-[ScanState Syntax](usmt-scanstate-syntax.md)
-[LoadState Syntax](usmt-loadstate-syntax.md) +--- +title: Identify Users (Windows 10) +description: Identify Users +ms.assetid: 957a4fe9-79fd-44a2-8c26-33e50f71f9de +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.topic: article +ms.localizationpriority: medium +--- + +# Identify Users + +It is important to carefully consider how you plan to migrate users. By default, all users are migrated by User State Migration Tool (USMT) 5.0. You must specify which users to include by using the command line. You cannot specify users in the .xml files. For instructions on how to migrate users, see [Migrate User Accounts](usmt-migrate-user-accounts.md). + +## In This Topic + +- [Migrating Local Accounts](#bkmk-8) +- [Migrating Domain Accounts](#bkmk-9) +- [Command-Line Options](#bkmk-7) + +## Migrating Local Accounts + +Before migrating local accounts, note the following: + +- [You must explicitly specify that local accounts that are not on the destination computer should be migrated.](#bkmk-8) If you are migrating local accounts and the local account does not exist on the destination computer, you must use the **/lac** option when using the LoadState command. If the **/lac** option is not specified, no local user accounts will be migrated. + +- [Consider whether to enable user accounts that are new to the destination computer.](#bkmk-8) The **/lae** option enables the account that was created with the **/lac** option. However, if you create a disabled local account by using only the **/lac** option, a local administrator must enable the account on the destination computer. + +- [Be careful when specifying a password for local accounts.](#bkmk-8) If you create the local account with a blank password, anyone could log on to that account on the destination computer. If you create the local account with a password, the password is available to anyone with access to the USMT command-line tools. + +>[!NOTE] +>If there are multiple users on a computer, and you specify a password with the **/lac** option, all migrated users will have the same password. + +## Migrating Domain Accounts + +The source and destination computers do not need to be connected to the domain for domain user profiles to be migrated. + +## Command-Line Options + +USMT provides several options to migrate multiple users on a single computer. The following command-line options specify which users to migrate. + +- [Specifying users.](#bkmk-8) You can specify which users to migrate with the **/all**, **/ui**, **/uel**, and **/ue** options with both the ScanState and LoadState command-line tools. + + >[!IMPORTANT] + >The **/uel** option excludes users based on the **LastModified** date of the Ntuser.dat file. The **/uel** option is not valid in offline migrations. + +- [Moving users to another domain.](#bkmk-8) You can move user accounts to another domain using the **/md** option with the LoadState command-line tool. + +- [Creating local accounts.](#bkmk-8) You can create and enable local accounts using the **/lac** and **/lae** options with the LoadState command-line tool. + +- [Renaming user accounts.](#bkmk-8) You can rename user accounts using the **/mu** option. + + >[!NOTE] + >By default, if a user name is not specified in any of the command-line options, the user will be migrated. + +## Related topics + +[Determine What to Migrate](usmt-determine-what-to-migrate.md)
+[ScanState Syntax](usmt-scanstate-syntax.md)
+[LoadState Syntax](usmt-loadstate-syntax.md) diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md index 9a229185cc..86f5ade189 100644 --- a/windows/deployment/volume-activation/install-vamt.md +++ b/windows/deployment/volume-activation/install-vamt.md @@ -9,7 +9,8 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: activation -audience: itpro author: greg-lindsay +audience: itpro +author: greg-lindsay ms.localizationpriority: medium ms.date: 03/11/2019 ms.topic: article @@ -34,8 +35,9 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for - [Windows Server with Desktop Experience](https://docs.microsoft.com/windows-server/get-started/getting-started-with-server-with-desktop-experience), with internet access and all updates applied - [Windows 10, version 1809 ADK](https://go.microsoft.com/fwlink/?linkid=2026036) - [SQL Server 2017 Express](https://www.microsoft.com/sql-server/sql-server-editions-express) +- alternatively any full SQL instance e.g. SQL Server 2014 or newer incl. CU / SP -### Install SQL Server 2017 Express +### Install SQL Server 2017 Express / alternatively use any Full SQL instance e.g. SQL Server 2014 or newer 1. Download and open the [SQL Server 2017 Express](https://www.microsoft.com/sql-server/sql-server-editions-express) package. 2. Select **Basic**. @@ -46,20 +48,23 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for ### Install VAMT using the ADK -1. Download and open the [Windows 10, version 1809 ADK](https://go.microsoft.com/fwlink/?linkid=2026036) package. +1. Download and open the [Windows 10, version 1903 ADK](https://go.microsoft.com/fwlink/?linkid=2086042) package. +Reminder: There won't be new ADK release for 1909. 2. Enter an install location or use the default path, and then select **Next**. 3. Select a privacy setting, and then select **Next**. 4. Accept the license terms. 5. On the **Select the features you want to install** page, select **Volume Activation Management Tool (VAMT)**, and then select **Install**. (You can select additional features to install as well.) 6. On the completion page, select **Close**. -### Configure VAMT to connect to SQL Server 2017 Express +### Configure VAMT to connect to SQL Server 2017 Express or full SQL Server 1. Open **Volume Active Management Tool 3.1** from the Start menu. -2. Enter the server instance name and a name for the database, select **Connect**, and then select **Yes** to create the database. See the following image for an example. +2. Enter the server instance name (for a remote SQL use the FQDN) and a name for the database, select **Connect**, and then select **Yes** to create the database. See the following image for an example for SQL.  +for remote SQL Server use +servername.yourdomain.com diff --git a/windows/deployment/windows-autopilot/white-glove.md b/windows/deployment/windows-autopilot/white-glove.md index 9fd9e87869..a0bef4bb0b 100644 --- a/windows/deployment/windows-autopilot/white-glove.md +++ b/windows/deployment/windows-autopilot/white-glove.md @@ -59,7 +59,7 @@ To enable white glove deployment, an additional Autopilot profile setting must b  -The Windows Autopilot for white glove deployment pre-provisioning process will apply all device-targeted policies from Intune. That includes certificates, security templates, settings, apps, and more – anything targeting the device. Additionally, any apps (Win32 or LOB) that are configured to install in the device context and targeted to the user that has been pre-assigned to the Autopilot device will also be installed. +The Windows Autopilot for white glove deployment pre-provisioning process will apply all device-targeted policies from Intune. That includes certificates, security templates, settings, apps, and more – anything targeting the device. Additionally, any apps (Win32 or LOB) that are configured to install in the device context and targeted to the user that has been pre-assigned to the Autopilot device will also be installed. Please make sure not to target both win32 and LOB apps to the same device. >[!NOTE] >Other user-targeted policies will not apply until the user signs into the device. To verify these behaviors, be sure to create appropriate apps and policies targeted to devices and users. diff --git a/windows/release-information/resolved-issues-windows-10-1607.yml b/windows/release-information/resolved-issues-windows-10-1607.yml index 343f302b6c..cabf372d2e 100644 --- a/windows/release-information/resolved-issues-windows-10-1607.yml +++ b/windows/release-information/resolved-issues-windows-10-1607.yml @@ -36,10 +36,8 @@ sections:
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details >
September 23, 2019
KB4522010
KB4519998
10:00 AM PT
Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
See details >
September 10, 2019
KB4516044
04:47 PM PT
Applications and scripts that call NetQueryDisplayInformation may fail to return results after the first page of data.
See details >
June 18, 2019
KB4503294
KB4516044
10:00 AM PT
Devices may not start after updating when connected to a domain that is configured to use MIT Kerberos realms.
See details >
July 16, 2019
KB4507459
KB4512517
10:00 AM PT
Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"
See details >
June 11, 2019
KB4503267
KB4512495
02:00 PM PT
Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.
See details >
August 13, 2019
KB4512517
KB4512495
02:00 PM PT
JavaScript may fail to render as expected in IE11 and in apps using JavaScript or the WebBrowser control.
