From b874095fb555316cc49847b5d19fb4ecd4f9872b Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 18 Jul 2024 11:51:56 -0700 Subject: [PATCH 01/15] dep-apst1-9183716 --- windows/whats-new/deprecated-features.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index 4c4a6712c3..a1f77a2b3c 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -47,6 +47,7 @@ The features in this article are no longer being actively developed, and might b | Feature | Details and mitigation | Deprecation announced | |---|---|---| +| Adobe Type1 fonts | Adobe PostScript Type1 fonts are deprecated and support will be removed in a future release of Window.

In January 2023, Adobe announced the [end of support for PostScript Type1 fonts](https://helpx.adobe.com/fonts/kb/postscript-type-1-fonts-end-of-support.html) for their latest software offerings. Remove any dependencies on this font type by selecting a supported font type. To display currently installed fonts, go to **Settings** > **Personalization** > **Fonts**. | July 2024 | | DirectAccess | DirectAccess is deprecated and will be removed in a future release of Windows. We recommend [migrating from DirectAccess to Always On VPN](/windows-server/remote/remote-access/da-always-on-vpn-migration/da-always-on-migration-overview). | June 2024 | | NTLM | All versions of [NTLM](/windows/win32/secauthn/microsoft-ntlm), including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next release of Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | June 2024 | | Driver Verifier GUI (verifiergui.exe) | Driver Verifier GUI, verifiergui.exe, is deprecated and will be removed in a future version of Windows. You can use the [Verifier Command Line](/windows-hardware/drivers/devtest/verifier-command-line) (verifier.exe) instead of the Driver Verifier GUI.| May 2024 | From 3785213a39b6b505fe7d2b15282975d597ff3282 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 18 Jul 2024 15:05:31 -0700 Subject: [PATCH 02/15] dep-apst1-9183716 --- windows/whats-new/deprecated-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index a1f77a2b3c..07a3077d7c 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -47,7 +47,7 @@ The features in this article are no longer being actively developed, and might b | Feature | Details and mitigation | Deprecation announced | |---|---|---| -| Adobe Type1 fonts | Adobe PostScript Type1 fonts are deprecated and support will be removed in a future release of Window.

In January 2023, Adobe announced the [end of support for PostScript Type1 fonts](https://helpx.adobe.com/fonts/kb/postscript-type-1-fonts-end-of-support.html) for their latest software offerings. Remove any dependencies on this font type by selecting a supported font type. To display currently installed fonts, go to **Settings** > **Personalization** > **Fonts**. | July 2024 | +| Adobe Type1 fonts | Adobe PostScript Type1 fonts are deprecated and support will be removed in a future release of Windows.

In January 2023, Adobe announced the [end of support for PostScript Type1 fonts](https://helpx.adobe.com/fonts/kb/postscript-type-1-fonts-end-of-support.html) for their latest software offerings. Remove any dependencies on this font type by selecting a supported font type. To display currently installed fonts, go to **Settings** > **Personalization** > **Fonts**. | July 2024 | | DirectAccess | DirectAccess is deprecated and will be removed in a future release of Windows. We recommend [migrating from DirectAccess to Always On VPN](/windows-server/remote/remote-access/da-always-on-vpn-migration/da-always-on-migration-overview). | June 2024 | | NTLM | All versions of [NTLM](/windows/win32/secauthn/microsoft-ntlm), including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next release of Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | June 2024 | | Driver Verifier GUI (verifiergui.exe) | Driver Verifier GUI, verifiergui.exe, is deprecated and will be removed in a future version of Windows. You can use the [Verifier Command Line](/windows-hardware/drivers/devtest/verifier-command-line) (verifier.exe) instead of the Driver Verifier GUI.| May 2024 | From 8f5831d11d81a136fcf180f707eb0665943ad5a8 Mon Sep 17 00:00:00 2001 From: Narkis Engler <41025789+narkissit@users.noreply.github.com> Date: Fri, 2 Aug 2024 15:54:24 -0700 Subject: [PATCH 03/15] added an FAQ about error code 0x80d03002 This error code is observed when bypass is set and some content provider doesn't have a fallback. --- .../deployment/do/waas-delivery-optimization-faq.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/windows/deployment/do/waas-delivery-optimization-faq.yml b/windows/deployment/do/waas-delivery-optimization-faq.yml index e75c33678a..3faf4f916d 100644 --- a/windows/deployment/do/waas-delivery-optimization-faq.yml +++ b/windows/deployment/do/waas-delivery-optimization-faq.yml @@ -68,11 +68,17 @@ sections: answer: | Delivery Optimization is an HTTP downloader used by most content providers from Microsoft. When a device is configured to use Delivery Optimization peering (on by default), it does so with the HTTP downloader capabilities to optimize bandwidth usage. If you'd like to disable peer-to-peer capabilities of Delivery Optimization, change the Delivery Optimization [Download mode](waas-delivery-optimization-reference.md#download-mode) setting to '0', which will disable peer-to-peer and provide hash checks. [Download mode](waas-delivery-optimization-reference.md#download-mode) set to '99' should only be used when the device is offline and doesn't have internet access. - Don't set **Download mode** to '100' (Bypass), which can cause some content to fail to download. Starting in Windows 11, Download mode '100' is deprecated. + Don't set **Download mode** to '100' (Bypass), which can cause some content to fail to download with error code 0x80d03002. Starting in Windows 11, Download mode '100' is deprecated. > [!NOTE] > Disabling Delivery Optimization won't prevent content from downloading to your devices. If you're looking to pause updates, you need to set policies for the relevant components such as Windows Update, Windows Store or Microsoft Edge browser. If you're looking to reduce the load on your network, look into using Delivery Optimization Peer-to-Peer, Microsoft Connected Cache or apply the [network throttling policies](waas-delivery-optimization-reference.md#maximum-download-bandwidth) available for Delivery Optimization. - + + - question: My download is failing with error code 0x80d03002, how do I fix it? + answer: | + If you set the DownloadMode policy to '100' (Bypass) some content downloads that require Delivery Optimization may fail with error code 0x80d03002. + If you intend to disable peer-to-peer capabilities of Delivery Optimization, change the Delivery Optimization [Download mode](waas-delivery-optimization-reference.md#download-mode) setting to '0', which will disable peer-to-peer and provide hash checks. [Download mode](waas-delivery-optimization-reference.md#download-mode) set to '99' should only be used when the device is offline and doesn't have internet access. + Don't set **Download mode** to '100' (Bypass), which can cause some content to fail to download. Starting in Windows 11, Download mode '100' is deprecated. + - name: Network related configuration questions questions: - question: Which ports does Delivery Optimization use? From 9a3214cd435988ef244f5faa9ce3efdde563f907 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 5 Aug 2024 10:21:44 -0700 Subject: [PATCH 04/15] add info for type1 fonts --- windows/whats-new/deprecated-features.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index df8bbbfa9d..6e73a52fd7 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -1,7 +1,7 @@ --- title: Deprecated features in the Windows client description: Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11. -ms.date: 07/09/2024 +ms.date: 08/06/2024 ms.service: windows-client ms.subservice: itpro-fundamentals ms.localizationpriority: medium @@ -47,7 +47,7 @@ The features in this article are no longer being actively developed, and might b | Feature | Details and mitigation | Deprecation announced | |---|---|---| -| Adobe Type1 fonts | Adobe PostScript Type1 fonts are deprecated and support will be removed in a future release of Windows.

In January 2023, Adobe announced the [end of support for PostScript Type1 fonts](https://helpx.adobe.com/fonts/kb/postscript-type-1-fonts-end-of-support.html) for their latest software offerings. Remove any dependencies on this font type by selecting a supported font type. To display currently installed fonts, go to **Settings** > **Personalization** > **Fonts**. | July 2024 | +| Adobe Type1 fonts | Adobe PostScript Type1 fonts are deprecated and support will be removed in a future release of Windows.

