deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-19 16:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into siosulli-privacy

Browse Source
This commit is contained in:
Sinead O'Sullivan 2020-06-07 09:32:32 +01:00
commit b3bfe7afd5
15 changed files with 464 additions and 781 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
.openpublishing.redirection.json
View File

Binary file not shown.

254
mdop/appv-v5/app-v-51-supported-configurations.md
View File

@ -40,48 +40,16 @@ The App-V 5.1 Server does not support the following scenarios:
The following table lists the operating systems that are supported for the App-V 5.1 Management server installation.
**Note**  
Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). See [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976) for more information.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Operating system</th>
<th align="left">Service Pack</th>
<th align="left">System architecture</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Microsoft Windows Server 2016</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows Server 2012 R2</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Microsoft Windows Server 2012</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows Server 2008 R2</p></td>
<td align="left"><p>SP1</p></td>
<td align="left"><p>64-bit</p></td>
</tr>
</tbody>
</table>
> [!NOTE]
> Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). See [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976) for more information.
| Operating System | Service Pack | System Architecture |
|----------------------------------|--------------|---------------------|
| Microsoft Windows Server 2019 | | 64-bit |
| Microsoft Windows Server 2016 | | 64-bit |
| Microsoft Windows Server 2012 R2 | | 64-bit |
| Microsoft Windows Server 2012 | | 64-bit |
| Microsoft Windows Server 2008 R2 [Extended Security Update](https://www.microsoft.com/windows-server/extended-security-updates)| SP1 | 64-bit |
**Important**  
@ -155,44 +123,13 @@ For more information on user configuration files with SQL server 2016 or later,
The following table lists the operating systems that are supported for the App-V 5.1 Publishing server installation.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Operating system</th>
<th align="left">Service Pack</th>
<th align="left">System architecture</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Microsoft Windows Server 2016</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows Server 2012 R2</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Microsoft Windows Server 2012</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows Server 2008 R2</p></td>
<td align="left"><p>SP1</p></td>
<td align="left"><p>64-bit</p></td>
</tr>
</tbody>
</table>
| Operating System | Service Pack | System Architecture |
|----------------------------------|--------------|---------------------|
| Microsoft Windows Server 2019 | | 64-bit |
| Microsoft Windows Server 2016 | | 64-bit |
| Microsoft Windows Server 2012 R2 | | 64-bit |
| Microsoft Windows Server 2012 | | 64-bit |
| Microsoft Windows Server 2008 R2 [Extended Security Update](https://www.microsoft.com/windows-server/extended-security-updates) | SP1 | 64-bit |
### <a href="" id="publishing-server-hardware-requirements-"></a>Publishing server hardware requirements
@ -208,44 +145,13 @@ App-V adds no additional requirements beyond those of Windows Server.
The following table lists the operating systems that are supported for the App-V 5.1 Reporting server installation.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Operating system</th>
<th align="left">Service Pack</th>
<th align="left">System architecture</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Microsoft Windows Server 2016</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows Server 2012 R2</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Microsoft Windows Server 2012</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows Server 2008 R2</p></td>
<td align="left"><p>SP1</p></td>
<td align="left"><p>64-bit</p></td>
</tr>
</tbody>
</table>
| Operating System | Service Pack | System Architecture |
|----------------------------------|--------------|---------------------|
| Microsoft Windows Server 2019 | | 64-bit |
| Microsoft Windows Server 2016 | | 64-bit |
| Microsoft Windows Server 2012 R2 | | 64-bit |
| Microsoft Windows Server 2012 | | 64-bit |
| Microsoft Windows Server 2008 R2 [Extended Security Update](https://www.microsoft.com/windows-server/extended-security-updates) | SP1 | 64-bit |
### <a href="" id="reporting-server-hardware-requirements-"></a>Reporting server hardware requirements
@ -309,7 +215,8 @@ The following table lists the SQL Server versions that are supported for the App
The following table lists the operating systems that are supported for the App-V 5.1 client installation.
**Note:** With the Windows 10 Anniversary release (aka 1607 version), the App-V client is in-box and will block installation of any previous version of the App-V client
> [!NOTE]
> With the Windows 10 Anniversary release (aka 1607 version), the App-V client is in-box and will block installation of any previous version of the App-V client
<table>
<colgroup>
@ -368,44 +275,13 @@ The following list displays the supported hardware configuration for the App-V 5
The following table lists the operating systems that are supported for App-V 5.1 Remote Desktop Services (RDS) client installation.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Operating system</th>
<th align="left">Service Pack</th>
<th align="left">System architecture</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Microsoft Windows Server 2016</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows Server 2012 R2</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Microsoft Windows Server 2012</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows Server 2008 R2</p></td>
<td align="left"><p>SP1</p></td>
<td align="left"><p>64-bit</p></td>
</tr>
</tbody>
</table>
| Operating System | Service Pack | System Architecture |
|----------------------------------|--------------|---------------------|
| Microsoft Windows Server 2019 | | 64-bit |
| Microsoft Windows Server 2016 | | 64-bit |
| Microsoft Windows Server 2012 R2 | | 64-bit |
| Microsoft Windows Server 2012 | | 64-bit |
| Microsoft Windows Server 2008 R2 [Extended Security Update](https://www.microsoft.com/windows-server/extended-security-updates) | SP1 | 64-bit |
### Remote Desktop Services client hardware requirements
@ -421,59 +297,16 @@ App-V adds no additional requirements beyond those of Windows Server.
The following table lists the operating systems that are supported for the App-V 5.1 Sequencer installation.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Operating system</th>
<th align="left">Service pack</th>
<th align="left">System architecture</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Microsoft Windows Server 2016</p></td>
<td align="left"></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows Server 2012 R2</p></td>
<td align="left"></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Microsoft Windows Server 2012</p></td>
<td align="left"><p></p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows Server 2008 R2</p></td>
<td align="left"><p>SP1</p></td>
<td align="left"><p>64-bit</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Microsoft Windows 10</p></td>
<td align="left"><p></p></td>
<td align="left"><p>32-bit and 64-bit</p></td>
</tr>
<tr class="even">
<td align="left"><p>Microsoft Windows 8.1</p></td>
<td align="left"><p></p></td>
<td align="left"><p>32-bit and 64-bit</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Microsoft Windows 7</p></td>
<td align="left"><p>SP1</p></td>
<td align="left"><p>32-bit and 64-bit</p></td>
</tr>
</tbody>
</table>
| Operating System | Service Pack | System Architecture |
|----------------------------------|--------------|---------------------|
| Microsoft Windows Server 2019 | | 64-bit |
| Microsoft Windows Server 2016 | | 64-bit |
| Microsoft Windows Server 2012 R2 | | 64-bit |
| Microsoft Windows Server 2012 | | 64-bit |
| Microsoft Windows Server 2008 R2 [Extended Security Update](https://www.microsoft.com/windows-server/extended-security-updates) | SP1 | 64-bit |
| Microsoft Windows 10 | | 32-bit and 64-bit |
| Microsoft Windows 8.1 | | 32-bit and 64-bit |
| Microsoft Windows 7 | SP1 | 32-bit and 64-bit |
### Sequencer hardware requirements
@ -491,7 +324,8 @@ The App-V client supports the following versions of System Center Configuration
The following App-V and System Center Configuration Manager version matrix shows all officially supported combinations of App-V and Configuration Manager.
**Note:** Both App-V 4.5 and 4.6 have exited Mainstream support.
> [!NOTE]
> Both App-V 4.5 and 4.6 have exited Mainstream support.
<table>
<colgroup>

