deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 10:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' into millerevan-hololens-insider-policies

Browse Source
This commit is contained in:
Evan Miller
2022-08-26 09:27:14 -07:00
committed by GitHub
parent b2472f9bd5 72e08120d6
commit be1b54e1c3
70 changed files with 277 additions and 418 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
windows/client-management/connect-to-remote-aadj-pc.md
View File

@ -83,6 +83,9 @@ The table below lists the supported configurations for remotely connecting to an
> [!NOTE]
> If the RDP client is running Windows Server 2016 or Windows Server 2019, to be able to connect to Azure Active Directory-joined PCs, it must [allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities](/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities).
> [!NOTE]
> When an Azure Active Directory group is added to the Remote Desktop Users group on a Windows device, it isn't honoured when the user that belongs to the Azure AD group logs in through Remote Desktop Protocol (they can't sign in using Remote Desktop Connection). In this scenario, Network Level Authentication should be disabled to run the connection.
## Related topics
[How to use Remote Desktop](https://support.microsoft.com/windows/how-to-use-remote-desktop-5fe128d5-8fb1-7a23-3b8a-41e636865e8c)

1
windows/client-management/docfx.json
View File

@ -21,6 +21,7 @@
"files": [
"**/*.png",
"**/*.jpg",
"**/*.svg",
"**/*.gif"
],
"exclude": [

7
windows/client-management/mdm/bitlocker-csp.md
View File

@ -1348,6 +1348,13 @@ Value type is string.
Supported operation is Execute. Request ID is expected as a parameter.
> [!NOTE]
> Key rotation is supported only on these enrollment types. For more information, see [deviceEnrollmentType enum](/graph/api/resources/intune-devices-deviceenrollmenttype).
> - windowsAzureADJoin.
> - windowsBulkAzureDomainJoin.
> - windowsAzureADJoinUsingDeviceAuth.
> - windowsCoManagement.
> [!TIP]
> Key rotation feature will only work when:
>