In January 2023, Adobe announced the [end of support for PostScript Type1 fonts](https://helpx.adobe.com/fonts/kb/postscript-type-1-fonts-end-of-support.html) for their latest software offerings. Remove any dependencies on this font type by selecting a supported font type. To display currently installed fonts, go to **Settings** > **Personalization** > **Fonts**. Application developers and content owners should test their apps and data files with the Adobe Type1 fonts removed. For more information, contact the application vendor or Adobe. | August 2024 | | DirectAccess | DirectAccess is deprecated and will be removed in a future release of Windows. We recommend [migrating from DirectAccess to Always On VPN](/windows-server/remote/remote-access/da-always-on-vpn-migration/da-always-on-migration-overview). | June 2024 | | NTLM | All versions of [NTLM](/windows/win32/secauthn/microsoft-ntlm), including LANMAN, NTLMv1, and NTLMv2, are no longer under active feature development and are deprecated. Use of NTLM will continue to work in the next release of Windows Server and the next annual release of Windows. Calls to NTLM should be replaced by calls to Negotiate, which will try to authenticate with Kerberos and only fall back to NTLM when necessary. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | June 2024 | | Driver Verifier GUI (verifiergui.exe) | Driver Verifier GUI, verifiergui.exe, is deprecated and will be removed in a future version of Windows. You can use the [Verifier Command Line](/windows-hardware/drivers/devtest/verifier-command-line) (verifier.exe) instead of the Driver Verifier GUI.| May 2024 | From 3579d634d7c294b1e64d2c6b5a9e45d4f7b268a2 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 5 Aug 2024 13:38:25 -0400 Subject: [PATCH 05/15] revert PCR4 --- tream main | 298 ++++++++++++++++++ .../bitlocker/countermeasures.md | 14 - ...ow-secure-boot-for-integrity-validation.md | 3 - ...for-native-uefi-firmware-configurations.md | 2 - 4 files changed, 298 insertions(+), 19 deletions(-) create mode 100644 tream main diff --git a/tream main b/tream main new file mode 100644 index 0000000000..901a11c2fa --- /dev/null +++ b/tream main @@ -0,0 +1,298 @@ + + SSUUMMMMAARRYY OOFF LLEESSSS CCOOMMMMAANNDDSS + + Commands marked with * may be preceded by a number, _N. + Notes in parentheses indicate the behavior if _N is given. + A key preceded by a caret indicates the Ctrl key; thus ^K is ctrl-K. + + h H Display this help. + q :q Q :Q ZZ Exit. + --------------------------------------------------------------------------- + + MMOOVVIINNGG + + e ^E j ^N CR * Forward one line (or _N lines). + y ^Y k ^K ^P * Backward one line (or _N lines). + f ^F ^V SPACE * Forward one window (or _N lines). + b ^B ESC-v * Backward one window (or _N lines). + z * Forward one window (and set window to _N). + w * Backward one window (and set window to _N). + ESC-SPACE * Forward one window, but don't stop at end-of-file. + d ^D * Forward one half-window (and set half-window to _N). + u ^U * Backward one half-window (and set half-window to _N). + ESC-) RightArrow * Right one half screen width (or _N positions). + ESC-( LeftArrow * Left one half screen width (or _N positions). + ESC-} ^RightArrow Right to last column displayed. + ESC-{ ^LeftArrow Left to first column. + F Forward forever; like "tail -f". + ESC-F Like F but stop when search pattern is found. + r ^R ^L Repaint screen. + R Repaint screen, discarding buffered input. + --------------------------------------------------- + Default "window" is the screen height. + Default "half-window" is half of the screen height. + --------------------------------------------------------------------------- + + SSEEAARRCCHHIINNGG + + /_p_a_t_t_e_r_n * Search forward for (_N-th) matching line. + ?_p_a_t_t_e_r_n * Search backward for (_N-th) matching line. + n * Repeat previous search (for _N-th occurrence). + N * Repeat previous search in reverse direction. + ESC-n * Repeat previous search, spanning files. + ESC-N * Repeat previous search, reverse dir. & spanning files. + ESC-u Undo (toggle) search highlighting. + ESC-U Clear search highlighting. + &_p_a_t_t_e_r_n * Display only matching lines. + --------------------------------------------------- + A search pattern may begin with one or more of: + ^N or ! Search for NON-matching lines. + ^E or * Search multiple files (pass thru END OF FILE). + ^F or @ Start search at FIRST file (for /) or last file (for ?). + ^K Highlight matches, but don't move (KEEP position). + ^R Don't use REGULAR EXPRESSIONS. + ^S _n Search for match in _n-th parenthesized subpattern. + ^W WRAP search if no match found. + --------------------------------------------------------------------------- + + JJUUMMPPIINNGG + + g < ESC-< * Go to first line in file (or line _N). + G > ESC-> * Go to last line in file (or line _N). + p % * Go to beginning of file (or _N percent into file). + t * Go to the (_N-th) next tag. + T * Go to the (_N-th) previous tag. + { ( [ * Find close bracket } ) ]. + } ) ] * Find open bracket { ( [. + ESC-^F _<_c_1_> _<_c_2_> * Find close bracket _<_c_2_>. + ESC-^B _<_c_1_> _<_c_2_> * Find open bracket _<_c_1_>. + --------------------------------------------------- + Each "find close bracket" command goes forward to the close bracket + matching the (_N-th) open bracket in the top line. + Each "find open bracket" command goes backward to the open bracket + matching the (_N-th) close bracket in the bottom line. + + m_<_l_e_t_t_e_r_> Mark the current top line with . + M_<_l_e_t_t_e_r_> Mark the current bottom line with . + '_<_l_e_t_t_e_r_> Go to a previously marked position. + '' Go to the previous position. + ^X^X Same as '. + ESC-m_<_l_e_t_t_e_r_> Clear a mark. + --------------------------------------------------- + A mark is any upper-case or lower-case letter. + Certain marks are predefined: + ^ means beginning of the file + $ means end of the file + --------------------------------------------------------------------------- + + CCHHAANNGGIINNGG FFIILLEESS + + :e [_f_i_l_e] Examine a new file. + ^X^V Same as :e. + :n * Examine the (_N-th) next file from the command line. + :p * Examine the (_N-th) previous file from the command line. + :x * Examine the first (or _N-th) file from the command line. + :d Delete the current file from the command line list. + = ^G :f Print current file name. + --------------------------------------------------------------------------- + + MMIISSCCEELLLLAANNEEOOUUSS CCOOMMMMAANNDDSS + + -_<_f_l_a_g_> Toggle a command line option [see OPTIONS below]. + --_<_n_a_m_e_> Toggle a command line option, by name. + __<_f_l_a_g_> Display the setting of a command line option. + ___<_n_a_m_e_> Display the setting of an option, by name. + +_c_m_d Execute the less cmd each time a new file is examined. + + !_c_o_m_m_a_n_d Execute the shell command with $SHELL. + #_c_o_m_m_a_n_d Execute the shell command, expanded like a prompt. + |XX_c_o_m_m_a_n_d Pipe file between current pos & mark XX to shell command. + s _f_i_l_e Save input to a file. + v Edit the current file with $VISUAL or $EDITOR. + V Print version number of "less". + --------------------------------------------------------------------------- + + OOPPTTIIOONNSS + + Most options may be changed either on the command line, + or from within less by using the - or -- command. + Options may be given in one of two forms: either a single + character preceded by a -, or a name preceded by --. + + -? ........ --help + Display help (from command line). + -a ........ --search-skip-screen + Search skips current screen. + -A ........ --SEARCH-SKIP-SCREEN + Search starts just after target line. + -b [_N] .... --buffers=[_N] + Number of buffers. + -B ........ --auto-buffers + Don't automatically allocate buffers for pipes. + -c ........ --clear-screen + Repaint by clearing rather than scrolling. + -d ........ --dumb + Dumb terminal. + -D xx_c_o_l_o_r . --color=xx_c_o_l_o_r + Set screen colors. + -e -E .... --quit-at-eof --QUIT-AT-EOF + Quit at end of file. + -f ........ --force + Force open non-regular files. + -F ........ --quit-if-one-screen + Quit if entire file fits on first screen. + -g ........ --hilite-search + Highlight only last match for searches. + -G ........ --HILITE-SEARCH + Don't highlight any matches for searches. + -h [_N] .... --max-back-scroll=[_N] + Backward scroll limit. + -i ........ --ignore-case + Ignore case in searches that do not contain uppercase. + -I ........ --IGNORE-CASE + Ignore case in all searches. + -j [_N] .... --jump-target=[_N] + Screen position of target lines. + -J ........ --status-column + Display a status column at left edge of screen. + -k [_f_i_l_e] . --lesskey-file=[_f_i_l_e] + Use a lesskey file. + -K ........ --quit-on-intr + Exit less in response to ctrl-C. + -L ........ --no-lessopen + Ignore the LESSOPEN environment variable. + -m -M .... --long-prompt --LONG-PROMPT + Set prompt style. + -n ......... --line-numbers + Suppress line numbers in prompts and messages. + -N ......... --LINE-NUMBERS + Display line number at start of each line. + -o [_f_i_l_e] . --log-file=[_f_i_l_e] + Copy to log file (standard input only). + -O [_f_i_l_e] . --LOG-FILE=[_f_i_l_e] + Copy to log file (unconditionally overwrite). + -p [_p_a_t_t_e_r_n] --pattern=[_p_a_t_t_e_r_n] + Start at pattern (from command line). + -P [_p_r_o_m_p_t] --prompt=[_p_r_o_m_p_t] + Define new prompt. + -q -Q .... --quiet --QUIET --silent --SILENT + Quiet the terminal bell. + -r -R .... --raw-control-chars --RAW-CONTROL-CHARS + Output "raw" control characters. + -s ........ --squeeze-blank-lines + Squeeze multiple blank lines. + -S ........ --chop-long-lines + Chop (truncate) long lines rather than wrapping. + -t [_t_a_g] .. --tag=[_t_a_g] + Find a tag. + -T [_t_a_g_s_f_i_l_e] --tag-file=[_t_a_g_s_f_i_l_e] + Use an alternate tags file. + -u -U .... --underline-special --UNDERLINE-SPECIAL + Change handling of backspaces, tabs and carriage returns. + -V ........ --version + Display the version number of "less". + -w ........ --hilite-unread + Highlight first new line after forward-screen. + -W ........ --HILITE-UNREAD + Highlight first new line after any forward movement. + -x [_N[,...]] --tabs=[_N[,...]] + Set tab stops. + -X ........ --no-init + Don't use termcap init/deinit strings. + -y [_N] .... --max-forw-scroll=[_N] + Forward scroll limit. + -z [_N] .... --window=[_N] + Set size of window. + -" [_c[_c]] . --quotes=[_c[_c]] + Set shell quote characters. + -~ ........ --tilde + Don't display tildes after end of file. + -# [_N] .... --shift=[_N] + Set horizontal scroll amount (0 = one half screen width). + --exit-follow-on-close + Exit F command on a pipe when writer closes pipe. + --file-size + Automatically determine the size of the input file. + --follow-name + The F command changes files if the input file is renamed. + --header=[_N[,_M]] + Use N lines and M columns to display file headers. + --incsearch + Search file as each pattern character is typed in. + --intr=_C + Use _C instead of ^X to interrupt a read. + --line-num-width=_N + Set the width of the -N line number field to _N characters. + --modelines=_N + Read _N lines from the input file and look for vim modelines. + --mouse + Enable mouse input. + --no-keypad + Don't send termcap keypad init/deinit strings. + --no-histdups + Remove duplicates from command history. + --no-number-headers + Don't give line numbers to header lines. + --no-search-headers + Don't search in header lines or columns. + --no-vbell + Disable the terminal's visual bell. + --redraw-on-quit + Redraw final screen when quitting. + --rscroll=_C + Set the character used to mark truncated lines. + --save-marks + Retain marks across invocations of less. + --search-options=[EFKNRW-] + Set default options for every search. + --show-preproc-errors + Display a message if preprocessor exits with an error status. + --proc-backspace + Process backspaces for bold/underline. + --SPECIAL-BACKSPACE + Treat backspaces as control characters. + --proc-return + Delete carriage returns before newline. + --SPECIAL-RETURN + Treat carriage returns as control characters. + --proc-tab + Expand tabs to spaces. + --SPECIAL-TAB + Treat tabs as control characters. + --status-col-width=_N + Set the width of the -J status column to _N characters. + --status-line + Highlight or color the entire line containing a mark. + --use-backslash + Subsequent options use backslash as escape char. + --use-color + Enables colored text. + --wheel-lines=_N + Each click of the mouse wheel moves _N lines. + --wordwrap + Wrap lines at spaces. + + + --------------------------------------------------------------------------- + + LLIINNEE EEDDIITTIINNGG + + These keys can be used to edit text being entered + on the "command line" at the bottom of the screen. + + RightArrow ..................... ESC-l ... Move cursor right one character. + LeftArrow ...................... ESC-h ... Move cursor left one character. + ctrl-RightArrow ESC-RightArrow ESC-w ... Move cursor right one word. + ctrl-LeftArrow ESC-LeftArrow ESC-b ... Move cursor left one word. + HOME ........................... ESC-0 ... Move cursor to start of line. + END ............................ ESC-$ ... Move cursor to end of line. + BACKSPACE ................................ Delete char to left of cursor. + DELETE ......................... ESC-x ... Delete char under cursor. + ctrl-BACKSPACE ESC-BACKSPACE ........... Delete word to left of cursor. + ctrl-DELETE .... ESC-DELETE .... ESC-X ... Delete word under cursor. + ctrl-U ......... ESC (MS-DOS only) ....... Delete entire line. + UpArrow ........................ ESC-k ... Retrieve previous command line. + DownArrow ...................... ESC-j ... Retrieve next command line. + TAB ...................................... Complete filename & cycle. + SHIFT-TAB ...................... ESC-TAB Complete filename & reverse cycle. + ctrl-L ................................... Complete filename, list all. diff --git a/windows/security/operating-system-security/data-protection/bitlocker/countermeasures.md b/windows/security/operating-system-security/data-protection/bitlocker/countermeasures.md index 2b7377479e..3eda5bed37 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/countermeasures.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/countermeasures.md @@ -96,20 +96,6 @@ An attacker might modify the boot manager configuration database (BCD), which is An attacker might also replace the entire operating system disk while preserving the platform hardware and firmware, and could then extract a protected BitLocker key blob from the metadata of the victim OS partition. The attacker could then attempt to unseal that BitLocker key blob by calling the TPM API from an operating system under their control. This can't succeed because when Windows seals the BitLocker key to the TPM, it does it with a PCR 11 value of 0. To successfully unseal the blob, PCR 11 in the TPM must have a value of 0. However, when the boot manager passes the control to any boot loader (legitimate or rogue), it always changes PCR 11 to a value of 1. Since the PCR 11 value is guaranteed to be different after exiting the boot manager, the attacker can't unlock the BitLocker key. -To prevent boot manger roll-back attacks, Windows updates released on and after July 2024 changed the default PCR Validation Profile for **UEFI with Secure Boot** from `7, 11` to `4, 7, 11`. - -The PCR values map to: - -- `PCR 4: Boot Manager` -- `PCR 7: Secure Boot State` -- `PCR 11: BitLocker access control` - -> [!TIP] -> To check what PCRs are in use, execute the following command: -> ```cmd -> manage-bde.exe -protectors -get c: -> ``` - ## Attacker countermeasures The following sections cover mitigations for different types of attackers. diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-secure-boot-for-integrity-validation.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-secure-boot-for-integrity-validation.md index fbcf599ccc..e3130a2695 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-secure-boot-for-integrity-validation.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/allow-secure-boot-for-integrity-validation.md @@ -26,6 +26,3 @@ When this policy is enabled and the hardware is capable of using Secure Boot for |--|--| | **CSP** | Not available | | **GPO** | **Computer Configuration** > **Administrative Templates** > **Windows Components** > **BitLocker Drive Encryption** > **Operating System Drives** | - -> [!NOTE] -> To prevent boot manger roll-back attacks, Windows updates released on and after July 2024 changed the default PCR Validation Profile for **UEFI with Secure Boot** from `7, 11` to `4, 7, 11`. diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-tpm-platform-validation-profile-for-native-uefi-firmware-configurations.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-tpm-platform-validation-profile-for-native-uefi-firmware-configurations.md index fd61b353fa..cb43d10a8c 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-tpm-platform-validation-profile-for-native-uefi-firmware-configurations.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-tpm-platform-validation-profile-for-native-uefi-firmware-configurations.md @@ -26,8 +26,6 @@ A platform validation profile consists of a set of PCR indices ranging from 0 to > [!NOTE] > When Secure Boot State (PCR7) support is available, the default platform validation profile secures the encryption key using Secure Boot State (PCR 7) and the BitLocker access control (PCR 11). -> -> To prevent boot manger roll-back attacks, Windows updates released on and after July 2024 changed the default PCR Validation Profile for **UEFI with Secure Boot** from `7, 11` to `4, 7, 11`. The following list identifies all of the available PCRs: From 38e7ad29011959704d16dce70539aa7c90bb8639 Mon Sep 17 00:00:00 2001 From: Mike England Date: Mon, 5 Aug 2024 11:32:43 -0700 Subject: [PATCH 06/15] Update windows-autopatch-conflicting-configurations.md WUServer and UseWUServer are no longer tracked in this feature. --- .../windows-autopatch-conflicting-configurations.md | 8 -------- 1 file changed, 8 deletions(-) diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations.md b/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations.md index afcb34afdb..aa25114a3d 100644 --- a/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations.md +++ b/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations.md @@ -37,8 +37,6 @@ The most common sources of conflicting configurations include: ```cmd Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations Value=Any Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DisableWindowsUpdateAccess Value=Any -Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServer String=Any -Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\UseWUServer Value=Any Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate Value=Any ``` @@ -90,8 +88,6 @@ Copy and paste the following PowerShell script into PowerShell or a PowerShell e ```powershell Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "DoNotConnectToWindowsUpdateInternetLocations" Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "DisableWindowsUpdateAccess" -Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "WUServer" -Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "UseWUServer" Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoUpdate" ``` @@ -104,8 +100,6 @@ Copy and paste the following code into a text editor, and save it with a `.cmd` echo Deleting registry keys... reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "DoNotConnectToWindowsUpdateInternetLocations" /f reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "DisableWindowsUpdateAccess" /f -reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "WUServer" /f -reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "UseWUServer" /f reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /f echo Registry keys deleted. Pause @@ -120,9 +114,7 @@ Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] "DoNotConnectToWindowsUpdateInternetLocations"=- "DisableWindowsUpdateAccess"=- -"WUServer"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] -"UseWUServer"=- "NoAutoUpdate"=- ``` From 98e1560d995593c5ca1d1dd19b785e0bf6e0fb28 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 5 Aug 2024 11:33:25 -0700 Subject: [PATCH 07/15] add info for type1 fonts --- windows/whats-new/deprecated-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index 6e73a52fd7..3fa684a4f8 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -1,7 +1,7 @@ --- title: Deprecated features in the Windows client description: Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11. -ms.date: 08/06/2024 +ms.date: 08/05/2024 ms.service: windows-client ms.subservice: itpro-fundamentals ms.localizationpriority: medium From 0b1086a7b1d928cae13ac13c5389762310fb87d9 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 5 Aug 2024 14:54:43 -0400 Subject: [PATCH 08/15] chore: Update redirect for smartscreen --- tream main | 298 ----------------------------------------------------- 1 file changed, 298 deletions(-) delete mode 100644 tream main diff --git a/tream main b/tream main deleted file mode 100644 index 901a11c2fa..0000000000 --- a/tream main +++ /dev/null @@ -1,298 +0,0 @@ - - SSUUMMMMAARRYY OOFF LLEESSSS CCOOMMMMAANNDDSS - - Commands marked with * may be preceded by a number, _N. - Notes in parentheses indicate the behavior if _N is given. - A key preceded by a caret indicates the Ctrl key; thus ^K is ctrl-K. - - h H Display this help. - q :q Q :Q ZZ Exit. - --------------------------------------------------------------------------- - - MMOOVVIINNGG - - e ^E j ^N CR * Forward one line (or _N lines). - y ^Y k ^K ^P * Backward one line (or _N lines). - f ^F ^V SPACE * Forward one window (or _N lines). - b ^B ESC-v * Backward one window (or _N lines). - z * Forward one window (and set window to _N). - w * Backward one window (and set window to _N). - ESC-SPACE * Forward one window, but don't stop at end-of-file. - d ^D * Forward one half-window (and set half-window to _N). - u ^U * Backward one half-window (and set half-window to _N). - ESC-) RightArrow * Right one half screen width (or _N positions). - ESC-( LeftArrow * Left one half screen width (or _N positions). - ESC-} ^RightArrow Right to last column displayed. - ESC-{ ^LeftArrow Left to first column. - F Forward forever; like "tail -f". - ESC-F Like F but stop when search pattern is found. - r ^R ^L Repaint screen. - R Repaint screen, discarding buffered input. - --------------------------------------------------- - Default "window" is the screen height. - Default "half-window" is half of the screen height. - --------------------------------------------------------------------------- - - SSEEAARRCCHHIINNGG - - /_p_a_t_t_e_r_n * Search forward for (_N-th) matching line. - ?