See details >
July 09, 2019
KB4507460
KB4512517
10:00 AM PT
| Details | Originating update | Status | History |
| Domain connected devices that use MIT Kerberos realms will not start up Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507459. Devices that are domain controllers or domain members are both affected. To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903. Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms - Affected platforms:
Resolution: This issue was resolved in KB4512517 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903. Back to top | OS Build 14393.3115 July 16, 2019 KB4507459 | Resolved KB4512517 | Resolved: August 13, 2019 10:00 AM PT Opened: July 25, 2019 06:10 PM PT |
| Devices starting using PXE from a WDS or SCCM servers may fail to start Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503267 on a WDS server. Affected platforms:
Resolution: This issue was resolved in KB4512495. Back to top | OS Build 14393.3025 June 11, 2019 KB4503267 | Resolved KB4512495 | Resolved: August 17, 2019 02:00 PM PT Opened: July 10, 2019 02:51 PM PT |
| Internet Explorer 11 and apps using the WebBrowser control may fail to render Internet Explorer 11 may fail to render some JavaScript after installing KB4507460. You may also have issues with apps using JavaScript or the WebBrowser control, such as the present PowerPoint feature of Skype Meeting Broadcast. Affected platforms:
Resolution: This issue was resolved in KB4512517. Back to top | OS Build 14393.3085 July 09, 2019 KB4507460 | Resolved KB4512517 | Resolved: August 13, 2019 10:00 AM PT Opened: July 26, 2019 04:58 PM PT |
You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.
See details >
September 10, 2019
KB4516066
KB4534318
02:00 PM PT
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details >
September 23, 2019
KB4522012
KB4520004
10:00 AM PT
Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
See details >
September 10, 2019
KB4516066
04:08 PM PT
Devices may not start after updating when connected to a domain that is configured to use MIT Kerberos realms.
See details >
July 16, 2019
KB4507465
KB4512516
10:00 AM PT
Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"
See details >
June 11, 2019
KB4503284
KB4512494
02:00 PM PT
Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.
See details >
August 13, 2019
KB4512516
KB4512494
02:00 PM PT
| Details | Originating update | Status | History |
| Domain connected devices that use MIT Kerberos realms will not start up Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507465. Devices that are domain controllers or domain members are both affected. To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903. Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms - Affected platforms:
Resolution: This issue was resolved in KB4512516 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903. Back to top | OS Build 16299.1296 July 16, 2019 KB4507465 | Resolved KB4512516 | Resolved: August 13, 2019 10:00 AM PT Opened: July 25, 2019 06:10 PM PT |
| Devices starting using PXE from a WDS or SCCM servers may fail to start Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503284 on a WDS server. Affected platforms:
Resolution: This issue was resolved in KB4512494. Back to top | OS Build 16299.1217 June 11, 2019 KB4503284 | Resolved KB4512494 | Resolved: August 16, 2019 02:00 PM PT Opened: July 10, 2019 02:51 PM PT |
Your device may startup to a black screen during the first logon after installing updates.
See details >
June 11, 2019
KB4503286
KB4519978
10:00 AM PT
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details >
September 23, 2019
KB4522014
KB4520008
10:00 AM PT
Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
See details >
September 10, 2019
KB4516058
04:08 PM PT
Devices may not start after updating when connected to a domain that is configured to use MIT Kerberos realms.
See details >
July 16, 2019
KB4507466
KB4512501
10:00 AM PT
Some users may have incorrectly received the notification \"Your device is missing important security and quality fixes.\"
See details >
12:32 PM PT
Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"
See details >
June 11, 2019
KB4503286
KB4512509
02:00 PM PT
Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.
See details >
August 13, 2019
KB4512501
KB4512509
02:00 PM PT
| Details | Originating update | Status | History |
| Domain connected devices that use MIT Kerberos realms will not start up Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4507466. Devices that are domain controllers or domain members are both affected. To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903. Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms - Affected platforms:
Resolution: This issue was resolved in KB4512501 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903. Back to top | OS Build 17134.915 July 16, 2019 KB4507466 | Resolved KB4512501 | Resolved: August 13, 2019 10:00 AM PT Opened: July 25, 2019 06:10 PM PT |
| Devices starting using PXE from a WDS or SCCM servers may fail to start Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503286 on a WDS server. Affected platforms:
Resolution: This issue was resolved in KB4512509. Back to top | OS Build 17134.829 June 11, 2019 KB4503286 | Resolved KB4512509 | Resolved: August 19, 2019 02:00 PM PT Opened: July 10, 2019 02:51 PM PT |
The print spooler service may intermittently have issues completing a print job and results print job failure.
See details >
September 23, 2019
KB4522015
KB4519338
10:00 AM PT
Applications and scripts that call NetQueryDisplayInformation may fail to return results after the first page of data.
See details >
October 09, 2018
KB4464330
KB4516077
10:00 AM PT
Some Input Method Editor (IME) including ChsIME.EXE and ChtIME.EXE, may become unresponsive or may have high CPU usage.
See details >
September 10, 2019
KB4512578
04:08 PM PT
Devices may not start after updating when connected to a domain that is configured to use MIT Kerberos realms.
See details >
July 22, 2019
KB4505658
KB4511553
10:00 AM PT
Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"
See details >
June 11, 2019
KB4503327
KB4512534
02:00 PM PT
Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.
See details >
August 13, 2019
KB4511553
KB4512534
02:00 PM PT
| Details | Originating update | Status | History |
| Domain connected devices that use MIT Kerberos realms will not start up Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after installation of KB4505658. Devices that are domain controllers or domain members are both affected. To safeguard your update experience, we have applied a compatibility hold on devices configured to use MIT Kerberos realm from being offered Windows 10, version 1903 or Windows Server, version 1903. Note If you are not sure if your device is affected, contact your administrator. Advanced users can check for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos or check if this registry key exists: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\MitRealms - Affected platforms:
Resolution: This issue was resolved in KB4511553 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903 or Windows Server, version 1903. Back to top | OS Build 17763.652 July 22, 2019 KB4505658 | Resolved KB4511553 | Resolved: August 13, 2019 10:00 AM PT Opened: July 25, 2019 06:10 PM PT |
| Devices starting using PXE from a WDS or SCCM servers may fail to start Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503327 on a WDS server. Affected platforms:
Resolution: This issue was resolved in KB4512534. Back to top | OS Build 17763.557 June 11, 2019 KB4503327 | Resolved KB4512534 | Resolved: August 17, 2019 02:00 PM PT Opened: July 10, 2019 02:51 PM PT |
| Summary | Originating update | Status | Date resolved |
| After installing an update and restarting, you might receive an error You might receive the error, “Failure to configure Windows updates. Reverting Changes.” or \"Failed\" in Update History. See details > | February 11, 2020 KB4537820 | Resolved | February 12, 2020 05:37 PM PT |
| Custom wallpaper displays as black Using a custom image set to \"Stretch\" might not display as expected. See details > | January 14, 2020 KB4534310 | Resolved KB4539601 | February 07, 2020 10:00 AM PT |
| MSRT might fail to install and be re-offered from Windows Update or WSUS The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS. See details > | Resolved | January 23, 2020 02:08 PM PT | |
| Intermittent issues when printing The print spooler service may intermittently have issues completing a print job and results print job failure. See details > | September 24, 2019 KB4516048 | Resolved KB4519976 | October 08, 2019 10:00 AM PT |
| Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV Windows updates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed See details > | August 13, 2019 KB4512506 | Resolved External | August 27, 2019 02:29 PM PT |
| Devices starting using PXE from a WDS or SCCM servers may fail to start Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\" See details > | June 11, 2019 KB4503292 | Resolved KB4512514 | August 17, 2019 02:00 PM PT |
| Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error. See details > | August 13, 2019 KB4512506 | Resolved KB4517297 | August 16, 2019 02:00 PM PT |
| System may be unresponsive after restart with certain McAfee antivirus products Devices running certain McAfee Endpoint security applications may be slow or unresponsive at startup. See details > | April 09, 2019 KB4493472 | Resolved External | August 13, 2019 06:59 PM PT |
| Details | Originating update | Status | History |
| After installing an update and restarting, you might receive an error After installing KB4537820 and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History. Affected platforms:
Resolution: This is expected in the following circumstances:
If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the \"How to get this update\" section of this article. Back to top | February 11, 2020 KB4537820 | Resolved | Resolved: February 12, 2020 05:37 PM PT Opened: February 12, 2020 03:47 PM PT |
| Details | Originating update | Status | History |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Note This issue also affects the Internet Explorer Cumulative Update KB4522007, release September 23, 2019. Affected platforms:
Resolution: This issue was resolved in KB4519976. If you are using Security Only updates, see KB4519974 for resolving KB for your platform. Back to top | September 24, 2019 KB4516048 | Resolved KB4519976 | Resolved: October 08, 2019 10:00 AM PT Opened: September 30, 2019 06:26 PM PT |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Note This issue also affects the Internet Explorer Cumulative Update KB4522007, release September 23, 2019. Affected platforms:
Resolution: This issue was resolved in KB4519976. If you are using Security Only updates, see KB4519974 for resolving KB for your platform. Back to top | September 24, 2019 KB4516048 | Resolved KB4519976 | Resolved: October 08, 2019 10:00 AM PT Opened: September 30, 2019 06:26 PM PT |
| You may receive an error when opening or using the Toshiba Qosmio AV Center After installing KB4512506, you may receive an error when opening or using the Toshiba Qosmio AV Center. You may also receive an error in Event Log related to cryptnet.dll. Affected platforms:
Resolution: This issue was resolved in KB4516048. Back to top | August 13, 2019 KB4512506 | Resolved KB4516048 | Resolved: September 24, 2019 10:00 AM PT Opened: September 10, 2019 09:48 AM PT |
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503292 on a WDS server.
