deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

resolve the conflict

Browse Source
This commit is contained in:
huaping yu 2019-08-23 15:41:45 -07:00
commit b4d699fe97
6 changed files with 71 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.openpublishing.redirection.json
View File

@ -14867,9 +14867,14 @@
"redirect_document_id": true "redirect_document_id": true
}, },
{ {
"source_path": "windows/security/threat-protection/windows-defender-atp/api-power-bi.md", "source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/api-power-bi", "redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-power-bi-app-token",
"redirect_document_id": true "redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-power-bi-app-token.md",
"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/api-power-bi",
"redirect_document_id": true
}, },
{ {
"source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md", "source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md",

22
windows/client-management/mdm/policy-csp-update.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10 ms.prod: w10
ms.technology: windows ms.technology: windows
author: manikadhiman author: manikadhiman
ms.date: 05/21/2019 ms.date: 08/16/2019
ms.reviewer: ms.reviewer:
manager: dansimp manager: dansimp
--- ---
@ -2418,13 +2418,11 @@ The following list shows the supported values:
<!--Validation--> <!--Validation-->
To validate this policy: To validate this policy:
1. Enable the policy ensure the device is on a cellular network. 1. Enable the policy and ensure the device is on a cellular network.
2. Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell: 2. Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell:
- `regd delete HKEY_USERS\S-1-5-21-2702878673-795188819-444038987-2781\software\microsoft\windows\currentversion\windowsupdate /v LastAutoAppUpdateSearchSuccessTime /f` ```TShell
exec-device schtasks.exe -arguments '/run /tn "\Microsoft\Windows\WindowsUpdate\Automatic App Update" /I'
- `exec-device schtasks.exe -arguments ""/run /tn """"\Microsoft\Windows\WindowsUpdate\Automatic App Update"""" /I""` ```
3. Verify that any downloads that are above the download size limit will complete without being paused.
<!--/Validation--> <!--/Validation-->
<!--/Policy--> <!--/Policy-->
@ -2472,11 +2470,6 @@ Added in Windows 10, version 1703. Specifies whether to ignore the MO download
> [!WARNING] > [!WARNING]
> Setting this policy might cause devices to incur costs from MO operators. > Setting this policy might cause devices to incur costs from MO operators.
- `exec-device schtasks.exe -arguments ""/run /tn """"\Microsoft\Windows\WindowsUpdate\AUScheduledInstall"""" /I""`
3. Verify that any downloads that are above the download size limit will complete without being paused.
<!--/Description--> <!--/Description-->
<!--SupportedValues--> <!--SupportedValues-->
The following list shows the supported values: The following list shows the supported values:
@ -2489,7 +2482,10 @@ The following list shows the supported values:
To validate this policy: To validate this policy:
1. Enable the policy and ensure the device is on a cellular network. 1. Enable the policy and ensure the device is on a cellular network.
2. Run the scheduled task on phone to check for OS updates in the background. For example, on a mobile device, run the following commands in TShell: 2. Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell:
```TShell
exec-device schtasks.exe -arguments '/run /tn "\Microsoft\Windows\WindowsUpdate\Automatic App Update" /I'
```
<!--/Validation--> <!--/Validation-->
<!--/Policy--> <!--/Policy-->

78
windows/deployment/update/waas-manage-updates-wsus.md
View File

@ -4,10 +4,9 @@ description: WSUS allows companies to defer, selectively approve, choose when de
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
author: greg-lindsay author: jaimeo
ms.localizationpriority: medium ms.localizationpriority: medium
ms.author: greglin ms.author: jaimeo
ms.date: 10/16/2017
ms.reviewer: ms.reviewer:
manager: laurawi manager: laurawi
ms.topic: article ms.topic: article
@ -23,9 +22,8 @@ ms.topic: article
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
>[!IMPORTANT] >[!IMPORTANT]
>Due to [naming changes](waas-overview.md#naming-changes), older terms like CB and CBB might still be displayed in some of our products, such as in Group Policy. If you encounter these terms, "CB" refers to the Semi-Annual Channel (Targeted)--which is no longer used--while "CBB" refers to the Semi-Annual Channel. >Due to [naming changes](waas-overview.md#naming-changes), older terms like CB and CBB might still be displayed in some of our products, such as in Group Policy or the registry. If you encounter these terms, "CB" refers to the Semi-Annual Channel (Targeted)--which is no longer used--while "CBB" refers to the Semi-Annual Channel.
