From 5dac76b86270098705c0698c0f10e516dfa13e9a Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Thu, 15 Sep 2016 10:00:02 -0700 Subject: [PATCH 01/19] updates to topic --- ...repare-your-environment-for-surface-hub.md | 66 +++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md index 17ad527a67..304c0c4682 100644 --- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md +++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md @@ -16,6 +16,72 @@ localizationpriority: medium This section contains an overview of the steps required to prepare your environment so that you can use all of the features of Microsoft Surface Hub. See [Intro to Surface Hub](intro-to-surface-hub.md) for a description of how the device and its features interact with your IT environment. +## Surface Hub setup dependencies + +Review these dependencies to make sure Surface Hub features will work in your environment. + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
DependencyPurpose

Active Directory (if using an on-premises deployment)

The Surface Hub must be able to connect to the domain controller in order to validate the device account’s credentials, as well as to access information like the device account’s display name, alias, Exchange server, and Session Initiation Protocol (SIP) address.

Microsoft Office 365 (if using an online deployment)

The Surface Hub must have Internet access in order to reach your Office 365 tenant. The device will connect to the Office 365 in order to validate the device account’s credentials, as well as to access information like the device account’s display name, alias, Exchange server, and SIP address.

Device account

The device account is an Active Directory and/or Azure AD account that enables several key features for the Surface Hub. Learn more about device accounts in [Create and test a device account](create-and-test-a-device-account-surface-hub.md).

Exchange and Exchange ActiveSync

The Surface Hub must be able to reach the device account’s Exchange servers. Exchange is used for enabling mail and calendar features, and also lets people who use the device send meeting requests to the Surface Hub, enabling one-touch meeting join.

+

ActiveSync is used to sync the device account’s calendar and mail to the Surface Hub. If the device cannot use ActiveSync, it will not show meetings on the welcome screen, and joining meetings and emailing whiteboards will not be enabled.

Skype for Business

The Surface Hub must be able to reach the device account’s Skype for Business servers. Skype for Business is used for various conferencing features, like video calls, IM, and screen sharing.

Certificate-based authentication

If certificate-based authentication is required to establish a connection with Exchange ActiveSync or Skype for Business, those certificates must be deployed to each Surface Hub.

Dynamic IP

The Surface Hub cannot be configured to use a static IP. It must use DHCP to assign an IP address. Network or Internet access is required, depending on the configuration of your topology (on-premises or online respectively) in order to validate the device account.

Proxy servers

If your topology requires a connection to a proxy server to reach Active Directory, Microsoft Online Services, or your Exchange or Skype for Business servers, then you can configure it during first run, or in Settings.

Mobile device management (MDM) solution provider

If you want to manage devices remotely and by groups (apply settings or policies to multiple devices at a time), you must set up a MDM solution and enroll the device to that solution.

Microsoft Operations Management Suite (OMS)

OMS is used to monitor Surface Hub devices.

+ +## Setup process + +| Setup area | Requirements | +| ---------------------------- | ------------------------------------- | +| Find the correct people and resources. | Admins for Exchange, Active Directory, Exchange + ## Create and test a device account From 67a725711cbf256594f56eda474a4bae2c87ce20 Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Mon, 19 Sep 2016 13:39:38 -0700 Subject: [PATCH 02/19] updates from PM feedback --- ...repare-your-environment-for-surface-hub.md | 94 ++++++------------- 1 file changed, 29 insertions(+), 65 deletions(-) diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md index 304c0c4682..2c64a6308e 100644 --- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md +++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md @@ -78,89 +78,53 @@ Review these dependencies to make sure Surface Hub features will work in your en ## Setup process -| Setup area | Requirements | -| ---------------------------- | ------------------------------------- | -| Find the correct people and resources. | Admins for Exchange, Active Directory, Exchange +### Work with other admins -## Create and test a device account +Surface Hub interacts with a few different products and services. Depending on the size of your organization, there could be multiple people supporting different products in your environment. You'll want to include people who manage Exchange, Active Directory, Azure Actice Directory, mobile device maanagement (MDM), and network resources in your planning and prep for Surface Hub deployments. +### Create and verify device account -A "device account" is an account that Surface Hub uses in order to access features from Exchange, like email and calendar, and to enable Skype for Business. See [Create and test a device account](create-and-test-a-device-account-surface-hub.md) for details. +A device account is an account that Surface Hub uses in order to access features from Exchange, like email and calendar, and to enable Skype for Business. See [Create and test a device account](create-and-test-a-device-account-surface-hub.md) for details. -## Check network availability +After you've created your device account, there are a couple of ways to verify that the account. +- Run Surface Hub device account validation PowerShell scripts. For more information, see [Surface Hub device account scripts](https://gallery.technet.microsoft.com/scriptcenter/Surface-Hub-device-account-6db77696) in Script Center, or [PowerShell scripts for Surface Hub](appendix-a-powershell-scipts-for-surface-hub.md) later in this guide. +- Run the Lync Windows app from Windows Store. If Lync runs successfully, then Skype for Business will most likely run. +### Check network resources -In order to function properly, the Surface Hub must have access to a wired or wireless network that meets these requirements: +In order to function properly, the Surface Hub must have access to a wired or wireless network that meets the same requirements as every other Skype for Business endpoint in your environment. Overall, a wired connection is preferred: -- Access to your Active Directory or Azure Active Directory (Azure AD) instance, as well as your Microsoft Exchange and Skype for Business servers -- Can receive an IP address using DHCP -- Open ports: - - HTTPS: 443 - - HTTP: 80 +- Access to your Active Directory or Azure Active Directory (Azure AD) instance, as well as your Microsoft Exchange and Skype for Business servers. +- Can receive an IP address using DHCP +- Open ports: + - HTTPS: 443 + - HTTP: 80 +- Access to additional ports are needed, depending on your environment: + - For online envionments, see [Office 365 IP URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). + - For on-premises istallations, see [Skype for Business Server: Ports and protocols for internal servers](https://technet.microsoft.com/library/gg398833.aspx). -A wired connection is preferred. +In order to improve your experience, we collect data. To collect data, we need these sites whitelisted: +- Telemetry client endpoint: https://vortex.data.microsoft.com/ +- Telemetry settings endpoint: https://settings.data.microsoft.com/ -## Certificates +### Prepare for first-run program +There are a few more item to consider before you start the [first-run program](first-run-program-surface-hub.md). +**Create provisioning packages** (optional) - Your Surface Hub may require certificates for ActiveSync, Skype for Business, network usage, or other authentication. To install certificates, you can either create a provisioning package (in order to install at first run, or after first run in Settings), or deploy them through a mobile device management (MDM) solution (after first run only). -Your Surface Hub may require certificates for ActiveSync, Skype for Business, network usage, or other authentication. To install certificates, you can either create a provisioning package (in order to install at first run, or after first run in Settings), or deploy them through a mobile device management (MDM) solution (after first run only). +To install certificates using provisioning packages, see [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md). To install them using MDM, see the documentation for your MDM provider. -To install certificates using provisioning packages, see [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md). To install them using MDM, see the documentation for your MDM solution. +Currently, Surface Hub can use provisioning packages only to install certificates and to install Universal Windows Platform (UWP) apps. See [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md) for details.You can also use provisioning to sideload apps that don't come from the Windows Store or Windows Store for Business. -## Create provisioning packages +**Manage admin groups** - Every Surface Hub can be configured individually by opening the Settings app on the device. To prevent people who are not administrators from changing settings, the Settings app requires local administrator credentials to open the app and change settings. See [Admin group management](admin-group-management-for-surface-hub.md) for details on how admin groups are set up and managed. +During first run, you will [set up admins for the device](first-run-program-surface-hub.md#setup-admins)). -Currently, Surface Hub can use provisioning packages only to install certificates and to install Universal Windows Platform (UWP) apps. See [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md) for details. - -Customers will use provisioning packages to authenticate (for example, to Exchange or Skype for Business), or to sideload apps that don't come from the Windows Store or Windows Store for Business. - -## Know the Exchange server for your device account - - -You should know which Exchange server the device account will use for email and calendar services. The device will attempt to discover this automatically during first run, but if auto-discovery doesn't work, you may need to enter the server info manually. - -### Admin group management - -Every Surface Hub can be configured individually by opening the Settings app on the device. To prevent people who are not administrators from changing settings, the Settings app requires local administrator credentials to open the app and change settings. See [Admin group management](admin-group-management-for-surface-hub.md) for details on how admin groups are set up and managed. - -## Skype for Business - - -Certificates may be required in order to have the Surface Hub use Skype for Business. - -## Checklist for preparation - - -In order to ensure that your environment is ready for the Surface Hub, verify the items in the following list. - -1. The device account has been created. - - Test this by running: - - - Surface Hub device account validation PowerShell scripts - - Lync Windows app from the Windows Store (if Lync runs successfully, then Skype for Business will most likely run). - -2. Ensure that there is a working network/Internet connection for the device to connect to: - - - It must be able to receive an IP address using DHCP (Surface Hub cannot be configured with a static IP address) - - It must have these ports open: - - - HTTPS: 443 - - HTTP: 80 - - If your network runs through a proxy, you'll need the proxy address or script information as well. - -3. In order to improve your experience, we collect data. To collect data, we need these sites whitelisted: - - Telemetry client endpoint: https://vortex.data.microsoft.com/ - - Telemetry settings endpoint: https://settings.data.microsoft.com/ - -4. Choose the local admin method you want to set up during first run (see [Set up admins for this device](first-run-program-surface-hub.md#setup-admins)). Also, decide whether you'll be using MDM (see [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md)). -5. You've created provisioning packages, as needed. See [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md). -6. Have all necessary information available from the [Setup worksheet](setup-worksheet-surface-hub.md). +**Review and complete Surface Hub setup worksheet** (optional) +When you complete the first-run program for your Surface Hub, there is some information that you'll need to supply. The setup worksheet summarizes that info, and provides lists of environment-specific info that you'll need when you complete the first-run program. For more information, see [Setup worksheet](setup-worksheet-surface-hub.md). ## In this section - From 6e672c7edc783b90cc40d6e50d03559a20f2e8d1 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Tue, 20 Sep 2016 09:47:37 -0700 Subject: [PATCH 03/19] stage revised TOC --- devices/surface/TOC.md | 38 ++++++----- devices/surface/deploy.md | 121 +++++++++++++++++++++++++++++++++ devices/surface/keep-secure.md | 121 +++++++++++++++++++++++++++++++++ devices/surface/update.md | 121 +++++++++++++++++++++++++++++++++ 4 files changed, 384 insertions(+), 17 deletions(-) create mode 100644 devices/surface/deploy.md create mode 100644 devices/surface/keep-secure.md create mode 100644 devices/surface/update.md diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md index c06979382a..0c7cfa1edd 100644 --- a/devices/surface/TOC.md +++ b/devices/surface/TOC.md @@ -1,22 +1,26 @@ # [Surface](index.md) -## [Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md) -## [Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md) -## [Deploy Surface app with Windows Store for Business](deploy-surface-app-with-windows-store-for-business.md) -## [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md) -## [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) -## [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md) -## [Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md) -## [Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md) -## [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md) -## [Manage Surface UEFI settings](manage-surface-uefi-settings.md) -## [Surface Data Eraser](microsoft-surface-data-eraser.md) -## [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md) -### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md) -### [Using the Surface Deployment Accelerator deployment share](using-the-sda-deployment-share.md) +## [Deploy Surface devices](deploy.md) +### [Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md) +### [Deploy Surface app with Windows Store for Business](deploy-surface-app-with-windows-store-for-business.md) +### [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md) +### [Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md) +### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md) +### [Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md) +#### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md) +#### [Using the Surface Deployment Accelerator deployment share](using-the-sda-deployment-share.md) +## [Keep Surface devices up-to-date](update.md) +### [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) +### [Surface Dock Updater](surface-dock-updater.md) +### [Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md) +### [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md) +## [Keep Surface devices secure](keep-secure.md) +### [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md) +### [Manage Surface UEFI settings](manage-surface-uefi-settings.md) +### [Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md) +### [Surface Enterprise Management Mode](surface-enterprise-management-mode.md) +### [Surface Data Eraser](microsoft-surface-data-eraser.md) ## [Surface Diagnostic Toolkit](surface-diagnostic-toolkit.md) -## [Surface Dock Updater](surface-dock-updater.md) -## [Surface Enterprise Management Mode](surface-enterprise-management-mode.md) ### [Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md) ### [Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md) -## [Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md) + diff --git a/devices/surface/deploy.md b/devices/surface/deploy.md new file mode 100644 index 0000000000..5c299ff83e --- /dev/null +++ b/devices/surface/deploy.md @@ -0,0 +1,121 @@ +--- +title: Surface (Surface) +description: +ms.prod: w10 +ms.mktglfcycl: manage +ms.pagetype: surface, devices +ms.sitesec: library +author: heatherpoulsen +--- + +# Surface + + +## Purpose + + +This library provides guidance to help you deploy Windows on Surface devices, keep those devices up to date, and easily manage and support Surface devices in your organization. + +For more information on planning for, deploying, and managing Surface devices in your organization, see the [Surface TechCenter](https://technet.microsoft.com/en-us/windows/surface). + +## In this section + + +
++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
TopicDescription

[Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)

Find out how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices.

[Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md)

Walk through the process of customizing the Surface out-of-box experience for end users in your organization.

[Deploy Surface app with Windows Store for Business](deploy-surface-app-with-windows-store-for-business.md)

Find out how to add and download Surface app with Windows Store for Business, as well as install Surface app with PowerShell and MDT.

[Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md)

Walk through the recommended process of how to deploy Windows 10 to your Surface devices with the Microsoft Deployment Toolkit.

[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)

Get a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.

[Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md)

Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device.

[Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md)

Get guidance and answers to help you perform a network deployment to Surface devices.

[Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md)

Read about the different methods you can use to manage the process of Surface Dock firmware updates.

[Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)

Explore the available options to manage firmware and driver updates for Surface devices.

[Manage Surface UEFI settings](manage-surface-uefi-settings.md)

Use Surface UEFI settings to enable or disable devices, configure security settings, and adjust Surface device boot settings.

[Surface Data Eraser](microsoft-surface-data-eraser.md)

Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.

[Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)

See how Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices.

[Surface Diagnostic Toolkit](surface-diagnostic-toolkit.md)

Find out how you can use the Microsoft Surface Diagnostic Toolkit to test the hardware of your Surface device.

[Surface Dock Updater](surface-dock-updater.md)

Get a detailed walkthrough of Microsoft Surface Dock Updater.

[Surface Enterprise Management Mode](surface-enterprise-management-mode.md)

See how this feature of Surface devices with Surface UEFI allows you to secure and manage firmware settings within your organization. +

[Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md)

Find out how to perform a Windows 10 upgrade deployment to your Surface devices.

+ +  + +## Related topics + + +[Surface TechCenter](https://technet.microsoft.com/windows/surface) + +[Surface for IT pros blog](http://blogs.technet.com/b/surface/) + +  + +  + + + + + diff --git a/devices/surface/keep-secure.md b/devices/surface/keep-secure.md new file mode 100644 index 0000000000..5c299ff83e --- /dev/null +++ b/devices/surface/keep-secure.md @@ -0,0 +1,121 @@ +--- +title: Surface (Surface) +description: +ms.prod: w10 +ms.mktglfcycl: manage +ms.pagetype: surface, devices +ms.sitesec: library +author: heatherpoulsen +--- + +# Surface + + +## Purpose + + +This library provides guidance to help you deploy Windows on Surface devices, keep those devices up to date, and easily manage and support Surface devices in your organization. + +For more information on planning for, deploying, and managing Surface devices in your organization, see the [Surface TechCenter](https://technet.microsoft.com/en-us/windows/surface). + +## In this section + + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
TopicDescription

[Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)

Find out how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices.

[Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md)

Walk through the process of customizing the Surface out-of-box experience for end users in your organization.

[Deploy Surface app with Windows Store for Business](deploy-surface-app-with-windows-store-for-business.md)

Find out how to add and download Surface app with Windows Store for Business, as well as install Surface app with PowerShell and MDT.

[Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md)

Walk through the recommended process of how to deploy Windows 10 to your Surface devices with the Microsoft Deployment Toolkit.

[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)

Get a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.

[Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md)

Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device.

[Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md)

Get guidance and answers to help you perform a network deployment to Surface devices.

[Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md)

Read about the different methods you can use to manage the process of Surface Dock firmware updates.

[Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)

Explore the available options to manage firmware and driver updates for Surface devices.

[Manage Surface UEFI settings](manage-surface-uefi-settings.md)

Use Surface UEFI settings to enable or disable devices, configure security settings, and adjust Surface device boot settings.

[Surface Data Eraser](microsoft-surface-data-eraser.md)

Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.

[Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)

See how Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices.

[Surface Diagnostic Toolkit](surface-diagnostic-toolkit.md)

Find out how you can use the Microsoft Surface Diagnostic Toolkit to test the hardware of your Surface device.

[Surface Dock Updater](surface-dock-updater.md)

Get a detailed walkthrough of Microsoft Surface Dock Updater.

[Surface Enterprise Management Mode](surface-enterprise-management-mode.md)

See how this feature of Surface devices with Surface UEFI allows you to secure and manage firmware settings within your organization. +

[Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md)

Find out how to perform a Windows 10 upgrade deployment to your Surface devices.

+ +  + +## Related topics + + +[Surface TechCenter](https://technet.microsoft.com/windows/surface) + +[Surface for IT pros blog](http://blogs.technet.com/b/surface/) + +  + +  + + + + + diff --git a/devices/surface/update.md b/devices/surface/update.md new file mode 100644 index 0000000000..5c299ff83e --- /dev/null +++ b/devices/surface/update.md @@ -0,0 +1,121 @@ +--- +title: Surface (Surface) +description: +ms.prod: w10 +ms.mktglfcycl: manage +ms.pagetype: surface, devices +ms.sitesec: library +author: heatherpoulsen +--- + +# Surface + + +## Purpose + + +This library provides guidance to help you deploy Windows on Surface devices, keep those devices up to date, and easily manage and support Surface devices in your organization. + +For more information on planning for, deploying, and managing Surface devices in your organization, see the [Surface TechCenter](https://technet.microsoft.com/en-us/windows/surface). + +## In this section + + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
TopicDescription

[Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)

Find out how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices.

[Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md)

Walk through the process of customizing the Surface out-of-box experience for end users in your organization.

[Deploy Surface app with Windows Store for Business](deploy-surface-app-with-windows-store-for-business.md)

Find out how to add and download Surface app with Windows Store for Business, as well as install Surface app with PowerShell and MDT.

[Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md)

Walk through the recommended process of how to deploy Windows 10 to your Surface devices with the Microsoft Deployment Toolkit.

[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)

Get a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.

[Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md)

Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device.

[Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md)

Get guidance and answers to help you perform a network deployment to Surface devices.

[Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md)

Read about the different methods you can use to manage the process of Surface Dock firmware updates.

[Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)

Explore the available options to manage firmware and driver updates for Surface devices.

[Manage Surface UEFI settings](manage-surface-uefi-settings.md)

Use Surface UEFI settings to enable or disable devices, configure security settings, and adjust Surface device boot settings.

[Surface Data Eraser](microsoft-surface-data-eraser.md)

Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.

[Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)

See how Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices.

[Surface Diagnostic Toolkit](surface-diagnostic-toolkit.md)

Find out how you can use the Microsoft Surface Diagnostic Toolkit to test the hardware of your Surface device.

[Surface Dock Updater](surface-dock-updater.md)

Get a detailed walkthrough of Microsoft Surface Dock Updater.

[Surface Enterprise Management Mode](surface-enterprise-management-mode.md)

See how this feature of Surface devices with Surface UEFI allows you to secure and manage firmware settings within your organization. +

[Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md)

Find out how to perform a Windows 10 upgrade deployment to your Surface devices.

+ +  + +## Related topics + + +[Surface TechCenter](https://technet.microsoft.com/windows/surface) + +[Surface for IT pros blog](http://blogs.technet.com/b/surface/) + +  + +  + + + + + From 9882eec0c2ddec267594f32adb6171e4ba26541a Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Tue, 20 Sep 2016 10:32:47 -0700 Subject: [PATCH 04/19] feedback updates # Conflicts: # devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md --- devices/surface-hub/intro-to-surface-hub.md | 82 +------------------ ...repare-your-environment-for-surface-hub.md | 11 +-- 2 files changed, 9 insertions(+), 84 deletions(-) diff --git a/devices/surface-hub/intro-to-surface-hub.md b/devices/surface-hub/intro-to-surface-hub.md index ec1712c7a0..212b001d82 100644 --- a/devices/surface-hub/intro-to-surface-hub.md +++ b/devices/surface-hub/intro-to-surface-hub.md @@ -16,7 +16,7 @@ localizationpriority: medium Microsoft Surface Hub is an all-in-one productivity device that is intended for brainstorming, collaboration, and presentations. In order to get the maximum benefit from Surface Hub, your organization’s infrastructure and the Surface Hub itself must be properly set up and integrated. This guide describes what needs to be done both before and during setup in order to help you optimize your use of the device. -### Surface Hub features and interactions with other services +## Surface Hub features and interactions with other services The capabilities of your Surface Hub will depend on what other Microsoft products and technologies are available to it in your infrastructure. The products listed in the following table each support specific features in Surface Hub. @@ -68,90 +68,14 @@ The capabilities of your Surface Hub will depend on what other Microsoft product   - You’ll need to understand how each of these services interacts with Surface Hub. See [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md) for details. -### Surface Hub Setup dependencies -Review these dependencies to make sure Surface Hub features will work in your environment. +## Surface Hub setup process - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DependencyPurpose

Active Directory (if using an on-premises deployment)

The Surface Hub must be able to connect to the domain controller in order to validate the device account’s credentials, as well as to access information like the device account’s display name, alias, Exchange server, and Session Initiation Protocol (SIP) address.

