Merge branch 'main' into release-intune-admincenter

2025-05-12 21:37:22 +00:00 · 2023-02-16 11:56:15 -08:00 · 2023-02-16 11:56:15 -08:00 · bf858e3d32
commit bf858e3d32
parent a0dcf4c8c0 6f1de7219b
24 changed files with 155 additions and 1511 deletions
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@ -20519,6 +20519,11 @@
      "source_path": "windows/client-management/mdm/policy-ddf-file.md",
      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-ddf",
      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/security/identity-protection/credential-guard/dg-readiness-tool.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard",
+      "redirect_document_id": true
    }
  ]
 }
--- a/windows/client-management/administrative-tools-in-windows-10.md
+++ b/windows/client-management/administrative-tools-in-windows-10.md
@ -8,7 +8,9 @@ manager: aaroncz
 ms.localizationpriority: medium
 ms.date: 03/28/2022
 ms.topic: article
-ms.collection: highpri
+ms.collection:
+  - highpri
+  - tier2
 ms.technology: itpro-manage
 ---

--- a/windows/client-management/azure-active-directory-integration-with-mdm.md
+++ b/windows/client-management/azure-active-directory-integration-with-mdm.md
@ -8,7 +8,9 @@ ms.topic: article
 ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
-ms.collection: highpri
+ms.collection:
+  - highpri
+  - tier2
 ms.date: 12/31/2017
 ---

--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@ -9,7 +9,9 @@ ms.date: 01/18/2022
 ms.reviewer:
 manager: aaroncz
 ms.topic: article
-ms.collection: highpri
+ms.collection:
+  - highpri
+  - tier2
 ms.technology: itpro-manage
 ---

--- a/windows/client-management/device-update-management.md
+++ b/windows/client-management/device-update-management.md
@ -9,7 +9,9 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 11/15/2017
-ms.collection: highpri
+ms.collection:
+  - highpri
+  - tier2
 ---

 # Mobile device management (MDM) for device updates
--- a/windows/client-management/diagnose-mdm-failures-in-windows-10.md
+++ b/windows/client-management/diagnose-mdm-failures-in-windows-10.md
@ -9,7 +9,9 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/25/2018
-ms.collection: highpri
+ms.collection:
+  - highpri
+  - tier2
 ---

 # Diagnose MDM failures in Windows 10
--- a/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
@ -9,7 +9,9 @@ author: vinaypamnani-msft
 ms.date: 04/30/2022
 ms.reviewer:
 manager: aaroncz
-ms.collection: highpri
+ms.collection:
+  - highpri
+  - tier2
 ---

 # Enroll a Windows 10 device automatically using Group Policy
--- a/windows/client-management/index.yml
+++ b/windows/client-management/index.yml
@ -11,6 +11,7 @@ metadata:
  ms.technology: itpro-manage
  ms.collection:
    - highpri
+    - tier1
  author: aczechowski
  ms.author: aaroncz
  manager: dougeby
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@ -8,7 +8,9 @@ ms.date: 09/14/2021
 ms.reviewer:
 manager: aaroncz
 ms.topic: article
-ms.collection: highpri
+ms.collection:
+  - highpri
+  - tier2
 ms.technology: itpro-manage
 ---

--- a/windows/client-management/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm-enrollment-of-windows-devices.md
@ -11,7 +11,9 @@ ms.topic: article
 ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
-ms.collection: highpri
+ms.collection:
+  - highpri
+  - tier2
 ms.date: 12/31/2017
 ---

--- a/windows/client-management/mdm-overview.md
+++ b/windows/client-management/mdm-overview.md
@ -9,7 +9,9 @@ ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.author: vinpa
 manager: aaroncz
-ms.collection: highpri
+ms.collection:
+  - highpri
+  - tier2
 ---

 # Mobile Device Management overview
--- a/windows/client-management/mdm/configuration-service-provider-ddf.md
+++ b/windows/client-management/mdm/configuration-service-provider-ddf.md
@ -9,7 +9,9 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/18/2020
-ms.collection: highpri
+ms.collection:
+  - highpri
+  - tier2
 ---

 # Configuration service provider DDF files
--- a/windows/client-management/mdm/configuration-service-provider-support.md
+++ b/windows/client-management/mdm/configuration-service-provider-support.md
@ -9,7 +9,9 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/18/2020
-ms.collection: highpri
+ms.collection:
+  - highpri
+  - tier2
 ---