>
>In the following settings CB refers to Semi-Annual Channel (Targeted), while CBB refers to Semi-Annual Channel.
WSUS is a Windows Server role available in the Windows Server operating systems. It provides a single hub for Windows updates within an organization. WSUS allows companies not only to defer updates but also to selectively approve them, choose when theyre delivered, and determine which individual devices or groups of devices receive them. WSUS provides additional control over Windows Update for Business but does not provide all the scheduling options and deployment flexibility that System Center Configuration Manager provides. WSUS is a Windows Server role available in the Windows Server operating systems. It provides a single hub for Windows updates within an organization. WSUS allows companies not only to defer updates but also to selectively approve them, choose when theyre delivered, and determine which individual devices or groups of devices receive them. WSUS provides additional control over Windows Update for Business but does not provide all the scheduling options and deployment flexibility that System Center Configuration Manager provides.
@ -35,35 +33,23 @@ When you choose WSUS as your source for Windows updates, you use Group Policy to
## Requirements for Windows 10 servicing with WSUS ## Requirements for Windows 10 servicing with WSUS
To be able to use WSUS to manage and deploy Windows 10 feature updates, you must have WSUS 4.0, which is available in the Windows Server 2012 R2 and Windows Server 2012 operating systems. In addition to WSUS 4.0, you must install the [KB3095113](https://support.microsoft.com/kb/3095113) and [KB3159706](https://support.microsoft.com/kb/3159706) patches on the WSUS server. To be able to use WSUS to manage and deploy Windows 10 feature updates, you must use a supported WSUS version:
- WSUS 10.0.14393 (role in Windows Server 2016)
- WSUS 10.0.17763 (role in Windows Server 2019)
- WSUS 6.2 and 6.3 (role in Windows Server 2012 and Windows Server 2012 R2)
- KB 3095113 and KB 3159706 (or an equivalent update) must be installed on WSUS 6.2 and 6.3.
> [!IMPORTANT]
> Both [KB 3095113](https://support.microsoft.com/kb/3095113) and [KB 3159706](https://support.microsoft.com/kb/3159706) are included in the **Security Monthly Quality Rollup** starting in July 2017. This means you might not see KB 3095113 and KB 3159706 as installed updates since they might have been installed with a rollup. However, if you need either of these updates, we recommend installing a **Security Monthly Quality Rollup** released after **October 2017** since they contain an additional WSUS update to decrease memory utilization on WSUS's clientwebservice.
>If you have synced either of these updates prior to the security monthly quality rollup, you can experience problems. To recover from this, see [How to Delete Upgrades in WSUS](https://blogs.technet.microsoft.com/wsus/2016/01/29/how-to-delete-upgrades-in-wsus/).
## WSUS scalability ## WSUS scalability
To use WSUS to manage all Windows updates, some organizations may need access to WSUS from a perimeter network, or they might have some other complex scenario. WSUS is highly scalable and configurable for organizations of any size or site layout. For specific information about scaling WSUS, including upstream and downstream server configuration, branch offices, WSUS load balancing, and other complex scenarios, see [Choose a Type of WSUS Deployment](https://technet.microsoft.com/library/cc720448%28v=ws.10%29.aspx). To use WSUS to manage all Windows updates, some organizations may need access to WSUS from a perimeter network, or they might have some other complex scenario. WSUS is highly scalable and configurable for organizations of any size or site layout. For specific information about scaling WSUS, including upstream and downstream server configuration, branch offices, WSUS load balancing, and other complex scenarios, see [Choose a Type of WSUS Deployment](https://technet.microsoft.com/library/cc720448%28v=ws.10%29.aspx).