12
windows/application-management/app-v/appv-supported-configurations.md
View File

@ -104,17 +104,7 @@ Similarly, the App-V Remote Desktop Services (RDS) client is included with Windo
## Sequencer system requirements
The following table lists the operating systems that the App-V Sequencer installation supports.
|Operating system|Service pack|System architecture|
|---|---|---|
|Microsoft Windows Server 2012 R2||64-bit|
|Microsoft Windows Server 2012||64-bit|
|Microsoft Windows Server 2008 R2|SP1|64-bit|
|Microsoft Windows 10||32-bit and 64-bit|
|Microsoft Windows 8.1||32-bit and 64-bit|
|Microsoft Windows 8||32-bit and 64-bit|
|Microsoft Windows 7|SP1|32-bit and 64-bit|
Sequencer is now part of the Windows Assessment and Deployment Kit (Windows ADK). [Download the latest Windows ADK](https://docs.microsoft.com/windows-hardware/get-started/adk-install) that is recommended for your version of the Windows OS.
### Sequencer hardware requirements

6
windows/deployment/TOC.yml
View File

@ -45,6 +45,10 @@
href: update/waas-servicing-strategy-windows-10-updates.md
- name: Best practices for feature updates on mission-critical devices
href: update/feature-update-mission-critical.md
- name: Windows 10 deployment considerations
href: planning/windows-10-deployment-considerations.md
- name: Windows 10 infrastructure requirements
href: planning/windows-10-infrastructure-requirements.md
- name: Plan for volume activation
href: volume-activation/plan-for-volume-activation-client.md
- name: Features removed or planned for replacement
@ -238,8 +242,6 @@
href: update/windows-update-overview.md
- name: Servicing stack updates
href: update/servicing-stack-updates.md
- name: How Windows Update works
href: update/how-windows-update-works.md
- name: Additional Windows Update settings
href: update/waas-wu-settings.md
- name: Delivery Optimization reference

88
windows/deployment/index.yml
View File

@ -29,12 +29,38 @@ landingContent:
- text: Windows 10 deployment scenarios
url: windows-10-deployment-scenarios.md
- linkListType: get-started
- linkListType: quickstart
links:
- text: Demonstrate Autopilot deployment
url: windows-autopilot/demonstrate-deployment-on-vm.md
- text: Deploy Windows 10 in a test lab
url: windows-10-poc.md
- linkListType: architecture
links:
- text: Windows 10 deployment considerations
url: planning/windows-10-deployment-considerations.md
- text: Windows 10 infrastructure requirements
url: planning/windows-10-infrastructure-requirements.md
- text: Windows 10 features lifecycle
url: planning/features-lifecycle.md
- text: Plan for volume activation
url: volume-activation/plan-for-volume-activation-client.md
- linkListType: how-to-guide
links:
- text: Prepare for Zero Touch Installation with Configuration Manager
url: deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
- text: Prepare to deploy Windows 10 with MDT
url: deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
- linkListType: deploy
links:
- text: Windows Autopilot scenarios and capabilities
url: windows-autopilot/windows-autopilot-scenarios.md
- text: Deploy Windows 10 to a new device with Configuration Manager
url: deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
- text: Deploy a Windows 10 image using MDT
url: deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
- text: Resolve Windows 10 upgrade errors
url: upgrade/resolve-windows-10-upgrade-errors.md
# Card (optional)
- title: Update Windows 10
@ -49,11 +75,6 @@ landingContent:
links:
- text: Servicing the Windows 10 operating system
url: update/waas-servicing-strategy-windows-10-updates.md
# Card (optional)
- title: Deployment planning
linkLists:
- linkListType: architecture
links:
- text: Create a deployment plan
@ -66,50 +87,61 @@ landingContent:
url: update/plan-determine-app-readiness.md
- text: Define your servicing strategy
url: update/waas-servicing-strategy-windows-10-updates.md
# Card
- title: Prepare to deploy Windows 10
linkLists:
- linkListType: how-to-guide
links:
- text: Prepare for Zero Touch Installation with Configuration Manager
url: deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
- text: Prepare to deploy Windows 10 with MDT
url: deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
- text: Evaluate and update infrastructure
url: update/update-policies.md
- text: Build a successful servicing strategy
url: update/waas-deployment-rings-windows-10-updates.md
# Card
- title: Deploy and update Windows 10
linkLists:
- linkListType: deploy
links:
- text: Windows Autopilot scenarios and capabilities
url: windows-autopilot/windows-autopilot-scenarios.md
- text: Deploy Windows 10 to a new device with Configuration Manager
url: deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
- text: Deploy a Windows 10 image using MDT
url: deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
- text: Assign devices to servicing channels
url: update/waas-servicing-channels-windows-10-updates.md
- text: Deploy Windows 10 updates
url: update/waas-servicing-channels-windows-10-updates.md
- text: Resolve Windows 10 upgrade errors
url: upgrade/resolve-windows-10-upgrade-errors.md
- text: Troubleshoot Windows Update
url: update/windows-update-troubleshooting.md
# Card (optional)
- title: Windows 10 resources
- title: Resources
linkLists:
- linkListType: reference
links:
- text: How does Windows Update work?
url: update/how-windows-update-works.md
- text: Unified Update Platform (UUP) architecture
url: update/windows-update-overview.md#unified-update-platform-uup-architecture
- text: Servicing stack updates
url: update/servicing-stack-updates.md
- text: Manage additional Windows Update setings
url: update/waas-wu-settings.md
- text: Delivery Optimization reference
url: update/waas-delivery-optimization-reference.md
- text: Convert an MBR partition to GPT
url: mbr-to-gpt.md
- text: VAMT technical reference
url: volume-activation/volume-activation-management-tool.md
- text: User State Migration Tool (USMT) overview
url: usmt/usmt-overview.md
- linkListType: learn
links:
- text: Windows 10 release information
url: https://docs.microsoft.com/windows/release-information/
- text: What's new in Windows 10
url: https://docs.microsoft.com/windows/whats-new/
- text: Microsoft 365 for enterprise documention
url: https://docs.microsoft.com/microsoft-365/enterprise/
- text: Microsoft Surface documentation
url: https://docs.microsoft.com/surface/
- text: Evaluate Windows 10 Enterprise
url: https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise
- text: Microsoft FastTrack cloud solutions
url: https://www.microsoft.com/fasttrack/
- text: Microsoft Intune documentation
url: https://docs.microsoft.com/mem/intune/
- text: Microsoft Endpoint Configuration Manager documentation
url: https://docs.microsoft.com/mem/configmgr/
- text: Windows 10 Enterprise Security
url: https://docs.microsoft.com/windows/security/
- text: Desktop Deployment Center
url: https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home

