mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-14 22:37:22 +00:00
network reqs draft1
This commit is contained in:
Greg Lindsay
parent
c5bb8c60d0
commit
bab1f7cb31
@ -45,75 +45,54 @@ Windows Autopilot depends on specific capabilities available in Windows 10, Azur
|
||||
|
||||
## Networking requirements
|
||||
|
||||
Windows Autopilot depends on a variety of internet-based services; access to these services must be provided for Autopilot to function properly. In the simplest case, enabling proper functionality can be achieved by ensuring the following:
|
||||
Windows Autopilot depends on a variety of internet-based services. Access to these services must be provided for Autopilot to function properly. In the simplest case, enabling proper functionality can be achieved by ensuring the following:
|
||||
|
||||
- Ensure DNS name resolution for internet DNS names
|
||||
- Allow access to all hosts via port 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP)
|
||||
|
||||
In environments that have more restrictive internet access, or for those that require authentication before internet access can be obtained, additional configuration may be required to whitelist access to the needed services. For additional details about each of these services and their specific requirements, review the following details:
|
||||
|
||||
- **Windows Autopilot Deployment Service (and Windows Activation).** After a network connection is in place, each Windows 10 device will contact the Windows Autopilot Deployment Service. With Windows 10 builds 18204 and above, the following URLs are used:
|
||||
In environments that have more restrictive Internet access, or for those that require authentication before internet access can be obtained, additional configuration may be required to whitelist access to the required services. For additional details about each of these services and their specific requirements, review the following details:
|
||||
|
||||
**Windows Autopilot Deployment Service (and Windows Activation)**: After a network connection is in place, each Windows 10 device will contact the Windows Autopilot Deployment Service. With Windows 10 builds 18204 and above, the following URLs are used:
|
||||
- https://ztd.dds.microsoft.com
|
||||
- https://cs.dds.microsoft.com
|
||||
|
||||
For all supported Windows 10 releases, Windows Autopilot also uses Windows Activation services. See the following link for details:
|
||||
For all supported Windows 10 releases, Windows Autopilot also uses Windows Activation services. See the following link for details about problems that might occur when you connect to the Internet through a proxy server: [Windows activation or validation fails with error code 0x8004FE33](https://support.microsoft.com/help/921471/windows-activation-or-validation-fails-with-error-code-0x8004fe33).
|
||||
|
||||
- <https://support.microsoft.com/help/921471/windows-activation-or-validation-fails-with-error-code-0x8004fe33>
|
||||
**Azure Active Directory**: User credentials are validated by Azure Active Directory, and the device can also be joined to Azure Active Directory. See [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2) for more information.
|
||||
|
||||
- **Azure Active Directory.** User credentials are validated by Azure Active Directory, then the device may also be joined to Azure Active Directory. See the following link for more information:
|
||||
**Intune**: Once authenticated, Azure Active Directory will trigger enrollment of the device into the Intune MDM service. See the following link for details about network communication requirements: [Intune network configuration requirements and bandwidth](https://docs.microsoft.com/intune/network-bandwidth-use#network-communication-requirements).
|
||||
|
||||
- <https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2>
|
||||
|
||||
- **Intune.** Once authenticated, Azure Active Directory will trigger the enrollment of the device into the Intune MDM service. See the following link for details:
|
||||
|
||||
- <https://docs.microsoft.com/intune/network-bandwidth-use> (Network communication requirements section)
|
||||
|
||||
- **Windows Update.** During the OOBE process, as well as after the Windows 10 OS is fully configured, the Windows Update service is leveraged to retrieve needed updates.
|
||||
|
||||
- <https://support.microsoft.com/help/818018/how-to-solve-connection-problems-concerning-windows-update-or-microsof>
|
||||
**Windows Update**: During the OOBE process, as well as after the Windows 10 OS is fully configured, the Windows Update service is leveraged to retrieve needed updates. If there are problems connecting to Windows Update, see [How to solve connection problems concerning Windows Update or Microsoft Update](https://support.microsoft.com/help/818018/how-to-solve-connection-problems-concerning-windows-update-or-microsof).
|
||||
|
||||
- NOTE: If Windows Update is inaccessible, the AutoPilot process will still continue.
|
||||
|
||||
- **Delivery Optimization.** When downloading Windows Updates, Microsoft Store apps and app updates, Office Updates and Intune Win32 Apps, the Delivery Optimization service is contacted to enable peer-to-peer sharing of content so that only a few devices need to download it from the internet.