 # Configuration service provider support
--- a/windows/client-management/mdm/dynamicmanagement-csp.md
+++ b/windows/client-management/mdm/dynamicmanagement-csp.md
@ -9,7 +9,9 @@ author: vinaypamnani-msft
 ms.date: 06/26/2017
 ms.reviewer:
 manager: aaroncz
-ms.collection: highpri
+ms.collection:
+  - highpri
+  - tier2
 ---

 # DynamicManagement CSP
--- a/windows/client-management/mdm/index.yml
+++ b/windows/client-management/mdm/index.yml
@ -11,6 +11,7 @@ metadata:
  ms.prod: windows-client
  ms.collection:
    - highpri
+    - tier1
  ms.custom: intro-hub-or-landing
  author: vinaypamnani-msft
  ms.author: vinpa
--- a/windows/client-management/mdm/policy-csp-restrictedgroups.md
+++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md
@ -150,7 +150,7 @@ Descriptions of the properties:

 **Policy timeline**:

-The behavior of this policy setting differs in different Windows 10 versions. For Windows 10, version 1809 through version 1909, you can use name in `<accessgroup dec>` and SID in `<member name>`. For Windows 10, version 2004, you can use name or SID for both the elements, as described in the example.
+The behavior of this policy setting differs in different Windows 10 versions. For Windows 10, version 1809 through version 1909, you can use name in `<accessgroup desc>` and SID in `<member name>`. For Windows 10, version 2004, you can use name or SID for both the elements, as described in the example.

 The following table describes how this policy setting behaves in different Windows 10 versions:

--- a/windows/client-management/mobile-device-enrollment.md
+++ b/windows/client-management/mobile-device-enrollment.md
@ -9,7 +9,9 @@ ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 08/11/2017
-ms.collection: highpri
+ms.collection:
+  - highpri
+  - tier2
 ---

 # Mobile device enrollment
--- a/windows/client-management/quick-assist.md
+++ b/windows/client-management/quick-assist.md
@ -9,7 +9,9 @@ author: vinaypamnani-msft
 ms.author: vinpa
 manager: aaroncz
 ms.reviewer: pmadrigal
-ms.collection: highpri
+ms.collection:
+  - highpri
+  - tier1
 ms.date: 08/26/2022
 ---

--- a/windows/deployment/update/wufb-reports-overview.md
+++ b/windows/deployment/update/wufb-reports-overview.md
@ -16,7 +16,7 @@ ms.technology: itpro-updates

 Windows Update for Business reports is a cloud-based solution that provides information about your Azure Active Directory-joined devices' compliance with Windows updates. Windows Update for Business reports is offered through the [Azure portal](https://portal.azure.com), and it's included as part of the Windows 10 or Windows 11 prerequisite licenses. Windows Update for Business reports helps you:

- Monitor security, quality, and feature updates for Windows 11 and Windows 10 devices
+- Monitor security, quality, driver, and feature updates for Windows 11 and Windows 10 devices
 - Report on devices with update compliance issues
 - Analyze and display your data in multiple ways

--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@ -328,8 +328,6 @@
          href: identity-protection/credential-guard/credential-guard-requirements.md
        - name: Manage Credential Guard
          href: identity-protection/credential-guard/credential-guard-manage.md
-        - name: Hardware readiness tool
-          href: identity-protection/credential-guard/dg-readiness-tool.md
        - name: Credential Guard protection limits
          href: identity-protection/credential-guard/credential-guard-protection-limits.md
        - name: Considerations when using Credential Guard
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@ -1,6 +1,6 @@
 ---
 title: Manage Windows Defender Credential Guard (Windows)
-description: Learn how to deploy and manage Windows Defender Credential Guard using Group Policy, the registry, or hardware readiness tools.
+description: Learn how to deploy and manage Windows Defender Credential Guard using Group Policy or the registry.
 ms.date: 11/23/2022
 ms.collection:
  - highpri
@ -38,7 +38,7 @@ Windows Defender Credential Guard will be enabled by default when a PC meets the

 ## Enable Windows Defender Credential Guard

-Windows Defender Credential Guard can be enabled either by using [Group Policy](#enable-windows-defender-credential-guard-by-using-group-policy), the [registry](#enable-windows-defender-credential-guard-by-using-the-registry), or the [Hypervisor-Protected Code Integrity (HVCI) and Windows Defender Credential Guard hardware readiness tool](#enable-windows-defender-credential-guard-by-using-the-hvci-and-windows-defender-credential-guard-hardware-readiness-tool). Windows Defender Credential Guard can also protect secrets in a Hyper-V virtual machine, just as it would on a physical machine.
+Windows Defender Credential Guard can be enabled either by using [Group Policy](#enable-windows-defender-credential-guard-by-using-group-policy) or the [registry](#enable-windows-defender-credential-guard-by-using-the-registry). Windows Defender Credential Guard can also protect secrets in a Hyper-V virtual machine, just as it would on a physical machine.
 The same set of procedures used to enable Windows Defender Credential Guard on physical machines applies also to virtual machines.