38
windows/deployment/planning/windows-10-deployment-considerations.md
View File

@ -10,7 +10,8 @@ ms.prod: w10
ms.localizationpriority: medium
ms.mktglfcycl: plan
ms.sitesec: library
audience: itpro author: greg-lindsay
audience: itpro
author: greg-lindsay
ms.topic: article
---
@ -75,24 +76,19 @@ Windows 10 also introduces two additional scenarios that organizations should c
</table>
 
## Migration from previous Windows versions
For existing PCs running Windows 7 or Windows 8.1, in-place upgrade is the recommended method for Windows 10 deployment and should be used whenever possible. Although wipe-and-load (OS refresh) deployments are still fully supported (and necessary in some scenarios, as mentioned previously), in-place upgrade is simpler and faster, and enables a faster Windows 10 deployment overall.
Note that the original Windows 8 release is only supported until January 2016. Organizations that do not think they can complete a full Windows 10 migration by that date should deploy Windows 8.1 now and consider Windows 10 after Windows 8 has been removed from the environment.
The original Windows 8 release was only supported until January 2016. For devices running Windows 8.0, you can update to Windows 8.1 and then upgrade to Windows 10.
For existing Windows PCs running Windows Vista, you can perform wipe-and-load (OS refresh) deployments when you use compatible hardware.
Note that to take advantage of the limited-time free upgrade offer for PCs running Windows 7, Windows 8, or Windows 8.1, you must leverage an in-place upgrade, either from Windows Update or by using the upgrade media available from the [Windows 10 software download page](https://go.microsoft.com/fwlink/p/?LinkId=625073) to acquire a new Windows 10 license from the Windows Store. For more information, refer to the [Windows 10 FAQ](https://go.microsoft.com/fwlink/p/?LinkId=625074).
For PCs running operating systems older than Windows 7, you can perform wipe-and-load (OS refresh) deployments when you use compatible hardware.
For organizations with Software Assurance for Windows, both in-place upgrade or wipe-and-load can be leveraged (with in-place upgrade being the preferred method, as previously discussed).
For organizations that do not take advantage of the free upgrade offer and are not enrolled in Software Assurance for Windows, Windows 10 upgrade licenses are available for purchase through existing Volume License (VL) agreements.
## Setup of new computers
For organizations that did not take advantage of the free upgrade offer and are not enrolled in Software Assurance for Windows, Windows 10 upgrade licenses are available for purchase through existing Volume License (VL) agreements.
## Setting up new computers
For new computers acquired with Windows 10 preinstalled, you can leverage dynamic provisioning scenarios to transform the device from its initial state into a fully-configured organization PC. There are two primary dynamic provisioning scenarios you can use:
@ -103,35 +99,27 @@ For new computers acquired with Windows 10 preinstalled, you can leverage dynam
In either of these scenarios, you can make a variety of configuration changes to the PC:
- Transform the edition (SKU) of Windows 10 that is in use.
- Apply configuration and settings to the device (for example, security settings, device restrictions, policies, Wi-Fi and VPN profiles, certificates, and so on).
- Install apps, language packs, and updates.
- Enroll the device in a management solution (applicable for IT admin-driven scenarios, configuring the device just enough to allow the management tool to take over configuration and ongoing management).
## Stay up to date
For computers already running Windows 10 on the Semi-Annual Channel, new upgrades will periodically be deployed, approximately two to three times per year. You can deploy these upgrades by using a variety of methods:
For computers already running Windows 10 on the Semi-Annual Channel, new upgrades will be deployed two times per year. You can deploy these upgrades by using a variety of methods:
- Windows Update or Windows Update for Business, for devices where you want to receive updates directly from the Internet.
- Windows Server Update Services (WSUS), for devices configured to pull updates from internal servers after they are approved (deploying like an update).
- Configuration Manager task sequences.
- Configuration Manager software update capabilities (deploying like an update).
- Windows Server Update Services (WSUS), for devices configured to pull updates from internal servers after they are approved (deploying like an update). Note that this will require updates to WSUS, which are only available for Windows Server 2012 and Windows Server 2012 R2, not previous versions.
These upgrades (which are installed differently than monthly updates) leverage an in-place upgrade process. Unlike updates, which are relatively small, these upgrades will include a full operating system image (around 3 GB for 64-bit operating systems), which requires time (1-2 hours) and disk space (approximately 10 GB) to complete. Ensure that the deployment method you use can support the required network bandwidth and/or disk space requirements.
- System Center Configuration Manager task sequences (with Configuration Manager 2012, 2012 R2, and later versions).
- System Center Configuration Manager vNext software update capabilities (deploying like an update).
Note that these upgrades (which are installed differently than monthly updates) will leverage an in-place upgrade process. Unlike updates, which are relatively small, these upgrades will include a full operating system image (around 3 GB for 64-bit operating systems), which requires time (1-2 hours) and disk space (approximately 10 GB) to complete. Ensure that the deployment method you use can support the required network bandwidth and/or disk space requirements.
Over time, this upgrade process will be optimized to reduce the overall time and network bandwidth consumed.
The upgrade process is also optimized to reduce the overall time and network bandwidth consumed.
## Related topics
[Windows 10 compatibility](windows-10-compatibility.md)
[Windows 10 compatibility](windows-10-compatibility.md)<br>
[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md)
 

40
windows/deployment/planning/windows-10-infrastructure-requirements.md
View File