Affected platforms:
- Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Resolution: This issue was resolved in KB4512514.
Back to top
KB4503292
KB4512514
August 17, 2019
02:00 PM PT
Opened:
July 10, 2019
02:51 PM PT
| Details | Originating update | Status | History |
| System may be unresponsive after restart with certain McAfee antivirus products Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. Affected platforms:
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:
Back to top | April 09, 2019 KB4493472 | Resolved External | Last updated: August 13, 2019 06:59 PM PT Opened: April 09, 2019 10:00 AM PT |
On Windows RT 8.1 devices, Internet Explorer 11 may not open and you may receive an error.
See details >
KB4516067
KB4516041
10:00 AM PT
Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"
See details >
KB4503276
KB4512478
02:00 PM PT
Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.
See details >
KB4512488
KB4517298
02:00 PM PT
Devices running certain McAfee Endpoint security applications may be slow or unresponsive at startup.
See details >
KB4493446
06:59 PM PT
| Details | Originating update | Status | History |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Note This issue also affects the Internet Explorer Cumulative Update KB4522007, release September 23, 2019. Affected platforms:
Resolution: This issue was resolved in KB4520005. If you are using Security Only updates, see KB4519974 for resolving KB for your platform. Back to top | September 24, 2019 KB4516041 | Resolved KB4520005 | Resolved: October 08, 2019 10:00 AM PT Opened: September 30, 2019 06:26 PM PT |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Note This issue also affects the Internet Explorer Cumulative Update KB4522007, release September 23, 2019. Affected platforms:
Resolution: This issue was resolved in KB4520005. If you are using Security Only updates, see KB4519974 for resolving KB for your platform. Back to top | September 24, 2019 KB4516041 | Resolved KB4520005 | Resolved: October 08, 2019 10:00 AM PT Opened: September 30, 2019 06:26 PM PT |
| Windows RT 8.1 devices may have issues opening Internet Explorer 11 On Windows 8.1 RT devices, Internet Explorer 11 may not open and you may receive the error, \"C:\\Program Files\\Internet Explorer\\iexplore.exe: A certificate was explicitly revoked by its issuer.\" Affected platforms:
Resolution: This issue was resolved in KB4516041. Back to top | September 10, 2019 KB4516067 | Resolved KB4516041 | Resolved: September 24, 2019 10:00 AM PT Opened: September 13, 2019 05:25 PM PT |
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503276 on a WDS server.
Affected platforms:
- Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Resolution: This issue was resolved in KB4512478.
Back to top
KB4503276
KB4512478
August 17, 2019
02:00 PM PT
Opened:
July 10, 2019
02:51 PM PT
| Details | Originating update | Status | History |
| System may be unresponsive after restart with certain McAfee antivirus products Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update. Affected platforms:
Resolution: This issue has been resolved. McAfee has released an automatic update to address this issue. Guidance for McAfee customers can be found in the following McAfee support articles:
Back to top | April 09, 2019 KB4493446 | Resolved External | Last updated: August 13, 2019 06:59 PM PT Opened: April 09, 2019 10:00 AM PT |
| Summary | Originating update | Status | Date resolved | ||||||||||||||||||||||||||||||||||
| After installing an update and restarting, you might receive an error You might receive the error, “Failure to configure Windows updates. Reverting Changes.” or \"Failed\" in Update History. See details > | February 11, 2020 KB4537810 | Resolved | February 12, 2020 05:37 PM PT | ||||||||||||||||||||||||||||||||||
| MSRT might fail to install and be re-offered from Windows Update or WSUS The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS. See details > | Resolved | January 23, 2020 02:08 PM PT | |||||||||||||||||||||||||||||||||||
| Issues manually installing updates by double-clicking the .msu file You may encounter issues manually installing updates by double-clicking the .msu file and may receive an error. See details > | September 10, 2019 KB4474419 | Resolved KB4474419 | September 23, 2019 10:00 AM PT | ||||||||||||||||||||||||||||||||||
| Intermittent issues when printing The print spooler service may intermittently have issues completing a print job and results print job failure. See details > | September 24, 2019 KB4516030 | Resolved KB4520002 | October 08, 2019 10:00 AM PT | ||||||||||||||||||||||||||||||||||
| Details | Originating update | Status | History |
| After installing an update and restarting, you might receive an error After installing KB4537810 and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History. Affected platforms:
Resolution: This is expected in the following circumstances:
If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the \"How to get this update\" section of this article. Back to top | February 11, 2020 KB4537810 | Resolved | Resolved: February 12, 2020 05:37 PM PT Opened: February 12, 2020 03:47 PM PT |
| Details | Originating update | Status | History |
| Issues manually installing updates by double-clicking the .msu file After installing the SHA-2 update (KB4474419) released on September 10, 2019, you may encounter issues manually installing updates by double-clicking on the .msu file and may receive the error, \"Installer encountered an error: 0x80073afc. The resource loader failed to find MUI file.\" Affected platforms:
Workaround: Open a command prompt and use the following command (replacing <msu location> with the actual location and filename of the update): wusa.exe <msu location> /quiet Resolution: This issue is resolved in KB4474419 released October 8, 2019. It will install automatically from Windows Update and Windows Server Update Services (WSUS). If you need to install this update manually, you will need to use the workaround above. Note If you previously installed KB4474419 released September 23, 2019, then you already have the latest version of this update and do not need to reinstall. Back to top | September 10, 2019 KB4474419 | Resolved KB4474419 | Resolved: September 23, 2019 10:00 AM PT Opened: September 20, 2019 04:57 PM PT |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Note This issue also affects the Internet Explorer Cumulative Update KB4522007, release September 23, 2019. Affected platforms:
Resolution: This issue was resolved in KB4520002. If you are using Security Only updates, see KB4519974 for resolving KB for your platform. Back to top | September 24, 2019 KB4516030 | Resolved KB4520002 | Resolved: October 08, 2019 10:00 AM PT Opened: September 30, 2019 06:26 PM PT |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Note This issue also affects the Internet Explorer Cumulative Update KB4522007, release September 23, 2019. Affected platforms:
Resolution: This issue was resolved in KB4520002. If you are using Security Only updates, see KB4519974 for resolving KB for your platform. Back to top | September 24, 2019 KB4516030 | Resolved KB4520002 | Resolved: October 08, 2019 10:00 AM PT Opened: September 30, 2019 06:26 PM PT |
| Details | Originating update | Status | History |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Note This issue also affects the Internet Explorer Cumulative Update KB4522007, release September 23, 2019. Affected platforms:
Resolution: This issue was resolved in KB4520007. If you are using Security Only updates, see KB4519974 for resolving KB for your platform. Back to top | September 24, 2019 KB4516069 | Resolved KB4520007 | Resolved: October 08, 2019 10:00 AM PT Opened: September 30, 2019 06:26 PM PT |
| Intermittent issues when printing Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
Note This issue also affects the Internet Explorer Cumulative Update KB4522007, release September 23, 2019. Affected platforms:
Resolution: This issue was resolved in KB4520007. If you are using Security Only updates, see KB4519974 for resolving KB for your platform. Back to top | September 24, 2019 KB4516069 | Resolved KB4520007 | Resolved: October 08, 2019 10:00 AM PT Opened: September 30, 2019 06:26 PM PT |
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
| You might encounter issues with KB4502496 You might encounter issues trying to install or after installing KB4502496 See details > | N/A February 11, 2019 KB4502496 | Mitigated | February 15, 2020 12:02 AM PT |
| TLS connections might fail or timeout Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption. See details > | OS Build 10240.18368 October 08, 2019 KB4520011 | Mitigated External | November 05, 2019 03:36 PM PT |
| Certain operations performed on a Cluster Shared Volume may fail Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5). See details > | OS Build 10240.18094 January 08, 2019 KB4480962 | Mitigated | April 25, 2019 02:00 PM PT |
| Details | Originating update | Status | History |
| You might encounter issues with KB4502496 You might encounter issues trying to install or after installing KB4502496. Affected platforms:
Workaround: To help a sub-set of affected devices, the standalone security update (KB4502496) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates. If this update is installed and you are experiencing issues, you can uninstall this update.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update. Back to top | N/A February 11, 2019 KB4502496 | Mitigated | Last updated: February 15, 2020 12:02 AM PT Opened: February 15, 2020 12:02 AM PT |