 > [!NOTE]
@ -151,19 +151,6 @@ To enable, use the Control Panel or the Deployment Image Servicing and Managemen
 > [!NOTE]
 > You can also enable Windows Defender Credential Guard by setting the registry entries in the [FirstLogonCommands](/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-firstlogoncommands) unattend setting.

-### Enable Windows Defender Credential Guard by using the HVCI and Windows Defender Credential Guard hardware readiness tool
-
-You can also enable Windows Defender Credential Guard by using the [HVCI and Windows Defender Credential Guard hardware readiness tool](dg-readiness-tool.md).
-
-```cmd
-DG_Readiness_Tool.ps1 -Enable -AutoReboot
-```
-
-> [!IMPORTANT]
-> When running the HVCI and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSArch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work. 
->
-> This is a known issue.
-
 ### Review Windows Defender Credential Guard performance

 #### Is Windows Defender Credential Guard running?
@ -178,17 +165,6 @@ You can view System Information to check that Windows Defender Credential Guard

   :::image type="content" source="images/credguard-msinfo32.png" alt-text="The 'Virtualization-based security Services Running' entry lists Credential Guard in System Information (msinfo32.exe).":::

-You can also check that Windows Defender Credential Guard is running by using the [HVCI and Windows Defender Credential Guard hardware readiness tool](dg-readiness-tool.md).
-
-```cmd
-DG_Readiness_Tool_v3.6.ps1 -Ready
-```
-
-> [!IMPORTANT]
-> When running the HVCI and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `*$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSArch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work. 
->
-> This is a known issue.
-
 > [!NOTE]
 > For client machines that are running Windows 10 1703, LsaIso.exe is running whenever virtualization-based security is enabled for other features.

--- a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
+++ b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
--- a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
+++ b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
@ -112,4 +112,4 @@ The use of ALT key character combinations may greatly enhance the complexity of

 ## Related articles

- [Password Policy](password-policy.md)
+- [Password Policy](/microsoft-365/admin/misc/password-policy-recommendations)
--- a/windows/whats-new/windows-11-requirements.md
+++ b/windows/whats-new/windows-11-requirements.md
@ -1,16 +1,15 @@
 ---
 title: Windows 11 requirements
-description: Hardware requirements to deploy Windows 11
+description: Hardware requirements to deploy Windows 11.
 manager: aaroncz
 author: mestew
 ms.author: mstewart
 ms.prod: windows-client
 ms.localizationpriority: medium
 ms.topic: article
-ms.custom: seo-marvel-apr2020
 ms.collection: highpri
 ms.technology: itpro-fundamentals
-ms.date: 12/31/2017
+ms.date: 02/13/2023
 ---

 # Windows 11 requirements
@ -25,45 +24,54 @@ This article lists the system requirements for Windows 11. Windows 11 is also [s

 To install or upgrade to Windows 11, devices must meet the following minimum hardware requirements:

- Processor: 1 gigahertz (GHz) or faster with two or more cores on a [compatible 64-bit processor](https://aka.ms/CPUlist) or system on a chip (SoC).
- RAM: 4 gigabytes (GB) or greater.
- Storage: 64 GB\* or greater available storage is required to install Windows 11.
-  - Extra storage space might be required to download updates and enable specific features.
- Graphics card: Compatible with DirectX 12 or later, with a WDDM 2.0 driver.
- System firmware: UEFI, Secure Boot capable.
- TPM: [Trusted Platform Module](/windows/security/information-protection/tpm/trusted-platform-module-overview) (TPM) version 2.0.
- Display: High definition (720p) display, 9" or greater monitor, 8 bits per color channel.
- Internet connection: Internet connectivity is necessary to perform updates, and to download and use some features. 
-  - Windows 11 Home edition requires an Internet connection and a Microsoft Account to complete device setup on first use.
+- **Processor**: 1 gigahertz (GHz) or faster with two or more cores on a [compatible 64-bit processor](/windows-hardware/design/minimum/windows-processor-requirements) or system on a chip (SoC).