## Express Installation Files
With Windows 10, quality updates will be larger than traditional Windows Updates because theyre cumulative. To manage the bandwidth clients downloading large updates like these will need, WSUS has a feature called *Express Installation Files*.
At a binary level, files associated with updates may not change a lot. In fact, with cumulative quality updates, most of the content will be from previous updates. Rather than downloading the entire update when only a small percentage of the payload is actually different, Express Installation Files analyze the differences between the new files associated with an update and the existing files on the client. This approach significantly reduces the amount of bandwidth used because only a fraction of the update content is actually delivered.
**To configure WSUS to download Express Update Files**
1. Open the WSUS Administration Console.
2. In the navigation pane, go to *Your_Server*\\**Options**.
3. In the **Options** section, click **Update Files and Languages**.
![Example of UI](images/waas-wsus-fig1.png)
4. In the **Update Files and Languages** dialog box, select **Download express installation files**.
![Example of UI](images/waas-wsus-fig2.png)
>[!NOTE]
>Because Windows 10 updates are cumulative, enabling Express Installation Files when WSUS is configured to download Windows 10 updates will significantly increase the amount of disk space that WSUS requires. Alternatively, when using Express Installation Files for previous versions of Windows, the features positive effects arent noticeable because the updates arent cumulative.
## Configure automatic updates and update service location ## Configure automatic updates and update service location
@ -71,11 +57,11 @@ When using WSUS to manage updates on Windows client devices, start by configurin
**To configure the Configure Automatic Updates and Intranet Microsoft Update Service Location Group Policy settings for your environment** **To configure the Configure Automatic Updates and Intranet Microsoft Update Service Location Group Policy settings for your environment**
1. Open GPMC. 1. Open Group Policy Management Console (gpmc.msc).
2. Expand Forest\Domains\\*Your_Domain*. 2. Expand *Forest\Domains\\*Your_Domain**.
3. Right-click *Your_Domain*, and then click **Create a GPO in this domain, and Link it here**. 3. Right-click **Your_Domain**, and then select **Create a GPO in this domain, and Link it here**.
![Example of UI](images/waas-wsus-fig3.png) ![Example of UI](images/waas-wsus-fig3.png)
@ -99,13 +85,13 @@ When using WSUS to manage updates on Windows client devices, start by configurin
![Example of UI](images/waas-wsus-fig5.png) ![Example of UI](images/waas-wsus-fig5.png)
> [!NOTE] > [!NOTE]
> ?There are three other settings for automatic update download and installation dates and times. This is simply the option this example uses. For more examples of how to control automatic updates and other related policies, see [Configure Automatic Updates by Using Group Policy](https://technet.microsoft.com/library/cc720539%28v=ws.10%29.aspx). > There are three other settings for automatic update download and installation dates and times. This is simply the option this example uses. For more examples of how to control automatic updates and other related policies, see [Configure Automatic Updates by Using Group Policy](https://technet.microsoft.com/library/cc720539%28v=ws.10%29.aspx).
10. Right-click the **Specify intranet Microsoft update service location** setting, and then click **Edit**. 10. Right-click the **Specify intranet Microsoft update service location** setting, and then select **Edit**.
11. In the **Specify intranet Microsoft update service location** dialog box, select **Enable**. 11. In the **Specify intranet Microsoft update service location** dialog box, select **Enable**.
12. Under **Options**, in the **Set the intranet update service for detecting updates** and **Set the intranet statistics server** options, type <strong>http://Your_WSUS_Server_FQDN:PortNumber</strong>, and then click **OK**. 12. Under **Options**, in the **Set the intranet update service for detecting updates** and **Set the intranet statistics server** options, type <strong>http://Your_WSUS_Server_FQDN:PortNumber</strong>, and then select **OK**.