_p_a_t_t_e_r_n * Search backward for (_N-th) matching line. - n * Repeat previous search (for _N-th occurrence). - N * Repeat previous search in reverse direction. - ESC-n * Repeat previous search, spanning files. - ESC-N * Repeat previous search, reverse dir. & spanning files. - ESC-u Undo (toggle) search highlighting. - ESC-U Clear search highlighting. - &_p_a_t_t_e_r_n * Display only matching lines. - --------------------------------------------------- - A search pattern may begin with one or more of: - ^N or ! Search for NON-matching lines. - ^E or * Search multiple files (pass thru END OF FILE). - ^F or @ Start search at FIRST file (for /) or last file (for ?). - ^K Highlight matches, but don't move (KEEP position). - ^R Don't use REGULAR EXPRESSIONS. - ^S _n Search for match in _n-th parenthesized subpattern. - ^W WRAP search if no match found. - --------------------------------------------------------------------------- - - JJUUMMPPIINNGG - - g < ESC-< * Go to first line in file (or line _N). - G > ESC-> * Go to last line in file (or line _N). - p % * Go to beginning of file (or _N percent into file). - t * Go to the (_N-th) next tag. - T * Go to the (_N-th) previous tag. - { ( [ * Find close bracket } ) ]. - } ) ] * Find open bracket { ( [. - ESC-^F _<_c_1_> _<_c_2_> * Find close bracket _<_c_2_>. - ESC-^B _<_c_1_> _<_c_2_> * Find open bracket _<_c_1_>. - --------------------------------------------------- - Each "find close bracket" command goes forward to the close bracket - matching the (_N-th) open bracket in the top line. - Each "find open bracket" command goes backward to the open bracket - matching the (_N-th) close bracket in the bottom line. - - m_<_l_e_t_t_e_r_> Mark the current top line with . - M_<_l_e_t_t_e_r_> Mark the current bottom line with . - '_<_l_e_t_t_e_r_> Go to a previously marked position. - '' Go to the previous position. - ^X^X Same as '. - ESC-m_<_l_e_t_t_e_r_> Clear a mark. - --------------------------------------------------- - A mark is any upper-case or lower-case letter. - Certain marks are predefined: - ^ means beginning of the file - $ means end of the file - --------------------------------------------------------------------------- - - CCHHAANNGGIINNGG FFIILLEESS - - :e [_f_i_l_e] Examine a new file. - ^X^V Same as :e. - :n * Examine the (_N-th) next file from the command line. - :p * Examine the (_N-th) previous file from the command line. - :x * Examine the first (or _N-th) file from the command line. - :d Delete the current file from the command line list. - = ^G :f Print current file name. - --------------------------------------------------------------------------- - - MMIISSCCEELLLLAANNEEOOUUSS CCOOMMMMAANNDDSS - - -_<_f_l_a_g_> Toggle a command line option [see OPTIONS below]. - --_<_n_a_m_e_> Toggle a command line option, by name. - __<_f_l_a_g_> Display the setting of a command line option. - ___<_n_a_m_e_> Display the setting of an option, by name. - +_c_m_d Execute the less cmd each time a new file is examined. - - !_c_o_m_m_a_n_d Execute the shell command with $SHELL. - #_c_o_m_m_a_n_d Execute the shell command, expanded like a prompt. - |XX_c_o_m_m_a_n_d Pipe file between current pos & mark XX to shell command. - s _f_i_l_e Save input to a file. - v Edit the current file with $VISUAL or $EDITOR. - V Print version number of "less". - --------------------------------------------------------------------------- - - OOPPTTIIOONNSS - - Most options may be changed either on the command line, - or from within less by using the - or -- command. - Options may be given in one of two forms: either a single - character preceded by a -, or a name preceded by --. - - -? ........ --help - Display help (from command line). - -a ........ --search-skip-screen - Search skips current screen. - -A ........ --SEARCH-SKIP-SCREEN - Search starts just after target line. - -b [_N] .... --buffers=[_N] - Number of buffers. - -B ........ --auto-buffers - Don't automatically allocate buffers for pipes. - -c ........ --clear-screen - Repaint by clearing rather than scrolling. - -d ........ --dumb - Dumb terminal. - -D xx_c_o_l_o_r . --color=xx_c_o_l_o_r - Set screen colors. - -e -E .... --quit-at-eof --QUIT-AT-EOF - Quit at end of file. - -f ........ --force - Force open non-regular files. - -F ........ --quit-if-one-screen - Quit if entire file fits on first screen. - -g ........ --hilite-search - Highlight only last match for searches. - -G ........ --HILITE-SEARCH - Don't highlight any matches for searches. - -h [_N] .... --max-back-scroll=[_N] - Backward scroll limit. - -i ........ --ignore-case - Ignore case in searches that do not contain uppercase. - -I ........ --IGNORE-CASE - Ignore case in all searches. - -j [_N] .... --jump-target=[_N] - Screen position of target lines. - -J ........ --status-column - Display a status column at left edge of screen. - -k [_f_i_l_e] . --lesskey-file=[_f_i_l_e] - Use a lesskey file. - -K ........ --quit-on-intr - Exit less in response to ctrl-C. - -L ........ --no-lessopen - Ignore the LESSOPEN environment variable. - -m -M .... --long-prompt --LONG-PROMPT - Set prompt style. - -n ......... --line-numbers - Suppress line numbers in prompts and messages. - -N ......... --LINE-NUMBERS - Display line number at start of each line. - -o [_f_i_l_e] . --log-file=[_f_i_l_e] - Copy to log file (standard input only). - -O [_f_i_l_e] . --LOG-FILE=[_f_i_l_e] - Copy to log file (unconditionally overwrite). - -p [_p_a_t_t_e_r_n] --pattern=[_p_a_t_t_e_r_n] - Start at pattern (from command line). - -P [_p_r_o_m_p_t] --prompt=[_p_r_o_m_p_t] - Define new prompt. - -q -Q .... --quiet --QUIET --silent --SILENT - Quiet the terminal bell. - -r -R .... --raw-control-chars --RAW-CONTROL-CHARS - Output "raw" control characters. - -s ........ --squeeze-blank-lines - Squeeze multiple blank lines. - -S ........ --chop-long-lines - Chop (truncate) long lines rather than wrapping. - -t [_t_a_g] .. --tag=[_t_a_g] - Find a tag. - -T [_t_a_g_s_f_i_l_e] --tag-file=[_t_a_g_s_f_i_l_e] - Use an alternate tags file. - -u -U .... --underline-special --UNDERLINE-SPECIAL - Change handling of backspaces, tabs and carriage returns. - -V ........ --version - Display the version number of "less". - -w ........ --hilite-unread - Highlight first new line after forward-screen. - -W ........ --HILITE-UNREAD - Highlight first new line after any forward movement. - -x [_N[,...]] --tabs=[_N[,...]] - Set tab stops. - -X ........ --no-init - Don't use termcap init/deinit strings. - -y [_N] .... --max-forw-scroll=[_N] - Forward scroll limit. - -z [_N] .... --window=[_N] - Set size of window. - -" [_c[_c]] . --quotes=[_c[_c]] - Set shell quote characters. - -~ ........ --tilde - Don't display tildes after end of file. - -# [_N] .... --shift=[_N] - Set horizontal scroll amount (0 = one half screen width). - --exit-follow-on-close - Exit F command on a pipe when writer closes pipe. - --file-size - Automatically determine the size of the input file. - --follow-name - The F command changes files if the input file is renamed. - --header=[_N[,_M]] - Use N lines and M columns to display file headers. - --incsearch - Search file as each pattern character is typed in. - --intr=_C - Use _C instead of ^X to interrupt a read. - --line-num-width=_N - Set the width of the -N line number field to _N characters. - --modelines=_N - Read _N lines from the input file and look for vim modelines. - --mouse - Enable mouse input. - --no-keypad - Don't send termcap keypad init/deinit strings. - --no-histdups - Remove duplicates from command history. - --no-number-headers - Don't give line numbers to header lines. - --no-search-headers - Don't search in header lines or columns. - --no-vbell - Disable the terminal's visual bell. - --redraw-on-quit - Redraw final screen when quitting. - --rscroll=_C - Set the character used to mark truncated lines. - --save-marks - Retain marks across invocations of less. - --search-options=[EFKNRW-] - Set default options for every search. - --show-preproc-errors - Display a message if preprocessor exits with an error status. - --proc-backspace - Process backspaces for bold/underline. - --SPECIAL-BACKSPACE - Treat backspaces as control characters. - --proc-return - Delete carriage returns before newline. - --SPECIAL-RETURN - Treat carriage returns as control characters. - --proc-tab - Expand tabs to spaces. - --SPECIAL-TAB - Treat tabs as control characters. - --status-col-width=_N - Set the width of the -J status column to _N characters. - --status-line - Highlight or color the entire line containing a mark. - --use-backslash - Subsequent options use backslash as escape char. - --use-color - Enables colored text. - --wheel-lines=_N - Each click of the mouse wheel moves _N lines. - --wordwrap - Wrap lines at spaces. - - - --------------------------------------------------------------------------- - - LLIINNEE EEDDIITTIINNGG - - These keys can be used to edit text being entered - on the "command line" at the bottom of the screen. - - RightArrow ..................... ESC-l ... Move cursor right one character. - LeftArrow ...................... ESC-h ... Move cursor left one character. - ctrl-RightArrow ESC-RightArrow ESC-w ... Move cursor right one word. - ctrl-LeftArrow ESC-LeftArrow ESC-b ... Move cursor left one word. - HOME ........................... ESC-0 ... Move cursor to start of line. - END ............................ ESC-$ ... Move cursor to end of line. - BACKSPACE ................................ Delete char to left of cursor. - DELETE ......................... ESC-x ... Delete char under cursor. - ctrl-BACKSPACE ESC-BACKSPACE ........... Delete word to left of cursor. - ctrl-DELETE .... ESC-DELETE .... ESC-X ... Delete word under cursor. - ctrl-U ......... ESC (MS-DOS only) ....... Delete entire line. - UpArrow ........................ ESC-k ... Retrieve previous command line. - DownArrow ...................... ESC-j ... Retrieve next command line. - TAB ...................................... Complete filename & cycle. - SHIFT-TAB ...................... ESC-TAB Complete filename & reverse cycle. - ctrl-L ................................... Complete filename, list all. From fc5b0df83dfc5c3507a2fb79868fac8f1be3873e Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Mon, 5 Aug 2024 11:57:07 -0700 Subject: [PATCH 09/15] Broken links --- .../windows-autopatch-deployment-guide.md | 3 +- .../overview/windows-autopatch-faq.yml | 2 +- ...indows-autopatch-roles-responsibilities.md | 60 +++++++++---------- .../windows-autopatch-whats-new-2023.md | 2 +- 4 files changed, 33 insertions(+), 34 deletions(-) diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-deployment-guide.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-deployment-guide.md index a44081d038..c1b7be42ba 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-deployment-guide.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-deployment-guide.md @@ -77,7 +77,7 @@ Evaluate Windows Autopatch with around 50 devices to ensure the service meets yo | ----- | ----- | | **2A: Review reporting capabilities** |
  • [Windows quality update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-quality-update-reports)
  • [Windows feature update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-feature-update-reports)
  • [Windows Update for Business (WUfB) reports](/mem/intune/protect/windows-update-compatibility-reports#use-the-windows-feature-update-device-readiness-report)
Windows Autopatch quality and feature update reports provide a progress view on the latest update cycle for your devices. These reports should be reviewed often to ensure you understand the update state of your Windows Autopatch devices.