-\* There might be more requirements over time for updates, and to enable specific features within the operating system. For more information, see [Windows 11 specifications](https://www.microsoft.com/windows/windows-11-specifications). 
+- **Memory**: 4 gigabytes (GB) or greater.

-Also see [Update on Windows 11 minimum system requirements](https://blogs.windows.com/windows-insider/2021/06/28/update-on-windows-11-minimum-system-requirements/).
+- **Storage**: 64 GB or greater available disk space.

-For information about tools to evaluate readiness, see [Determine eligibility](windows-11-plan.md#determine-eligibility).
+  > [!NOTE]
+  > There might be more storage requirements over time for updates, and to enable specific features within the OS. For more information, see [Windows 11 specifications](https://www.microsoft.com/windows/windows-11-specifications).

-## Operating system requirements
+- **Graphics card**: Compatible with DirectX 12 or later, with a WDDM 2.0 driver.
+
+- **System firmware**: UEFI, Secure Boot capable.
+
+- **TPM**: [Trusted Platform Module](/windows/security/information-protection/tpm/trusted-platform-module-overview) (TPM) version 2.0.
+
+- **Display**: High definition (720p) display, 9" or greater monitor, 8 bits per color channel.
+
+- **Internet connection**: Internet connectivity is necessary to perform updates, and to download and use some features.
+
+  - Windows 11 Home edition requires an internet connection and a Microsoft Account to complete device setup on first use.
+
+For more information, see the following Windows Insider blog post: [Update on Windows 11 minimum system requirements](https://blogs.windows.com/windows-insider/2021/06/28/update-on-windows-11-minimum-system-requirements/).
+
+For more information about tools to evaluate readiness, see [Determine eligibility](windows-11-plan.md#determine-eligibility).
+
+## OS requirements

 Eligible Windows 10 devices must be on version 2004 or later, and have installed the September 14, 2021 security update or later, to upgrade directly to Windows 11.

 > [!NOTE]
-> S mode is only supported on the Home edition of Windows 11.
-> If you are running a different edition of Windows in S mode, you will need to first [switch out of S mode](/windows/deployment/windows-10-pro-in-s-mode) prior to upgrading.<br>&nbsp;<br>
-> Switching a device out of Windows 10 in S mode also requires internet connectivity. If you switch out of S mode, you cannot switch back to S mode later.
+>
+> - S mode is only supported on the Home edition of Windows 11.
+> - If you're running a different edition of Windows in S mode, before upgrading to Windows 11, first [switch out of S mode](/windows/deployment/windows-10-pro-in-s-mode).
+> - To switch a device out of Windows 10 in S mode also requires internet connectivity. If you switch out of S mode, you can't switch back to S mode later.

 ## Feature-specific requirements

-Some features in Windows 11 have requirements beyond those requirements listed above. See the following list of features and associated requirements.
+Some features in Windows 11 have requirements beyond the minimum [hardware requirements](#hardware-requirements).

 - **5G support**: requires 5G capable modem.
 - **Auto HDR**: requires an HDR monitor.
 - **BitLocker to Go**: requires a USB flash drive. This feature is available in Windows Pro and above editions.
- **Client Hyper-V**: requires a processor with second-level address translation (SLAT) capabilities. This feature is available in Windows Pro editions and above. 
+- **Client Hyper-V**: requires a processor with second-level address translation (SLAT) capabilities. This feature is available in Windows Pro editions and greater.
 - **Cortana**: requires a microphone and speaker and is currently available on Windows 11 for Australia, Brazil, Canada, China, France, Germany, India, Italy, Japan, Mexico, Spain, United Kingdom, and United States.
 - **DirectStorage**: requires an NVMe SSD to store and run games that use the Standard NVM Express Controller driver and a DirectX12 GPU with Shader Model 6.0 support.
 - **DirectX 12 Ultimate**: available with supported games and graphics chips.
 - **Presence**: requires sensor that can detect human distance from device or intent to interact with device.
- **Intelligent Video Conferencing**: requires video camera, microphone, and speaker (audio output) 
+- **Intelligent Video Conferencing**: requires video camera, microphone, and speaker (audio output).
 - **Multiple Voice Assistant**: requires a microphone and speaker.
 - **Snap**: three-column layouts require a screen that is 1920 effective pixels or greater in width.
 - **Mute** and **unmute**: from Taskbar requires video camera, microphone, and speaker (audio output). App must be compatible with feature to enable global mute/unmute.
@ -76,35 +84,43 @@ Some features in Windows 11 have requirements beyond those requirements listed a
 - **Wi-Fi 6E**: requires new WLAN IHV hardware and driver and a Wi-Fi 6E capable AP/router.
 - **Windows Hello**: requires a camera configured for near infrared (IR) imaging or fingerprint reader for biometric authentication. Devices without biometric sensors can use Windows Hello with a PIN or portable Microsoft compatible security key. For more information, see [IT tools to support Windows 10, version 21H1](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/it-tools-to-support-windows-10-version-21h1/ba-p/2365103).
 - **Windows Projection**: requires a display adapter that supports Windows Display Driver Model (WDDM) 2.0 and a Wi-Fi adapter that supports Wi-Fi Direct.
- **Xbox app**: requires an Xbox Live account, which isn't available in all regions. Go to the Xbox Live Countries and Regions page for the most up-to-date information on availability. Some features in the Xbox app will require an active [Xbox Game Pass](https://www.xbox.com/xbox-game-pass) subscription.
+- **Xbox app**: requires an Xbox Live account, which isn't available in all regions. Go to the Xbox Live *Countries and Regions* page for the most up-to-date information on availability. Some features in the Xbox app require an active [Xbox Game Pass](https://www.xbox.com/xbox-game-pass) subscription.

