mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-15 02:13:43 +00:00
Merge branch 'release-mcc-ent' into nidos-ent
This commit is contained in:
Meghan Stewart
GitHub
@ -16,7 +16,7 @@ appliesto:
|
||||
# Updated Windows and Microsoft Copilot experience
|
||||
<!--8445848, 9294806-->
|
||||
|
||||
>**Looking for consumer information?** See [Welcome to Copilot in Windows](https://support.microsoft.com/topic/675708af-8c16-4675-afeb-85a5a476ccb0).
|
||||
>**Looking for consumer information?** See [Welcome to Copilot in Windows](https://support.microsoft.com/topic/675708af-8c16-4675-afeb-85a5a476ccb0). **Looking for more information on Microsoft Copilot experiences?** See [Understanding the different Microsoft Copilot experiences](https://support.microsoft.com/topic/cfff4791-694a-4d90-9c9c-1eb3fb28e842).
|
||||
|
||||
## Enhanced data protection with enterprise data protection
|
||||
|
||||
|
||||
@ -9,7 +9,7 @@ metadata:
|
||||
ms.topic: landing-page
|
||||
ms.collection:
|
||||
- tier1
|
||||
ms.date: 10/25/2023
|
||||
ms.date: 10/07/2024
|
||||
ms.localizationpriority: medium
|
||||
|
||||
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
|
||||
@ -27,8 +27,8 @@ landingContent:
|
||||
url: configuration-service-provider-support.md
|
||||
- text: Device description framework (DDF) files
|
||||
url: configuration-service-provider-ddf.md
|
||||
- text: BitLocker CSP
|
||||
url: bitlocker-csp.md
|
||||
- text: Contribute to CSP reference
|
||||
url: contribute-csp-reference.md
|
||||
- text: Declared Configuration protocol
|
||||
url: ../declared-configuration.md
|
||||
|
||||
@ -42,8 +42,8 @@ landingContent:
|
||||
url: policy-configuration-service-provider.md
|
||||
- text: Policy DDF file
|
||||
url: configuration-service-provider-ddf.md
|
||||
- text: Policy CSP - Start
|
||||
url: policy-csp-start.md
|
||||
- text: Policy CSP - Defender
|
||||
url: policy-csp-defender.md
|
||||
- text: Policy CSP - Update
|
||||
url: policy-csp-update.md
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Office CSP
|
||||
description: Learn more about the Office CSP.
|
||||
ms.date: 01/18/2024
|
||||
ms.date: 10/10/2024
|
||||
---
|
||||
|
||||
<!-- Auto-Generated CSP Document -->
|
||||
@ -11,7 +11,7 @@ ms.date: 01/18/2024
|
||||
|
||||
<!-- Office-Editable-Begin -->
|
||||
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
|
||||
The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool (ODT). For more information, see [Configuration options for the Office Deployment Tool](/deployoffice/office-deployment-tool-configuration-options) and [How to assign Office 365 apps to Windows 10 devices with Microsoft Intune](/intune/apps-add-office365).
|
||||
The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool (ODT). For more information, see [Configuration options for the Office Deployment Tool](/deployoffice/office-deployment-tool-configuration-options) and [Add Microsoft 365 Apps to Windows devices with Microsoft Intune](/mem/intune/apps/apps-add-office365).
|
||||
<!-- Office-Editable-End -->
|
||||
|
||||
<!-- Office-Tree-Begin -->
|
||||
@ -587,7 +587,7 @@ To get the current status of Office 365 on the device.
|
||||
| 17001 | ERROR_QUEUE_SCENARIO <br/>Failed to queue installation scenario in C2RClient | Failure |
|
||||
| 17002 | ERROR_COMPLETING_SCENARIO <br>Failed to complete the process. Possible reasons:<li>Installation canceled by user<li>Installation canceled by another installation<li>Out of disk space during installation <li>Unknown language ID | Failure |
|
||||
| 17003 | ERROR_ANOTHER_RUNNING_SCENARIO <br>Another scenario is running | Failure |
|
||||
| 17004 | ERROR_COMPLETING_SCENARIO_NEED_CLEAN_UP<br>Possible reasons:<li>Unknown SKUs<li>Content does't exist on CDN<ul><li>Such as trying to install an unsupported LAP, like zh-sg<li>CDN issue that content is not available</li></ul><li>Signature check issue, such as failed the signature check for Office content<li>User canceled | Failure |
|
||||
| 17004 | ERROR_COMPLETING_SCENARIO_NEED_CLEAN_UP<br>Possible reasons:<li>Unknown SKUs<li>Content doesn't exist on CDN<ul><li>Such as trying to install an unsupported LAP, like zh-sg<li>CDN issue that content is not available</li></ul><li>Signature check issue, such as failed the signature check for Office content<li>User canceled | Failure |
|
||||
| 17005 | ERROR_SCENARIO_CANCELLED_AS_PLANNED | Failure |
|
||||
| 17006 | ERROR_SCENARIO_CANCELLED<br>Blocked update by running apps | Failure |
|
||||
| 17007 | ERROR_REMOVE_INSTALLATION_NEEDED<br>The client is requesting client clean-up in a "Remove Installation" scenario | Failure |
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Audit Policy CSP
|
||||
description: Learn more about the Audit Area in Policy CSP.