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated | ||||||||||||||||||||||||||||||||||
| “Reset this PC” feature might fail “Reset this PC” feature is also called “Push Button Reset” or PBR. See details > | N/A February 11, 2019 KB4524244 | Mitigated | February 15, 2020 12:02 AM PT | ||||||||||||||||||||||||||||||||||
| You might encounter issues with KB4524244 You might encounter issues trying to install or after installing KB4524244 See details > | N/A February 11, 2019 KB4524244 | Mitigated | February 15, 2020 12:02 AM PT | ||||||||||||||||||||||||||||||||||
| Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM. See details > | OS Build 14393.2608 November 13, 2018 KB4467691 | Resolved External | January 23, 2020 02:08 PM PT | ||||||||||||||||||||||||||||||||||
| TLS connections might fail or timeout Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption. See details > | OS Build 14393.3274 October 08, 2019 KB4519998 | Mitigated External | November 05, 2019 03:36 PM PT | ||||||||||||||||||||||||||||||||||
| Certain operations performed on a Cluster Shared Volume may fail Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5). See details > | OS Build 14393.2724 January 08, 2019 KB4480961 | Mitigated | April 25, 2019 02:00 PM PT | ||||||||||||||||||||||||||||||||||
| Details | Originating update | Status | History |
| “Reset this PC” feature might fail Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail. You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”. Affected platforms:
Workaround: The standalone security update, KB4524244 has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update. If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update. Back to top | N/A February 11, 2019 KB4524244 | Mitigated | Last updated: February 15, 2020 12:02 AM PT Opened: February 15, 2020 12:02 AM PT |
| You might encounter issues with KB4524244 You might encounter issues trying to install or after installing KB4524244. Affected platforms:
Workaround: To help a sub-set of affected devices, the standalone security update (KB4524244) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates. If this update is installed and you are experiencing issues, you can uninstall this update.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update. Back to top | N/A February 11, 2019 KB4524244 | Mitigated | Last updated: February 15, 2020 12:02 AM PT Opened: February 15, 2020 12:02 AM PT |
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated | ||||||||||||||||||||||||||||||||||
| “Reset this PC” feature might fail “Reset this PC” feature is also called “Push Button Reset” or PBR. See details > | N/A February 11, 2019 KB4524244 | Mitigated | February 15, 2020 12:02 AM PT | ||||||||||||||||||||||||||||||||||
| You might encounter issues with KB4524244 You might encounter issues trying to install or after installing KB4524244 See details > | N/A February 11, 2019 KB4524244 | Mitigated | February 15, 2020 12:02 AM PT | ||||||||||||||||||||||||||||||||||
| Unable to create local users in Chinese, Japanese and Korean during device setup You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE. See details > | OS Build 16299.1387 September 10, 2019 KB4516066 | Resolved KB4534318 | January 23, 2020 02:00 PM PT | ||||||||||||||||||||||||||||||||||
| TLS connections might fail or timeout Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption. See details > | OS Build 16299.1451 October 08, 2019 KB4520004 | Mitigated External | November 05, 2019 03:36 PM PT | ||||||||||||||||||||||||||||||||||
| Certain operations performed on a Cluster Shared Volume may fail Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5). See details > | OS Build 16299.904 January 08, 2019 KB4480978 | Mitigated | April 25, 2019 02:00 PM PT | ||||||||||||||||||||||||||||||||||
| Details | Originating update | Status | History |
| “Reset this PC” feature might fail Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail. You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”. Affected platforms:
Workaround: The standalone security update, KB4524244 has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update. If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update. Back to top | N/A February 11, 2019 KB4524244 | Mitigated | Last updated: February 15, 2020 12:02 AM PT Opened: February 15, 2020 12:02 AM PT |
| You might encounter issues with KB4524244 You might encounter issues trying to install or after installing KB4524244. Affected platforms:
Workaround: To help a sub-set of affected devices, the standalone security update (KB4524244) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates. If this update is installed and you are experiencing issues, you can uninstall this update.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update. Back to top | N/A February 11, 2019 KB4524244 | Mitigated | Last updated: February 15, 2020 12:02 AM PT Opened: February 15, 2020 12:02 AM PT |
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated | ||||||||||||||||||||||||||||||||||
| “Reset this PC” feature might fail “Reset this PC” feature is also called “Push Button Reset” or PBR. See details > | N/A February 11, 2019 KB4524244 | Mitigated | February 15, 2020 12:02 AM PT | ||||||||||||||||||||||||||||||||||
| You might encounter issues with KB4524244 You might encounter issues trying to install or after installing KB4524244 See details > | N/A February 11, 2019 KB4524244 | Mitigated | February 15, 2020 12:02 AM PT | ||||||||||||||||||||||||||||||||||
| Unable to create local users in Chinese, Japanese and Korean during device setup You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE. See details > | OS Build 17134.1006 September 10, 2019 KB4516058 | Resolved KB4534308 | January 23, 2020 02:00 PM PT | ||||||||||||||||||||||||||||||||||
| TLS connections might fail or timeout Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption. See details > | OS Build 17134.1069 October 08, 2019 KB4520008 | Mitigated External | November 05, 2019 03:36 PM PT | ||||||||||||||||||||||||||||||||||
| Certain operations performed on a Cluster Shared Volume may fail Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5). See details > | OS Build 17134.523 January 08, 2019 KB4480966 | Mitigated | April 25, 2019 02:00 PM PT | ||||||||||||||||||||||||||||||||||
| Details | Originating update | Status | History |
| “Reset this PC” feature might fail Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail. You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”. Affected platforms:
Workaround: The standalone security update, KB4524244 has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update. If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update. Back to top | N/A February 11, 2019 KB4524244 | Mitigated | Last updated: February 15, 2020 12:02 AM PT Opened: February 15, 2020 12:02 AM PT |
| You might encounter issues with KB4524244 You might encounter issues trying to install or after installing KB4524244. Affected platforms:
Workaround: To help a sub-set of affected devices, the standalone security update (KB4524244) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates. If this update is installed and you are experiencing issues, you can uninstall this update.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update. Back to top | N/A February 11, 2019 KB4524244 | Mitigated | Last updated: February 15, 2020 12:02 AM PT Opened: February 15, 2020 12:02 AM PT |
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated | ||||||||||||||||||||||||||||||||||
| “Reset this PC” feature might fail “Reset this PC” feature is also called “Push Button Reset” or PBR. See details > | N/A February 11, 2019 KB4524244 | Mitigated | February 15, 2020 12:02 AM PT | ||||||||||||||||||||||||||||||||||
| You might encounter issues with KB4524244 You might encounter issues trying to install or after installing KB4524244 See details > | N/A February 11, 2019 KB4524244 | Mitigated | February 15, 2020 12:02 AM PT | ||||||||||||||||||||||||||||||||||
| Unable to create local users in Chinese, Japanese and Korean during device setup You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE. See details > | OS Build 17763.737 September 10, 2019 KB4512578 | Resolved KB4534321 | January 23, 2020 02:00 PM PT | ||||||||||||||||||||||||||||||||||
| TLS connections might fail or timeout Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption. See details > | OS Build 17763.805 October 08, 2019 KB4519338 | Mitigated External | November 05, 2019 03:36 PM PT | ||||||||||||||||||||||||||||||||||
| Devices with some Asian language packs installed may receive an error Devices with Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\" See details > | OS Build 17763.437 April 09, 2019 KB4493509 | Mitigated | May 03, 2019 10:59 AM PT | ||||||||||||||||||||||||||||||||||
| Details | Originating update | Status | History |
| “Reset this PC” feature might fail Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail. You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”. Affected platforms:
Workaround: The standalone security update, KB4524244 has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update. If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update. Back to top | N/A February 11, 2019 KB4524244 | Mitigated | Last updated: February 15, 2020 12:02 AM PT Opened: February 15, 2020 12:02 AM PT |