>[!NOTE] >[!NOTE]
>The URL `http://CONTOSO-WSUS1.contoso.com:8530` in the following image is just an example. In your environment, be sure to use the server name and port number for your WSUS instance. >The URL `http://CONTOSO-WSUS1.contoso.com:8530` in the following image is just an example. In your environment, be sure to use the server name and port number for your WSUS instance.
@ -113,7 +99,7 @@ When using WSUS to manage updates on Windows client devices, start by configurin
![Example of UI](images/waas-wsus-fig6.png) ![Example of UI](images/waas-wsus-fig6.png)
>[!NOTE] >[!NOTE]
>The default HTTP port for WSUS is 8530, and the default HTTP over Secure Sockets Layer (HTTPS) port is 8531. If youre unsure which port WSUS is using for client communication, right-click the WSUS Administration site in IIS Manager, and then click **Edit Bindings**. >The default HTTP port for WSUS is 8530, and the default HTTP over Secure Sockets Layer (HTTPS) port is 8531. (The other options are 80 and 443; no other ports are supported.)
As Windows clients refresh their computer policies (the default Group Policy refresh setting is 90 minutes and when a computer restarts), computers start to appear in WSUS. Now that clients are communicating with the WSUS server, create the computer groups that align with your deployment rings. As Windows clients refresh their computer policies (the default Group Policy refresh setting is 90 minutes and when a computer restarts), computers start to appear in WSUS. Now that clients are communicating with the WSUS server, create the computer groups that align with your deployment rings.
@ -139,6 +125,7 @@ You can use computer groups to target a subset of devices that have specific qua
Now that the groups have been created, add the computers to the computer groups that align with the desired deployment rings. You can do this through [Group Policy](#wsus-gp) or manually by using the [WSUS Administration Console](#wsus-admin). Now that the groups have been created, add the computers to the computer groups that align with the desired deployment rings. You can do this through [Group Policy](#wsus-gp) or manually by using the [WSUS Administration Console](#wsus-admin).
<span id="wsus-admin"/> <span id="wsus-admin"/>
## Use the WSUS Administration Console to populate deployment rings ## Use the WSUS Administration Console to populate deployment rings
Adding computers to computer groups in the WSUS Administration Console is simple, but it could take much longer than managing membership through Group Policy, especially if you have many computers to add. Adding computers to computer groups in the WSUS Administration Console is called *server-side targeting*. Adding computers to computer groups in the WSUS Administration Console is simple, but it could take much longer than managing membership through Group Policy, especially if you have many computers to add. Adding computers to computer groups in the WSUS Administration Console is called *server-side targeting*.
@ -205,7 +192,7 @@ Now that WSUS is ready for client-side targeting, complete the following steps t
>[!TIP] >[!TIP]
>When using client-side targeting, consider giving security groups the same names as your deployment rings. Doing so simplifies the policy-creation process and helps ensure that you dont add computers to the incorrect rings. >When using client-side targeting, consider giving security groups the same names as your deployment rings. Doing so simplifies the policy-creation process and helps ensure that you dont add computers to the incorrect rings.
1. Open GPMC. 1. Open Group Policy Management Console (gpmc.msc).
2. Expand Forest\Domains\\*Your_Domain*. 2. Expand Forest\Domains\\*Your_Domain*.
@ -223,10 +210,13 @@ Now that WSUS is ready for client-side targeting, complete the following steps t
8. In the **Enable client-side targeting** dialog box, select **Enable**. 8. In the **Enable client-side targeting** dialog box, select **Enable**.
9. In the **Target group name for this computer** box, type **Ring 4 Broad Business Users**. This is the name of the deployment ring in WSUS to which these computers will be added. 9. In the **Target group name for this computer** box, type *Ring 4 Broad Business Users*. This is the name of the deployment ring in WSUS to which these computers will be added.