|
||||
**Delivery Optimization**: When downloading Windows Updates, Microsoft Store apps and app updates, Office Updates and Intune Win32 Apps, the [Delivery Optimization](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization) service is contacted to enable peer-to-peer sharing of content so that only a few devices need to download it from the internet.
|
||||
|
||||
- <https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization>
|
||||
- NOTE: If the Delivery Optimization Service is inaccessible, the AutoPilot process will still continue with Delivery Optimization downloads from the cloud (without peer-to-peer).
|
||||
|
||||
- NOTE: If Delivery Optimization Service is inaccessible, the AutoPilot process will still continue with Delivery Optimization downloads from the cloud (without peer-to-peer).
|
||||
**Network Time Protocol (NTP) Sync**: When a Windows device starts up, it will talk to a network time server to ensure that the time on the device is accurate. Ensure that UDP port 123 to time.windows.com is accessible.
|
||||
|
||||
- **Network Time Protocol (NTP) Sync.** When a Windows device starts up, it will talk to a network time server to ensure that the time on the device is accurate.
|
||||
**Domain Name Services (DNS)**: To resolve DNS names for all services, the device communicates with a DNS server, typically provided via DHCP. This DNS server must be able to resolve internet names.
|
||||
|
||||
- Ensure that UDP port 123 to time.windows.com is accessible.
|
||||
|
||||
- **Domain Name Services (DNS).** To resolve DNS names for all services, the device communicates with a DNS server, typically provided via DHCP. This DNS server must be able to resolve internet names.
|
||||
|
||||
- **Diagnostics data.** To enable Windows Analytics and related diagnostics capabilities, see the following documentation:
|
||||
|
||||
- <https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization>
|
||||
**Diagnostics data**: To enable Windows Analytics and related diagnostics capabilities, see [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization).
|
||||
|
||||
- NOTE: If diagnostic data cannot be sent, the Autopilot process will still continue.
|
||||
|
||||
- **Network Connection Status Indicator (NCSI).** Windows must be able to tell that the device is able to access the internet.
|
||||
**Network Connection Status Indicator (NCSI)**: Windows must be able to tell that the device is able to access the internet. For more information, see [Network Connection Status Indicator (NCSI)](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1709-endpoints#network-connection-status-indicator-ncsi).
|
||||
|
||||
- <https://docs.microsoft.com/windows/configuration/manage-windows-endpoints-version-1709> (Network Connection Status Indicator section, [www.msftconnecttest.com](http://www.msftconnecttest.com) must be resolvable via DNS and accessible via HTTP)
|
||||
- [www.msftconnecttest.com](http://www.msftconnecttest.com) must be resolvable via DNS and accessible via HTTP)
|
||||
|
||||
- **Windows Notification Services (WNS).** This service is used to enable Windows to receive notifications from apps and services.
|
||||
|
||||
- <https://docs.microsoft.com/windows/configuration/manage-windows-endpoints-version-1709> (Microsoft store section)
|
||||
**Windows Notification Services (WNS)**: This service is used to enable Windows to receive notifications from apps and services. See [Microsoft Store](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-1809-endpoints#microsoft-store) for more information.
|
||||
|
||||
- NOTE: If the WNS services are not available, the Autopilot process will still continue.
|
||||
|
||||
- **Microsoft Store, Microsoft Store for Business.** Apps in the Microsoft Store can be pushed to the device, triggered via Intune (MDM). App updates and additional apps may also be needed when the user first logs in.
|
||||
|
||||
- <https://docs.microsoft.com/microsoft-store/prerequisites-microsoft-store-for-business> (also includes Azure AD and Windows Notification Services)
|
||||
**Microsoft Store, Microsoft Store for Business**: Apps in the Microsoft Store can be pushed to the device, triggered via Intune (MDM). App updates and additional apps may also be needed when the user first logs in. For more information, see [Prerequisites for Microsoft Store for Business and Education](https://docs.microsoft.com/microsoft-store/prerequisites-microsoft-store-for-business)(also includes Azure AD and Windows Notification Services).
|
||||
|
||||
- NOTE: If the Microsoft Store is not accessible, the AutoPilot process will still continue.
|
||||
|
||||
- **Office 365.** As part of the Intune device configuration, installation of Office 365 ProPlus may be required.
|
||||
**Office 365**: As part of the Intune device configuration, installation of Office 365 ProPlus may be required. For more information, see [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2)(includes all Office services, DNS names, IP addresses; includes Azure AD and other services that may overlap with those listed above).
