --- title: Configure and validate the Public Key Infrastructure in an hybrid certificate trust model description: Configure and validate the Public Key Infrastructure when deploying Windows Hello for Business in a hybrid certificate trust model. -ms.date: 01/03/2023 +ms.date: 12/15/2023 appliesto: - ✅ Windows 11 - ✅ Windows 10 diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md index 754b52a3a5..bd31955a65 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md @@ -1,7 +1,7 @@ --- title: Windows Hello for Business hybrid certificate trust deployment description: Learn how to deploy Windows Hello for Business in a hybrid certificate trust scenario. -ms.date: 03/16/2023 +ms.date: 12/15/2023 appliesto: - ✅ Windows 11 - ✅ Windows 10 @@ -51,8 +51,6 @@ The hybrid-certificate trust deployment needs an *Microsoft Entra ID P1 or P2* s > [!IMPORTANT] > Windows Hello for Business is tied between a user and a device. Both the user and device object must be synchronized between Microsoft Entra ID and Active Directory. - - ### Federated authentication to Microsoft Entra ID Windows Hello for Business hybrid certificate trust doesn't support Microsoft Entra ID *Pass-through Authentication* (PTA) or *password hash sync* (PHS).\ @@ -91,8 +89,6 @@ The enterprise PKI and a certificate registration authority (CRA) are required t During Windows Hello for Business provisioning, users receive a sign-in certificate through the CRA. - - ### Multifactor authentication The Windows Hello for Business provisioning process lets a user enroll in Windows Hello for Business using their user name and password as one factor, but requires a second factor of authentication.\ diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index 0d5ed158f7..c9c9503992 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -1,7 +1,7 @@ --- title: Windows Hello for Business hybrid certificate trust clients configuration and enrollment description: Learn how to configure devices and enroll them in Windows Hello for Business in a hybrid certificate trust scenario. -ms.date: 01/03/2023 +ms.date: 12/15/2023 ms.topic: tutorial --- diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md index 2a40af9e7f..03183dda2d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md @@ -1,7 +1,7 @@ --- title: Configure Active Directory Federation Services in a hybrid certificate trust model description: Learn how to configure Active Directory Federation Services to support the Windows Hello for Business hybrid certificate trust model. -ms.date: 01/03/2023 +ms.date: 12/15/2023 appliesto: - ✅ Windows 11 - ✅ Windows 10 @@ -10,6 +10,7 @@ appliesto: - ✅ Windows Server 2016 ms.topic: tutorial --- + # Configure Active Directory Federation Services - hybrid certificate trust [!INCLUDE [hello-hybrid-key-trust](./includes/hello-hybrid-cert-trust.md)] diff --git a/windows/security/identity-protection/hello-for-business/includes/dc-certificate-deployment.md b/windows/security/identity-protection/hello-for-business/includes/dc-certificate-deployment.md index 6059c8bb03..07d8c9cc38 100644 --- a/windows/security/identity-protection/hello-for-business/includes/dc-certificate-deployment.md +++ b/windows/security/identity-protection/hello-for-business/includes/dc-certificate-deployment.md @@ -1,5 +1,5 @@ --- -ms.date: 12/28/2022 +ms.date: 12/15/2023 ms.topic: include --- diff --git a/windows/security/identity-protection/hello-for-business/includes/dc-certificate-supersede.md b/windows/security/identity-protection/hello-for-business/includes/dc-certificate-supersede.md index 20f8012d88..92853ac52e 100644 --- a/windows/security/identity-protection/hello-for-business/includes/dc-certificate-supersede.md +++ b/windows/security/identity-protection/hello-for-business/includes/dc-certificate-supersede.md @@ -1,5 +1,5 @@ --- -ms.date: 12/28/2022 +ms.date: 12/15/2023 ms.topic: include --- @@ -30,4 +30,3 @@ However, the certificate template and the superseding of certificate templates i >To see all certificates in the NTAuth store, use the following command: > > `Certutil -viewstore -enterprise NTAuth` - diff --git a/windows/security/identity-protection/hello-for-business/includes/dc-certificate-template.md b/windows/security/identity-protection/hello-for-business/includes/dc-certificate-template.md index 1fff52b89c..9c85020231 100644 --- a/windows/security/identity-protection/hello-for-business/includes/dc-certificate-template.md +++ b/windows/security/identity-protection/hello-for-business/includes/dc-certificate-template.md @@ -1,5 +1,5 @@ --- -ms.date: 12/28/2022 +ms.date: 12/15/2023 ms.topic: include --- @@ -27,25 +27,14 @@ Sign in to a CA or management workstations with *Domain Administrator* equivalen 1. Open the **Certification Authority** management console 1. Right-click **Certificate Templates > Manage** 1. In the **Certificate Template Console**, right-click the **Kerberos Authentication** template in the details pane and select **Duplicate Template** -1. On the **Compatibility** tab: - - Clear the **Show resulting changes** check box - - Select **Windows Server 2016** from the **Certification Authority** list - - Select **Windows 10 / Windows Server 2016** from the **Certificate Recipient** list -1. On the **General** tab - - Type *Domain Controller Authentication (Kerberos)* in Template display name - - Adjust the validity and renewal period to meet your enterprise's needs - > [!NOTE] - > If you use different template names, you'll need to remember and substitute these names in different portions of the lab. -1. On the **Subject Name** tab: - - Select the **Build from this Active Directory information** button if it isn't already selected - - Select **None** from the **Subject name format** list - - Select **DNS name** from the **Include this information in alternate subject** list - - Clear all other items -1. On the **Cryptography** tab: - - Select **Key Storage Provider** from the **Provider Category** list - - Select **RSA** from the **Algorithm name** list - - Type *2048* in the **Minimum key size** text box - - Select **SHA256** from the **Request hash** list -1. Select **OK** -1. Close the console +1. Use the following table to configure the template: + | Tab Name | Configurations | + | --- | --- | + | *Compatibility* |
  • Clear the **Show resulting changes** check box
  • Select **Windows Server 2016** from the *Certification Authority list*
  • Select **Windows 10 / Windows Server 2016** from the *Certification Recipient list*
| + | *General* |
  • Specify a **Template display name**, for example *Domain Controller Authentication (Kerberos)*
  • Set the validity period to the desired value
  • Take note of the template name for later, which should be the same as the Template display name minus spaces
| + | *Subject Name* |
  • Select **Build from this Active Directory information**
  • Select **None** from the **Subject name format** list
  • Select **DNS name** from the **Include this information in alternate subject** list
  • Clear all other items
| + |*Cryptography*|