@ -26,38 +26,24 @@ There are specific infrastructure requirements to deploy and manage Windows 10
## High-level requirements
For initial Windows 10 deployments, as well as subsequent Windows 10 upgrades, ensure that sufficient disk space is available for distribution of the Windows 10 installation files (about 3 GB for Windows 10 x64 images, slightly smaller for x86). Also, be sure to take into account the network impact of moving these large images to each PC; you may need to leverage local server storage.
For persistent VDI environments, carefully consider the I/O impact from upgrading large numbers of PCs in a short period of time. Ensure that upgrades are performed in smaller numbers, or during off-peak time periods. (For pooled VDI environments, a better approach is to replace the base image with a new version.)
## Deployment tools
A new version of the Assessment and Deployment Toolkit (ADK) has been released to support Windows 10. This new version, available for download [here](https://go.microsoft.com/fwlink/p/?LinkId=526740), is required for Windows 10; you should not use earlier versions of the ADK to deploy Windows 10. It also supports the deployment of Windows 7, Windows 8, and Windows 8.1.
The latest version of the Windows Assessment and Deployment Toolkit (ADK) is available for download [here](https://docs.microsoft.com/windows-hardware/get-started/adk-install).
Significant enhancements in the ADK for Windows 10 include new runtime provisioning capabilities, which leverage the Windows Imaging and Configuration Designer (Windows ICD), as well as updated versions of existing deployment tools (DISM, USMT, Windows PE, and more).
Microsoft Deployment Toolkit 2013 Update 1, available for download [here](https://go.microsoft.com/fwlink/p/?LinkId=625079), has also been updated to support Windows 10 and the new ADK; older versions do not support Windows 10. New in this release is task sequence support for Windows 10 in-place upgrades.
The latest version of the Microsoft Deployment Toolkit (MDT) is available for download [here](https://docs.microsoft.com/mem/configmgr/mdt/release-notes).
For System Center Configuration Manager, Windows 10 support is offered with various releases:
| Release | Windows 10 management? | Windows 10 deployment? |
|---------------------------------------------|------------------------|------------------------------------------------|
| System Center Configuration Manager 2007 | Yes, with a hotfix | No |
| System Center Configuration Manager 2012 | Yes, with SP2 and CU1 | Yes, with SP2, CU1, and the ADK for Windows 10 |
| System Center Configuration Manager 2012 R2 | Yes, with SP1 and CU1 | Yes, with SP1, CU1, and the ADK for Windows 10 |
> [!NOTE]
> Configuration Manager 2012 supports Windows 10 version 1507 (build 10.0.10240) and 1511 (build 10.0.10586) for the lifecycle of these builds. Future releases of Windows 10 CB/CBB are not supported With Configuration Manager 2012, and will require Microsoft Endpoint Configuration Manager current branch for supported management.
 
For Configuration Manager, Windows 10 version specific support is offered with [various releases](https://docs.microsoft.com/mem/configmgr/core/plan-design/configs/support-for-windows-10).
For more details about Microsoft Endpoint Configuration Manager support for Windows 10, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](../deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
## Management tools
In addition to Microsoft Endpoint Configuration Manager, Windows 10 also leverages other tools for management. For Windows Server and Active Directory, existing supported versions are fully supported for Windows 10. New Group Policy templates will be needed to configure new settings available in Windows 10; these templates are available in the Windows 10 media images, and are available as a separate download [here](https://go.microsoft.com/fwlink/p/?LinkId=625081). See [Group Policy settings reference](https://go.microsoft.com/fwlink/p/?LinkId=625082) for a list of the new and modified policy settings. If you are using a central policy store, follow the steps outlined [here](https://go.microsoft.com/fwlink/p/?LinkId=625083) to update the ADMX files stored in that central store.
No new Active Directory schema updates or specific functional levels are currently required for core Windows 10 product functionality, although subsequent upgrades could require these to support new features.
@ -72,8 +58,6 @@ Microsoft Desktop Optimization Pack (MDOP) has been updated to support Windows 
| Microsoft BitLocker Administration and Monitoring (MBAM) | MBAM 2.5 SP1 (2.5 is OK) |
| User Experience Virtualization (UE-V) | UE-V 2.1 SP1 |
 
For more information, see the [MDOP TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=625090).
For devices you manage with mobile device management (MDM) solutions such as Microsoft Intune, existing capabilities (provided initially in Windows 8.1) are fully supported in Windows 10; new Windows 10 MDM settings and capabilities will require updates to the MDM services. See [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkId=625084) for more information.
@ -81,20 +65,17 @@ For devices you manage with mobile device management (MDM) solutions such as Mic
Windows Server Update Services (WSUS) requires some additional configuration to receive updates for Windows 10. Use the Windows Server Update Services admin tool and follow these instructions:
1. Select the **Options** node, and then click **Products and Classifications**.
2. In the **Products** tree, select the **Windows 10** and **Windows 10 LTSB** products and any other Windows 10-related items that you want. Click **OK**.
3. From the **Synchronizations** node, right-click and choose **Synchronize Now**.
![figure 1](images/fig4-wsuslist.png)
Figure 1. WSUS product list with Windows 10 choices
WSUS product list with Windows 10 choices
Because Windows 10 updates are cumulative in nature, each months new update will supersede the previous month's. Consider leveraging “express installation” packages to reduce the size of the payload that needs to be sent to each PC each month; see [Express installation files](https://go.microsoft.com/fwlink/p/?LinkId=625086) for more information. (Note that this will increase the amount of disk storage needed by WSUS, and impacts all operating systems being managed with WSUS.)
## Activation
Windows 10 volume license editions of Windows 10 will continue to support all existing activation methods (KMS, MAK, and AD-based activation). An update will be required for existing KMS servers:
| Product | Required update |
@ -104,26 +85,21 @@ Windows 10 volume license editions of Windows 10 will continue to support all
| Windows Server 2012 and Windows 8 | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) |
| Windows Server 2008 R2 and Windows 7 | [https://support.microsoft.com/kb/3079821](https://support.microsoft.com/kb/3079821) |
 
Also see: [Windows Server 2016 Volume Activation Tips](https://blogs.technet.microsoft.com/askcore/2016/10/19/windows-server-2016-volume-activation-tips/)
Additionally, new product keys will be needed for all types of volume license activation (KMS, MAK, and AD-based Activation); these keys are available on the Volume Licensing Service Center (VLSC) for customers with rights to the Windows 10 operating system. To find the needed keys:
- Sign into the [Volume Licensing Service Center (VLSC)](https://go.microsoft.com/fwlink/p/?LinkId=625088) at with a Microsoft account that has appropriate rights.
- For KMS keys, click **Licenses** and then select **Relationship Summary**. Click the appropriate active license ID, and then select **Product Keys** near the right side of the page. For KMS running on Windows Server, find the **Windows Srv 2012R2 DataCtr/Std KMS for Windows 10** product key; for KMS running on client operating systems, find the **Windows 10** product key.
- For MAK keys, click **Downloads and Keys**, and then filter the list by using **Windows 10** as a product. Click the **Key** link next to an appropriate list entry (for example, **Windows 10 Enterprise** or **Windows 10 Enterprise LTSB**) to view the available MAK keys. (You can also find keys for KMS running on Windows 10 in this list. These keys will not work on Windows servers running KMS.)
Note that Windows 10 Enterprise and Windows 10 Enterprise LTSB installations use different MAK keys. But you can use the same KMS server or Active Directory-based activation environment for both; the KMS keys obtained from the Volume Licensing Service Center will work with both.
Note that Windows 10 Enterprise and Windows 10 Enterprise LTSC installations use different MAK keys. But you can use the same KMS server or Active Directory-based activation environment for both; the KMS keys obtained from the Volume Licensing Service Center will work with both.
## Related topics
[Windows 10 servicing options](../update/waas-servicing-strategy-windows-10-updates.md)
<BR>[Windows 10 deployment considerations](windows-10-deployment-considerations.md)
<BR>[Windows 10 compatibility](windows-10-compatibility.md)
[Windows 10 servicing options](../update/waas-servicing-strategy-windows-10-updates.md)<br>
[Windows 10 deployment considerations](windows-10-deployment-considerations.md)<br>
[Windows 10 compatibility](windows-10-compatibility.md)<br>
 