|
||||
ms.date: 08/06/2024
|
||||
ms.date: 10/10/2024
|
||||
---
|
||||
|
||||
<!-- Auto-Generated CSP Document -->
|
||||
@ -846,7 +846,7 @@ Volume: Low.
|
||||
|
||||
<!-- AccountLogonLogoff_AuditSpecialLogon-Description-Begin -->
|
||||
<!-- Description-Source-DDF -->
|
||||
This policy setting allows you to audit events generated by special logons such as the following: The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged-on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see [article 947223 in the Microsoft Knowledge Base](https://go.microsoft.com/fwlink/?LinkId=121697).
|
||||
This policy setting allows you to audit events generated by special logons such as the following: The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged-on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged.
|
||||
<!-- AccountLogonLogoff_AuditSpecialLogon-Description-End -->
|
||||
|
||||
<!-- AccountLogonLogoff_AuditSpecialLogon-Editable-Begin -->
|
||||
|
||||
@ -12,7 +12,7 @@ You can install multiple Universal Windows Platform (UWP) apps and Windows deskt
|
||||
When you add an app in a Windows Configuration Designer wizard, the appropriate settings are displayed based on the app that you select. For instructions on adding an app using the advanced editor in Windows Configuration Designer, see [Add an app using advanced editor](#add-a-windows-desktop-application-using-advanced-editor).
|
||||
|
||||
> [!IMPORTANT]
|
||||
> If you plan to use Intune to manage your devices, we recommend using Intune to install Microsoft 365 Apps for enterprise. Apps that are installed using a provisioning package cannot be managed or modified using Intune. [Learn how to add Microsoft 365 Apps to Windows devices with Microsoft Intune.](/intune/apps-add-office365)
|
||||
> If you plan to use Intune to manage your devices, we recommend using Intune to install Microsoft 365 Apps for enterprise. Apps that are installed using a provisioning package cannot be managed or modified using Intune. [Learn how to add Microsoft 365 Apps to Windows devices with Microsoft Intune.](/mem/intune/apps/apps-add-office365)
|
||||
|
||||
## Settings for UWP apps
|
||||
|
||||
|
||||
@ -32,6 +32,7 @@ Use the table below to reference any particular content types or services endpoi
|
||||
| *.officecdn.microsoft.com.edgesuite.net, *.officecdn.microsoft.com, *.cdn.office.net | HTTP / 80 | Office CDN updates | [Complete list](/office365/enterprise/office-365-endpoints) of endpoints for Office CDN updates. | Both |
|
||||
| *.manage.microsoft.com, *.swda01.manage.microsoft.com, *.swda02.manage.microsoft.com, *.swdb01.manage.microsoft.com, *.swdb02.manage.microsoft.com, *.swdc01.manage.microsoft.com, *.swdc02.manage.microsoft.com, *.swdd01.manage.microsoft.com, *.swdd02.manage.microsoft.com, *.swda01-mscdn.manage.microsoft.com, *.swda02-mscdn.manage.microsoft.com, *.swdb01-mscdn.manage.microsoft.com, *.swdb02-mscdn.manage.microsoft.com, *.swdc01-mscdn.manage.microsoft.com, *.swdc02-mscdn.manage.microsoft.com, *.swdd01-mscdn.manage.microsoft.com, *.swdd02-mscdn.manage.microsoft.com | HTTP / 80 </br> HTTPs / 443 | Intune Win32 Apps | [Complete list](/mem/intune/fundamentals/intune-endpoints) of endpoints for Intune Win32 Apps updates. | Both |
|
||||
| *.statics.teams.cdn.office.net | HTTP / 80 </br> HTTPs / 443 | Teams | Future support is planned for peering and Connected Cache | TBD |
|
||||
| *.res.cdn.office.net | HTTP / 80 </br> HTTPs / 443 | Outlook | Future support is planned for peering and Connected Cache | TBD |
|
||||
| *.assets1.xboxlive.com, *.assets2.xboxlive.com, *.dlassets.xboxlive.com, *.dlassets2.xboxlive.com, *.d1.xboxlive.com, *.d2.xboxlive.com, *.assets.xbox.com, *.xbl-dlassets-origin.xboxlive.com, *.assets-origin.xboxlive.com, *.xvcb1.xboxlive.com, *.xvcb2.xboxlive.com, *.xvcf1.xboxlive.com, *.xvcf2.xboxlive.com | HTTP / 80 | Xbox | | Both |
|
||||
| *.tlu.dl.adu.microsoft.com, *.nlu.dl.adu.microsoft.com, *.dcsfe.prod.adu.microsoft.com | HTTP / 80 | Device Update | [Complete list](/azure/iot-hub-device-update/) of endpoints for Device Update updates. | Both |
|
||||
| *.do.dsp.mp.microsoft.com | HTTP / 80 </br> HTTPs / 443 | Microsoft Connected Cache -> Delivery Optimization Services communication | [Complete list](../do/waas-delivery-optimization-faq.yml) of endpoints for Delivery Optimization only. | Connected Cache Managed in Azure |
|
||||
|
||||
@ -41,7 +41,7 @@ The overall device registration process is as follows:
|
||||
:::image type="content" source="../media/windows-autopatch-device-registration-overview.png" alt-text="Overview of the device registration process" lightbox="../media/windows-autopatch-device-registration-overview.png":::
|
||||
|
||||
1. IT admin reviews [Windows Autopatch device registration prerequisites](#prerequisites-for-device-registration) before registering devices with Windows Autopatch.