Microsoft Office 365 (if using an online deployment)

The Surface Hub must have Internet access in order to reach your Office 365 tenant. The device will connect to the Office 365 in order to validate the device account’s credentials, as well as to access information like the device account’s display name, alias, Exchange server, and SIP address.

Device account

The device account is an Active Directory and/or Azure AD account that enables several key features for the Surface Hub. Learn more about device accounts in [Create and test a device account](create-and-test-a-device-account-surface-hub.md).

Exchange and Exchange ActiveSync

The Surface Hub must be able to reach the device account’s Exchange servers. Exchange is used for enabling mail and calendar features, and also lets people who use the device send meeting requests to the Surface Hub, enabling one-touch meeting join.

-

ActiveSync is used to sync the device account’s calendar and mail to the Surface Hub. If the device cannot use ActiveSync, it will not show meetings on the welcome screen, and joining meetings and emailing whiteboards will not be enabled.

Skype for Business

The Surface Hub must be able to reach the device account’s Skype for Business servers. Skype for Business is used for various conferencing features, like video calls, IM, and screen sharing.

Certificate-based authentication

If certificate-based authentication is required to establish a connection with Exchange ActiveSync or Skype for Business, those certificates must be deployed to each Surface Hub.

Dynamic IP

The Surface Hub cannot be configured to use a static IP. It must use DHCP to assign an IP address. Network or Internet access is required, depending on the configuration of your topology (on-premises or online respectively) in order to validate the device account.

Proxy servers

If your topology requires a connection to a proxy server to reach Active Directory, Microsoft Online Services, or your Exchange or Skype for Business servers, then you can configure it during first run, or in Settings.

Mobile device management (MDM) solution provider

If you want to manage devices remotely and by groups (apply settings or policies to multiple devices at a time), you must set up a MDM solution and enroll the device to that solution.

Microsoft Operations Management Suite (OMS)

OMS is used to monitor Surface Hub devices.

- -  - -### Surface Hub setup process - -In some ways, adding your new Surface Hub is just like adding any other Microsoft Windows-based device to your network. However, in order to get your Surface Hub up and running at its full capacity, there are some very specific requirements. Read through all the info before you start. Here’s the general order of things you’ll need to do: +In some ways, adding your new Surface Hub is just like adding any other Microsoft Windows-based device to your network. However, in order to get your Surface Hub up and running at its full capacity, there are some very specific requirements. Here are the next topics you'll need: 1. [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md) 2. [Physically install your Surface Hub device](physically-install-your-surface-hub-device.md) 3. [Run the Surface Hub first-run setup program (OOBE)](first-run-program-surface-hub.md) -After you have your Surface Hub running in your organization, you’ll need info about: - -- [Device maintenance and management](manage-surface-hub.md) - -In the unlikely event that you run into problems, see [Troubleshoot Surface Hub](troubleshoot-surface-hub.md). - -  - -  - - - - - diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md index 2c64a6308e..5e2203341d 100644 --- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md +++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md @@ -14,7 +14,9 @@ localizationpriority: medium # Prepare your environment for Microsoft Surface Hub -This section contains an overview of the steps required to prepare your environment so that you can use all of the features of Microsoft Surface Hub. See [Intro to Surface Hub](intro-to-surface-hub.md) for a description of how the device and its features interact with your IT environment. +This section contains an overview of setup dependencies and the setup process. + +See [Intro to Surface Hub](intro-to-surface-hub.md) for a description of how the device and its features interact with your IT environment. ## Surface Hub setup dependencies @@ -76,7 +78,8 @@ Review these dependencies to make sure Surface Hub features will work in your en -## Setup process +## Prep for Surface Hub set up +Review the info in this section to help you prepare your environment and gather information needed to set up your Surface Hub. ### Work with other admins @@ -112,9 +115,7 @@ There are a few more item to consider before you start the [first-run program](f **Create provisioning packages** (optional) - Your Surface Hub may require certificates for ActiveSync, Skype for Business, network usage, or other authentication. To install certificates, you can either create a provisioning package (in order to install at first run, or after first run in Settings), or deploy them through a mobile device management (MDM) solution (after first run only). -To install certificates using provisioning packages, see [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md). To install them using MDM, see the documentation for your MDM provider. - -Currently, Surface Hub can use provisioning packages only to install certificates and to install Universal Windows Platform (UWP) apps. See [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md) for details.You can also use provisioning to sideload apps that don't come from the Windows Store or Windows Store for Business. +Currently, Surface Hub can use provisioning packages only to install certificates and to install Universal Windows Platform (UWP) apps. See [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md) for details. To install them using MDM, see the documentation for your MDM provider. You can also use provisioning to sideload apps that don't come from the Windows Store or Windows Store for Business. **Manage admin groups** - Every Surface Hub can be configured individually by opening the Settings app on the device. To prevent people who are not administrators from changing settings, the Settings app requires local administrator credentials to open the app and change settings. See [Admin group management](admin-group-management-for-surface-hub.md) for details on how admin groups are set up and managed. From 4ac4ea526ce84dab9c9960f61519efb796453199 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Wed, 21 Sep 2016 10:55:36 -0700 Subject: [PATCH 05/19] temp --- devices/surface/TOC.md | 23 +++---- devices/surface/deploy.md | 93 +------------------------ devices/surface/keep-secure.md | 121 --------------------------------- devices/surface/update.md | 93 +------------------------ 4 files changed, 15 insertions(+), 315 deletions(-) delete mode 100644 devices/surface/keep-secure.md diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md index 0c7cfa1edd..eff3b9bb69 100644 --- a/devices/surface/TOC.md +++ b/devices/surface/TOC.md @@ -1,26 +1,25 @@ # [Surface](index.md) ## [Deploy Surface devices](deploy.md) -### [Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md) -### [Deploy Surface app with Windows Store for Business](deploy-surface-app-with-windows-store-for-business.md) ### [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md) ### [Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md) -### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md) +### [Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md) ### [Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md) +### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md) #### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md) #### [Using the Surface Deployment Accelerator deployment share](using-the-sda-deployment-share.md) -## [Keep Surface devices up-to-date](update.md) +## [Surface firmware and driver updates](update.md) ### [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) -### [Surface Dock Updater](surface-dock-updater.md) -### [Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md) ### [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md) -## [Keep Surface devices secure](keep-secure.md) -### [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md) -### [Manage Surface UEFI settings](manage-surface-uefi-settings.md) +### [Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md) +### [Surface Dock Updater](surface-dock-updater.md) +## [Deploy Surface app with Windows Store for Business](deploy-surface-app-with-windows-store-for-business.md) +## [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md) +## [Manage Surface UEFI settings](manage-surface-uefi-settings.md) ### [Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md) -### [Surface Enterprise Management Mode](surface-enterprise-management-mode.md) -### [Surface Data Eraser](microsoft-surface-data-eraser.md) -## [Surface Diagnostic Toolkit](surface-diagnostic-toolkit.md) +## [Surface Enterprise Management Mode](surface-enterprise-management-mode.md) ### [Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md) ### [Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md) +## [Surface Diagnostic Toolkit](surface-diagnostic-toolkit.md) +## [Surface Data Eraser](microsoft-surface-data-eraser.md) diff --git a/devices/surface/deploy.md b/devices/surface/deploy.md index 5c299ff83e..7fe0c9a38e 100644 --- a/devices/surface/deploy.md +++ b/devices/surface/deploy.md @@ -1,5 +1,5 @@ --- -title: Surface (Surface) +title: Deploy Surface devices (Surface) description: ms.prod: w10 ms.mktglfcycl: manage @@ -8,100 +8,11 @@ ms.sitesec: library author: heatherpoulsen --- -# Surface +# Deploy Surface devices -## Purpose -This library provides guidance to help you deploy Windows on Surface devices, keep those devices up to date, and easily manage and support Surface devices in your organization. - -For more information on planning for, deploying, and managing Surface devices in your organization, see the [Surface TechCenter](https://technet.microsoft.com/en-us/windows/surface). - -## In this section - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TopicDescription

[Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)

Find out how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices.

[Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md)

Walk through the process of customizing the Surface out-of-box experience for end users in your organization.

[Deploy Surface app with Windows Store for Business](deploy-surface-app-with-windows-store-for-business.md)

Find out how to add and download Surface app with Windows Store for Business, as well as install Surface app with PowerShell and MDT.

[Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md)

Walk through the recommended process of how to deploy Windows 10 to your Surface devices with the Microsoft Deployment Toolkit.

[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)

Get a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.

[Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md)

Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device.

[Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md)

Get guidance and answers to help you perform a network deployment to Surface devices.

[Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md)

Read about the different methods you can use to manage the process of Surface Dock firmware updates.

[Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)

Explore the available options to manage firmware and driver updates for Surface devices.

[Manage Surface UEFI settings](manage-surface-uefi-settings.md)

Use Surface UEFI settings to enable or disable devices, configure security settings, and adjust Surface device boot settings.

[Surface Data Eraser](microsoft-surface-data-eraser.md)

Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.

[Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)

See how Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices.

[Surface Diagnostic Toolkit](surface-diagnostic-toolkit.md)

Find out how you can use the Microsoft Surface Diagnostic Toolkit to test the hardware of your Surface device.

[Surface Dock Updater](surface-dock-updater.md)

Get a detailed walkthrough of Microsoft Surface Dock Updater.

[Surface Enterprise Management Mode](surface-enterprise-management-mode.md)

See how this feature of Surface devices with Surface UEFI allows you to secure and manage firmware settings within your organization. -

[Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md)

Find out how to perform a Windows 10 upgrade deployment to your Surface devices.

-   ## Related topics diff --git a/devices/surface/keep-secure.md b/devices/surface/keep-secure.md deleted file mode 100644 index 5c299ff83e..0000000000 --- a/devices/surface/keep-secure.md +++ /dev/null @@ -1,121 +0,0 @@ ---- -title: Surface (Surface) -description: -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: surface, devices -ms.sitesec: library -author: heatherpoulsen ---- - -# Surface - - -## Purpose - - -This library provides guidance to help you deploy Windows on Surface devices, keep those devices up to date, and easily manage and support Surface devices in your organization. - -For more information on planning for, deploying, and managing Surface devices in your organization, see the [Surface TechCenter](https://technet.microsoft.com/en-us/windows/surface). - -## In this section - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TopicDescription

[Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)

Find out how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices.

[Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md)

Walk through the process of customizing the Surface out-of-box experience for end users in your organization.