|
||||
|
||||
- <https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2> (includes all Office services, DNS names, IP addresses; includes Azure AD and other services that may overlap with those listed above)
|
||||
|
||||
- **Certificate revocation lists (CRLs).** Some of these services will also need to check certificate revocation lists (CRLs) for certificates used in the services. A full list of these is documented in the Office documentation at <https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2#bkmk_crl> and <https://aka.ms/o365chains>.
|
||||
**Certificate revocation lists (CRLs)**: Some of these services will also need to check certificate revocation lists (CRLs) for certificates used in the services. A full list of these is documented at [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2#bkmk_crl) and [Office 365 Certificate Chains](https://aka.ms/o365chains).
|
||||
|
||||
|
||||
## Licensing requirements
|
||||
|
||||
@ -22,16 +22,15 @@ ms.topic: article
|
||||
|
||||
- Windows 10
|
||||
|
||||
Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. You can also use Windows Autopilot to reset, repurpose and recover devices.</br>
|
||||
This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
|
||||
Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. You can also use Windows Autopilot to reset, repurpose and recover devices. This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
|
||||
|
||||
Windows Autopilot is designed to simplify all parts of the lifecycle of Windows devices, for both IT and end users, from initial deployment through the eventual end of life. Leveraging cloud-based services, it can reduce the overall costs for deploying, managing, and retiring devices by reducing the amount of time that IT needs to spend on these processes and the amount of infrastructure that they need to maintain, while ensuring ease of use for all types of end users.
|
||||
Windows Autopilot is designed to simplify all parts of the lifecycle of Windows devices, for both IT and end users, from initial deployment through the eventual end of life. Leveraging cloud-based services, it can reduce the overall costs for deploying, managing, and retiring devices by reducing the amount of time that IT needs to spend on these processes and the amount of infrastructure that they need to maintain, while ensuring ease of use for all types of end users. See the following diagram:
|
||||
|
||||
<img src="images/image1.png">
|
||||
|
||||
When initially deploying new Windows devices, Windows Autopilot leverages the OEM-optimized version of Windows 10 that is preinstalled on the device, saving organizations the effort of having to maintain custom images as well as drivers for every model of device being used. Instead of re-imaging the device, that existing Windows 10 installation can be transformed into a “business-ready” state, applying settings and policies, installing apps, and even changing the edition of Windows 10 being used (e.g. from Windows 10 Pro to Windows 10 Enterprise, to support advanced features).
|
||||
When initially deploying new Windows devices, Windows Autopilot leverages the OEM-optimized version of Windows 10 that is preinstalled on the device, saving organizations the effort of having to maintain custom images and drivers for every model of device being used. Instead of re-imaging the device, your existing Windows 10 installation can be transformed into a “business-ready” state, applying settings and policies, installing apps, and even changing the edition of Windows 10 being used (e.g. from Windows 10 Pro to Windows 10 Enterprise) to support advanced features.
|
||||
|
||||
Once deployed, Windows 10 devices can be managed by tools such as Microsoft Intune, Windows Update for Business, System Center Configuration Manager, and other similar tools. Windows Autopilot can help with device re-purposing scenarios, leveraging Windows Autopilot Reset to quickly prepare a device for a new user, as well as in break/fix scenarios to enable a device to quickly be brought back to a business-ready state.
|
||||
Once deployed, Windows 10 devices can be managed by tools such as Microsoft Intune, Windows Update for Business, System Center Configuration Manager, and other similar tools. Windows Autopilot can also be used to re-purpose a device by leveraging Windows Autopilot Reset to quickly prepare a device for a new user, or in break/fix scenarios to enable a device to quickly be brought back to a business-ready state.
|
||||
|
||||
## Windows Autopilot walkthrough
|
||||
|
||||
@ -47,7 +46,7 @@ Traditionally, IT pros spend a lot of time building and customizing images that
|
||||
|
||||
From the user's perspective, it only takes a few simple operations to make their device ready to use.
|
||||
|
||||
From the IT pro's perspective, the only interaction required from the end user is to connect to a network and to verify their credentials. Everything past that is automated.
|
||||
From the IT pro's perspective, the only interaction required from the end user is to connect to a network and to verify their credentials. Everything beyond that is automated.
|
||||
|
||||
## Requirements
|
||||
|
||||
@ -71,7 +70,7 @@ Windows Autopilot enables you to:
|
||||
* Create and auto-assign devices to configuration groups based on a device's profile.
|
||||
* Customize OOBE content specific to the organization.
|
||||
|
||||
See [Windows Autopilot scenarios](windows-autopilot-scenarios.md) for more information about scenarios for using Windows Autopilot.
|
||||
See [Windows Autopilot scenarios](windows-autopilot-scenarios.md) for more information.
|
||||
|
||||
## Related topics
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user