| You might encounter issues with KB4524244 You might encounter issues trying to install or after installing KB4524244. Affected platforms:
Workaround: To help a sub-set of affected devices, the standalone security update (KB4524244) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates. If this update is installed and you are experiencing issues, you can uninstall this update.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update. Back to top | N/A February 11, 2019 KB4524244 | Mitigated | Last updated: February 15, 2020 12:02 AM PT Opened: February 15, 2020 12:02 AM PT |
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
| “Reset this PC” feature might fail “Reset this PC” feature is also called “Push Button Reset” or PBR. See details > | N/A February 11, 2019 KB4524244 | Mitigated | February 15, 2020 12:02 AM PT |
| You might encounter issues with KB4524244 You might encounter issues trying to install or after installing KB4524244 See details > | N/A February 11, 2019 KB4524244 | Mitigated | February 15, 2020 12:02 AM PT |
| Issues with some older versions of Avast and AVG anti-virus products Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus. See details > | N/A | Mitigated External | November 25, 2019 05:25 PM PT |
| TLS connections might fail or timeout Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption. See details > | OS Build 18362.418 October 08, 2019 KB4517389 | Mitigated External | November 05, 2019 03:36 PM PT |
| Details | Originating update | Status | History |
| “Reset this PC” feature might fail Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail. You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”. Affected platforms:
Workaround: The standalone security update, KB4524244 has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update. If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update. Back to top | N/A February 11, 2019 KB4524244 | Mitigated | Last updated: February 15, 2020 12:02 AM PT Opened: February 15, 2020 12:02 AM PT |
| You might encounter issues with KB4524244 You might encounter issues trying to install or after installing KB4524244. Affected platforms:
Workaround: To help a sub-set of affected devices, the standalone security update (KB4524244) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates. If this update is installed and you are experiencing issues, you can uninstall this update.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update. Back to top | N/A February 11, 2019 KB4524244 | Mitigated | Last updated: February 15, 2020 12:02 AM PT Opened: February 15, 2020 12:02 AM PT |
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
| “Reset this PC” feature might fail “Reset this PC” feature is also called “Push Button Reset” or PBR. See details > | N/A February 11, 2019 KB4524244 | Mitigated | February 15, 2020 12:02 AM PT |
| You might encounter issues with KB4524244 You might encounter issues trying to install or after installing KB4524244 See details > | N/A February 11, 2019 KB4524244 | Mitigated | February 15, 2020 12:02 AM PT |
| Issues with some older versions of Avast and AVG anti-virus products Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus. See details > | N/A | Mitigated External | November 25, 2019 05:25 PM PT |
| Details | Originating update | Status | History |
| “Reset this PC” feature might fail Using the “Reset this PC” feature, also called “Push Button Reset” or PBR, might fail. You might restart into recovery with “Choose an option” at the top of the screen with various options or you might restart to your desktop and receive the error “There was a problem resetting your PC”. Affected platforms:
Workaround: The standalone security update, KB4524244 has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Update (LCU), Monthly Rollup or Security Only update. If you have installed this update and are experiencing this issue, the following steps should allow you to reset your device:
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update. Back to top | N/A February 11, 2019 KB4524244 | Mitigated | Last updated: February 15, 2020 12:02 AM PT Opened: February 15, 2020 12:02 AM PT |
| You might encounter issues with KB4524244 You might encounter issues trying to install or after installing KB4524244. Affected platforms:
Workaround: To help a sub-set of affected devices, the standalone security update (KB4524244) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates. If this update is installed and you are experiencing issues, you can uninstall this update.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update. Back to top | N/A February 11, 2019 KB4524244 | Mitigated | Last updated: February 15, 2020 12:02 AM PT Opened: February 15, 2020 12:02 AM PT |
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated | ||||||||||||||||||||||||||||||||||
| After installing an update and restarting, you might receive an error You might receive the error, “Failure to configure Windows updates. Reverting Changes.” or \"Failed\" in Update History. See details > | February 11, 2020 KB4537820 | Resolved | February 12, 2020 05:37 PM PT | ||||||||||||||||||||||||||||||||||
| Custom wallpaper displays as black Using a custom image set to \"Stretch\" might not display as expected. See details > | January 14, 2020 KB4534310 | Resolved KB4539601 | February 07, 2020 10:00 AM PT | ||||||||||||||||||||||||||||||||||
| MSRT might fail to install and be re-offered from Windows Update or WSUS The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS. See details > | Resolved | January 23, 2020 02:08 PM PT | |||||||||||||||||||||||||||||||||||
| TLS connections might fail or timeout Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption. See details > | October 08, 2019 KB4519976 | Mitigated External | November 05, 2019 03:36 PM PT | ||||||||||||||||||||||||||||||||||
| Details | Originating update | Status | History |
| After installing an update and restarting, you might receive an error After installing KB4537820 and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History. Affected platforms:
Resolution: This is expected in the following circumstances:
If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the \"How to get this update\" section of this article. Back to top | February 11, 2020 KB4537820 | Resolved | Resolved: February 12, 2020 05:37 PM PT Opened: February 12, 2020 03:47 PM PT |
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated | ||||||||||||||||||||||||||||||||||
| You might encounter issues with KB4502496 You might encounter issues trying to install or after installing KB4502496 See details > | February 11, 2020 KB4502496 | Mitigated | February 15, 2020 12:02 AM PT | ||||||||||||||||||||||||||||||||||
| TLS connections might fail or timeout Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption. See details > | October 08, 2019 KB4520005 | Mitigated External | November 05, 2019 03:36 PM PT | ||||||||||||||||||||||||||||||||||
| Japanese IME doesn't show the new Japanese Era name as a text input option With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option. See details > | April 25, 2019 KB4493443 | Mitigated | May 15, 2019 05:53 PM PT | ||||||||||||||||||||||||||||||||||
| Certain operations performed on a Cluster Shared Volume may fail Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5). See details > | January 08, 2019 KB4480963 | Mitigated | April 25, 2019 02:00 PM PT | ||||||||||||||||||||||||||||||||||
| Details | Originating update | Status | History |
| You might encounter issues with KB4502496 You might encounter issues trying to install or after installing KB4502496. Affected platforms:
Workaround: To help a sub-set of affected devices, the standalone security update (KB4502496) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates. If this update is installed and you are experiencing issues, you can uninstall this update.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update. Back to top | February 11, 2020 KB4502496 | Mitigated | Last updated: February 15, 2020 12:02 AM PT Opened: February 15, 2020 12:02 AM PT |
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated |
| After installing an update and restarting, you might receive an error You might receive the error, “Failure to configure Windows updates. Reverting Changes.” or \"Failed\" in Update History. See details > | February 11, 2020 KB4537810 | Resolved | February 12, 2020 05:37 PM PT |
| MSRT might fail to install and be re-offered from Windows Update or WSUS The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS. See details > | Resolved | January 23, 2020 02:08 PM PT | |
| TLS connections might fail or timeout Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption. See details > | October 08, 2019 KB4520002 | Mitigated External | November 05, 2019 03:36 PM PT |
| Details | Originating update | Status | History |
| After installing an update and restarting, you might receive an error After installing KB4537810 and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History. Affected platforms:
Resolution: This is expected in the following circumstances:
If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the \"How to get this update\" section of this article. Back to top | February 11, 2020 KB4537810 | Resolved | Resolved: February 12, 2020 05:37 PM PT Opened: February 12, 2020 03:47 PM PT |
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.