[Deploy Surface app with Windows Store for Business](deploy-surface-app-with-windows-store-for-business.md)

Find out how to add and download Surface app with Windows Store for Business, as well as install Surface app with PowerShell and MDT.

[Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md)

Walk through the recommended process of how to deploy Windows 10 to your Surface devices with the Microsoft Deployment Toolkit.

[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)

Get a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.

[Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md)

Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device.

[Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md)

Get guidance and answers to help you perform a network deployment to Surface devices.

[Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md)

Read about the different methods you can use to manage the process of Surface Dock firmware updates.

[Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)

Explore the available options to manage firmware and driver updates for Surface devices.

[Manage Surface UEFI settings](manage-surface-uefi-settings.md)

Use Surface UEFI settings to enable or disable devices, configure security settings, and adjust Surface device boot settings.

[Surface Data Eraser](microsoft-surface-data-eraser.md)

Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.

[Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)

See how Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices.

[Surface Diagnostic Toolkit](surface-diagnostic-toolkit.md)

Find out how you can use the Microsoft Surface Diagnostic Toolkit to test the hardware of your Surface device.

[Surface Dock Updater](surface-dock-updater.md)

Get a detailed walkthrough of Microsoft Surface Dock Updater.

[Surface Enterprise Management Mode](surface-enterprise-management-mode.md)

See how this feature of Surface devices with Surface UEFI allows you to secure and manage firmware settings within your organization. -

[Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md)

Find out how to perform a Windows 10 upgrade deployment to your Surface devices.

- -  - -## Related topics - - -[Surface TechCenter](https://technet.microsoft.com/windows/surface) - -[Surface for IT pros blog](http://blogs.technet.com/b/surface/) - -  - -  - - - - - diff --git a/devices/surface/update.md b/devices/surface/update.md index 5c299ff83e..1852692c3e 100644 --- a/devices/surface/update.md +++ b/devices/surface/update.md @@ -1,5 +1,5 @@ --- -title: Surface (Surface) +title: Surface firmware and driver updates (Surface) description: ms.prod: w10 ms.mktglfcycl: manage @@ -8,100 +8,11 @@ ms.sitesec: library author: heatherpoulsen --- -# Surface +# Surface firmware and driver updates -## Purpose -This library provides guidance to help you deploy Windows on Surface devices, keep those devices up to date, and easily manage and support Surface devices in your organization. - -For more information on planning for, deploying, and managing Surface devices in your organization, see the [Surface TechCenter](https://technet.microsoft.com/en-us/windows/surface). - -## In this section - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TopicDescription

[Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)

Find out how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices.

[Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md)

Walk through the process of customizing the Surface out-of-box experience for end users in your organization.

[Deploy Surface app with Windows Store for Business](deploy-surface-app-with-windows-store-for-business.md)

Find out how to add and download Surface app with Windows Store for Business, as well as install Surface app with PowerShell and MDT.

[Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md)

Walk through the recommended process of how to deploy Windows 10 to your Surface devices with the Microsoft Deployment Toolkit.

[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)

Get a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.

[Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md)

Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device.

[Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md)

Get guidance and answers to help you perform a network deployment to Surface devices.

[Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md)

Read about the different methods you can use to manage the process of Surface Dock firmware updates.

[Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)

Explore the available options to manage firmware and driver updates for Surface devices.

[Manage Surface UEFI settings](manage-surface-uefi-settings.md)

Use Surface UEFI settings to enable or disable devices, configure security settings, and adjust Surface device boot settings.

[Surface Data Eraser](microsoft-surface-data-eraser.md)

Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.

[Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)

See how Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices.

[Surface Diagnostic Toolkit](surface-diagnostic-toolkit.md)

Find out how you can use the Microsoft Surface Diagnostic Toolkit to test the hardware of your Surface device.

[Surface Dock Updater](surface-dock-updater.md)

Get a detailed walkthrough of Microsoft Surface Dock Updater.

[Surface Enterprise Management Mode](surface-enterprise-management-mode.md)

See how this feature of Surface devices with Surface UEFI allows you to secure and manage firmware settings within your organization. -

[Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md)

Find out how to perform a Windows 10 upgrade deployment to your Surface devices.

-   ## Related topics From 3e7e47f292a30190d7f34550022dc42121c761b0 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Wed, 21 Sep 2016 11:14:06 -0700 Subject: [PATCH 06/19] restage for review --- devices/surface/index.md | 96 ++++++---------------------------------- 1 file changed, 14 insertions(+), 82 deletions(-) diff --git a/devices/surface/index.md b/devices/surface/index.md index 20b688e39b..e163db015d 100644 --- a/devices/surface/index.md +++ b/devices/surface/index.md @@ -12,96 +12,28 @@ author: heatherpoulsen # Surface -## Purpose - - This library provides guidance to help you deploy Windows on Surface devices, keep those devices up to date, and easily manage and support Surface devices in your organization. For more information on planning for, deploying, and managing Surface devices in your organization, see the [Surface TechCenter](https://technet.microsoft.com/en-us/windows/surface). ## In this section +| Topic | Description | +| --- | --- | +| [Deploy Surface devices](deploy.md) | tba | +| [Surface firmware and driver updates](update.md) | tba | +| [Deploy Surface app with Windows Store for Business](deploy-surface-app-with-windows-store-for-business.md) | Find out how to add and download Surface app with Windows Store for Business, as well as install Surface app with PowerShell and MDT. | +| [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md) | Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device. | +| [Manage Surface UEFI settings](manage-surface-uefi-settings.md) | Use Surface UEFI settings to enable or disable devices, configure security settings, and adjust Surface device boot settings. | +| [Surface Enterprise Management Mode](surface-enterprise-management-mode.md) | See how this feature of Surface devices with Surface UEFI allows you to secure and manage firmware settings within your organization. | +| [Surface Diagnostic Toolkit](surface-diagnostic-toolkit.md) | Find out how you can use the Microsoft Surface Diagnostic Toolkit to test the hardware of your Surface device. | +| [Surface Data Eraser](microsoft-surface-data-eraser.md) | Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices. | + + + + - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TopicDescription

[Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)

Find out how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices.

[Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md)

Walk through the process of customizing the Surface out-of-box experience for end users in your organization.

[Deploy Surface app with Windows Store for Business](deploy-surface-app-with-windows-store-for-business.md)

Find out how to add and download Surface app with Windows Store for Business, as well as install Surface app with PowerShell and MDT.

[Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md)

Walk through the recommended process of how to deploy Windows 10 to your Surface devices with the Microsoft Deployment Toolkit.

[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)

Get a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.

[Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md)

Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device.

[Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md)

Get guidance and answers to help you perform a network deployment to Surface devices.

[Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md)

Read about the different methods you can use to manage the process of Surface Dock firmware updates.

[Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)

Explore the available options to manage firmware and driver updates for Surface devices.

[Manage Surface UEFI settings](manage-surface-uefi-settings.md)

Use Surface UEFI settings to enable or disable devices, configure security settings, and adjust Surface device boot settings.

[Surface Data Eraser](microsoft-surface-data-eraser.md)

Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.

[Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)

See how Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices.

[Surface Diagnostic Toolkit](surface-diagnostic-toolkit.md)

Find out how you can use the Microsoft Surface Diagnostic Toolkit to test the hardware of your Surface device.

[Surface Dock Updater](surface-dock-updater.md)

Get a detailed walkthrough of Microsoft Surface Dock Updater.

[Surface Enterprise Management Mode](surface-enterprise-management-mode.md)

See how this feature of Surface devices with Surface UEFI allows you to secure and manage firmware settings within your organization. -

[Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md)

Find out how to perform a Windows 10 upgrade deployment to your Surface devices.

  From d6dfbc61703a641f3a7666f752380b863381ca82 Mon Sep 17 00:00:00 2001 From: isaiahng Date: Wed, 21 Sep 2016 13:18:36 -0700 Subject: [PATCH 07/19] Update prepare-your-environment-for-surface-hub.md (#205) * Update prepare-your-environment-for-surface-hub.md * Update prepare-your-environment-for-surface-hub.md * Update prepare-your-environment-for-surface-hub.md * Update prepare-your-environment-for-surface-hub.md * Update prepare-your-environment-for-surface-hub.md * Update prepare-your-environment-for-surface-hub.md * Update prepare-your-environment-for-surface-hub.md * Update prepare-your-environment-for-surface-hub.md * Update prepare-your-environment-for-surface-hub.md --- ...repare-your-environment-for-surface-hub.md | 133 +++++------------- 1 file changed, 38 insertions(+), 95 deletions(-) diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md index 5e2203341d..ef33102a3f 100644 --- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md +++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md @@ -14,115 +14,58 @@ localizationpriority: medium # Prepare your environment for Microsoft Surface Hub -This section contains an overview of setup dependencies and the setup process. +This section contains an overview of setup dependencies and the setup process. Review the info in this section to help you prepare your environment and gather information needed to set up your Surface Hub. -See [Intro to Surface Hub](intro-to-surface-hub.md) for a description of how the device and its features interact with your IT environment. -## Surface Hub setup dependencies +## Review infrastructure dependencies +Review these dependencies to make sure Surface Hub features will work in your IT infrastructure. -Review these dependencies to make sure Surface Hub features will work in your environment. +| Dependency | Purpose | +|-------------------------------------------------------|-------------------------------------------------------| +| Active Directory or Azure Active Directory (Azure AD) |

The Surface Hub's uses an Active Directory or Azure AD account (called a **device account**) to access Exchange and Skype for Business services. The Surface Hub must be able to connect to your Active Directory domain controller or to your Azure AD tenant in order to validate the device account’s credentials, as well as to access information like the device account’s display name, alias, Exchange server, and Session Initiation Protocol (SIP) address.

You can also domain join or Azure AD join your Surface Hub to allow a group of authorized users to configure settings on the Surface Hub. | +| Exchange (Exchange 2013 or later, or Exchange Online) and Exchange ActiveSync |

Exchange is used for enabling mail and calendar features, and also lets people who use the device send meeting requests to the Surface Hub, enabling one-touch meeting join.

ActiveSync is used to sync the device account’s calendar and mail to the Surface Hub. If the device cannot use ActiveSync, it will not show meetings on the welcome screen, and joining meetings and emailing whiteboards will not be enabled. | +| Skype for Business (Lync Server 2013 or later, or Skype for Business Online) | Skype for Business is used for various conferencing features, like video calls, instant messaging, and screen sharing. | +| Mobile device management (MDM) solution (Microsoft Intune, System Center Configuration Manager, or supported third-party MDM provider) | If you want to apply settings and install apps remotely, and to multiple devices at a time, you must set up a MDM solution and enroll the device to that solution. See [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) for details. | +| Microsoft Operations Managmement Suite (OMS) | OMS is used to monitor the health of Surface Hub devices. See [Monitor your Surface Hub](monitor-surface-hub.md) for details. | +| Network and Internet access |

In order to function properly, the Surface Hub should have access to a wired or wireless network. Overall, a wired connection is preferred.