313
windows/privacy/index.yml
View File

@ -1,156 +1,191 @@
### YamlMime:YamlDocument
documentType: LandingData
### YamlMime:Hub
title: Windows Privacy
summary: Get ready for General Data Protection Regulation (GDPR) by viewing and configuring Windows diagnostic data in your organization.
brand: m365
metadata:
document_id:
title: Windows Privacy
description: Learn about how privacy is managed in Windows.
keywords: Windows 10, Windows Server, Windows Server 2016, privacy, GDPR, compliance, endpoints
services: windows
ms.product: windows
ms.topic: hub-page # Required
ms.collection: M365-security-compliance
author: danihalfin
ms.author: daniha
manager: dansimp
ms.date: 02/21/2019 #Required; mm/dd/yyyy format.
ms.localizationpriority: high
author: danihalfin
ms.author: daniha
ms.date: 04/25/2018
ms.topic: conceptual
audience: ITPro
manager: dansimp
ms.collection: M365-security-compliance
ms.devlang: na
sections:
- items:
- type: markdown
text: Get ready for General Data Protection Regulation (GDPR) by viewing and configuring Windows diagnostic data in your organization.
- items:
- type: list
style: cards
className: cardsM
columns: 3
# highlightedContent section (optional)
# Maximum of 8 items
highlightedContent:
# itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
items:
# Card
- title: Start with GDPR basics
itemType: get-started
url: gdpr-it-guidance.md
# Card
- title: Configure Windows diagnostic data
itemType: how-to-guide
url: configure-windows-diagnostic-data-in-your-organization.md
# Card
- title: View Windows diagnostic data
itemType: how-to-guide
url: diagnostic-data-viewer-overview.md
- href: \windows\privacy\gdpr-it-guidance
html: <p>Learn about GDPR and how Microsoft helps you get started towards compliance</p>
image:
src: https://docs.microsoft.com/media/common/i_advanced.svg
title: Start with GDPR basics
- href: \windows\privacy\configure-windows-diagnostic-data-in-your-organization
html: <p>Make informed decisions about how you can configure diagnostic data in your organization</p>
image:
src: https://docs.microsoft.com/media/common/i_filter.svg
title: Configure Windows diagnostic data
- href: \windows\privacy\diagnostic-data-viewer-overview
html: <p>Review the Windows diagnostic data sent to Microsoft by device in your organization</p>
image:
src: https://docs.microsoft.com/media/common/i_investigate.svg
title: View Windows diagnostic data
- title: Understand Windows diagnostic data in Windows 10
# productDirectory section (optional)
productDirectory:
title: Understand Windows diagnostic data in Windows 10
summary: For the latest Windows 10 version, learn more about what Windows diagnostic data is collected at various diagnostics levels.
items:
# Card
- title: Basic level events and fields
# imageSrc should be square in ratio with no whitespace
imageSrc: https://docs.microsoft.com/media/common/i_extend.svg
summary: Learn more about basic Windows diagnostic data events and fields collected.
url: basic-level-windows-diagnostic-events-and-fields.md
# Card
- title: Enhanced level events and fields
imageSrc: https://docs.microsoft.com/media/common/i_delivery.svg
summary: Learn more about Windows diagnostic data events and fields used by Windows Analytics.
url: enhanced-diagnostic-data-windows-analytics-events-and-fields.md
# Card
- title: Full level data categories
imageSrc: https://docs.microsoft.com/media/common/i_get-started.svg
summary: Learn more about all Windows diagnostic data collected.
url: windows-diagnostic-data.md
- type: paragraph
# conceptualContent section (optional)
# conceptualContent:
# # itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
# title: sectiontitle # < 60 chars (optional)
# summary: sectionsummary # < 160 chars (optional)
# items:
# # Card
# - title: cardtitle1
# links:
# - url: file1.md OR https://docs.microsoft.com/file1
# itemType: itemType
# text: linktext1
# - url: file2.md OR https://docs.microsoft.com/file2
# itemType: itemType
# text: linktext2
# - url: file3.md OR https://docs.microsoft.com/file3
# itemType: itemType
# text: linktext3
# # footerLink (optional)
# footerLink:
# url: filefooter.md OR https://docs.microsoft.com/filefooter
# text: See more
# # Card
# - title: cardtitle2
# links:
# - url: file1.md OR https://docs.microsoft.com/file1
# itemType: itemType
# text: linktext1
# - url: file2.md OR https://docs.microsoft.com/file2
# itemType: itemType
# text: linktext2
# - url: file3.md OR https://docs.microsoft.com/file3
# itemType: itemType
# text: linktext3
# # footerLink (optional)
# footerLink:
# url: filefooter.md OR https://docs.microsoft.com/filefooter
# text: See more
# # Card
# - title: cardtitle3
# links:
# - url: file1.md OR https://docs.microsoft.com/file1
# itemType: itemType
# text: linktext1
# - url: file2.md OR https://docs.microsoft.com/file2
# itemType: itemType
# text: linktext2
# - url: file3.md OR https://docs.microsoft.com/file3
# itemType: itemType
# text: linktext3
# # footerLink (optional)
# footerLink:
# url: filefooter.md OR https://docs.microsoft.com/filefooter
# text: See more
text: 'For the latest Windows 10 version, learn more about what Windows diagnostic data is collected at various diagnostics levels.'
# # tools section (optional)
# tools:
# title: sectiontitle # < 60 chars (optional)
# summary: sectionsummary # < 160 chars (optional)
# items:
# # Card
# - title: cardtitle1
# # imageSrc should be square in ratio with no whitespace
# imageSrc: ./media/index/image1.svg OR https://docs.microsoft.com/media/logos/image1.svg
# url: file1.md
# # Card
# - title: cardtitle2
# imageSrc: ./media/index/image2.svg OR https://docs.microsoft.com/media/logos/image2.svg
# url: file2.md
# # Card
# - title: cardtitle3
# imageSrc: ./media/index/image3.svg OR https://docs.microsoft.com/media/logos/image3.svg
# url: file3.md
- type: list
style: cards
className: cardsM
columns: 3
items:
- href: \windows\privacy\basic-level-windows-diagnostic-events-and-fields
html: <p>Learn more about basic Windows diagnostic data events and fields collected</p>
image:
src: https://docs.microsoft.com/media/common/i_extend.svg
title: Basic level events and fields
- href: \windows\privacy\enhanced-diagnostic-data-windows-analytics-events-and-fields
html: <p>Learn more about Windows diagnostic data events and fields used by Windows Analytics</p>
image:
src: https://docs.microsoft.com/media/common/i_delivery.svg
title: Enhanced level events and fields
- href: \windows\privacy\windows-diagnostic-data
html: <p>Learn more about all Windows diagnostic data collected</p>
image:
src: https://docs.microsoft.com/media/common/i_get-started.svg
title: Full level data categories
- items:
- type: list
style: cards
className: cardsL
items:
# additionalContent section (optional)
# Card with summary style
# additionalContent:
# # Supports up to 3 sections
# sections:
# - title: sectiontitle # < 60 chars (optional)
# summary: sectionsummary # < 160 chars (optional)
# items:
# # Card
# - title: cardtitle1
# summary: cardsummary1
# url: file1.md OR https://docs.microsoft.com/file1
# # Card
# - title: cardtitle2
# summary: cardsummary2
# url: file1.md OR https://docs.microsoft.com/file2
# # Card
# - title: cardtitle3
# summary: cardsummary3
# url: file1.md OR https://docs.microsoft.com/file3
# # footer (optional)
# footer: "footertext [linktext](https://docs.microsoft.com/footerfile)"
# additionalContent section (optional)
# Card with links style
additionalContent:
# Supports up to 3 sections
sections:
- items:
# Card
- title: More Windows privacy
links:
- text: "Windows 10 & Privacy Compliance: A Guide for IT and Compliance Professionals"
url: Windows-10-and-privacy-compliance.md
- text: Windows 10 personal data services configuration
url: windows-personal-data-services-configuration.md
- text: Beginning your GDPR journey for Windows 10
url: gdpr-win10-whitepaper.md
# Card
- title: View and manage Windows 10 connection endpoints
html: <p><a class="barLink" href="/windows/privacy/manage-windows-endpoints">Manage Windows 10 connection endpoints</a></p>
<p><a class="barLink" href="/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services">Manage connections from Windows to Microsoft services</a></p>
links:
- text: Manage Windows 10 connection endpoints
url: manage-windows-endpoints.md
- text: Manage connection endpoints for non-Enterprise editions of Windows 10
url: windows-endpoints-2004-non-enterprise-editions.md
- text: Manage connections from Windows to Microsoft services
url: manage-connections-from-windows-operating-system-components-to-microsoft-services.md
# Card
- title: Additional resources
html: <p><a class="barLink" href="https://www.microsoft.com/en-us/trustcenter/cloudservices/windows10">Windows 10 on Trust Center</a></p>
<p><a class="barLink" href="https://docs.microsoft.com/microsoft-365/compliance/gdpr">GDPR on Microsoft 365 Compliance solutions</a></p>
<p><a class="barLink" href="https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted">Support for GDPR Accountability on Service Trust Portal</a></p>
links:
- text: Windows 10 on Trust Center
url: https://www.microsoft.com/en-us/trustcenter/cloudservices/windows10
- text: GDPR on Microsoft 365 Compliance solutions
url: https://docs.microsoft.com/microsoft-365/compliance/gdpr
- text: Support for GDPR Accountability on Service Trust Portal
url: https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted
# footer (optional)
# footer: "footertext [linktext](https://docs.microsoft.com/footerfile)"