| Summary | Originating update | Status | Last updated | ||||||||||||||||||||||||||||||||||
| You might encounter issues with KB4502496 You might encounter issues trying to install or after installing KB4502496 See details > | February 11, 2020 KB4502496 | Mitigated | February 15, 2020 12:02 AM PT | ||||||||||||||||||||||||||||||||||
| TLS connections might fail or timeout Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption. See details > | October 08, 2019 KB4520007 | Mitigated External | November 05, 2019 03:36 PM PT | ||||||||||||||||||||||||||||||||||
| Japanese IME doesn't show the new Japanese Era name as a text input option With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option. See details > | April 25, 2019 KB4493462 | Mitigated | May 15, 2019 05:53 PM PT | ||||||||||||||||||||||||||||||||||
| Certain operations performed on a Cluster Shared Volume may fail Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5). See details > | January 08, 2019 KB4480975 | Mitigated | April 25, 2019 02:00 PM PT | ||||||||||||||||||||||||||||||||||
| Details | Originating update | Status | History |
| You might encounter issues with KB4502496 You might encounter issues trying to install or after installing KB4502496. Affected platforms:
Workaround: To help a sub-set of affected devices, the standalone security update (KB4502496) has been removed and will not re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog. Note This does not affect any other update, including Latest Cumulative Updates (LCUs), Monthly Rollups or Security Only updates. If this update is installed and you are experiencing issues, you can uninstall this update.
Next steps: We are working on an improved version of this update in coordination with our partners and will release it in a future update. Back to top | February 11, 2020 KB4502496 | Mitigated | Last updated: February 15, 2020 12:02 AM PT Opened: February 15, 2020 12:02 AM PT |
| Message | Date |
| Compatibility issue with some Windows Server container images If you are encountering issues with Windows Server container images, please see KB4542617. | February 13, 2020 03:21 PM PT |
| Take action: February 2020 security update available for all supported versions of Windows The February 2020 security update release, referred to as our “B” release, is now available for Windows 10, version 1909 and all supported versions of Windows. We recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate. | February 11, 2020 08:00 AM PT |
| Take action: ESU security updates available for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2 reached end of support on January 14, 2020. For customers who have purchased Extended Security Updates (ESU), the first monthly ESU security updates are now available. If your organization has not yet been able to complete your transition to Windows 10, Windows Server 2016, or Windows Server 2019 and want to continue to receive security updates for your current version of Windows, you will need to purchase Extended Security Updates. For information on how to do so, please see How to get Extended Security Updates for eligible Windows devices, Windows 7 ESU frequently ask questions, and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 ESU frequently asked questions. We recommend ESU customers review the applicable KB article below for prerequisites and other important information you will need to deploy these updates. The following updates were released today for Windows Server 2008 SP2:
The following updates were released today for Windows 7 SP1 and Windows Server 2008 R2 SP1: | February 11, 2020 08:00 AM PT |
| Resolved: Windows Search shows blank box We are aware of a temporary server-side issue causing Windows search to show a blank box. This issue has been resolved for most users and in some cases, you might need to restart your device. We are working diligently to fully resolve the issue and will provide an update once resolved. This issue was resolved at 12:00 PM PST. If you are still experiencing issues, please restart your device. In rare cases, you may need to manually end the SearchUI.exe or SearchApp.exe process via Task Manager. (To locate these processes, select CTRL + Shift + Esc then select the Details tab.) | February 05, 2020 12:00 PM PT |
| Take action: SHA-2 code signing support guidance for Windows 7 SP1 and Windows Server 2008 RS2 SP1 Windows 7 SP1 and Windows Server 2008 R2 SP1 update signatures are now SHA-2 based signatures and requires that SHA-2 support to be installed. For important customer guidance on installation and troubleshooting tips, please read the knowledge base article 2019 SHA-2 Code Signing Support requirement for Windows and WSUS. | August 23, 2019 03:35 PM PT |
| Take action: Windows 10, version 1703 (the Windows 10 Creators Update) reaches end of life on October 9, 2019 The Enterprise and Education editions of Windows 10, version 1703 (the Windows 10 Creators Update) will reach end of life on October 9, 2019. The Home, Pro, Pro for Workstations, and IoT Core editions reached end of service on October 8, 2018. There is no extended support available for any edition of Windows 10, version 1703. Therefore, it will no longer be supported after October 9, 2019 and will not receive monthly security and quality updates containing protections from the latest security threats. To continue receiving security and quality updates, Microsoft recommends that you update your devices to the latest version of Windows 10. For more information on end of service dates and currently supported versions of Windows 10, see the Windows lifecycle fact sheet. | August 23, 2019 02:17 PM PT |
| Resolved: Delays starting Internet Explorer 11 On August 16, 2019 at 7:16 AM a server required for downloading the Internet Explorer 11 (IE11) startup page, went down. As a result of the server outage, IE 11 became unresponsive for some customers who had not yet installed the August 2019 security updates. Customers who had the August 2019 security update installed were not affected. In order to ensure your devices remain in a serviced and secure state, we recommend you install the latest monthly update. This issue was resolved on the server side at 1:00 pm PST. | August 16, 2019 04:00 PM PT |
| August 2019 security update now available for Windows 10, version 1903 and all supported versions of Windows The August 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1903 and all supported versions of Windows. A “B” release is the primary, regular update event for each month and is the only regular release that contains security fixes. As a result, we recommend that you install these updates promptly. For more information on the different types of monthly quality updates, see our Windows 10 update servicing cadence primer. To be informed about the latest updates and releases, follow us on Twitter @WindowsUpdate. | August 13, 2019 10:00 AM PT |
| Advisory: Bluetooth encryption key size vulnerability disclosed (CVE-2019-9506) On August 13, 2019, Microsoft released security updates to address a Bluetooth key length encryption vulnerability. To exploit this vulnerability, an attacker would need specialized hardware and would be limited by the signal range of the Bluetooth devices in use. For more information about this industry-wide issue, see CVE-2019-9506 | Bluetooth Encryption Key Size Vulnerability in the Microsoft Security Update Guide and important guidance for IT pros in KB4514157. (Note: we are documenting this vulnerability together with guidance for IT admins as part of a coordinated industry disclosure effort.) | August 13, 2019 10:00 AM PT |
| Advisory: Windows Advanced Local Procedure Call Elevation of Privilege vulnerability disclosed (CVE-2019-1162) On August 13, 2019, Google Project Zero (GPZ) disclosed an Elevation of Privilege (EoP) vulnerability in how Windows handles calls to Advanced Local Procedure Call (ALPC) that affects Windows operating systems, versions 8.1 and higher. An attacker must already have code execution on the target system to leverage these vulnerabilities. Microsoft released security updates on August 13, 2019 that partially address this issue. Other items disclosed by GPZ require more time to address and we are working to release a resolution in mid-September. For more information, see CVE-2019-1162 | Windows ALPC Elevation of Privilege Vulnerability | August 13, 2019 10:00 AM PT |
| Take action: Windows 10, version 1803 (the April 2018 Update) reaches end of service on November 12, 2019 Windows 10, version 1803 (the April 2018 Update) will reach end of service on November 12, 2019 for Home and Pro editions. We will begin updating devices running Windows 10, version 1803 to Windows 10, version 1903 (the May 2019 Update) starting July 16, 2019 to help ensure that these devices remain in a serviced and secure state. For more information, see the Windows 10, version 1903 section of the Windows release health dashboard. | August 13, 2019 10:00 AM PT |
| Windows 10, version 1903 rollout begins The Windows 10 May 2019 Update (Windows 10, version 1903) is available today to commercial customers via Windows Server Update Services (WSUS), Windows Update for Business, and the Volume Licensing Service Center (VLSC)—and to end users who manually select “Check for updates.” We are slowly throttling up availability while we carefully monitor data and feedback. | May 21, 2019 10:00 AM PT |
-> If you are an OEM, see [PC OEM requirements for Windows Defender Device Guard and Windows Defender Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514.aspx).
+> Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new shipping computers. +> +> If you are an OEM, see [PC OEM requirements for Windows Defender Device Guard and Windows Defender Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514.aspx). ### Baseline protections diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.md b/windows/security/identity-protection/hello-for-business/hello-faq.md index 57b0ea0add..07be2bbf3d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.md +++ b/windows/security/identity-protection/hello-for-business/hello-faq.md @@ -31,7 +31,7 @@ Microsoft is committed to its vision of a world without passwords. We rec RDP currently does not support key based authentication and does not support self signed certificates. RDP with Windows Hello for Business is currently only supported with certificate based deployments. ## Can I deploy Windows Hello for Business using Microsoft Endpoint Configuration Manager? -Windows Hello for Business deployments using Configuration Manager need to move to the hybrid deployment model that uses Active Directory Federation Services. Deployments using Configuration Manager will no longer be supported after November 2018. +Windows Hello for Business deployments using Configuration Manager should use the hybrid deployment model that uses Active Directory Federation Services. Starting in Configuration Manager version 1910, certificate-based authentication with Windows Hello for Business settings isn't supported. Key-based authentication is still valid with Configuration Manager. For more information, see [Windows Hello for Business settings in Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/windows-hello-for-business-settings). ## How many users can enroll for Windows Hello for Business on a single Windows 10 computer? The maximum number of supported enrollments on a single Windows 10 computer is 10. That enables 10 users to each enroll their face and up to 10 fingerprints. While we support 10 enrollments, we will strongly encourage the use of Windows Hello security keys for the shared computer scenario when they become available. @@ -51,7 +51,7 @@ It is currently possible to set a convenience PIN on Azure Active Directory Join No. Windows 10 currently only supports one Windows Hello for Business camera and does not fluidly switch to an external camera when the computer is docked with the lid closed. The product group is aware of this and is investigating this topic further. ## What is the password-less strategy? -Watch Principal Program Manager Karanbir Singh's Ignite 2017 presentation **Microsoft's guide for going password-less** +Watch Principal Program Manager Karanbir Singh's Ignite 2017 presentation **Microsoft's guide for going password-less**. [Microsoft's password-less strategy](hello-videos.md#microsofts-passwordless-strategy) @@ -93,7 +93,7 @@ The **key trust** model authenticates to Active Directory using a raw key. Wind The **certificate trust** model authenticates to Active Directory using a certificate. Because this authentication uses a certificate, domain controllers running previous versions of Windows Server can authenticate the user. Therefore, you need to issue certificates to your end users, but you do not need Windows Server 2016 domain controllers. The certificate used in certificate trust uses the TPM protected private key to request a certificate from your enterprise's issuing certificate authority. ## Do I need Windows Server 2016 domain controllers? -There are many deployment options from which to choose. Some of those options require an adequate number of Windows Server 2016 domain controllers in the site where you have deployed Windows Hello for Business. There are other deployment options that use existing Windows Server 2008 R2 or later domain controllers. Choose the deployment option that best suits your environment +There are many deployment options from which to choose. Some of those options require an adequate number of Windows Server 2016 domain controllers in the site where you have deployed Windows Hello for Business. There are other deployment options that use existing Windows Server 2008 R2 or later domain controllers. Choose the deployment option that best suits your environment. ## What attributes are synchronized by Azure AD Connect with Windows Hello for Business? Review [Azure AD Connect sync: Attributes synchronized to Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-attributes-synchronized) for a list of attributes that are sync based on scenarios. The base scenarios that include Windows Hello for Business are [Windows 10](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-attributes-synchronized#windows-10) scenario and the [Device writeback](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-attributes-synchronized#device-writeback) scenario. Your environment may include additional attributes. @@ -111,7 +111,7 @@ Starting in Windows 10, version 1709, you can use multi-factor unlock to require Windows Hello represents the biometric framework provided in Windows 10. Windows Hello enables users to use biometrics to sign into their devices by securely storing their user name and password and releasing it for authentication when the user successfully identifies themselves using biometrics. Windows Hello for Business uses asymmetric keys protected by the device's security module that requires a user gesture (PIN or biometrics) to authenticate. ## Why can't I enroll biometrics for my local built-in Administrator? -Windows 10 does not allow the local administrator to enroll biometric gestures(face or fingerprint). +Windows 10 does not allow the local administrator to enroll biometric gestures (face or fingerprint). ## I have extended Active Directory to Azure Active Directory. Can I use the on-premises deployment model? No. If your organization is federated or using on-line services, such as Azure AD Connect, Office 365, or OneDrive, then you must use a hybrid deployment model. On-premises deployments are exclusive to organization who need more time before moving to the cloud and exclusively use Active Directory. @@ -144,7 +144,7 @@ The smart card emulation feature of Windows Hello for Business verifies the PIN No. The movement away from passwords is accomplished by gradually reducing the use of the password. In the occurrence where you cannot authenticate with biometrics, you need a fall back mechanism that is not a password. The PIN is the fall back mechanism. Disabling or hiding the PIN credential provider disabled the use of biometrics. ## How are keys protected? -Wherever possible, Windows Hello for Business takes advantage of trusted platform module (TPM) 2.0 hardware to generate and protect keys. However, Windows Hello and Windows Hello for Business does not require a TPM. Administrators can choose to allow key operations in software +Wherever possible, Windows Hello for Business takes advantage of trusted platform module (TPM) 2.0 hardware to generate and protect keys. However, Windows Hello and Windows Hello for Business does not require a TPM. Administrators can choose to allow key operations in software. Whenever possible, Microsoft strongly recommends the use of TPM hardware. The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. The TPM provides an additional layer of protection after an account lockout, too. When the TPM has locked the key material, the user will have to reset the PIN (which means he or she will have to use MFA to re-authenticate to the IDP before the IDP allows him or her to re-register). @@ -155,7 +155,7 @@ Yes. You can use the on-premises Windows Hello for Business deployment and comb Yes, if you are federated hybrid deployment, you can use any third-party that provides an Active Directory Federation Services (AD FS) multi-factor authentication adapter. A list of third-party MFA adapters can be found [here](https://docs.microsoft.com/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs#microsoft-and-third-party-additional-authentication-methods). ## Does Windows Hello for Business work with third party federation servers? -Windows Hello for Business can work with any third-party federation servers that support the protocols used during provisioning experience. Interested third-parties can inquiry at [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration) +Windows Hello for Business can work with any third-party federation servers that support the protocols used during provisioning experience. Interested third-parties can inquiry at [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration). | Protocol | Description | | :---: | :--- | @@ -165,5 +165,5 @@ Windows Hello for Business can work with any third-party federation servers that | [[MS-OIDCE]: OpenID Connect 1.0 Protocol Extensions](https://msdn.microsoft.com/library/mt766592.aspx) | Specifies the OpenID Connect 1.0 Protocol Extensions. These extensions define additional claims to carry information about the end user, including the user principal name, a locally unique identifier, a time for password expiration, and a URL for password change. These extensions also define additional provider meta-data that enable the discovery of the issuer of access tokens and give additional information about provider capabilities. | ## Does Windows Hello for Business work with Mac and Linux clients? -Windows Hello for Business is a feature of Windows 10. At this time, Microsoft is not developing clients for other platforms. However, Microsoft is open to third parties who are interested in moving these platforms away from passwords. Interested third parties can get more information by emailing [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration) +Windows Hello for Business is a feature of Windows 10. At this time, Microsoft is not developing clients for other platforms. However, Microsoft is open to third parties who are interested in moving these platforms away from passwords. Interested third parties can get more information by emailing [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration). diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md index aaf98a84f7..8879dec483 100644 --- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md +++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md @@ -73,8 +73,8 @@ Microsoft has made a concerted effort to enlighten several of our more popular a - Microsoft Remote Desktop ->[!NOTE] ->Microsoft Visio and Microsoft Project are not enlightended apps and need to be exempted from WIP policy. If they are allowed, there is a risk of data loss. For example, if a device is workplace-joined and managed and the user leaves the company, metadata files that the apps rely on remain encrypted and the apps stop functioining. +> [!NOTE] +> Microsoft Visio, Microsoft Office Access and Microsoft Project are not enlightended apps and need to be exempted from WIP policy. If they are allowed, there is a risk of data loss. For example, if a device is workplace-joined and managed and the user leaves the company, metadata files that the apps rely on remain encrypted and the apps stop functioining. ## List of WIP-work only apps from Microsoft Microsoft still has apps that are unenlightened, but which have been tested and deemed safe for use in an enterprise with WIP and MAM solutions. diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index ff92a6c111..8b5a188647 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -115,7 +115,7 @@ This table provides info about the most common problems you might encounter whil
If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see Can't open files offline when you use Offline Files and Windows Information Protection. +
If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see Can't open files offline when you use Offline Files and Windows Information Protection.