![Example of UI](images/waas-wsus-fig12.png) ![Example of UI](images/waas-wsus-fig12.png)
> [!WARNING]
> The target group name must match the computer group name.
10. Close the Group Policy Management Editor. 10. Close the Group Policy Management Editor.
Now youre ready to deploy this GPO to the correct computer security group for the **Ring 4 Broad Business Users** deployment ring. Now youre ready to deploy this GPO to the correct computer security group for the **Ring 4 Broad Business Users** deployment ring.
@ -248,7 +238,8 @@ The next time the clients in the **Ring 4 Broad Business Users** security group
For clients that should have their feature updates approved as soon as theyre available, you can configure Automatic Approval rules in WSUS. For clients that should have their feature updates approved as soon as theyre available, you can configure Automatic Approval rules in WSUS.
>[!NOTE] >[!NOTE]
>WSUS respects the clients servicing branch. If you approve a feature update while it is still Current Branch (CB), WSUS will install the update only on PCs that are in the CB servicing branch. When Microsoft releases the build for Current Branch for Business (CBB), the PCs in the CBB servicing branch will install it. Windows Update for Business branch settings do not apply to feature updates through WSUS. >WSUS respects the client device's servicing branch. If you approve a feature update while it is still in one branch, such as Insider Preview, WSUS will install the update only on devices that are in that servicing branch. When Microsoft releases the build for Semi-Annual Channel, the devices in the Semi-Annual Channel will install it. Windows Update for Business branch settings do not apply to feature updates through WSUS.
**To configure an Automatic Approval rule for Windows 10 feature updates and approve them for the Ring 3 Broad IT deployment ring** **To configure an Automatic Approval rule for Windows 10 feature updates and approve them for the Ring 3 Broad IT deployment ring**
@ -277,13 +268,18 @@ For clients that should have their feature updates approved as soon as theyre
9. In the **Automatic Approvals** dialog box, click **OK**. 9. In the **Automatic Approvals** dialog box, click **OK**.
>[!NOTE] >[!NOTE]
>WSUS does not honor any existing month/week/day deferral settings for CB or CBB. That said, if youre using Windows Update for Business for a computer for which WSUS is also managing updates, when WSUS approves the update, it will be installed on the computer regardless of whether you configured Group Policy to wait. >WSUS does not honor any existing month/week/day [deferral settings](waas-configure-wufb.md#configure-when-devices-receive-feature-updates). That said, if youre using Windows Update for Business for a computer for which WSUS is also managing updates, when WSUS approves the update, it will be installed on the computer regardless of whether you configured Group Policy to wait.
Now, whenever Windows 10 feature updates are published to WSUS, they will automatically be approved for the **Ring 3 Broad IT** deployment ring with an installation deadline of 1 week. Now, whenever Windows 10 feature updates are published to WSUS, they will automatically be approved for the **Ring 3 Broad IT** deployment ring with an installation deadline of 1 week.
> [!WARNING]
> The auto approval rule runs after synchronization occurs. This means that the *next* upgrade for each Windows 10 version will be approved. If you select **Run Rule**, all possible updates that meet the criteria will be approved, potentially including older updates that you don't actualy want--which can be a problem when the download sizes are very large.
## Manually approve and deploy feature updates ## Manually approve and deploy feature updates
You can manually approve updates and set deadlines for installation within the WSUS Administration Console, as well. To simplify the manual approval process, start by creating a software update view that contains only Windows 10 updates. You can manually approve updates and set deadlines for installation within the WSUS Administration Console, as well. It might be best to approve update rules manually after your pilot deployment has been updated.
To simplify the manual approval process, start by creating a software update view that contains only Windows 10 updates.