There might be times when using Windows Autopatch for update deployment that it's beneficial to review Windows Update for Business (WUfB) reports.

For example, when preparing to deploy Windows 11, you might find it useful to evaluate your devices using the [Windows feature update device readiness](/mem/intune/protect/windows-update-compatibility-reports#use-the-windows-feature-update-device-readiness-report) and [Windows feature update compatibility risks reports](/mem/intune/protect/windows-update-compatibility-reports#use-the-windows-feature-update-compatibility-risks-report) in Intune.| | **2B: Review operational changes** | As part of the introduction of Windows Autopatch, you should consider how the service integrates with your existing operational processes.
  • Identify service desk and end user computing process changes
  • Identify any alignment with third party support agreements
  • Review the default Windows Autopatch support process and alignment with your existing Premier and Unified support options
  • Identify IT admin process change & service interaction points
| -| **2C: Educate end users and key stakeholders**| Educate your end users by creating guides for the Windows Autopatch end user experience.
  • [Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-end-user-exp.md)
  • [Windows feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md)
  • [Microsoft 365 Apps for enterprise updates](../operate/windows-autopatch-microsoft-365-apps-enterprise.md)
  • [Microsoft Edge](../operate/windows-autopatch-edge.md)
  • [Microsoft Teams](../operate/windows-autopatch-teams.md)

Include your IT support and help desk in the early stages of the Windows Autopatch deployment and planning process. Early involvement allows your support staff to:
  • Gain knowledge and experience in identifying and resolving update issues more effectively
  • Prepare them to support production rollouts. Knowledgeable help desk and support teams also help end users adopt to changes

Your support staff can experience a walkthrough of the Windows Autopatch admin experience through the [Windows Autopatch demo site](https://aka.ms/autopatchdemo). | +| **2C: Educate end users and key stakeholders**| Educate your end users by creating guides for the Windows Autopatch end user experience.
  • [Windows quality updates](../manage/windows-autopatch-windows-quality-update-end-user-exp.md)
  • [Windows feature updates](../manage/windows-autopatch-windows-feature-update-overview.md)
  • [Microsoft 365 Apps for enterprise updates](../manage/windows-autopatch-microsoft-365-apps-enterprise.md)
  • [Microsoft Edge](../manage/windows-autopatch-edge.md)
  • [Microsoft Teams](../manage/windows-autopatch-teams.md)

Include your IT support and help desk in the early stages of the Windows Autopatch deployment and planning process. Early involvement allows your support staff to:
  • Gain knowledge and experience in identifying and resolving update issues more effectively
  • Prepare them to support production rollouts. Knowledgeable help desk and support teams also help end users adopt to changes

Your support staff can experience a walkthrough of the Windows Autopatch admin experience through the [Windows Autopatch demo site](https://aka.ms/autopatchdemo). | | **2D: Pilot planning** | Identify target pilot group(s) of up to 500 devices. It's recommended to include a cross-section of your organizational make-up to ensure your pilot results are representative of your organizational environment. | ### Step three: Pilot @@ -331,4 +331,3 @@ Once you're underway with your deployment, consider joining the [Windows Commerc - Surveys - Teams discussions - Previews - diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml index 8e0f87c3a4..2aea84859d 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml @@ -108,7 +108,7 @@ sections: The decision of when to move to the next ring is handled by Windows Autopatch; it isn't customer configurable. - question: Can you customize the scheduling of an update rollout to only install on certain days and times? answer: | - No, you can't customize update scheduling. However, you can specify [active hours](../operate/windows-autopatch-windows-quality-update-end-user-exp.md) to prevent users from updating during business hours. + No, you can't customize update scheduling. However, you can specify [active hours](../manage/windows-autopatch-windows-quality-update-end-user-exp.md) to prevent users from updating during business hours. - question: Does Autopatch support include and exclude groups, or dynamic groups to define deployment ring membership? answer: | Windows Autopatch doesn't support managing update deployment ring membership using your Microsoft Entra groups. For more information, see [Moving devices in between deployment rings](../operate/windows-autopatch-update-management.md#moving-devices-in-between-deployment-rings). diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md index f7e85f6135..11f77f3ed5 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md @@ -21,7 +21,7 @@ This article outlines your responsibilities and Windows Autopatch's responsibili - [Preparing to enroll into the Windows Autopatch service](#prepare) - [Deploying the service](#deploy) -- [Operating with the service](#operate) +- [Operating with the service](#manage) ## Prepare @@ -47,10 +47,10 @@ For more information and assistance with preparing for your Windows Autopatch de | ----- | :-----: | :-----: | | [Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md) in Microsoft Intune | :heavy_check_mark: | :x: | | [Deploy and configure Windows Autopatch service configuration](../references/windows-autopatch-changes-to-tenant.md) | :x: | :heavy_check_mark: | -| Educate users on the Windows Autopatch end user update experience
  • [Windows quality update end user experience](../operate/windows-autopatch-groups-windows-quality-update-end-user-exp.md)
  • [Windows feature update end user experience](../operate/windows-autopatch-groups-manage-windows-feature-update-release.md)
  • [Microsoft 365 Apps for enterprise end user experience](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#end-user-experience)
  • [Microsoft Edge end user experience](../operate/windows-autopatch-edge.md)
  • [Microsoft Teams end user experience](../operate/windows-autopatch-teams.md#end-user-experience)
| :heavy_check_mark: | :x: | +| Educate users on the Windows Autopatch end user update experience
  • [Windows quality update end user experience](../manage/windows-autopatch-windows-quality-update-end-user-exp.md)
  • [Windows feature update end user experience](../manage/windows-autopatch-manage-windows-feature-update-release.md)
  • [Microsoft 365 Apps for enterprise end user experience](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#end-user-experience)
  • [Microsoft Edge end user experience](../manage/windows-autopatch-edge.md)
  • [Microsoft Teams end user experience](../manage/windows-autopatch-teams.md#end-user-experience)
| :heavy_check_mark: | :x: | | Review network optimization
  • [Prepare your network](../prepare/windows-autopatch-configure-network.md)
  • [Delivery Optimization](../prepare/windows-autopatch-configure-network.md#delivery-optimization) | :heavy_check_mark: | :x: | | Review existing configurations
    • Remove your devices from existing unsupported [Windows Update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies
    • Consult [General considerations](../overview/windows-autopatch-deployment-guide.md#general-considerations)
    | :heavy_check_mark: | :x: | -| Confirm your update service needs and configure your workloads
    • [Turn on or off expedited Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md#expedited-releases)
    • [Allow or block Microsoft 365 Apps for enterprise updates](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#allow-or-block-microsoft-365-app-updates)
    • [Manage driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md)
    • [Customize Windows Update settings](../operate/windows-autopatch-windows-update.md)
    • Decide your [Windows feature update versions(s)](../operate/windows-autopatch-groups-windows-feature-update-overview.md)
    | :heavy_check_mark: | :x: | +| Confirm your update service needs and configure your workloads
    • [Turn on or off expedited Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md#expedited-releases)
    • [Allow or block Microsoft 365 Apps for enterprise updates](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#allow-or-block-microsoft-365-app-updates)
    • [Manage driver and firmware updates](../manage/windows-autopatch-manage-driver-and-firmware-updates.md)
    • [Customize Windows Update settings](../manage/windows-autopatch-windows-update.md)
    • Decide your [Windows feature update versions(s)](../manage/windows-autopatch-windows-feature-update-overview.md)
    | :heavy_check_mark: | :x: | | [Consider your Autopatch groups distribution](../deploy/windows-autopatch-groups-overview.md)
    • [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group)
    • [Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)
    | :heavy_check_mark: | :x: | | [Register devices](../deploy/windows-autopatch-register-devices.md)
    • [Review your device registration options](../deploy/windows-autopatch-device-registration-overview.md)
    • [Register your first devices](../deploy/windows-autopatch-register-devices.md) | :heavy_check_mark: | :x: | | [Run the pre-registration device readiness checks](../deploy/windows-autopatch-register-devices.md#about-the-registered-not-ready-and-not-registered-tabs) | :x: | :heavy_check_mark: | @@ -61,42 +61,42 @@ For more information and assistance with preparing for your Windows Autopatch de | Review device conflict scenarios
      • [Device conflict in deployment rings within an Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-in-deployment-rings-within-an-autopatch-group)
      • [Device conflict across different Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-across-different-autopatch-groups)
      | :heavy_check_mark: | :x: | | Communicate to end-users, help desk and stakeholders | :heavy_check_mark: | :x: | -## Operate +## Manage | Task | Your responsibility | Windows Autopatch | | ----- | :-----: | :-----: | | [Maintain contacts in the Microsoft Intune admin center](../deploy/windows-autopatch-admin-contacts.md) | :heavy_check_mark: | :x: | -| [Maintain and manage the Windows Autopatch service configuration](../operate/windows-autopatch-maintain-environment.md) | :x: | :heavy_check_mark: | -| [Maintain customer configuration to align with the Windows Autopatch service configuration](../operate/windows-autopatch-maintain-environment.md) | :heavy_check_mark: | :x: | +| [Maintain and manage the Windows Autopatch service configuration](../monitor/windows-autopatch-maintain-environment.md) | :x: | :heavy_check_mark: | +| [Maintain customer configuration to align with the Windows Autopatch service configuration](../monitor/windows-autopatch-maintain-environment.md) | :heavy_check_mark: | :x: | | Resolve service remediated device conflict scenarios
      • [Device conflict in deployment rings within an Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-in-deployment-rings-within-an-autopatch-group)
      • [Default to Custom Autopatch group device conflict](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#default-to-custom-autopatch-group-device-conflict)
      | :x: | :heavy_check_mark: | | Resolve remediated device conflict scenarios
      • [Custom to Custom Autopatch group device conflict](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#custom-to-custom-autopatch-group-device-conflict)
      • [Device conflict prior to device registration](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-prior-to-device-registration)