84
windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
View File

@ -14,7 +14,7 @@ ms.collection: highpri
# Diagnose MDM failures in Windows 10
To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop. The following sections describe the procedures for collecting MDM logs.
To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop. The following sections describe the procedures for collecting MDM logs.
## Download the MDM Diagnostic Information log from Windows 10 PCs
@ -30,32 +30,34 @@ To help diagnose enrollment or device management issues in Windows 10 devices m
1. In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
## Use command to collect logs directly from Windows 10 PCs
## Use command to collect logs directly from Windows 10 PCs
You can also collect the MDM Diagnostic Information logs using the following command:
```xml
mdmdiagnosticstool.exe -area DeviceEnrollment;DeviceProvisioning;Autopilot -zip c:\users\public\documents\MDMDiagReport.zip
mdmdiagnosticstool.exe -area "DeviceEnrollment;DeviceProvisioning;Autopilot" -zip "c:\users\public\documents\MDMDiagReport.zip"
```
- In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
- In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
### Understanding zip structure
The zip file will have logs according to the areas that were used in the command. This explanation is based on DeviceEnrollment, DeviceProvisioning and Autopilot areas. It applies to the zip files collected via command line or Feedback Hub
- DiagnosticLogCSP_Collector_Autopilot_*: Autopilot etls
- DiagnosticLogCSP_Collector_DeviceProvisioning_*: Provisioning etls (Microsoft-Windows-Provisioning-Diagnostics-Provider)
- MDMDiagHtmlReport.html: Summary snapshot of MDM space configurations and policies. Includes, management url, MDM server device ID, certificates, policies.
- MdmDiagLogMetadata, json: mdmdiagnosticstool metadata file, contains command-line arguments used to run the tool
- MDMDiagReport.xml: contains a more detail view into the MDM space configurations, e.g enrollment variables
- MdmDiagReport_RegistryDump.reg: contains dumps from common MDM registry locations
- MdmLogCollectorFootPrint.txt: mdmdiagnosticslog tool logs from running the command
- *.evtx: Common event viewer logs microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx main one that contains MDM events.
- DiagnosticLogCSP_Collector_Autopilot_*: Autopilot etls
- DiagnosticLogCSP_Collector_DeviceProvisioning_*: Provisioning etls (Microsoft-Windows-Provisioning-Diagnostics-Provider)
- MDMDiagHtmlReport.html: Summary snapshot of MDM space configurations and policies. Includes, management url, MDM server device ID, certificates, policies.
- MdmDiagLogMetadata, json: mdmdiagnosticstool metadata file, contains command-line arguments used to run the tool
- MDMDiagReport.xml: contains a more detail view into the MDM space configurations, e.g enrollment variables
- MdmDiagReport_RegistryDump.reg: contains dumps from common MDM registry locations
- MdmLogCollectorFootPrint.txt: mdmdiagnosticslog tool logs from running the command
- *.evtx: Common event viewer logs microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx main one that contains MDM events.
## Collect logs directly from Windows 10 PCs
## Collect logs directly from Windows 10 PCs
Starting with the Windows 10, version 1511, MDM logs are captured in the Event Viewer in the following location:
Starting with the Windows 10, version 1511, MDM logs are captured in the Event Viewer in the following location:
- Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider
- Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider
Here's a screenshot:
@ -63,34 +65,34 @@ Here's a screenshot:
In this location, the **Admin** channel logs events by default. However, if you need more details logs you can enable **Debug** logs by choosing **Show Analytic and Debug** logs option in **View** menu in Event Viewer.
**To collect Admin logs**
### Collect admin logs
1. Right click on the **Admin** node.
2. Select **Save all events as**.
3. Choose a location and enter a filename.
4. Click **Save**.
5. Choose **Display information for these languages** and then select **English**.
6. Click **Ok**.
1. Right click on the **Admin** node.
2. Select **Save all events as**.
3. Choose a location and enter a filename.
4. Click **Save**.
5. Choose **Display information for these languages** and then select **English**.
6. Click **Ok**.
For more detailed logging, you can enable **Debug** logs. Right click on the **Debug** node and then click **Enable Log**.
**To collect Debug logs**
### Collect debug logs
1. Right click on the **Debug** node.
2. Select **Save all events as**.
3. Choose a location and enter a filename.
4. Click **Save**.
5. Choose **Display information for these languages** and then select **English**.
6. Click **Ok**.
1. Right click on the **Debug** node.
2. Select **Save all events as**.
3. Choose a location and enter a filename.
4. Click **Save**.
5. Choose **Display information for these languages** and then select **English**.
6. Click **Ok**.
You can open the log files (.evtx files) in the Event Viewer on a Windows 10 PC running the November 2015 update.
You can open the log files (.evtx files) in the Event Viewer on a Windows 10 PC running the November 2015 update.
## Collect logs remotely from Windows 10 PCs
## Collect logs remotely from Windows 10 PCs
When the PC is already enrolled in MDM, you can remotely collect logs from the PC through the MDM channel if your MDM server supports this facility. The [DiagnosticLog CSP](diagnosticlog-csp.md) can be used to enable an event viewer channel by full name. Here are the Event Viewer names for the Admin and Debug channels:
- Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FAdmin
- Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FDebug
- Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FAdmin
- Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FDebug
Example: Enable the Debug channel logging
@ -235,27 +237,27 @@ After the logs are collected on the device, you can retrieve the files through t
For best results, ensure that the PC or VM on which you're viewing logs matches the build of the OS from which the logs were collected.
1. Open eventvwr.msc.
2. Right-click on **Event Viewer(Local)** and select **Open Saved Log**.
1. Open eventvwr.msc.
2. Right-click on **Event Viewer(Local)** and select **Open Saved Log**.
![event viewer screenshot.](images/diagnose-mdm-failures9.png)
3. Navigate to the etl file that you got from the device and then open the file.
4. Click **Yes** when prompted to save it to the new log format.
3. Navigate to the etl file that you got from the device and then open the file.
4. Click **Yes** when prompted to save it to the new log format.
![event viewer prompt.](images/diagnose-mdm-failures10.png)
![diagnose mdm failures.](images/diagnose-mdm-failures11.png)