 Threat & Vulnerability Management |
- Attack surface reduction |
- Next generation protection |
- Endpoint detection and response |
- Automated investigation and remediation |
- Secure score |
- Microsoft Threat Experts |
+ Attack surface reduction |
+ Next generation protection |
+ Endpoint detection and response |
+ Automated investigation and remediation |
+ Microsoft Threat Experts |
||||||||||||||
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md
index 73a0af658e..5e5df96421 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md
@@ -29,8 +29,12 @@ Advanced hunting is a query-based threat-hunting tool that lets you explore up t
You can use the same threat-hunting queries to build custom detection rules. These rules run automatically to check for and respond to various events and system states, including suspected breach activity and misconfigured machines.
## Get started with advanced hunting
+Watch this video for a quick overview of advanced hunting and a short tutorial that will get you started fast.
+
-We recommend going through several steps to quickly get up and running with advanced hunting.
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4bGqo]
+
+You can also go through each of the following steps to ramp up your advanced hunting knowledge.
| Learning goal | Description | Resource |
|--|--|--|
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md
index 5323e67ad0..0dcf6e3af5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md
@@ -40,7 +40,7 @@ For information on other tables in the advanced hunting schema, see [the advance
| `OSPlatform` | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7. |
| `OSVersion` | string | Version of the operating system running on the machine |
| `OSArchitecture` | string | Architecture of the operating system running on the machine |
-| `SoftwareVendor` | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape |
+| `SoftwareVendor` | string | Name of the software vendor |
| `SoftwareName` | string | Name of the software product |
| `SoftwareVersion` | string | Version number of the software product |
| `CveId` | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
index 589b46db48..1c6f356099 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
@@ -26,6 +26,9 @@ ms.topic: conceptual
Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Microsoft Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
+Watch this video for a quick overview of Microsoft Defender ATP's APIs.
+>[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4d73M]
+
In general, you’ll need to take the following steps to use the APIs:
- Create an AAD application
- Get an access token using this application
diff --git a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md
index c0073ce75e..28689c33c8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md
@@ -24,7 +24,7 @@ ms.custom: asr
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-Exploit protection automatically applies a number of exploit mitigation techniques to operating system processes and apps. Exploit protection is supported beginning with Windows 10, version 1709 and Windows Server 2016, version 1803.
+Exploit protection automatically applies a number of exploit mitigation techniques to operating system processes and apps. Exploit protection is supported beginning with Windows 10, version 1709 and Windows Server, version 1803.
> [!TIP]
> You can visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
@@ -93,7 +93,7 @@ Win32K | 260 | Untrusted Font
## Mitigation comparison
-The mitigations available in EMET are included natively in Windows 10 (starting with version 1709) and Windows Server 2016 (starting with version 1803), under [Exploit protection](exploit-protection.md).
+The mitigations available in EMET are included natively in Windows 10 (starting with version 1709) and Windows Server (starting with version 1803), under [Exploit protection](exploit-protection.md).
The table in this section indicates the availability and support of native mitigations between EMET and exploit protection.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ASR_icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/ASR_icon.png
deleted file mode 100644
index dd521d492a..0000000000
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/ASR_icon.png and /dev/null differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/EDR_icon.jpg b/windows/security/threat-protection/microsoft-defender-atp/images/EDR_icon.jpg
deleted file mode 100644
index ed71564e87..0000000000
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/EDR_icon.jpg and /dev/null differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/EDR_icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/EDR_icon.png
deleted file mode 100644
index f2622cbc2b..0000000000
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/EDR_icon.png and /dev/null differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/MTE_icon.jpg b/windows/security/threat-protection/microsoft-defender-atp/images/MTE_icon.jpg
deleted file mode 100644
index 020b1d4132..0000000000
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/MTE_icon.jpg and /dev/null differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/MTE_icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/MTE_icon.png
deleted file mode 100644
index d5b9b48086..0000000000
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/MTE_icon.png and /dev/null differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/NGP_icon.jpg b/windows/security/threat-protection/microsoft-defender-atp/images/NGP_icon.jpg
deleted file mode 100644
index d089da2493..0000000000
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/NGP_icon.jpg and /dev/null differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/NGP_icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/NGP_icon.png
deleted file mode 100644
index 6066f305a2..0000000000
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/NGP_icon.png and /dev/null differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/TVM_icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/TVM_icon.png
index b3cb1854b9..17097506c4 100644
Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/TVM_icon.png and b/windows/security/threat-protection/microsoft-defender-atp/images/TVM_icon.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/air-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/air-icon.png
new file mode 100644
index 0000000000..985e3e4429
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/air-icon.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/asr-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/asr-icon.png
new file mode 100644
index 0000000000..bf649e87ec
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/asr-icon.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/edr-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/edr-icon.png
new file mode 100644
index 0000000000..8c750dee42
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/edr-icon.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mte-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/mte-icon.png
new file mode 100644
index 0000000000..1d5693a399
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mte-icon.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ngp-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/ngp-icon.png
new file mode 100644
index 0000000000..9aca3db517
Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ngp-icon.png differ
diff --git a/windows/security/threat-protection/microsoft-defender-atp/management-apis.md b/windows/security/threat-protection/microsoft-defender-atp/management-apis.md
index f42404e0ac..2634614f1b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/management-apis.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/management-apis.md
@@ -54,6 +54,9 @@ The Microsoft Defender ATP APIs can be grouped into three:
Microsoft Defender ATP offers a layered API model exposing data and capabilities in a structured, clear and easy to use model, exposed through a standard Azure AD-based authentication and authorization model allowing access in context of users or SaaS applications. The API model was designed to expose entities and capabilities in a consistent form.
+Watch this video for a quick overview of Microsoft Defender ATP's APIs.
+>[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4d73M]
+
The **Investigation API** exposes the richness of Microsoft Defender ATP - exposing calculated or 'profiled' entities (for example, machine, user, and file) and discrete events (for example, process creation and file creation) which typically describes a behavior related to an entity, enabling access to data via investigation interfaces allowing a query-based access to data. For more information see, [Supported APIs](exposed-apis-list.md).
The **Response API** exposes the ability to take actions in the service and on devices, enabling customers to ingest indicators, manage settings, alert status, as well as take response actions on devices programmatically such as isolate machines from the network, quarantine files, and others.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
index 980aa0a653..b08c20b0a4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
@@ -50,12 +50,11 @@ Microsoft Defender ATP uses the following combination of technology built into W
| |||||||||||||||||||||||||