106
windows/security/index.yml
View File

@ -1,80 +1,38 @@
### YamlMime:YamlDocument
### YamlMime:Hub
documentType: LandingData
title: Windows 10 Enterprise Security
title: Windows 10 Enterprise Security # < 60 chars
summary: Secure corporate data and manage risk. # < 160 chars
# brand: aspnet | azure | dotnet | dynamics | m365 | ms-graph | office | power-bi | power-platform | sql | sql-server | vs | visual-studio | windows | xamarin
brand: windows
metadata:
document_id:
title: Windows 10 Enterprise Security
description: Learn about enterprise-grade security features for Windows 10.
keywords: protect, company, data, Windows, device, app, management, Microsoft365, e5, e3
title: Windows 10 Enterprise Security # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Learn about enterprise-grade security features for Windows 10. # Required; article description that is displayed in search results. < 160 chars.
services: windows
ms.product: windows
ms.topic: hub-page # Required
ms.collection: M365-security-compliance # Optional; Remove if no collection is used.
author: danihalfin #Required; your GitHub user alias, with correct capitalization.
ms.author: daniha #Required; microsoft alias of author; optional team alias.
ms.date: 01/08/2018 #Required; mm/dd/yyyy format.
ms.localizationpriority: high
author: brianlic-msft
ms.author: brianlic
manager: brianlic
ms.date: 08/01/2018
ms.topic: article
ms.devlang: na
sections:
- items:
- type: markdown
text: Secure corporate data and manage risk.
- items:
- type: list
style: cards
className: cardsM
columns: 3
# productDirectory section (optional)
productDirectory:
items:
- href: \windows\security\identity-protection\
html: <p>Deploy secure enterprise-grade authentication and access control to protect accounts and data</p>
image:
src: https://docs.microsoft.com/media/common/i_identity-protection.svg
title: Identity and access management
- href: \windows\security\threat-protection\
html: <p>Stop cyberthreats and quickly identify and respond to breaches</p>
image:
src: https://docs.microsoft.com/media/common/i_threat-protection.svg
title: Threat protection
- href: \windows\security\information-protection\
html: <p>Identify and secure critical data to prevent data loss</p>
image:
src: https://docs.microsoft.com/media/common/i_information-protection.svg
title: Information protection
# Card
- title: Identity and access management
# imageSrc should be square in ratio with no whitespace
imageSrc: https://docs.microsoft.com/media/common/i_identity-protection.svg
summary: Deploy secure enterprise-grade authentication and access control to protect accounts and data
url: ./identity-protection/index.md
# Card
- title: Threat protection
imageSrc: https://docs.microsoft.com/media/common/i_threat-protection.svg
summary: Stop cyberthreats and quickly identify and respond to breaches
url: ./threat-protection/index.md
# Card
- title: Information protection
imageSrc: https://docs.microsoft.com/media/common/i_information-protection.svg
summary: Identify and secure critical data to prevent data loss
url: ./information-protection/index.md