**To approve and deploy feature updates manually** **To approve and deploy feature updates manually**
@ -301,7 +297,7 @@ You can manually approve updates and set deadlines for installation within the W
![Example of UI](images/waas-wsus-fig16.png) ![Example of UI](images/waas-wsus-fig16.png)
Now that you have the All Windows 10 Upgrades view, complete the following steps to manually approve an update for the **Ring 4 Broad Business Users** deployment ring: Now that you have the **All Windows 10 Upgrades** view, complete the following steps to manually approve an update for the **Ring 4 Broad Business Users** deployment ring:
1. In the WSUS Administration Console, go to Update Services\\*Server_Name*\Updates\All Windows 10 Upgrades. 1. In the WSUS Administration Console, go to Update Services\\*Server_Name*\Updates\All Windows 10 Upgrades.

4
windows/deployment/update/wufb-compliancedeadlines.md
View File

@ -105,13 +105,13 @@ Once the device is in the pending restart state, it will attempt to restart the
#### Suggested configuration {OK} #### Suggested configuration
|Policy|Location|3-day compliance|5-day compliance|7-day compliance| |Policy|Location|3-day compliance|5-day compliance|7-day compliance|
|-|-|-|-|-| |-|-|-|-|-|
|Specify deadline before auto-restart for update installation| GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadline before auto-restart for update installation |State: Enabled<br>**Specify the number of days before pending restart will automatically be executed outside of active hours:** 2| State: Enabled<br>**Specify the number of days before pending restart will automatically be executed outside of active hours:** 3 | State: Enabled<br>**Specify the number of days before pending restart will automatically be executed outside of active hours:** 4| |Specify deadline before auto-restart for update installation| GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadline before auto-restart for update installation |State: Enabled<br>**Specify the number of days before pending restart will automatically be executed outside of active hours:** 2| State: Enabled<br>**Specify the number of days before pending restart will automatically be executed outside of active hours:** 3 | State: Enabled<br>**Specify the number of days before pending restart will automatically be executed outside of active hours:** 4|
#### Controlling notification experience for deadline {OK} #### Controlling notification experience for deadline
|Policy| Location|Suggested Configuration | |Policy| Location|Suggested Configuration |
|-|-|-| |-|-|-|

26
windows/deployment/upgrade/setupdiag.md
View File

@ -28,7 +28,7 @@ ms.topic: article
## About SetupDiag ## About SetupDiag
<I>Current version of SetupDiag: 1.6.0.0</I> <I>Current version of SetupDiag: 1.6.0.42</I>
>Always be sure to run the most recent version of SetupDiag, so that can access new functionality and fixes to known issues. >Always be sure to run the most recent version of SetupDiag, so that can access new functionality and fixes to known issues.
SetupDiag is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. SetupDiag is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful.
@ -73,6 +73,8 @@ The [Release notes](#release-notes) section at the bottom of this topic has info
| /Verbose | <ul><li>This optional parameter will output much more data to a log file. By default, SetupDiag will only produce a log file entry for serious errors. Using **/Verbose** will cause SetupDiag to always produce an additional log file with debugging details. These details can be useful when reporting a problem with SetupDiag.</ul> | | /Verbose | <ul><li>This optional parameter will output much more data to a log file. By default, SetupDiag will only produce a log file entry for serious errors. Using **/Verbose** will cause SetupDiag to always produce an additional log file with debugging details. These details can be useful when reporting a problem with SetupDiag.</ul> |
| /NoTel | <ul><li>This optional parameter tells SetupDiag.exe not to send diagnostic telemetry to Microsoft.</ul> | | /NoTel | <ul><li>This optional parameter tells SetupDiag.exe not to send diagnostic telemetry to Microsoft.</ul> |
| /AddReg | <ul><li>This optional parameter instructs SetupDiag.exe to add failure information to the registry in offline mode. By default, SetupDiag will add failure information to the registry in online mode only. Registry data is added to the following location on the system where SetupDiag is run: **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag**.</ul> | | /AddReg | <ul><li>This optional parameter instructs SetupDiag.exe to add failure information to the registry in offline mode. By default, SetupDiag will add failure information to the registry in online mode only. Registry data is added to the following location on the system where SetupDiag is run: **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag**.</ul> |
| /RegPath | <ul><li>This optional parameter instructs SetupDiag.exe to add failure information to the registry using the specified path. If this parameter is not specified the default path is **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag**.