**Dynamic IP:** The Surface Hub cannot be configured to use a static IP. It must use DHCP to assign an IP address.

**Proxy servers:** If your topology requires a connection to a proxy server to reach Internet services, then you can configure it during first run, or in Settings. | - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DependencyPurpose

Active Directory (if using an on-premises deployment)

The Surface Hub must be able to connect to the domain controller in order to validate the device account’s credentials, as well as to access information like the device account’s display name, alias, Exchange server, and Session Initiation Protocol (SIP) address.

Microsoft Office 365 (if using an online deployment)

The Surface Hub must have Internet access in order to reach your Office 365 tenant. The device will connect to the Office 365 in order to validate the device account’s credentials, as well as to access information like the device account’s display name, alias, Exchange server, and SIP address.

Device account

The device account is an Active Directory and/or Azure AD account that enables several key features for the Surface Hub. Learn more about device accounts in [Create and test a device account](create-and-test-a-device-account-surface-hub.md).

Exchange and Exchange ActiveSync

The Surface Hub must be able to reach the device account’s Exchange servers. Exchange is used for enabling mail and calendar features, and also lets people who use the device send meeting requests to the Surface Hub, enabling one-touch meeting join.

-

ActiveSync is used to sync the device account’s calendar and mail to the Surface Hub. If the device cannot use ActiveSync, it will not show meetings on the welcome screen, and joining meetings and emailing whiteboards will not be enabled.

Skype for Business

The Surface Hub must be able to reach the device account’s Skype for Business servers. Skype for Business is used for various conferencing features, like video calls, IM, and screen sharing.

Certificate-based authentication

If certificate-based authentication is required to establish a connection with Exchange ActiveSync or Skype for Business, those certificates must be deployed to each Surface Hub.

Dynamic IP

The Surface Hub cannot be configured to use a static IP. It must use DHCP to assign an IP address. Network or Internet access is required, depending on the configuration of your topology (on-premises or online respectively) in order to validate the device account.

Proxy servers

If your topology requires a connection to a proxy server to reach Active Directory, Microsoft Online Services, or your Exchange or Skype for Business servers, then you can configure it during first run, or in Settings.

Mobile device management (MDM) solution provider

If you want to manage devices remotely and by groups (apply settings or policies to multiple devices at a time), you must set up a MDM solution and enroll the device to that solution.

Microsoft Operations Management Suite (OMS)

OMS is used to monitor Surface Hub devices.

+Additionally, note that Surface Hub requires the following open ports: +- HTTPS: 443 +- HTTP: 80 -## Prep for Surface Hub set up -Review the info in this section to help you prepare your environment and gather information needed to set up your Surface Hub. +Depending on your environment, access to additional ports may be needed: +- For online environments, see [Office 365 IP URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). +- For on-premises installations, see [Skype for Business Server: Ports and protocols for internal servers](https://technet.microsoft.com/library/gg398833.aspx). -### Work with other admins - -Surface Hub interacts with a few different products and services. Depending on the size of your organization, there could be multiple people supporting different products in your environment. You'll want to include people who manage Exchange, Active Directory, Azure Actice Directory, mobile device maanagement (MDM), and network resources in your planning and prep for Surface Hub deployments. - -### Create and verify device account - -A device account is an account that Surface Hub uses in order to access features from Exchange, like email and calendar, and to enable Skype for Business. See [Create and test a device account](create-and-test-a-device-account-surface-hub.md) for details. - -After you've created your device account, there are a couple of ways to verify that the account. -- Run Surface Hub device account validation PowerShell scripts. For more information, see [Surface Hub device account scripts](https://gallery.technet.microsoft.com/scriptcenter/Surface-Hub-device-account-6db77696) in Script Center, or [PowerShell scripts for Surface Hub](appendix-a-powershell-scipts-for-surface-hub.md) later in this guide. -- Run the Lync Windows app from Windows Store. If Lync runs successfully, then Skype for Business will most likely run. - -### Check network resources - -In order to function properly, the Surface Hub must have access to a wired or wireless network that meets the same requirements as every other Skype for Business endpoint in your environment. Overall, a wired connection is preferred: - -- Access to your Active Directory or Azure Active Directory (Azure AD) instance, as well as your Microsoft Exchange and Skype for Business servers. -- Can receive an IP address using DHCP -- Open ports: - - HTTPS: 443 - - HTTP: 80 -- Access to additional ports are needed, depending on your environment: - - For online envionments, see [Office 365 IP URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). - - For on-premises istallations, see [Skype for Business Server: Ports and protocols for internal servers](https://technet.microsoft.com/library/gg398833.aspx). - -In order to improve your experience, we collect data. To collect data, we need these sites whitelisted: +Microsoft collects telemetry to help improve your Surface Hub experience. Add these sites to your allow list: - Telemetry client endpoint: https://vortex.data.microsoft.com/ - Telemetry settings endpoint: https://settings.data.microsoft.com/ -### Prepare for first-run program + +## Work with other admins + +Surface Hub interacts with a few different products and services. Depending on the size of your organization, there could be multiple people supporting different products in your environment. You'll want to include people who manage Exchange, Active Directory (or Azure Active Directory), mobile device management (MDM), and network resources in your planning and prep for Surface Hub deployments. + + +## Create and verify device account + +A device account is an Exchange resource account that Surface Hub uses to display its meeting calendar, join Skype for Business calls, and send email. See [Create and test a device account](create-and-test-a-device-account-surface-hub.md) for details. + +After you've created your device account, there are a couple of ways to verify that it's setup correctly. +- Run Surface Hub device account validation PowerShell scripts. For more information, see [Surface Hub device account scripts](https://gallery.technet.microsoft.com/scriptcenter/Surface-Hub-device-account-6db77696) in Script Center, or [PowerShell scripts for Surface Hub](appendix-a-powershell-scipts-for-surface-hub.md) later in this guide. +- Use the account with the [Lync Windows Store app](https://www.microsoft.com/en-us/store/p/lync/9wzdncrfhvhm). If Lync signs in successfully, then the device account will most likely work with Skype for Business on Surface Hub. + + +## Prepare for first-run program There are a few more item to consider before you start the [first-run program](first-run-program-surface-hub.md). -**Create provisioning packages** (optional) - Your Surface Hub may require certificates for ActiveSync, Skype for Business, network usage, or other authentication. To install certificates, you can either create a provisioning package (in order to install at first run, or after first run in Settings), or deploy them through a mobile device management (MDM) solution (after first run only). +**Create provisioning packages** (optional) - Use provisioning packages to add certificates, customize settings and install apps. See [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md) for details. You can [install provisioning packages at first-run](first-run-program-surface-hub.md#first-page). -Currently, Surface Hub can use provisioning packages only to install certificates and to install Universal Windows Platform (UWP) apps. See [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md) for details. To install them using MDM, see the documentation for your MDM provider. You can also use provisioning to sideload apps that don't come from the Windows Store or Windows Store for Business. - -**Manage admin groups** - Every Surface Hub can be configured individually by opening the Settings app on the device. To prevent people who are not administrators from changing settings, the Settings app requires local administrator credentials to open the app and change settings. See [Admin group management](admin-group-management-for-surface-hub.md) for details on how admin groups are set up and managed. - -During first run, you will [set up admins for the device](first-run-program-surface-hub.md#setup-admins)). +**Setup admin groups** - Every Surface Hub can be configured locally using the Settings app on the device. To prevent unauthorized users from changing settings, the Settings app requires admin credentials to open the app. See [Admin group management](admin-group-management-for-surface-hub.md) for details on how admin groups are set up and managed. You will [set up admins for the device at first run](first-run-program-surface-hub.md#setup-admins)). **Review and complete Surface Hub setup worksheet** (optional) -When you complete the first-run program for your Surface Hub, there is some information that you'll need to supply. The setup worksheet summarizes that info, and provides lists of environment-specific info that you'll need when you complete the first-run program. For more information, see [Setup worksheet](setup-worksheet-surface-hub.md). +When you go through the first-run program for your Surface Hub, there's some information that you'll need to supply. The setup worksheet summarizes that info, and provides lists of environment-specific info that you'll need when you go through the first-run program. For more information, see [Setup worksheet](setup-worksheet-surface-hub.md). + ## In this section From 47a60796907de015c9431f197b5e727254eb1d55 Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Wed, 21 Sep 2016 14:42:18 -0700 Subject: [PATCH 08/19] updates to prep and intro topic --- devices/surface-hub/intro-to-surface-hub.md | 53 ------------------- ...repare-your-environment-for-surface-hub.md | 14 ++--- .../setup-worksheet-surface-hub.md | 2 +- 3 files changed, 9 insertions(+), 60 deletions(-) diff --git a/devices/surface-hub/intro-to-surface-hub.md b/devices/surface-hub/intro-to-surface-hub.md index 212b001d82..eb48a1fb78 100644 --- a/devices/surface-hub/intro-to-surface-hub.md +++ b/devices/surface-hub/intro-to-surface-hub.md @@ -15,62 +15,9 @@ localizationpriority: medium Microsoft Surface Hub is an all-in-one productivity device that is intended for brainstorming, collaboration, and presentations. In order to get the maximum benefit from Surface Hub, your organization’s infrastructure and the Surface Hub itself must be properly set up and integrated. This guide describes what needs to be done both before and during setup in order to help you optimize your use of the device. - -## Surface Hub features and interactions with other services - -The capabilities of your Surface Hub will depend on what other Microsoft products and technologies are available to it in your infrastructure. The products listed in the following table each support specific features in Surface Hub. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ScenarioRequirement

One-touch meeting join, meetings calendar, and email (for example, sending whiteboards)

Device account with Microsoft Exchange 2013 or later, or Exchange Online and a network connection to where the account is hosted.

Meetings using Skype for Business

Device account with Skype for Business (Lync Server 2013 or later) or Skype for Business Online, and a network connection so the account can be accessed.

Web browsing through Microsoft Edge

Internet connectivity.

Remote and multi-device management

Supported mobile device management (MDM) solutions (Microsoft Intune, System Center 2012 R2 Configuration Manager, or supported third-party solution).

Group-based local management (directory of employees who can manage a device)

Active Directory or Azure Active Directory (Azure AD).

Universal Windows app installation

Windows Imaging and Configuration Designer (ICD) or supported MDM solutions (Intune, Configuration Manager, or supported third-party solution).

OS updates

Internet connectivity or Windows Server Update Services (WSUS).

Device monitoring and health

Microsoft Operations Management Suite (OMS).