      | :heavy_check_mark: | :x: | | Maintain the Test and Last deployment ring membership
      • [Default Windows Autopatch deployment rings](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group)
      • [Custom Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)
      | :heavy_check_mark: | :x: | -| Monitor [Windows update signals](../operate/windows-autopatch-groups-windows-quality-update-signals.md) for safe update release
      • [Pre-release signals](../operate/windows-autopatch-groups-windows-quality-update-signals.md#pre-release-signals)
      • [Early signals](../operate/windows-autopatch-groups-windows-quality-update-signals.md#early-signals)
      • [Device reliability signals](../operate/windows-autopatch-groups-windows-quality-update-signals.md#device-reliability-signals)
      | :x: | :heavy_check_mark: | -| Test specific [business update scenarios](../operate/windows-autopatch-groups-windows-quality-update-signals.md) | :heavy_check_mark: | :x: | -| [Define and implement service default release schedule](../operate/windows-autopatch-groups-windows-quality-update-overview.md) | :x: | :heavy_check_mark: | -| Maintain your workload configuration and custom release schedule
      • [Manage driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md)
      • [Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md)
      • [Decide your Windows feature update version(s)](../operate/windows-autopatch-groups-windows-feature-update-overview.md)
      | :heavy_check_mark: | :x: | -| Communicate the update [release schedule](../operate/windows-autopatch-windows-quality-update-communications.md) to IT admins | :x: | :heavy_check_mark: | -| Release updates (as scheduled)
      • [Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md#release-management)
      • [Windows feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md)
      • [Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#update-release-schedule)
      • [Microsoft Edge](../operate/windows-autopatch-edge.md#update-release-schedule)
      • [Microsoft Teams](../operate/windows-autopatch-teams.md#update-release-schedule)
        • | :x: | :heavy_check_mark: | -| [Release updates (expedited)](../operate/windows-autopatch-groups-windows-quality-update-overview.md#expedited-releases) | :x: | :heavy_check_mark: | -| [Release updates (OOB)](../operate/windows-autopatch-groups-windows-quality-update-overview.md#out-of-band-releases) | :x: | :heavy_check_mark: | +| Monitor [Windows update signals](../manage/windows-autopatch-windows-quality-update-signals.md) for safe update release
          • [Pre-release signals](../manage/windows-autopatch-windows-quality-update-signals.md#pre-release-signals)
          • [Early signals](../manage/windows-autopatch-windows-quality-update-signals.md#early-signals)
          • [Device reliability signals](../manage/windows-autopatch-windows-quality-update-signals.md#device-reliability-signals)
          | :x: | :heavy_check_mark: | +| Test specific [business update scenarios](../manage/windows-autopatch-windows-quality-update-signals.md) | :heavy_check_mark: | :x: | +| [Define and implement service default release schedule](../manage/windows-autopatch-windows-quality-update-overview.md) | :x: | :heavy_check_mark: | +| Maintain your workload configuration and custom release schedule
          • [Manage driver and firmware updates](../manage/windows-autopatch-manage-driver-and-firmware-updates.md)
          • [Customize Windows Update settings](../manage/windows-autopatch-windows-update.md)
          • [Decide your Windows feature update version(s)](../manage/windows-autopatch-windows-feature-update-overview.md)
          | :heavy_check_mark: | :x: | +| Communicate the update [release schedule](../manage/windows-autopatch-windows-quality-update-communications.md) to IT admins | :x: | :heavy_check_mark: | +| Release updates (as scheduled)
          • [Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md#release-management)
          • [Windows feature updates](../manage/windows-autopatch-windows-feature-update-overview.md)
          • [Microsoft 365 Apps for enterprise](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#update-release-schedule)
          • [Microsoft Edge](../manage/windows-autopatch-edge.md#update-release-schedule)
          • [Microsoft Teams](../manage/windows-autopatch-teams.md#update-release-schedule)
            • | :x: | :heavy_check_mark: | +| [Release updates (expedited)](../manage/windows-autopatch-windows-quality-update-overview.md#expedited-releases) | :x: | :heavy_check_mark: | +| [Release updates (OOB)](../manage/windows-autopatch-windows-quality-update-overview.md#out-of-band-releases) | :x: | :heavy_check_mark: | | [Deploy updates to devices](../operate/windows-autopatch-groups-update-management.md) | :x: | :heavy_check_mark: | -| Monitor [Windows quality](../operate/windows-autopatch-groups-windows-quality-update-overview.md#release-management) or [feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md) through the release cycle | :x: | :heavy_check_mark: | -| Review [release announcements](../operate/windows-autopatch-groups-windows-quality-update-overview.md#) | :heavy_check_mark: | :x: | -| Review deployment progress using Windows Autopatch reports
              • [Windows quality update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-quality-update-reports)
              • [Windows feature update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-feature-update-reports)
              | :heavy_check_mark: | :x: | -| [Pause updates (Windows Autopatch initiated)](../operate/windows-autopatch-groups-windows-quality-update-signals.md) | :x: | :heavy_check_mark: | -| [Pause updates (initiated by you)](../operate/windows-autopatch-groups-windows-quality-update-overview.md#pause-and-resume-a-release) | :heavy_check_mark: | :x: | +| Monitor [Windows quality](../manage/windows-autopatch-windows-quality-update-overview.md#release-management) or [feature updates](../manage/windows-autopatch-windows-feature-update-overview.md) through the release cycle | :x: | :heavy_check_mark: | +| Review [release announcements](../manage/windows-autopatch-windows-quality-update-overview.md#) | :heavy_check_mark: | :x: | +| Review deployment progress using Windows Autopatch reports
              • [Windows quality update reports](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#windows-quality-update-reports)
              • [Windows feature update reports](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#windows-feature-update-reports)
              | :heavy_check_mark: | :x: | +| [Pause updates (Windows Autopatch initiated)](../manage/windows-autopatch-windows-quality-update-signals.md) | :x: | :heavy_check_mark: | +| [Pause updates (initiated by you)](../manage/windows-autopatch-windows-quality-update-overview.md#pause-and-resume-a-release) | :heavy_check_mark: | :x: | | Run [on-going post-registration device readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md) | :x: | :heavy_check_mark: | | Maintain existing configurations
              • Remove your devices from existing and unsupported [Windows update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies
              • Consult [General considerations](../overview/windows-autopatch-deployment-guide.md#general-considerations)
              | :heavy_check_mark: | :x: | -| Understand the health of [Up to date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) devices and investigate devices that are
              • [Not up to date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-up-to-date-devices)
              • [Not ready](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-ready-devices)
              • have [Device alerts](../operate/windows-autopatch-device-alerts.md)
              • have [conflicting configurations](../references/windows-autopatch-conflicting-configurations.md)
              +| Understand the health of [Up to date](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) devices and investigate devices that are
              • [Not up to date](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#not-up-to-date-devices)
              • [Not ready](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#not-ready-devices)
              • have [Device alerts](../monitor/windows-autopatch-device-alerts.md)
              • have [conflicting configurations](../references/windows-autopatch-conflicting-configurations.md)
              | [Raise, manage and resolve a service incident if an update management area isn't meeting the service level objective](windows-autopatch-overview.md#update-management) | :x: | :heavy_check_mark: | -| [Exclude a device](../operate/windows-autopatch-exclude-device.md) | :heavy_check_mark: | :x: | -| [Register a device that was previously excluded](../operate/windows-autopatch-exclude-device.md#restore-a-device-or-multiple-devices-previously-excluded) | :heavy_check_mark: | :x: | -| [Request unenrollment from Windows Autopatch](../operate/windows-autopatch-unenroll-tenant.md) | :heavy_check_mark: | :x: | -| [Remove Windows Autopatch data from the service and exclude devices](../operate/windows-autopatch-unenroll-tenant.md#microsofts-responsibilities-during-unenrollment) | :x: | :heavy_check_mark: | -| [Maintain update configuration & update devices post unenrollment from Windows Autopatch](../operate/windows-autopatch-unenroll-tenant.md#your-responsibilities-after-unenrolling-your-tenant) | :heavy_check_mark: | :x: | -| Review and respond to Message Center and Service Health Dashboard notifications
              • [Windows quality update communications](../operate/windows-autopatch-groups-windows-quality-update-communications.md)
              • [Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)
              | :heavy_check_mark: | :x: | -| Highlight Windows Autopatch management alerts that require customer action
              • [Tenant management alerts](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions)
              • [Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md)
              | :x: | :heavy_check_mark: | -| Review and respond to Windows Autopatch management alerts
              • [Tenant management alerts](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions)
              • [Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md)
              | :heavy_check_mark: | :x: | -| [Raise and respond to support requests](../operate/windows-autopatch-support-request.md) | :heavy_check_mark: | :x: | -| [Manage and respond to support requests](../operate/windows-autopatch-support-request.md#manage-an-active-support-request) | :x: | :heavy_check_mark: | +| [Exclude a device](../manage/windows-autopatch-exclude-device.md) | :heavy_check_mark: | :x: | +| [Register a device that was previously excluded](../manage/windows-autopatch-exclude-device.md#restore-a-device-or-multiple-devices-previously-excluded) | :heavy_check_mark: | :x: | +| [Request unenrollment from Windows Autopatch](../manage/windows-autopatch-unenroll-tenant.md) | :heavy_check_mark: | :x: | +| [Remove Windows Autopatch data from the service and exclude devices](../manage/windows-autopatch-unenroll-tenant.md#microsofts-responsibilities-during-unenrollment) | :x: | :heavy_check_mark: | +| [Maintain update configuration & update devices post unenrollment from Windows Autopatch](../manage/windows-autopatch-unenroll-tenant.md#your-responsibilities-after-unenrolling-your-tenant) | :heavy_check_mark: | :x: | +| Review and respond to Message Center and Service Health Dashboard notifications
              • [Windows quality update communications](../manage/windows-autopatch-windows-quality-update-communications.md)
              • [Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)
              | :heavy_check_mark: | :x: | +| Highlight Windows Autopatch management alerts that require customer action