 ## Virtual machine support

 The following configuration requirements apply to VMs running Windows 11.

-	Generation: 2<b> \*</b>
-	Storage: 64 GB or greater
-	Security: 
-    - Azure: [Trusted launch](/azure/virtual-machines/trusted-launch) with vTPM enabled
-    - Hyper-V: [Secure boot and TPM enabled](/windows-server/virtualization/hyper-v/learn-more/Generation-2-virtual-machine-security-settings-for-Hyper-V#secure-boot-setting-in-hyper-v-manager)
-    - General settings: Secure boot capable, virtual TPM enabled
-	Memory:  4 GB or greater
-	Processor: Two or more virtual processors
-
-The VM host CPU must also meet Windows 11 [processor requirements](/windows-hardware/design/minimum/windows-processor-requirements).
-
-<b>\*</b> In-place upgrade of existing generation 1 VMs to Windows 11 isn't possible.
+- **Generation**: 2

  > [!NOTE]
-> Procedures to configure required VM settings depend on the VM host type. For example, VM hosts running Hyper-V, virtualization (VT-x, VT-d) must be enabled in BIOS. Virtual TPM 2.0 is emulated in the guest VM independent of the Hyper-V host TPM presence or version.
+  > In-place upgrade of existing generation 1 VMs to Windows 11 isn't possible.
+
+- **Storage**: 64 GB or greater disk space.
+
+- **Security**:
+
+  - **Azure**: [Trusted launch](/azure/virtual-machines/trusted-launch) with vTPM enabled.
+  - **Hyper-V**: [Secure boot and TPM enabled](/windows-server/virtualization/hyper-v/learn-more/Generation-2-virtual-machine-security-settings-for-Hyper-V#secure-boot-setting-in-hyper-v-manager).
+
+    - General settings: Secure boot capable, virtual TPM enabled.
+
+- **Memory**: 4 GB or greater.
+
+- **Processor**: Two or more virtual processors.
+
+  - The VM host processor must also meet Windows 11 [processor requirements](/windows-hardware/design/minimum/windows-processor-requirements).
+
+    > [!NOTE]
+    > There may be some instances where this requirement for the VM host doesn't apply. For more information, see [Options for using Windows 11 with Mac computers](https://support.microsoft.com/topic/cd15fd62-9b34-4b78-b0bc-121baa3c568c).<!-- 7600331 -->
+
+  - Procedures to configure required VM settings depend on the VM host type. For example, VM hosts running Hyper-V, virtualization (VT-x, VT-d) must be enabled in the BIOS. Virtual TPM 2.0 is emulated in the guest VM independent of the Hyper-V host TPM presence or version.

 ## Next steps

-[Plan for Windows 11](windows-11-plan.md)<br>
-[Prepare for Windows 11](windows-11-prepare.md)
+- [Plan for Windows 11](windows-11-plan.md)
+- [Prepare for Windows 11](windows-11-prepare.md)

 ## See also

-[Windows minimum hardware requirements](/windows-hardware/design/minimum/minimum-hardware-requirements-overview)<br>
-[What's new in Windows 11 overview](/windows/whats-new/windows-11-overview)
-
+- [Windows minimum hardware requirements](/windows-hardware/design/minimum/minimum-hardware-requirements-overview)
+- [What's new in Windows 11 overview](/windows/whats-new/windows-11-overview)