-   You’ll need to understand how each of these services interacts with Surface Hub. See [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md) for details. - ## Surface Hub setup process In some ways, adding your new Surface Hub is just like adding any other Microsoft Windows-based device to your network. However, in order to get your Surface Hub up and running at its full capacity, there are some very specific requirements. Here are the next topics you'll need: diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md index ef33102a3f..1be646ae79 100644 --- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md +++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md @@ -38,8 +38,8 @@ Depending on your environment, access to additional ports may be needed: - For on-premises installations, see [Skype for Business Server: Ports and protocols for internal servers](https://technet.microsoft.com/library/gg398833.aspx). Microsoft collects telemetry to help improve your Surface Hub experience. Add these sites to your allow list: -- Telemetry client endpoint: https://vortex.data.microsoft.com/ -- Telemetry settings endpoint: https://settings.data.microsoft.com/ +- Telemetry client endpoint: `https://vortex.data.microsoft.com/` +- Telemetry settings endpoint: `https://settings.data.microsoft.com/` ## Work with other admins @@ -56,14 +56,16 @@ After you've created your device account, there are a couple of ways to verify t - Use the account with the [Lync Windows Store app](https://www.microsoft.com/en-us/store/p/lync/9wzdncrfhvhm). If Lync signs in successfully, then the device account will most likely work with Skype for Business on Surface Hub. -## Prepare for first-run program +## Prepare for first-run program There are a few more item to consider before you start the [first-run program](first-run-program-surface-hub.md). -**Create provisioning packages** (optional) - Use provisioning packages to add certificates, customize settings and install apps. See [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md) for details. You can [install provisioning packages at first-run](first-run-program-surface-hub.md#first-page). +### Create provisioning packages (optional) +You can use provisioning packages to add certificates, customize settings and install apps. See [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md) for details. You can [install provisioning packages at first-run](first-run-program-surface-hub.md#first-page). -**Setup admin groups** - Every Surface Hub can be configured locally using the Settings app on the device. To prevent unauthorized users from changing settings, the Settings app requires admin credentials to open the app. See [Admin group management](admin-group-management-for-surface-hub.md) for details on how admin groups are set up and managed. You will [set up admins for the device at first run](first-run-program-surface-hub.md#setup-admins)). +### Set up admin groups +Every Surface Hub can be configured locally using the Settings app on the device. To prevent unauthorized users from changing settings, the Settings app requires admin credentials to open the app. See [Admin group management](admin-group-management-for-surface-hub.md) for details on how admin groups are set up and managed. You will [set up admins for the device at first run](first-run-program-surface-hub.md#setup-admins)). -**Review and complete Surface Hub setup worksheet** (optional) +### Review and complete Surface Hub setup worksheet** (optional) When you go through the first-run program for your Surface Hub, there's some information that you'll need to supply. The setup worksheet summarizes that info, and provides lists of environment-specific info that you'll need when you go through the first-run program. For more information, see [Setup worksheet](setup-worksheet-surface-hub.md). diff --git a/devices/surface-hub/setup-worksheet-surface-hub.md b/devices/surface-hub/setup-worksheet-surface-hub.md index 49b0f51d45..a77cf5850f 100644 --- a/devices/surface-hub/setup-worksheet-surface-hub.md +++ b/devices/surface-hub/setup-worksheet-surface-hub.md @@ -33,7 +33,7 @@ You should fill out one list for each Surface Hub you need to configure, althoug

If your network uses a proxy for network and/or Internet access, you must provide a script or server/port information.

-

Proxy script: http://contoso/proxy.pa
+

Proxy script: http://contoso/proxy.pa
- OR -
Server and port info: 10.10.10.100, port 80

From 60e771f2b9ecee958f1b37fd024c4887f6821177 Mon Sep 17 00:00:00 2001 From: isaiahng Date: Wed, 21 Sep 2016 15:47:05 -0700 Subject: [PATCH 09/19] Update prepare-your-environment-for-surface-hub.md --- devices/surface-hub/prepare-your-environment-for-surface-hub.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md index 1be646ae79..1e0440958f 100644 --- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md +++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md @@ -65,7 +65,7 @@ You can use provisioning packages to add certificates, customize settings and in ### Set up admin groups Every Surface Hub can be configured locally using the Settings app on the device. To prevent unauthorized users from changing settings, the Settings app requires admin credentials to open the app. See [Admin group management](admin-group-management-for-surface-hub.md) for details on how admin groups are set up and managed. You will [set up admins for the device at first run](first-run-program-surface-hub.md#setup-admins)). -### Review and complete Surface Hub setup worksheet** (optional) +### Review and complete Surface Hub setup worksheet (optional) When you go through the first-run program for your Surface Hub, there's some information that you'll need to supply. The setup worksheet summarizes that info, and provides lists of environment-specific info that you'll need when you go through the first-run program. For more information, see [Setup worksheet](setup-worksheet-surface-hub.md). From 3ee6215071b3f90c0cd379084005492f6c29bfa7 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Thu, 22 Sep 2016 07:07:17 -0700 Subject: [PATCH 10/19] Changed proxy reference from 137 to 443 --- windows/keep-secure/create-wip-policy-using-intune.md | 2 +- windows/keep-secure/create-wip-policy-using-sccm.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/keep-secure/create-wip-policy-using-intune.md b/windows/keep-secure/create-wip-policy-using-intune.md index 7a107e086c..0b829ac6ce 100644 --- a/windows/keep-secure/create-wip-policy-using-intune.md +++ b/windows/keep-secure/create-wip-policy-using-intune.md @@ -380,7 +380,7 @@ There are no default locations included with WIP, you must add each of your netw Enterprise Proxy Servers - proxy.contoso.com:80;proxy2.contoso.com:137 + proxy.contoso.com:80;proxy2.contoso.com:443 Specify your externally-facing proxy server addresses, along with the port through which traffic is allowed and protected with WIP.

This list shouldn’t include any servers listed in the Enterprise Internal Proxy Servers list, which are used for WIP-protected traffic.

This setting is also required if you use a proxy in your network. If you don't have a proxy server, you might find that enterprise resources are unavailable when a client is behind a proxy, such as when you’re visiting another company and not on that company’s guest network.

If you have multiple resources, you must separate them using the ";" delimiter. diff --git a/windows/keep-secure/create-wip-policy-using-sccm.md b/windows/keep-secure/create-wip-policy-using-sccm.md index c66c433c22..ef5f223a2c 100644 --- a/windows/keep-secure/create-wip-policy-using-sccm.md +++ b/windows/keep-secure/create-wip-policy-using-sccm.md @@ -401,7 +401,7 @@ There are no default locations included with WIP, you must add each of your netw Enterprise Proxy Servers - proxy.contoso.com:80;proxy2.contoso.com:137 + proxy.contoso.com:80;proxy2.contoso.com:443 Specify your externally-facing proxy server addresses, along with the port through which traffic is allowed and protected with WIP.

This list shouldn’t include any servers listed in the Enterprise Internal Proxy Servers list, which are used for WIP-protected traffic.

This setting is also required if you use a proxy in your network. If you don't have a proxy server, you might find that enterprise resources are unavailable when a client is behind a proxy, such as when you’re visiting another company and not on that company’s guest network.