              • [Tenant management alerts](../manage/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions)
              • [Policy health and remediation](../manage/windows-autopatch-policy-health-and-remediation.md)
              | :x: | :heavy_check_mark: | +| Review and respond to Windows Autopatch management alerts
              • [Tenant management alerts](../monitor/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions)
              • [Policy health and remediation](../monitor/windows-autopatch-policy-health-and-remediation.md)
              | :heavy_check_mark: | :x: | +| [Raise and respond to support requests](../manage/windows-autopatch-support-request.md) | :heavy_check_mark: | :x: | +| [Manage and respond to support requests](../manage/windows-autopatch-support-request.md#manage-an-active-support-request) | :x: | :heavy_check_mark: | | Review the [What's new](../whats-new/windows-autopatch-whats-new-2022.md) section to stay up to date with updated feature and service releases | :heavy_check_mark: | :x: | diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md index 79867750b3..e3ae2283ec 100644 --- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md +++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md @@ -147,7 +147,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed. | [Software update management](../operate/windows-autopatch-groups-update-management.md) | New article for the Windows Autopatch groups experience. Windows Autopatch groups is in public preview | | [Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md) | New article for the Windows Autopatch groups experience. Windows Autopatch groups is in public preview | | [Windows quality update overview](../operate/windows-autopatch-groups-windows-quality-update-overview.md) | New article for the Windows Autopatch groups experience. Windows Autopatch groups is in public preview | -| [Windows quality update end user experience](../operate/windows-autopatch-groups-windows-quality-update-end-user-exp.md) | New article for the Windows Autopatch groups experience. Windows Autopatch groups is in public preview | +| [Windows quality update end user experience](../manage/windows-autopatch-windows-quality-update-end-user-exp.md) | New article for the Windows Autopatch groups experience. Windows Autopatch groups is in public preview | | [Windows quality update signals](../operate/windows-autopatch-groups-windows-quality-update-signals.md) | New article for the Windows Autopatch groups experience. Windows Autopatch groups is in public preview | | [Windows quality update communications](../operate/windows-autopatch-groups-windows-quality-update-communications.md) | New article for the Windows Autopatch groups experience. Windows Autopatch groups is in public preview | | [Windows feature update overview](../operate/windows-autopatch-groups-windows-feature-update-overview.md) | New article for the Windows Autopatch groups experience. Windows Autopatch groups is in public preview | From dbeef62098ba20018951db06364f241fa4e241d4 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Mon, 5 Aug 2024 12:58:00 -0700 Subject: [PATCH 10/15] Broken links --- .../windows-autopatch-roles-responsibilities.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md index 11f77f3ed5..434b20db73 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md @@ -47,10 +47,10 @@ For more information and assistance with preparing for your Windows Autopatch de | ----- | :-----: | :-----: | | [Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md) in Microsoft Intune | :heavy_check_mark: | :x: | | [Deploy and configure Windows Autopatch service configuration](../references/windows-autopatch-changes-to-tenant.md) | :x: | :heavy_check_mark: | -| Educate users on the Windows Autopatch end user update experience
              • [Windows quality update end user experience](../manage/windows-autopatch-windows-quality-update-end-user-exp.md)
              • [Windows feature update end user experience](../manage/windows-autopatch-manage-windows-feature-update-release.md)
              • [Microsoft 365 Apps for enterprise end user experience](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#end-user-experience)
              • [Microsoft Edge end user experience](../manage/windows-autopatch-edge.md)
              • [Microsoft Teams end user experience](../manage/windows-autopatch-teams.md#end-user-experience)
              | :heavy_check_mark: | :x: | +| Educate users on the Windows Autopatch end user update experience
              • [Windows quality update end user experience](../manage/windows-autopatch-windows-quality-update-end-user-exp.md)
              • [Windows feature update end user experience](../manage/windows-autopatch-manage-windows-feature-update-releases.md)
              • [Microsoft 365 Apps for enterprise end user experience](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#end-user-experience)
              • [Microsoft Edge end user experience](../manage/windows-autopatch-edge.md)
              • [Microsoft Teams end user experience](../manage/windows-autopatch-teams.md#end-user-experience)
              | :heavy_check_mark: | :x: | | Review network optimization
              • [Prepare your network](../prepare/windows-autopatch-configure-network.md)
              • [Delivery Optimization](../prepare/windows-autopatch-configure-network.md#delivery-optimization) | :heavy_check_mark: | :x: | | Review existing configurations
                • Remove your devices from existing unsupported [Windows Update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies
                • Consult [General considerations](../overview/windows-autopatch-deployment-guide.md#general-considerations)
                | :heavy_check_mark: | :x: | -| Confirm your update service needs and configure your workloads
                • [Turn on or off expedited Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md#expedited-releases)
                • [Allow or block Microsoft 365 Apps for enterprise updates](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#allow-or-block-microsoft-365-app-updates)
                • [Manage driver and firmware updates](../manage/windows-autopatch-manage-driver-and-firmware-updates.md)
                • [Customize Windows Update settings](../manage/windows-autopatch-windows-update.md)
                • Decide your [Windows feature update versions(s)](../manage/windows-autopatch-windows-feature-update-overview.md)
                | :heavy_check_mark: | :x: | +| Confirm your update service needs and configure your workloads
                • [Turn on or off expedited Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md#expedited-releases)
                • [Allow or block Microsoft 365 Apps for enterprise updates](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#allow-or-block-microsoft-365-app-updates)
                • [Manage driver and firmware updates](../manage/windows-autopatch-manage-driver-and-firmware-updates.md)
                • [Customize Windows Update settings](../manage/windows-autopatch-customize-windows-update-settings.md)
                • Decide your [Windows feature update versions(s)](../manage/windows-autopatch-windows-feature-update-overview.md)
                | :heavy_check_mark: | :x: | | [Consider your Autopatch groups distribution](../deploy/windows-autopatch-groups-overview.md)
                • [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group)
                • [Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)
                | :heavy_check_mark: | :x: | | [Register devices](../deploy/windows-autopatch-register-devices.md)
                • [Review your device registration options](../deploy/windows-autopatch-device-registration-overview.md)
                • [Register your first devices](../deploy/windows-autopatch-register-devices.md) | :heavy_check_mark: | :x: | | [Run the pre-registration device readiness checks](../deploy/windows-autopatch-register-devices.md#about-the-registered-not-ready-and-not-registered-tabs) | :x: | :heavy_check_mark: | @@ -74,7 +74,7 @@ For more information and assistance with preparing for your Windows Autopatch de | Monitor [Windows update signals](../manage/windows-autopatch-windows-quality-update-signals.md) for safe update release
                  • [Pre-release signals](../manage/windows-autopatch-windows-quality-update-signals.md#pre-release-signals)
                  • [Early signals](../manage/windows-autopatch-windows-quality-update-signals.md#early-signals)
                  • [Device reliability signals](../manage/windows-autopatch-windows-quality-update-signals.md#device-reliability-signals)
                  | :x: | :heavy_check_mark: | | Test specific [business update scenarios](../manage/windows-autopatch-windows-quality-update-signals.md) | :heavy_check_mark: | :x: | | [Define and implement service default release schedule](../manage/windows-autopatch-windows-quality-update-overview.md) | :x: | :heavy_check_mark: | -| Maintain your workload configuration and custom release schedule
                  • [Manage driver and firmware updates](../manage/windows-autopatch-manage-driver-and-firmware-updates.md)
                  • [Customize Windows Update settings](../manage/windows-autopatch-windows-update.md)
                  • [Decide your Windows feature update version(s)](../manage/windows-autopatch-windows-feature-update-overview.md)
                  | :heavy_check_mark: | :x: | +| Maintain your workload configuration and custom release schedule
                  • [Manage driver and firmware updates](../manage/windows-autopatch-manage-driver-and-firmware-updates.md)
                  • [Customize Windows Update settings](../manage/windows-autopatch-customize-windows-update-settings.md)
                  • [Decide your Windows feature update version(s)](../manage/windows-autopatch-windows-feature-update-overview.md)
                  | :heavy_check_mark: | :x: | | Communicate the update [release schedule](../manage/windows-autopatch-windows-quality-update-communications.md) to IT admins | :x: | :heavy_check_mark: | | Release updates (as scheduled)
                  • [Windows quality updates](../manage/windows-autopatch-windows-quality-update-overview.md#release-management)
                  • [Windows feature updates](../manage/windows-autopatch-windows-feature-update-overview.md)
                  • [Microsoft 365 Apps for enterprise](../manage/windows-autopatch-microsoft-365-apps-enterprise.md#update-release-schedule)
                  • [Microsoft Edge](../manage/windows-autopatch-edge.md#update-release-schedule)
                  • [Microsoft Teams](../manage/windows-autopatch-teams.md#update-release-schedule)
                    • | :x: | :heavy_check_mark: | | [Release updates (expedited)](../manage/windows-autopatch-windows-quality-update-overview.md#expedited-releases) | :x: | :heavy_check_mark: | @@ -87,7 +87,7 @@ For more information and assistance with preparing for your Windows Autopatch de | [Pause updates (initiated by you)](../manage/windows-autopatch-windows-quality-update-overview.md#pause-and-resume-a-release) | :heavy_check_mark: | :x: | | Run [on-going post-registration device readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md) | :x: | :heavy_check_mark: | | Maintain existing configurations
                      • Remove your devices from existing and unsupported [Windows update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies
                      • Consult [General considerations](../overview/windows-autopatch-deployment-guide.md#general-considerations)
                      | :heavy_check_mark: | :x: | -| Understand the health of [Up to date](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) devices and investigate devices that are