5. The new view contains traces from the channel. Click on **Filter Current Log** from the **Actions** menu.
5. The new view contains traces from the channel. Click on **Filter Current Log** from the **Actions** menu.
![event viewer actions.](images/diagnose-mdm-failures12.png)
6. Add a filter to Event sources by selecting **DeviceManagement-EnterpriseDiagnostics-Provider** and click **OK**.
6. Add a filter to Event sources by selecting **DeviceManagement-EnterpriseDiagnostics-Provider** and click **OK**.
![event filter for Device Management.](images/diagnose-mdm-failures13.png)
7. Now you're ready to start reviewing the logs.
7. Now you're ready to start reviewing the logs.
![event viewer review logs.](images/diagnose-mdm-failures14.png)
@ -283,5 +285,3 @@ Here's an example of how to collect current MDM device state data using the [Dia
</SyncBody>
</SyncML>
```
 

6
windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 01/03/2022
ms.date: 08/19/2022
ms.reviewer:
manager: aaroncz
---
@ -3757,7 +3757,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
This policy setting allows you to define the number of days that must pass before spyware security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several other actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 14 days.
This policy setting allows you to define the number of days that must pass before spyware security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several other actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 7 days.
We don't recommend setting the value to less than 2 days to prevent machines from going out of date.
@ -4797,4 +4797,4 @@ ADMX Info:
## Related topics
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)

4
windows/client-management/mdm/policy-csp-experience.md
View File

@ -925,10 +925,10 @@ The following list shows the supported values:
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|Yes|
|Home|No|No|
|Pro|No|Yes|
|Windows SE|No|Yes|
|Business|No|No|
|Business|No|Yes|
|Enterprise|No|Yes|
|Education|No|Yes|

22
windows/client-management/mdm/policy-csp-update.md
View File

@ -3524,8 +3524,8 @@ ADMX Info:
<!--SupportedValues-->
The following list shows the supported values:
- 0: (Default) Detect, download, and deploy Driver from Windows Update.
- 1: Enabled, Detect, download, and deploy Driver from Windows Server Update Server (WSUS).
- 0: (Default) Detect, download, and deploy Drivers from Windows Update.
- 1: Enabled, Detect, download, and deploy Drivers from Windows Server Update Server (WSUS).
<!--/SupportedValues-->
<!--/Policy-->
@ -3560,7 +3560,7 @@ The table below shows the applicability of Windows:
<!--/Scope-->
<!--Description-->
Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server.
Configure this policy to specify whether to receive Windows Feature Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server.
If you configure this policy, also configure the scan source policies for other update types:
- SetPolicyDrivenUpdateSourceForQualityUpdates
@ -3582,8 +3582,8 @@ ADMX Info:
<!--SupportedValues-->
The following list shows the supported values:
- 0: (Default) Detect, download, and deploy Feature from Windows Update.
- 1: Enabled, Detect, download, and deploy Feature from Windows Server Update Server (WSUS).
- 0: (Default) Detect, download, and deploy Feature Updates from Windows Update.
- 1: Enabled, Detect, download, and deploy Feature Updates from Windows Server Update Server (WSUS).
<!--/SupportedValues-->
<!--/Policy-->
@ -3618,7 +3618,7 @@ The table below shows the applicability of Windows:
<!--/Scope-->
<!--Description-->
Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server.
Configure this policy to specify whether to receive Other Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server.
If you configure this policy, also configure the scan source policies for other update types:
- SetPolicyDrivenUpdateSourceForFeatureUpdates
@ -3640,8 +3640,8 @@ ADMX Info:
<!--SupportedValues-->
The following list shows the supported values:
- 0: (Default) Detect, download, and deploy Other from Windows Update.
- 1: Enabled, Detect, download, and deploy Other from Windows Server Update Server (WSUS).
- 0: (Default) Detect, download, and deploy Other updates from Windows Update.
- 1: Enabled, Detect, download, and deploy Other updates from Windows Server Update Server (WSUS).
<!--/SupportedValues-->
<!--/Policy-->
@ -3676,7 +3676,7 @@ The table below shows the applicability of Windows:
<!--/Scope-->
<!--Description-->
Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server.
Configure this policy to specify whether to receive Windows Quality Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server.
If you configure this policy, also configure the scan source policies for other update types:
- SetPolicyDrivenUpdateSourceForFeatureUpdates
@ -3698,8 +3698,8 @@ ADMX Info:
<!--SupportedValues-->
The following list shows the supported values:
- 0: (Default) Detect, download, and deploy Quality from Windows Update.
- 1: Enabled, Detect, download, and deploy Quality from Windows Server Update Server (WSUS).
- 0: (Default) Detect, download, and deploy Quality Updates from Windows Update.
- 1: Enabled, Detect, download, and deploy Quality Updates from Windows Server Update Server (WSUS).
<!--/SupportedValues-->
<!--/Policy-->

2
windows/client-management/troubleshoot-stop-errors.md
View File

@ -14,6 +14,8 @@ ms.collection: highpri
# Advanced troubleshooting for stop or blue screen errors
<p class="alert is-flex is-primary"><span class="has-padding-left-medium has-padding-top-extra-small"><a class="button is-primary" href="https://vsa.services.microsoft.com/v1.0/?partnerId=7d74cf73-5217-4008-833f-87a1a278f2cb&flowId=DMC&initialQuery=31806236" target='_blank'><b>Try our Virtual Agent</b></a></span><span class="has-padding-small"> - It can help you quickly identify and fix common Windows boot issues</span>
> [!NOTE]
> If you're not a support agent or IT professional, you'll find more helpful information about stop error ("blue screen") messages in [Troubleshoot blue screen errors](https://support.microsoft.com/sbs/windows/troubleshoot-blue-screen-errors-5c62726c-6489-52da-a372-3f73142c14ad).

2
windows/client-management/troubleshoot-windows-startup.md
View File

@ -13,6 +13,8 @@ manager: dansimp
# Advanced troubleshooting for Windows start-up issues
<p class="alert is-flex is-primary"><span class="has-padding-left-medium has-padding-top-extra-small"><a class="button is-primary" href="https://vsa.services.microsoft.com/v1.0/?partnerId=7d74cf73-5217-4008-833f-87a1a278f2cb&flowId=DMC&initialQuery=31806273" target='_blank'><b>Try our Virtual Agent</b></a></span><span class="has-padding-small"> - It can help you quickly identify and fix common Windows boot issues</span>
In these topics, you will learn how to troubleshoot common problems that are related to Windows startup.
## How it works