If you have multiple resources, you must separate them using the ";" delimiter. From 71526b64627469f9572760f9dbfecd6f64658bec Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Thu, 22 Sep 2016 07:44:09 -0700 Subject: [PATCH 11/19] update new parent topics --- devices/surface/deploy.md | 13 ++++++- devices/surface/index.md | 4 +-- .../surface/manage-surface-uefi-settings.md | 7 +++- .../surface-enterprise-management-mode.md | 34 +++++++++++++------ devices/surface/update.md | 12 +++++-- 5 files changed, 53 insertions(+), 17 deletions(-) diff --git a/devices/surface/deploy.md b/devices/surface/deploy.md index 7fe0c9a38e..517aca2f0b 100644 --- a/devices/surface/deploy.md +++ b/devices/surface/deploy.md @@ -1,6 +1,6 @@ --- title: Deploy Surface devices (Surface) -description: +description: Get deployment guidance for your Surface devices including information about MDT, OOBE customization, Ethernet adaptors, and Surface Deployment Accelerator. ms.prod: w10 ms.mktglfcycl: manage ms.pagetype: surface, devices @@ -10,6 +10,17 @@ author: heatherpoulsen # Deploy Surface devices +Get deployment guidance for your Surface devices including information about MDT, OOBE customization, Ethernet adaptors, and Surface Deployment Accelerator. + +## In this section + +| Topic | Description | +| --- | --- | +| [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md) | Walk through the recommended process of how to deploy Windows 10 to your Surface devices with the Microsoft Deployment Toolkit.| +| [Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md)| Find out how to perform a Windows 10 upgrade deployment to your Surface devices. | +| [Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md)| Walk through the process of customizing the Surface out-of-box experience for end users in your organization.| +| [Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md)| Get guidance and answers to help you perform a network deployment to Surface devices.| +| [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)| See how Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices. | diff --git a/devices/surface/index.md b/devices/surface/index.md index e163db015d..39305ac4af 100644 --- a/devices/surface/index.md +++ b/devices/surface/index.md @@ -20,8 +20,8 @@ For more information on planning for, deploying, and managing Surface devices in | Topic | Description | | --- | --- | -| [Deploy Surface devices](deploy.md) | tba | -| [Surface firmware and driver updates](update.md) | tba | +| [Deploy Surface devices](deploy.md) | Get deployment guidance for your Surface devices including information about MDT, OOBE customization, Ethernet adaptors, and Surface Deployment Accelerator. | +| [Surface firmware and driver updates](update.md) | Find out how to download and manage the latest firmware and driver updates for your Surface device. | | [Deploy Surface app with Windows Store for Business](deploy-surface-app-with-windows-store-for-business.md) | Find out how to add and download Surface app with Windows Store for Business, as well as install Surface app with PowerShell and MDT. | | [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md) | Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device. | | [Manage Surface UEFI settings](manage-surface-uefi-settings.md) | Use Surface UEFI settings to enable or disable devices, configure security settings, and adjust Surface device boot settings. | diff --git a/devices/surface/manage-surface-uefi-settings.md b/devices/surface/manage-surface-uefi-settings.md index 246334a4d4..a34215254f 100644 --- a/devices/surface/manage-surface-uefi-settings.md +++ b/devices/surface/manage-surface-uefi-settings.md @@ -14,7 +14,8 @@ author: miladCA Current and future generations of Surface devices, including Surface Pro 4 and Surface Book, use a unique UEFI firmware engineered by Microsoft specifically for these devices. This firmware allows for significantly greater control of the device’s operation over firmware versions in earlier generation Surface devices, including the support for touch, mouse, and keyboard operation. By using the Surface UEFI settings you can easily enable or disable internal devices or components, configure security to protect UEFI settings from being changed, and adjust the Surface device boot settings. ->**Note:**  Surface Pro 3, Surface 3, Surface Pro 2, Surface 2, Surface Pro, and Surface do not use the Surface UEFI and instead use firmware provided by third-party manufacturers, such as AMI. +>[!NOTE] +>Surface Pro 3, Surface 3, Surface Pro 2, Surface 2, Surface Pro, and Surface do not use the Surface UEFI and instead use firmware provided by third-party manufacturers, such as AMI. You can enter the Surface UEFI settings on your Surface device by pressing the **Volume Up** button and the **Power** button simultaneously. Hold the **Volume Up** button until the Surface logo is displayed, which indicates that the device has begun to boot. @@ -137,3 +138,7 @@ Use the **Restart Now** button on the **Exit** page to exit UEFI settings, as sh ![Exit Surface UEFI and restart the device](images/manage-surface-uefi-fig8.png "Exit Surface UEFI and restart the device") *Figure 8. Click Restart Now to exit Surface UEFI and restart the device* + +## Related topics + +[Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md) \ No newline at end of file diff --git a/devices/surface/surface-enterprise-management-mode.md b/devices/surface/surface-enterprise-management-mode.md index 981d6dae06..3361d3002c 100644 --- a/devices/surface/surface-enterprise-management-mode.md +++ b/devices/surface/surface-enterprise-management-mode.md @@ -13,7 +13,8 @@ author: jobotto Microsoft Surface Enterprise Management Mode (SEMM) is a feature of Surface devices with Surface UEFI that allows you to secure and manage firmware settings within your organization. With SEMM, IT professionals can prepare configurations of UEFI settings and install them on a Surface device. In addition to the ability to configure UEFI settings, SEMM also uses a certificate to protect the configuration from unauthorized tampering or removal. ->**Note**:  SEMM is only available on devices with Surface UEFI firmware, such as Surface Pro 4 and Surface Book. For more information about Surface UEFI, see [Manage Surface UEFI Settings](https://technet.microsoft.com/en-us/itpro/surface/manage-surface-uefi-settings). +>[!NOTE] +>SEMM is only available on devices with Surface UEFI firmware, such as Surface Pro 4 and Surface Book. For more information about Surface UEFI, see [Manage Surface UEFI Settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings). When Surface devices are configured by SEMM and secured with the SEMM certificate, they are considered *enrolled* in SEMM. When the SEMM certificate is removed and control of UEFI settings is returned to the user of the device, the Surface device is considered *unenrolled* in SEMM. @@ -25,7 +26,8 @@ The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown i *Figure 1. Microsoft Surface UEFI Configurator* ->**Note**:  Windows 10 is required to run Microsoft Surface UEFI Configurator +>[!NOTE] +>Windows 10 is required to run Microsoft Surface UEFI Configurator You can use the Microsoft Surface UEFI Configurator tool in three modes: @@ -36,7 +38,7 @@ You can use the Microsoft Surface UEFI Configurator tool in three modes: #### Download Microsoft Surface UEFI Configurator -You can download Microsoft Surface UEFI Configurator from the [Surface Tools for IT](https://www.microsoft.com/en-us/download/details.aspx?id=46703) page in the Microsoft Download Center. +You can download Microsoft Surface UEFI Configurator from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page in the Microsoft Download Center. ### Configuration package @@ -48,7 +50,8 @@ Surface UEFI configuration packages are the primary mechanism to implement and m See the [Surface Enterprise Management Mode certificate requirements](#surface-enterprise-management-mode-certificate-requirements) section of this article for more information about the requirements for the SEMM certificate. ->**Note**:  You can also specify a UEFI password with SEMM that is required to view the **Security**, **Devices**, **Boot Configuration**, or **Enterprise Management** pages of Surface UEFI. +>[!NOTE] +>You can also specify a UEFI password with SEMM that is required to view the **Security**, **Devices**, **Boot Configuration**, or **Enterprise Management** pages of Surface UEFI. After a device is enrolled in SEMM, the configuration file is read and the settings specified in the file are applied to UEFI. When you run a configuration package on a device that is already enrolled in SEMM, the signature of the configuration file is checked against the certificate that is stored in the device firmware. If the signature does not match, no changes are applied to the device. @@ -85,7 +88,8 @@ You can configure the following advanced settings with SEMM: * Display of the Surface UEFI **Devices** page * Display of the Surface UEFI **Boot** page ->**Note**:  When you create a SEMM configuration package, two characters are shown on the **Successful** page, as shown in Figure 5. +>[!NOTE] +>When you create a SEMM configuration package, two characters are shown on the **Successful** page, as shown in Figure 5. ![Certificate thumbprint display](images\surface-ent-mgmt-fig5-success.png "Certificate thumbprint display") @@ -113,11 +117,13 @@ In some scenarios, it may be impossible to use a Surface UEFI reset package. (Fo When you use the process on the **Enterprise Management** page to reset SEMM on a Surface device, you are provided with a Reset Request. This Reset Request can be saved as a file to a USB drive, copied as text, or read as a QR Code with a mobile device to be easily emailed or messaged. Use the Microsoft Surface UEFI Configurator Reset Request option to load a Reset Request file or enter the Reset Request text or QR Code. Microsoft Surface UEFI Configurator will generate a verification code that can be entered on the Surface device. If you enter the code on the Surface device and click **Restart**, the device will be unenrolled from SEMM. ->**Note**:  A Reset Request expires two hours after it is created. +>[!NOTE] +>A Reset Request expires two hours after it is created. ## Surface Enterprise Management Mode certificate requirements ->**Note**:  The SEMM certificate is required to perform any modification to SEMM or Surface UEFI settings on enrolled Surface devices. If the SEMM certificate is corrupted or lost, SEMM cannot be removed or reset. Manage your SEMM certificate accordingly with an appropriate solution for backup and recovery. +>[!NOTE] +>The SEMM certificate is required to perform any modification to SEMM or Surface UEFI settings on enrolled Surface devices. If the SEMM certificate is corrupted or lost, SEMM cannot be removed or reset. Manage your SEMM certificate accordingly with an appropriate solution for backup and recovery. Packages created with the Microsoft Surface UEFI Configurator tool are signed with a certificate. This certificate ensures that after a device is enrolled in SEMM, only packages created with the approved certificate can be used to modify the settings of UEFI. The following settings are recommended for the SEMM certificate: @@ -132,8 +138,9 @@ Packages created with the Microsoft Surface UEFI Configurator tool are signed wi It is also recommended that the SEMM certificate be authenticated in a two-tier public key infrastructure (PKI) architecture where the intermediate certification authority (CA) is dedicated to SEMM, enabling certificate revocation. For more information about a two-tier PKI configuration, see [Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy](https://technet.microsoft.com/library/hh831348). ->**Note**:  You can use the following PowerShell script to create a self-signed certificate for use in proof-of-concept scenarios. - To use this script, copy the following text into Notepad and save the file as a PowerShell script (.ps1). This script creates a certificate with a password of `12345678`.

The certificate generated by this script is not recommended for production environments. +>[!NOTE] +>You can use the following PowerShell script to create a self-signed certificate for use in proof-of-concept scenarios. + > To use this script, copy the following text into Notepad and save the file as a PowerShell script (.ps1). This script creates a certificate with a password of `12345678`.

The certificate generated by this script is not recommended for production environments. ``` if (-not (Test-Path "Demo Certificate")) { New-Item -ItemType Directory -Force -Path "Demo Certificate" } @@ -160,4 +167,11 @@ $TestUefiV2 | Export-PfxCertificate -Password $pw -FilePath "Demo Certificate\Te For use with SEMM and Microsoft Surface UEFI Configurator, the certificate must be exported with the private key and with password protection. Microsoft Surface UEFI Configurator will prompt you to select the SEMM certificate file (.pfx) and certificate password when it is required. ->**Note**:  For organizations that use an offline root in their PKI infrastructure, Microsoft Surface UEFI Configurator must be run in an environment connected to the root CA to authenticate the SEMM certificate. The packages generated by Microsoft Surface UEFI Configurator can be transferred as files and therefore can be transferred outside the offline network environment with removable storage, such as a USB stick. +>[!NOTE] +>For organizations that use an offline root in their PKI infrastructure, Microsoft Surface UEFI Configurator must be run in an environment connected to the root CA to authenticate the SEMM certificate. The packages generated by Microsoft Surface UEFI Configurator can be transferred as files and therefore can be transferred outside the offline network environment with removable storage, such as a USB stick. + +## Related topics + +[Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md) + +[Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md) \ No newline at end of file diff --git a/devices/surface/update.md b/devices/surface/update.md index 1852692c3e..3e00c77e71 100644 --- a/devices/surface/update.md +++ b/devices/surface/update.md @@ -1,6 +1,6 @@ --- title: Surface firmware and driver updates (Surface) -description: +description: Find out how to download and manage the latest firmware and driver updates for your Surface device. ms.prod: w10 ms.mktglfcycl: manage ms.pagetype: surface, devices @@ -10,14 +10,20 @@ author: heatherpoulsen # Surface firmware and driver updates +Find out how to download and manage the latest firmware and driver updates for your Surface device. +## In this section - +| Topic | Description | +| --- | --- | +| [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)| Get a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.| +| [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)| Explore the available options to manage firmware and driver updates for Surface devices.| +| [Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md)| Read about the different methods you can use to manage the process of Surface Dock firmware updates.| +| [Surface Dock Updater](surface-dock-updater.md)| Get a detailed walkthrough of Microsoft Surface Dock Updater.|   ## Related topics - [Surface TechCenter](https://technet.microsoft.com/windows/surface) [Surface for IT pros blog](http://blogs.technet.com/b/surface/) From c39cef9c635378c667ac335d173867a89748b63a Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Thu, 22 Sep 2016 07:56:19 -0700 Subject: [PATCH 12/19] add child links --- devices/surface/microsoft-surface-deployment-accelerator.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/devices/surface/microsoft-surface-deployment-accelerator.md b/devices/surface/microsoft-surface-deployment-accelerator.md index 169358ad9a..9c4d792a9d 100644 --- a/devices/surface/microsoft-surface-deployment-accelerator.md +++ b/devices/surface/microsoft-surface-deployment-accelerator.md @@ -115,6 +115,10 @@ This version is the original release of SDA. This version of SDA includes suppor * Windows 8.1 - +## Related topics + +[Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md) + +[Using the Surface Deployment Accelerator deployment share](using-the-sda-deployment-share.md) From 9dc17a174aad221c380d0b06d1bbac83cb59f096 Mon Sep 17 00:00:00 2001 From: Seth Moore Date: Thu, 22 Sep 2016 08:26:49 -0700 Subject: [PATCH 13/19] Make protocol limitations more explicit Previously, the doc incorrectly stated some things were not allowed at all. These are allowed, just not with sign-on credentials. --- windows/keep-secure/credential-guard.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/keep-secure/credential-guard.md b/windows/keep-secure/credential-guard.md index 55180bcbe5..068f9e099f 100644 --- a/windows/keep-secure/credential-guard.md +++ b/windows/keep-secure/credential-guard.md @@ -30,7 +30,9 @@ Credential Guard isolates secrets that previous versions of Windows stored in th For security reasons, the isolated LSA process doesn't host any device drivers. Instead, it only hosts a small subset of operating system binaries that are needed for security and nothing else. All of these binaries are signed with a certificate that is trusted by virtualization-based security and these signatures are validated before launching the file in the protected environment. -Credential Guard also does not allow unconstrained Kerberos delegation, NTLMv1, MS-CHAPv2, Digest, CredSSP, and Kerberos DES encryption. +Credential Guard prevents NTLMv1, MS-CHAPv2, Digest, and CredSSP from using sign-on credentials. Thus, single sign-on does not work with these protocols. However, Credential guard allows these protocols to be used with prompted credentials or those saved in Credential Manager. It is strongly recommended that valuable credentials, such as the sign-on credentials, not be used with any of these protocols. If these protocols must be used by domain users, secondary credentials should be provisioned for these use cases. + +Credential Guard does not allow unconstrained Kerberos delegation or Kerberos DES encryption at all. Neither sign-on nor prompted/saved credentials may be used. Here's a high-level overview on how the LSA is isolated by using virtualization-based security: From a4e2e856ca23be8f2214945c33fc0074147a2e87 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Thu, 22 Sep 2016 09:01:34 -0700 Subject: [PATCH 14/19] correct paths for 4 policies --- .../windows/set-up-school-pcs-technical.md | 21 ++++++++++++------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md index 6fdf7e3da3..4b9241bd11 100644 --- a/education/windows/set-up-school-pcs-technical.md +++ b/education/windows/set-up-school-pcs-technical.md @@ -193,14 +193,6 @@ The **Set up School PCs** app produces a specialized provisioning package that m