                      • [Not up to date](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#not-up-to-date-devices)
                      • [Not ready](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#not-ready-devices)
                      • have [Device alerts](../monitor/windows-autopatch-device-alerts.md)
                      • have [conflicting configurations](../references/windows-autopatch-conflicting-configurations.md)
                      +| Understand the health of [Up to date](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) devices and investigate devices that are
                      • [Not up to date](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#not-up-to-date-devices)
                      • [Not ready](../monitor/windows-autopatch-windows-quality-and-feature-update-reports-overview.md#not-ready-devices)
                      • have [Device alerts](../monitor/windows-autopatch-device-alerts.md)
                      • have [conflicting configurations](../references/windows-autopatch-conflicting-configurations.md)
                      | | | | [Raise, manage and resolve a service incident if an update management area isn't meeting the service level objective](windows-autopatch-overview.md#update-management) | :x: | :heavy_check_mark: | | [Exclude a device](../manage/windows-autopatch-exclude-device.md) | :heavy_check_mark: | :x: | | [Register a device that was previously excluded](../manage/windows-autopatch-exclude-device.md#restore-a-device-or-multiple-devices-previously-excluded) | :heavy_check_mark: | :x: | @@ -95,7 +95,7 @@ For more information and assistance with preparing for your Windows Autopatch de | [Remove Windows Autopatch data from the service and exclude devices](../manage/windows-autopatch-unenroll-tenant.md#microsofts-responsibilities-during-unenrollment) | :x: | :heavy_check_mark: | | [Maintain update configuration & update devices post unenrollment from Windows Autopatch](../manage/windows-autopatch-unenroll-tenant.md#your-responsibilities-after-unenrolling-your-tenant) | :heavy_check_mark: | :x: | | Review and respond to Message Center and Service Health Dashboard notifications
                      • [Windows quality update communications](../manage/windows-autopatch-windows-quality-update-communications.md)
                      • [Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)
                      | :heavy_check_mark: | :x: | -| Highlight Windows Autopatch management alerts that require customer action
                      • [Tenant management alerts](../manage/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions)
                      • [Policy health and remediation](../manage/windows-autopatch-policy-health-and-remediation.md)
                      | :x: | :heavy_check_mark: | +| Highlight Windows Autopatch management alerts that require customer action
                      • [Tenant management alerts](../monitor/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions)
                      • [Policy health and remediation](../monitor/windows-autopatch-policy-health-and-remediation.md)
                      | :x: | :heavy_check_mark: | | Review and respond to Windows Autopatch management alerts
                      • [Tenant management alerts](../monitor/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions)
                      • [Policy health and remediation](../monitor/windows-autopatch-policy-health-and-remediation.md)
                      | :heavy_check_mark: | :x: | | [Raise and respond to support requests](../manage/windows-autopatch-support-request.md) | :heavy_check_mark: | :x: | | [Manage and respond to support requests](../manage/windows-autopatch-support-request.md#manage-an-active-support-request) | :x: | :heavy_check_mark: | From bffe17ff1332356ca2901896f2fd4b4f7237d73e Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Mon, 5 Aug 2024 13:55:50 -0700 Subject: [PATCH 11/15] Blah --- .../overview/windows-autopatch-roles-responsibilities.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md index 434b20db73..215fef87ca 100644 --- a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md +++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md @@ -15,7 +15,7 @@ ms.collection: - tier1 --- -# Roles and responsibilities +# Roles and responsibilities This article outlines your responsibilities and Windows Autopatch's responsibilities when: From c43bec1a24f0ee1fa1d62f8861d10e7f1b41fcb9 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 6 Aug 2024 08:33:33 -0700 Subject: [PATCH 12/15] Update waas-delivery-optimization-faq.yml remove extra spaces --- windows/deployment/do/waas-delivery-optimization-faq.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/do/waas-delivery-optimization-faq.yml b/windows/deployment/do/waas-delivery-optimization-faq.yml index 3faf4f916d..074b20e8f0 100644 --- a/windows/deployment/do/waas-delivery-optimization-faq.yml +++ b/windows/deployment/do/waas-delivery-optimization-faq.yml @@ -73,8 +73,8 @@ sections: > [!NOTE] > Disabling Delivery Optimization won't prevent content from downloading to your devices. If you're looking to pause updates, you need to set policies for the relevant components such as Windows Update, Windows Store or Microsoft Edge browser. If you're looking to reduce the load on your network, look into using Delivery Optimization Peer-to-Peer, Microsoft Connected Cache or apply the [network throttling policies](waas-delivery-optimization-reference.md#maximum-download-bandwidth) available for Delivery Optimization. - - question: My download is failing with error code 0x80d03002, how do I fix it? - answer: | + - question: My download is failing with error code 0x80d03002, how do I fix it? + answer: | If you set the DownloadMode policy to '100' (Bypass) some content downloads that require Delivery Optimization may fail with error code 0x80d03002. If you intend to disable peer-to-peer capabilities of Delivery Optimization, change the Delivery Optimization [Download mode](waas-delivery-optimization-reference.md#download-mode) setting to '0', which will disable peer-to-peer and provide hash checks. [Download mode](waas-delivery-optimization-reference.md#download-mode) set to '99' should only be used when the device is offline and doesn't have internet access. Don't set **Download mode** to '100' (Bypass), which can cause some content to fail to download. Starting in Windows 11, Download mode '100' is deprecated. From 3b581480ea123fcf05fa3c9e34abd7ba7c2e7a6f Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 6 Aug 2024 09:19:06 -0700 Subject: [PATCH 13/15] add question link to list at top --- windows/deployment/do/waas-delivery-optimization-faq.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/deployment/do/waas-delivery-optimization-faq.yml b/windows/deployment/do/waas-delivery-optimization-faq.yml index 074b20e8f0..4831cd8ca1 100644 --- a/windows/deployment/do/waas-delivery-optimization-faq.yml +++ b/windows/deployment/do/waas-delivery-optimization-faq.yml @@ -29,6 +29,7 @@ summary: | - [How are downloads initiated by Delivery Optimization?](#how-are-downloads-initiated-by-delivery-optimization) - [Delivery Optimization is downloading Windows content on my devices directly from an IP Address, is it expected?](#delivery-optimization-is-downloading-windows-content-on-my-devices-directly-from-an-ip-address--is-it-expected) - [How do I turn off Delivery Optimization?](#how-do-i-turn-off-delivery-optimization) + - [My download is failing with error code 0x80d03002, how do I fix it?](#my-download-is-failing-with-error-code-0x80d03002--how-do-i-fix-it] **Network related configuration questions**: From 95e7c5687823e4b56445e446e243b39f1668e8ab Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 6 Aug 2024 11:06:47 -0700 Subject: [PATCH 14/15] fix do faq link --- windows/deployment/do/waas-delivery-optimization-faq.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/do/waas-delivery-optimization-faq.yml b/windows/deployment/do/waas-delivery-optimization-faq.yml index 4831cd8ca1..4ccc887ab2 100644 --- a/windows/deployment/do/waas-delivery-optimization-faq.yml +++ b/windows/deployment/do/waas-delivery-optimization-faq.yml @@ -17,7 +17,7 @@ metadata: - ✅ Windows 10 - ✅ Windows Server 2019, and later - ✅ Delivery Optimization - ms.date: 05/23/2024 + ms.date: 08/06/2024 title: Frequently Asked Questions about Delivery Optimization summary: | This article answers frequently asked questions about Delivery Optimization. @@ -29,7 +29,7 @@ summary: | - [How are downloads initiated by Delivery Optimization?](#how-are-downloads-initiated-by-delivery-optimization) - [Delivery Optimization is downloading Windows content on my devices directly from an IP Address, is it expected?](#delivery-optimization-is-downloading-windows-content-on-my-devices-directly-from-an-ip-address--is-it-expected) - [How do I turn off Delivery Optimization?](#how-do-i-turn-off-delivery-optimization) - - [My download is failing with error code 0x80d03002, how do I fix it?](#my-download-is-failing-with-error-code-0x80d03002--how-do-i-fix-it] + - [My download is failing with error code 0x80d03002, how do I fix it?](#my-download-is-failing-with-error-code-0x80d03002--how-do-i-fix-it) **Network related configuration questions**: From b3344abf61bb960176e595549907527ed0d5dc08 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 6 Aug 2024 14:56:08 -0700 Subject: [PATCH 15/15] update sync your settings date for rev --- windows/whats-new/deprecated-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md index 3fa684a4f8..2b973540f6 100644 --- a/windows/whats-new/deprecated-features.md +++ b/windows/whats-new/deprecated-features.md @@ -104,7 +104,7 @@ The features in this article are no longer being actively developed, and might b |IIS Digest Authentication | We recommend that users use alternative authentication methods.| 1709 | |RSA/AES Encryption for IIS | We recommend that users use CNG encryption provider. | 1709 | |Screen saver functionality in Themes | Disabled in Themes. Screen saver functionality in Group Policies, Control Panel, and Sysprep continues to be functional. Lock screen features and policies are preferred. | 1709 | -|Sync your settings (updated: August 17, 2017) | Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. As part of this change, we will stop supporting the Device Syncing Settings and App Data report. All other **Sync your settings** options and the Enterprise State Roaming feature will continue to work provided your clients are running an up-to-date version of:
                      - Windows 11
                      - Windows 10, version 21H2, or later | 1709 | +|Sync your settings (updated: July, 30, 2024) | Back-end changes: In future releases, the back-end storage for the current sync process will change. A single cloud storage system will be used for Enterprise State Roaming and all other users. As part of this change, we will stop supporting the Device Syncing Settings and App Data report. All other **Sync your settings** options and the Enterprise State Roaming feature will continue to work provided your clients are running an up-to-date version of:
                      - Windows 11
                      - Windows 10, version 21H2, or later | 1709 | |System Image Backup (SIB) Solution|This feature is also known as the **Backup and Restore (Windows 7)** legacy control panel. For full-disk backup solutions, look for a third-party product from another software publisher. You can also use [OneDrive](/onedrive/) to sync data files with Microsoft 365.| 1709 | |TLS RC4 Ciphers |To be disabled by default. For more information, see [TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016](/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server)| 1709 | |Trusted Platform Module (TPM) Owner Password Management |This functionality within TPM.msc will be migrated to a new user interface.| 1709 |