|
||||
2. IT admin identifies and adds devices or nests other Microsoft Entra device groups into any Microsoft Entra group used with an Autopatch group, imported (WUfB) policies, or direct membership to the **Modern Workplace Devices-Windows-Autopatch-X-groups**.
|
||||
2. IT admin identifies and adds devices, or nests other Microsoft Entra device groups when you [create an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#create-an-autopatch-group), [edit an Autopatch group](../manage/windows-autopatch-manage-autopatch-groups.md#edit-an-autopatch-group), or import Windows Update for Business (WUfB) policies.
|
||||
3. Windows Autopatch then:
|
||||
1. Performs device readiness prior registration (prerequisite checks).
|
||||
2. Calculates the deployment ring distribution.
|
||||
@ -77,7 +77,7 @@ The deployment ring distribution is designed to release software update deployme
|
||||
|
||||
### Device record and deployment ring assignment
|
||||
|
||||
Registering your devices with Windows Autopatch does the following:
|
||||
When you register your devices, Windows Autopatch:
|
||||
|
||||
1. Makes a record of devices in the service.
|
||||
2. Assign devices to the [deployment ring set](#default-deployment-ring-calculation-logic) and other groups required for software update management.
|
||||
|
||||
@ -5,7 +5,7 @@ metadata:
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.topic: faq
|
||||
ms.date: 01/03/2024
|
||||
ms.date: 10/10/2024
|
||||
|
||||
title: Common questions about Windows Hello for Business
|
||||
summary: Windows Hello for Business replaces password sign-in with strong authentication, using an asymmetric key pair. This Frequently Asked Questions (FAQ) article is intended to help you learn more about Windows Hello for Business.
|
||||
|
||||
@ -6,5 +6,5 @@ ms.topic: include
|
||||
---
|
||||
|
||||
> [!NOTE]
|
||||
> - Microsoft Defender Application Guard, including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), will be deprecated for Microsoft Edge for Business and [will no longer be updated](/windows/whats-new/feature-lifecycle). Please download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more about Edge for Business security capabilities.
|
||||
> - Microsoft Defender Application Guard, including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), will be deprecated for Microsoft Edge for Business and [will no longer be updated](/windows/whats-new/feature-lifecycle). To learn more about Microsoft Edge security capabilities, see [Microsoft Edge For Business Security](/deployedge/ms-edge-security-for-business).
|
||||
> - Because Application Guard is deprecated there will not be a migration to Edge Manifest V3. The corresponding browser extensions and associated Windows Store app are no longer available. If you want to block unprotected browsers until you are ready to retire MDAG usage in your enterprise, we recommend using AppLocker policies or [Microsoft Edge management service](/deployedge/microsoft-edge-management-service). For more information, see [Microsoft Edge and Microsoft Defender Application Guard](/deployedge/microsoft-edge-security-windows-defender-application-guard).<!--8932292-->
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Available Microsoft Defender SmartScreen settings
|
||||
description: A list of all available settings for Microsoft Defender SmartScreen using Group Policy and mobile device management (MDM) settings.
|
||||
ms.date: 07/10/2024
|
||||
ms.date: 10/10/2024
|
||||
ms.topic: reference
|
||||
---
|
||||
|
||||
@ -9,7 +9,7 @@ ms.topic: reference
|
||||
|
||||
Microsoft Defender SmartScreen works with Intune, Group Policy, and mobile device management (MDM) settings to help you manage your organization's computer settings. Based on how you set up Microsoft Defender SmartScreen, you can show users a warning page and let them continue to the site, or you can block the site entirely.
|
||||
|
||||
See [Windows settings to protect devices using Intune](/intune/endpoint-protection-windows-10#windows-defender-smartscreen-settings) for the controls you can use in Intune.
|
||||
See [Windows settings to protect devices using Intune](/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-smartscreen-settings) for the controls you can use in Intune.
|
||||
|
||||
> [!NOTE]
|
||||
> For a list of settings available for Enhanced phishing protection, see [Enhanced phishing protection](enhanced-phishing-protection.md#configure-enhanced-phishing-protection-for-your-organization).
|
||||
|
||||
Reference in New Issue
Block a user