Admin Templates>Windows Components

-

Do not show Windows Tips

Enabled

- -

Turn off Microsoft consumer experiences

Enabled

- -

Microsoft Passport for Work

Disabled

- -

Prevent the usage of OneDrive for file storage

Enabled

-

Admin Templates>Windows Components>Biometrics

Allow the use of biometrics

Disabled

@@ -209,6 +201,11 @@ The **Set up School PCs** app produces a specialized provisioning package that m

Allow domain users to log on using biometrics

Disabled

+Admin Templates>Windows Components>Cloud Content +

Do not show Windows Tips

Enabled

+ +

Turn off Microsoft consumer experiences

Enabled

+

Admin Templates>Windows Components>Data Collection and Preview Builds

Toggle user control over Insider builds

Disabled

@@ -235,10 +232,18 @@ The **Set up School PCs** app produces a specialized provisioning package that m

Configure corporate home pages

Enabled, about:blank

+

Admin Templates > Windows Components > OneDrive

+ +

Prevent the usage of OneDrive for file storage

Enabled

+

Admin Templates > Windows Components > Search

Allow Cortana

Disabled

+

Admin Templates > Windows Components > Windows Hello for Business

+ +

Use Windows Hello for Business

Disabled

+

Windows Settings > Security Settings > Local Policies > Security Options

Accounts: Block Microsoft accounts

**Note** Microsoft accounts can still be used in apps.

Enabled

From 7e032436e2dc83835eef46b9182c38dd959b1319 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Thu, 22 Sep 2016 09:02:28 -0700 Subject: [PATCH 15/19] Removed Azure AD reference --- windows/manage/manage-cortana-in-enterprise.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/manage/manage-cortana-in-enterprise.md b/windows/manage/manage-cortana-in-enterprise.md index 36b77add2e..ff1aec9da2 100644 --- a/windows/manage/manage-cortana-in-enterprise.md +++ b/windows/manage/manage-cortana-in-enterprise.md @@ -56,7 +56,7 @@ Set up and manage Cortana by using the following Group Policy and mobile device |Computer Configuration\Administrative Templates\Windows Components\Search\AllowCortanaAboveLock |AboveLock/AllowCortanaAboveLock |Specifies whether an employee can interact with Cortana using voice commands when the system is locked.

**Note**
This setting only applies to Windows 10 for desktop devices. | |Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Allow input personalization |Privacy/AllowInputPersonalization |Specifies whether an employee can use voice commands with Cortana in the enterprise.

**In Windows 10, version 1511**
Cortana won’t work if this setting is turned off (disabled).

**In Windows 10, version 1607 and later**
Cortana still works if this setting is turned off (disabled). | |None |System/AllowLocation |Specifies whether to allow app access to the Location service.

**In Windows 10, version 1511**
Cortana won’t work if this setting is turned off (disabled).

**In Windows 10, version 1607 and later**
Cortana still works if this setting is turned off (disabled). | -|None |Accounts/AllowMicrosoftAccountConnection |Specifies whether to allow employees to sign in using a Microsoft account (MSA) from Windows apps.

Use this setting if you only want to support Azure AD in your organization. | +|None |Accounts/AllowMicrosoftAccountConnection |Specifies whether to allow employees to sign in using a Microsoft account (MSA) from Windows apps. | |Computer Configuration\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location |Search/AllowSearchToUseLocation |Specifies whether Cortana can use your current location during searches and for location reminders. | |Computer Configuration\Administrative Templates\Windows Components\Search\Set the SafeSearch setting for Search |Search/SafeSearchPermissions |Specifies what level of safe search (filtering adult content) is required.

**Note**
This setting only applies to Windows 10 Mobile. | |User Configuration\Administrative Templates\Windows Components\File Explorer\Turn off display of recent search entries in the File Explorer search box |None |Specifies whether the search box can suggest recent queries and prevent entries from being stored in the registry for future reference. | From 240f2c57dca0f0ebc8d8941e705d4cf78e64ae1d Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Thu, 22 Sep 2016 09:06:13 -0700 Subject: [PATCH 16/19] removed extra ) --- devices/surface-hub/prepare-your-environment-for-surface-hub.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md index 1e0440958f..7008921d95 100644 --- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md +++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md @@ -63,7 +63,7 @@ There are a few more item to consider before you start the [first-run program](f You can use provisioning packages to add certificates, customize settings and install apps. See [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md) for details. You can [install provisioning packages at first-run](first-run-program-surface-hub.md#first-page). ### Set up admin groups -Every Surface Hub can be configured locally using the Settings app on the device. To prevent unauthorized users from changing settings, the Settings app requires admin credentials to open the app. See [Admin group management](admin-group-management-for-surface-hub.md) for details on how admin groups are set up and managed. You will [set up admins for the device at first run](first-run-program-surface-hub.md#setup-admins)). +Every Surface Hub can be configured locally using the Settings app on the device. To prevent unauthorized users from changing settings, the Settings app requires admin credentials to open the app. See [Admin group management](admin-group-management-for-surface-hub.md) for details on how admin groups are set up and managed. You will [set up admins for the device at first run](first-run-program-surface-hub.md#setup-admins). ### Review and complete Surface Hub setup worksheet (optional) When you go through the first-run program for your Surface Hub, there's some information that you'll need to supply. The setup worksheet summarizes that info, and provides lists of environment-specific info that you'll need when you go through the first-run program. For more information, see [Setup worksheet](setup-worksheet-surface-hub.md). From c1b4c901aecddd485be14430b484c3a2297598d5 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Thu, 22 Sep 2016 09:07:04 -0700 Subject: [PATCH 17/19] typo in link causing build errors --- devices/surface-hub/prepare-your-environment-for-surface-hub.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md index 7008921d95..0872e5b054 100644 --- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md +++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md @@ -52,7 +52,7 @@ Surface Hub interacts with a few different products and services. Depending on t A device account is an Exchange resource account that Surface Hub uses to display its meeting calendar, join Skype for Business calls, and send email. See [Create and test a device account](create-and-test-a-device-account-surface-hub.md) for details. After you've created your device account, there are a couple of ways to verify that it's setup correctly. -- Run Surface Hub device account validation PowerShell scripts. For more information, see [Surface Hub device account scripts](https://gallery.technet.microsoft.com/scriptcenter/Surface-Hub-device-account-6db77696) in Script Center, or [PowerShell scripts for Surface Hub](appendix-a-powershell-scipts-for-surface-hub.md) later in this guide. +- Run Surface Hub device account validation PowerShell scripts. For more information, see [Surface Hub device account scripts](https://gallery.technet.microsoft.com/scriptcenter/Surface-Hub-device-account-6db77696) in Script Center, or [PowerShell scripts for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) later in this guide. - Use the account with the [Lync Windows Store app](https://www.microsoft.com/en-us/store/p/lync/9wzdncrfhvhm). If Lync signs in successfully, then the device account will most likely work with Skype for Business on Surface Hub. From a7082a06081020ae8c80c3a7571426d6c4145980 Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Thu, 22 Sep 2016 09:13:15 -0700 Subject: [PATCH 18/19] fixing link --- .../surface-hub/prepare-your-environment-for-surface-hub.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md index 1e0440958f..128c83e930 100644 --- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md +++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md @@ -52,8 +52,8 @@ Surface Hub interacts with a few different products and services. Depending on t A device account is an Exchange resource account that Surface Hub uses to display its meeting calendar, join Skype for Business calls, and send email. See [Create and test a device account](create-and-test-a-device-account-surface-hub.md) for details. After you've created your device account, there are a couple of ways to verify that it's setup correctly. -- Run Surface Hub device account validation PowerShell scripts. For more information, see [Surface Hub device account scripts](https://gallery.technet.microsoft.com/scriptcenter/Surface-Hub-device-account-6db77696) in Script Center, or [PowerShell scripts for Surface Hub](appendix-a-powershell-scipts-for-surface-hub.md) later in this guide. -- Use the account with the [Lync Windows Store app](https://www.microsoft.com/en-us/store/p/lync/9wzdncrfhvhm). If Lync signs in successfully, then the device account will most likely work with Skype for Business on Surface Hub. +- Run Surface Hub device account validation PowerShell scripts. For more information, see [Surface Hub device account scripts](https://gallery.technet.microsoft.com/scriptcenter/Surface-Hub-device-account-6db77696) in Script Center, or [PowerShell scripts for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) later in this guide. +- Use the account with the [Lync Windows Store app](https://www.microsoft.com/en-us/store/p/lync/9wzdncrfhvhm). If Lync signs in successfully, then the device account will most likely work with Skype for Business on Surface Hub. ## Prepare for first-run program From d51322ac578523a2e5b38a114f26020b6edcf501 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Thu, 22 Sep 2016 09:51:09 -0700 Subject: [PATCH 19/19] delete extra table row --- education/windows/set-up-school-pcs-technical.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md index 4b9241bd11..0eabc87c57 100644 --- a/education/windows/set-up-school-pcs-technical.md +++ b/education/windows/set-up-school-pcs-technical.md @@ -191,8 +191,6 @@ The **Set up School PCs** app produces a specialized provisioning package that m

Turn off the advertising ID

Enabled

-

Admin Templates>Windows Components

-

Admin Templates>Windows Components>Biometrics

Allow the use of biometrics

Disabled