</ul> |
Note: The **/Mode** parameter is deprecated in version 1.4.0.0 of SetupDiag. Note: The **/Mode** parameter is deprecated in version 1.4.0.0 of SetupDiag.
- In previous versions, this command was used with the LogsPath parameter to specify that SetupDiag should run in an offline manner to analyze a set of log files that were captured from a different computer. In version 1.4.0.0 when you specify /LogsPath then SetupDiag will automatically run in offline mode, therefore the /Mode parameter is not needed. - In previous versions, this command was used with the LogsPath parameter to specify that SetupDiag should run in an offline manner to analyze a set of log files that were captured from a different computer. In version 1.4.0.0 when you specify /LogsPath then SetupDiag will automatically run in offline mode, therefore the /Mode parameter is not needed.
@ -318,17 +320,17 @@ Each rule name and its associated unique rule identifier are listed with a descr
## Release notes ## Release notes
08/08/2019 - SetupDiag v1.6.0.0 is released with 60 rules, as a standalone tool available from the Download Center. 08/08/2019 - SetupDiag v1.6.0.42 is released with 60 rules, as a standalone tool available from the Download Center.
- Log detection performance is improved. What used to take up to a minute should take around 10 seconds or less. - Log detection performance is improved. What used to take up to a minute should take around 10 seconds or less.
- Added Setup Operation and Setup Phase information to both the results log and the registry information. - Added Setup Operation and Setup Phase information to both the results log and the registry information.
- This is the last Operation and Phase that Setup was in when the failure occurred. - This is the last Operation and Phase that Setup was in when the failure occurred.
- Added detailed Setup Operation and Setup Phase information (and timing) to output log when /verbose is specified. - Added detailed Setup Operation and Setup Phase information (and timing) to output log when /verbose is specified.
- Note, if the issue found is a compat block, no Setup Operation or Phase info exists yet and therefore wont be available. - Note, if the issue found is a compat block, no Setup Operation or Phase info exists yet and therefore wont be available.
- Added more info to the Registry output. - Added more info to the Registry output.
- Detailed FailureData info where available. Example: “AppName = MyBlockedApplication” or “DiskSpace = 6603” (in MB) - Detailed FailureData info where available. Example: “AppName = MyBlockedApplication” or “DiskSpace = 6603” (in MB)
- “Key = Value” data specific to the failure found. - “Key = Value” data specific to the failure found.
- Added UpgradeStartTime, UpgradeEndTime and UpgradeElapsedTime - Added UpgradeStartTime, UpgradeEndTime and UpgradeElapsedTime
- Added SetupDiagVersion, DateTime (to indicate when SetupDiag was executed on the system), TargetOSVersion, HostOSVersion and more… - Added SetupDiagVersion, DateTime (to indicate when SetupDiag was executed on the system), TargetOSVersion, HostOSVersion and more…
06/19/2019 - SetupDiag v1.5.0.0 is released with 60 rules, as a standalone tool available from the Download Center. 06/19/2019 - SetupDiag v1.5.0.0 is released with 60 rules, as a standalone tool available from the Download Center.

2
windows/security/threat-protection/microsoft-defender-atp/overview-secure-score.md
View File

@ -22,7 +22,7 @@ ms.topic: conceptual
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>[!NOTE] >[!NOTE]
> Secure score is now part of [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) as [Configuration score](configuration-score.md). The secure score page will be available for a few weeks. View the [Secure score](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score) page. > Secure score is now part of [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) as [Configuration score](configuration-score.md). The secure score page will be available for a few weeks.
The Secure score dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. From there you can take action based on the recommended configuration baselines. The Secure score dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. From there you can take action based on the recommended configuration baselines.