68
windows/security/threat-protection/microsoft-defender-antivirus/oldTOC.md
View File

@ -1,68 +0,0 @@
# [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)
## [Microsoft Defender AV in the Microsoft Defender Security Center app](microsoft-defender-security-center-antivirus.md)
## [Microsoft Defender AV on Windows Server 2016](microsoft-defender-antivirus-on-windows-server-2016.md)
## [Microsoft Defender Antivirus compatibility](microsoft-defender-antivirus-compatibility.md)
### [Use limited periodic scanning in Microsoft Defender AV](limited-periodic-scanning-microsoft-defender-antivirus.md)
## [Evaluate Microsoft Defender Antivirus protection](evaluate-microsoft-defender-antivirus.md)
## [Deploy, manage updates, and report on Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md)
### [Deploy and enable Microsoft Defender Antivirus](deploy-microsoft-defender-antivirus.md)
#### [Deployment guide for VDI environments](deployment-vdi-microsoft-defender-antivirus.md)
### [Report on Microsoft Defender Antivirus protection](report-monitor-microsoft-defender-antivirus.md)
#### [Troubleshoot Microsoft Defender Antivirus reporting in Update Compliance](troubleshoot-reporting.md)
### [Manage updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md)
#### [Manage protection and Security intelligence updates](manage-protection-updates-microsoft-defender-antivirus.md)
#### [Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md)
#### [Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md)
#### [Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md)
#### [Manage updates for mobile devices and VMs](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md)
## [Configure Microsoft Defender Antivirus features](configure-microsoft-defender-antivirus-features.md)
### [Utilize Microsoft cloud-delivered protection](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md)
#### [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md)
#### [Specify the cloud-delivered protection level](specify-cloud-protection-level-microsoft-defender-antivirus.md)
#### [Configure and validate network connections](configure-network-connections-microsoft-defender-antivirus.md)
#### [Enable the Block at First Sight feature](configure-block-at-first-sight-microsoft-defender-antivirus.md)
#### [Configure the cloud block timeout period](configure-cloud-block-timeout-period-microsoft-defender-antivirus.md)
### [Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md)
#### [Detect and block Potentially Unwanted Applications](detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md)
#### [Enable and configure always-on protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md)
### [Configure end-user interaction with Microsoft Defender AV](configure-end-user-interaction-microsoft-defender-antivirus.md)
#### [Configure the notifications that appear on endpoints](configure-notifications-microsoft-defender-antivirus.md)
#### [Prevent users from seeing or interacting with the user interface](prevent-end-user-interaction-microsoft-defender-antivirus.md)
#### [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-microsoft-defender-antivirus.md)
## [Customize, initiate, and review the results of scans and remediation](customize-run-review-remediate-scans-microsoft-defender-antivirus.md)
### [Configure and validate exclusions in Microsoft Defender AV scans](configure-exclusions-microsoft-defender-antivirus.md)
#### [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md)
#### [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md)
#### [Configure exclusions in Microsoft Defender AV on Windows Server 2016](configure-server-exclusions-microsoft-defender-antivirus.md)
### [Configure scanning options in Microsoft Defender AV](configure-advanced-scan-types-microsoft-defender-antivirus.md)
### [Configure remediation for scans](configure-remediation-microsoft-defender-antivirus.md)
### [Configure scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md)
### [Configure and run scans](run-scan-microsoft-defender-antivirus.md)
### [Review scan results](review-scan-results-microsoft-defender-antivirus.md)
### [Run and review the results of a Windows Defender Offline scan](microsoft-defender-offline.md)
## [Review event logs and error codes to troubleshoot issues](troubleshoot-microsoft-defender-antivirus.md)
## [Reference topics for management and configuration tools](configuration-management-reference-microsoft-defender-antivirus.md)
### [Use Group Policy settings to configure and manage Microsoft Defender AV](use-group-policy-microsoft-defender-antivirus.md)
### [Use System Center Configuration Manager and Microsoft Intune to configure and manage Microsoft Defender AV](use-intune-config-manager-microsoft-defender-antivirus.md)
### [Use PowerShell cmdlets to configure and manage Microsoft Defender AV](use-powershell-cmdlets-microsoft-defender-antivirus.md)
### [Use Windows Management Instrumentation (WMI) to configure and manage Microsoft Defender AV](use-wmi-microsoft-defender-antivirus.md)
### [Use the mpcmdrun.exe commandline tool to configure and manage Microsoft Defender AV](command-line-arguments-microsoft-defender-antivirus.md)

2
windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md
View File

@ -31,7 +31,7 @@ While the features will not block or prevent apps, scripts, or files from being
To find the audited entries, go to **Applications and Services** > **Microsoft** > **Windows** > **Windows Defender** > **Operational**.
You can use Windows Defender Advanced Threat Protection to get greater details for each event, especially for investigating attack surface reduction rules. Using the Microsoft Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
You can use Microsoft Defender Advanced Threat Protection to get greater details for each event, especially for investigating attack surface reduction rules. Using the Microsoft Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
This topic provides links that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer.

BIN
windows/security/threat-protection/microsoft-defender-atp/images/configmgr-simple-value.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 52 KiB

After

Width:  |  Height:  |  Size: 65 KiB

2
windows/security/threat-protection/microsoft-defender-atp/onboarding.md
View File

@ -95,7 +95,7 @@ below to onboard systems with Configuration Manager.
![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-criteria.png)
7. Keep criterion type as **simple value**, choose where as **Operating System - build number**, operator as **is equal to** and value **10240** and click on **OK**.
7. Keep criterion type as **simple value**, choose where as **Operating System - build number**, operator as **is greater than or equal to** and value **14393** and click on **OK**.
![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-simple-value.png)

2
windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
View File

@ -28,6 +28,8 @@ Microsoft Defender ATP endpoint detection and response capabilities provide adva
When a threat is detected, alerts are created in the system for an analyst to investigate. Alerts with the same attack techniques or attributed to the same attacker are aggregated into an entity called an _incident_. Aggregating alerts in this manner makes it easy for analysts to collectively investigate and respond to threats.
>[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4o1j5]
Inspired by the "assume breach" mindset, Microsoft Defender ATP continuously collects behavioral cyber telemetry. This includes process information, network activities, deep optics into the kernel and memory manager, user login activities, registry and file system changes, and others. The information is stored for six months, enabling an analyst to travel back in time to the start of an attack. The analyst can then pivot in various views and approach an investigation through multiple vectors.
The response capabilities give you the power to promptly remediate threats by acting on the affected entities.

66
windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
View File

@ -1,66 +0,0 @@
---
title: Configure the Group Policy settings for Microsoft Defender Application Guard (Windows 10)
description: Learn about the available Group Policy settings for Microsoft Defender Application Guard.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.date: 05/27/2020
ms.reviewer:
manager: dansimp
ms.custom: asr
---
# Configure Microsoft Defender Application Guard policy settings
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
Microsoft Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a GPO, which is linked to a domain, and then apply all those settings to every computer in the domain.
Application Guard uses both network isolation and application-specific settings.
## Network isolation settings
These settings, located at **Computer Configuration\Administrative Templates\Network\Network Isolation**, help you define and manage your company's network boundaries. Application Guard uses this information to automatically transfer any requests to access the non-corporate resources into the Application Guard container.
>[!NOTE]
>You must configure either the Enterprise resource domains hosted in the cloud or Private network ranges for apps settings on your employee devices to successfully turn on Application Guard using enterprise mode. Proxy servers must be a neutral resource listed in the "Domains categorized as both work and personal" policy.
|Policy name|Supported versions|Description|
|-----------|------------------|-----------|
|Private network ranges for apps|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.|
|Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Note: This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.|
|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment. Proxies should be added to this list. Note: This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.|
## Network isolation settings wildcards
|Value|Number of dots to the left|Meaning|
|-----|--------------------------|-------|
|`contoso.com`|0|Trust only the literal value of `contoso.com`.|
|`www.contoso.com`|0|Trust only the literal value of `www.contoso.com`.|
|`.contoso.com`|1|Trust any domain that ends with the text `contoso.com`. Matching sites include `spearphishingcontoso.com`, `contoso.com`, and `www.contoso.com`.|
|`..contoso.com`|2|Trust all levels of the domain hierarchy that are to the left of the dot. Matching sites include `shop.contoso.com`, `us.shop.contoso.com`, `www.us.shop.contoso.com`, but NOT `contoso.com` itself.|
## Application-specific settings
These settings, located at **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard**, can help you to manage your company's implementation of Application Guard.
|Name|Supported versions|Description|Options|
|-----------|------------------|-----------|-------|
|Configure Windows Defender Application Guard clipboard settings|Windows 10 Enterprise, 1709 or higher<br><br>Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:<br/>-Disable the clipboard functionality completely when Virtualization Security is enabled.<br/>- Enable copying of certain content from Application Guard into Microsoft Edge.<br/>- Enable copying of certain content from Microsoft Edge into Application Guard. **Important:** Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.<br/><br/>**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.|
|Configure Windows Defender Application Guard print settings|Windows 10 Enterprise, 1709 or higher<br><br>Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:<br/>- Enable Application Guard to print into the XPS format.<br/>- Enable Application Guard to print into the PDF format.<br/>- Enable Application Guard to print to locally attached printers.<br/>- Enable Application Guard to print from previously connected network printers. Employees can't search for additional printers.<br/><br/>**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.<br><br>**Note**<br>Network printers must be published by Active Directory to work in Application Guard.|
|Block enterprise websites to load non-enterprise content in IE and Edge|Windows 10 Enterprise, 1709 or higher|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container. **Note:** This may also block assets cached by CDNs and references to analytics sites. Please add them to the trusted enterprise resources to avoid broken pages.<br><br>**Disabled or not configured.** Prevents Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard.<br><br>**Note**<br>This policy is no longer supported in the 2004 update and later.|
|Allow Persistence|Windows 10 Enterprise, 1709 or higher<br><br>Windows 10 Pro, 1803 or higher|Determines whether data persists across different sessions in Windows Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.<br><br>**Disabled or not configured.** All user data within Application Guard is reset between sessions.<br><br>**Note**<br>If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.<br><br>**To reset the container:**<br/>1. Open a command-line program and navigate to `Windows/System32`.<br/>2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.<br/>3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.|
|Turn on Windows Defender Application Guard in Managed Mode|Windows 10 Enterprise, 1809 or higher|Determines whether to turn on Application Guard for Microsoft Edge and Microsoft Office.|**Enabled.** Turns on Application Guard for Microsoft Edge and/or Microsoft Office, honoring the network isolation settings, rendering non-enterprise domains in the Application Guard container. Be aware that Application Guard won't actually be turned On unless the required prerequisites and network isolation settings are already set on the device. Available options:<br/>- Enable Windows Defender Application Guard only for Microsoft Edge<br/>- Enable Windows Defender Application Guard only for Microsoft Office<br/>- Enable Windows Defender Application Guard for both Microsoft Edge and Microsoft Office<br/><br/>**Disabled.** Turns Off Application Guard, allowing all apps to run in Microsoft Edge and Microsoft Office.|
|Allow files to download to host operating system|Windows 10 Enterprise, 1803 or higher|Determines whether to save downloaded files to the host operating system from the Windows Defender Application Guard container.|**Enabled.** Allows users to save downloaded files from the Windows Defender Application Guard container to the host operating system.<br><br>**Disabled or not configured.** Users are not able to saved downloaded files from Application Guard to the host operating system.|
|Allow hardware-accelerated rendering for Windows Defender Application Guard|Windows 10 Enterprise, 1803 or higher<br><br>Windows 10 Pro, 1803 or higher|Determines whether Windows Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** Windows Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Windows Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Windows Defender Application Guard will automatically revert to software-based (CPU) rendering. **Important:** Be aware that enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.<br><br>**Disabled or not configured.** Windows Defender Application Guard uses software-based (CPU) rendering and wont load any third-party graphics drivers or interact with any connected graphics hardware.|
|Allow camera and microphone access in Windows Defender Application Guard|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher|Determines whether to allow camera and microphone access inside Windows Defender Application Guard.|**Enabled.** Applications inside Windows Defender Application Guard are able to access the camera and microphone on the user's device. **Important:** Be aware that enabling this policy with a potentially compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge.<br><br>**Disabled or not configured.** Applications inside Windows Defender Application Guard are unable to access the camera and microphone on the user's device.|
|Allow Windows Defender Application Guard to use Root Certificate Authorities from a user's device|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher|Determines whether Root Certificates are shared with Windows Defender Application Guard.|**Enabled.** Certificates matching the specified thumbprint are transferred into the container. Use a comma to separate multiple certificates.<br><br>**Disabled or not configured.** Certificates are not shared with Windows Defender Application Guard.|
|Allow users to trust files that open in Windows Defender Application Guard|Windows 10 Enterprise, 1809 or higher|Determines whether users are able to manually trust untrusted files to open them on the host.|**Enabled.** Users are able to manually trust files or trust files after an antivirus check.<br><br>**Disabled or not configured.** Users are unable to manually trust files and files continue to open in Windows Defender Application Guard.|