diff --git a/browsers/edge/emie-to-improve-compatibility.md b/browsers/edge/emie-to-improve-compatibility.md index 09a98b4378..b7dbb29a92 100644 --- a/browsers/edge/emie-to-improve-compatibility.md +++ b/browsers/edge/emie-to-improve-compatibility.md @@ -27,8 +27,32 @@ If you have specific websites and apps that have compatibility problems with Mic Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. +## Interoperability goals and enterprise guidance -[!INCLUDE [interoperability-goals-enterprise-guidance](../includes/interoperability-goals-enterprise-guidance.md)] +Our primary goal is that your websites work in Microsoft Edge. To that end, we've made Microsoft Edge the default browser. + +You must continue using IE11 if web apps use any of the following: + +* ActiveX controls + +* x-ua-compatible headers + +* <meta> tags with an http-equivalent value of X-UA-Compatible header + +* Enterprise mode or compatibility view to addressing compatibility issues + +* legacy document modes + +If you have uninstalled IE11, you can download it from the Microsoft Store or the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. + +> [!TIP] +> If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=620714). + +|Technology |Why it existed |Why we don't need it anymore | +|---------|---------|---------| +|ActiveX |ActiveX is a binary extension model introduced in 1996 which allowed developers to embed native Windows technologies (COM/OLE) in web pages. These controls can be downloaded and installed from a site and were subsequently loaded in-process and rendered in Internet Explorer. | | +|Browser Helper Objects (BHO) |BHOs are a binary extension model introduced in 1997 which enabled developers to write COM objects that were loaded in-process with the browser and could perform actions on available windows and modules. A common use was to build toolbars that installed into Internet Explorer. | | +|Document modes | Starting with IE8, Internet Explorer introduced a new “document mode” with every release. These document modes could be requested via the x-ua-compatible header to put the browser into a mode which emulates legacy versions. |Similar to other modern browsers, Microsoft Edge has a single “living” document mode. To minimize the compatibility burden, we test features behind switches in about:flags until stable and ready to be turned on by default. | ## Enterprise guidance Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that rely on ActiveX controls, continue using Internet Explorer 11 for the web apps to work correctly. If you don't have IE11 installed anymore, you can download it from the Microsoft Store or the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Also, if you use an earlier version of Internet Explorer, upgrade to IE11. diff --git a/browsers/includes/interoperability-goals-enterprise-guidance.md b/browsers/includes/interoperability-goals-enterprise-guidance.md deleted file mode 100644 index 407e07bf91..0000000000 --- a/browsers/includes/interoperability-goals-enterprise-guidance.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -author: eavena -ms.author: eravena -ms.date: 10/15/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -## Interoperability goals and enterprise guidance - -Our primary goal is that your websites work in Microsoft Edge. To that end, we've made Microsoft Edge the default browser. - -You must continue using IE11 if web apps use any of the following: - -* ActiveX controls - -* x-ua-compatible headers - -* <meta> tags with an http-equivalent value of X-UA-Compatible header - -* Enterprise mode or compatibility view to addressing compatibility issues - -* legacy document modes - -If you have uninstalled IE11, you can download it from the Microsoft Store or the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. - -> [!TIP] -> If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=620714). - - -|Technology |Why it existed |Why we don't need it anymore | -|---------|---------|---------| -|ActiveX |ActiveX is a binary extension model introduced in 1996 which allowed developers to embed native Windows technologies (COM/OLE) in web pages. These controls can be downloaded and installed from a site and were subsequently loaded in-process and rendered in Internet Explorer. | | -|Browser Helper Objects (BHO) |BHOs are a binary extension model introduced in 1997 which enabled developers to write COM objects that were loaded in-process with the browser and could perform actions on available windows and modules. A common use was to build toolbars that installed into Internet Explorer. | | -|Document modes | Starting with IE8, Internet Explorer introduced a new “document mode” with every release. These document modes could be requested via the x-ua-compatible header to put the browser into a mode which emulates legacy versions. |Similar to other modern browsers, Microsoft Edge has a single “living” document mode. To minimize the compatibility burden, we test features behind switches in about:flags until stable and ready to be turned on by default. | - - ---- diff --git a/education/includes/education-content-updates.md b/education/includes/education-content-updates.md index fd0f0a83fb..1f83558533 100644 --- a/education/includes/education-content-updates.md +++ b/education/includes/education-content-updates.md @@ -2,10 +2,8 @@ -## Week of January 11, 2021 +## Week of April 26, 2021 | Published On |Topic title | Change | |------|------------|--------| -| 1/14/2021 | [Chromebook migration guide (Windows 10)](../windows/chromebook-migration-guide.md) | modified | -| 1/14/2021 | [Deploy Windows 10 in a school district (Windows 10)](../windows/deploy-windows-10-in-a-school-district.md) | modified | \ No newline at end of file diff --git a/gdpr/docfx.json b/gdpr/docfx.json index 145ed2f444..1d092a902e 100644 --- a/gdpr/docfx.json +++ b/gdpr/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", diff --git a/smb/includes/smb-content-updates.md b/smb/includes/smb-content-updates.md new file mode 100644 index 0000000000..1f83558533 --- /dev/null +++ b/smb/includes/smb-content-updates.md @@ -0,0 +1,9 @@ + + + + +## Week of April 26, 2021 + + +| Published On |Topic title | Change | +|------|------------|--------| diff --git a/store-for-business/includes/store-for-business-content-updates.md b/store-for-business/includes/store-for-business-content-updates.md index 5bfd1836da..1f83558533 100644 --- a/store-for-business/includes/store-for-business-content-updates.md +++ b/store-for-business/includes/store-for-business-content-updates.md @@ -2,20 +2,8 @@ -## Week of March 22, 2021 +## Week of April 26, 2021 | Published On |Topic title | Change | |------|------------|--------| -| 3/26/2021 | [Acquire apps in Microsoft Store for Business (Windows 10)](/microsoft-store/acquire-apps-microsoft-store-for-business) | modified | -| 3/26/2021 | [Apps in Microsoft Store for Business and Education (Windows 10)](/microsoft-store/apps-in-microsoft-store-for-business) | modified | -| 3/26/2021 | [Change history for Microsoft Store for Business and Education](/microsoft-store/sfb-change-history) | modified | -| 3/26/2021 | [Whats new in Microsoft Store for Business and Education](/microsoft-store/release-history-microsoft-store-business-education) | modified | - - -## Week of March 15, 2021 - - -| Published On |Topic title | Change | -|------|------------|--------| -| 3/17/2021 | [Roles and permissions in Microsoft Store for Business and Education (Windows 10)](/microsoft-store/roles-and-permissions-microsoft-store-for-business) | modified | diff --git a/windows/access-protection/docfx.json b/windows/access-protection/docfx.json index 2f90a93cf1..fff71782f2 100644 --- a/windows/access-protection/docfx.json +++ b/windows/access-protection/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", diff --git a/windows/application-management/add-apps-and-features.md b/windows/application-management/add-apps-and-features.md index 89fdaaf04c..9cccc2d19c 100644 --- a/windows/application-management/add-apps-and-features.md +++ b/windows/application-management/add-apps-and-features.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: article ms.author: dansimp -author: msfttracyp +author: dansimp ms.localizationpriority: medium ms.date: 04/26/2018 ms.reviewer: diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index 31da1afc51..9e81170cc7 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -8,7 +8,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: mobile ms.author: dansimp -author: msfttracyp +author: dansimp ms.localizationpriority: medium ms.topic: article --- diff --git a/windows/application-management/change-history-for-application-management.md b/windows/application-management/change-history-for-application-management.md deleted file mode 100644 index e7e6041a1d..0000000000 --- a/windows/application-management/change-history-for-application-management.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Change history for Application management in Windows 10 (Windows 10) -description: View new release information and updated topics in the documentation for application management in Windows 10. -keywords: -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 10/24/2017 -ms.reviewer: -manager: dansimp ---- - -# Change history for Application management in Windows 10 - -This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile. - -## RELEASE: Windows 10, version 1803 - -The topics in this library have been updated for Windows 10, version 1803. - -## October 2017 - -New or changed topic | Description ---- | --- -[Enable or block Windows Mixed Reality apps in the enterprise](manage-windows-mixed-reality.md) | Added instructions for manually installing Windows Mixed Reality - -## RELEASE: Windows 10, version 1709 - -The topics in this library have been updated for Windows 10, version 1709 (also known as the Fall Creators Update). The following new topic has been added: - -- [Enable or block Windows Mixed Reality apps in the enterprise](manage-windows-mixed-reality.md) - -## September 2017 -| New or changed topic | Description | -| --- | --- | -| [Per-user services in Windows 10](per-user-services-in-windows.md) | New | -| [Remove background task resource restrictions](enterprise-background-activity-controls.md) | New | -| [Understand the different apps included in Windows 10](apps-in-windows-10.md) | New | - -## July 2017 -| New or changed topic | Description | -| --- | --- | -| [Service Host process refactoring](svchost-service-refactoring.md) | New | -| [Deploy app upgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md) | New | - - diff --git a/windows/application-management/deploy-app-upgrades-windows-10-mobile.md b/windows/application-management/deploy-app-upgrades-windows-10-mobile.md index 96be5ecfc1..4e7caf9110 100644 --- a/windows/application-management/deploy-app-upgrades-windows-10-mobile.md +++ b/windows/application-management/deploy-app-upgrades-windows-10-mobile.md @@ -6,7 +6,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: mobile ms.author: dansimp -author: msfttracyp +author: dansimp ms.date: 07/21/2017 ms.reviewer: manager: dansimp diff --git a/windows/application-management/docfx.json b/windows/application-management/docfx.json index 460b8ecfdd..4d3e15e0a7 100644 --- a/windows/application-management/docfx.json +++ b/windows/application-management/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", diff --git a/windows/application-management/index.md b/windows/application-management/index.md deleted file mode 100644 index a294e75581..0000000000 --- a/windows/application-management/index.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -title: Windows 10 application management -description: Learn about managing applications in Windows 10 and Windows 10 Mobile clients, including how to remove background task resource restrictions. -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -manager: dansimp -author: dansimp -ms.localizationpriority: high ---- - -# Windows 10 application management - -**Applies to** -- Windows 10 - -Learn about managing applications in Windows 10 and Windows 10 Mobile clients. - - -| Topic | Description | -|---|---| -|[Sideload apps in Windows 10](sideload-apps-in-windows-10.md)| Requirements and instructions for side-loading LOB applications on Windows 10 and Windows 10 Mobile clients| -| [Remove background task resource restrictions](enterprise-background-activity-controls.md) | Windows provides controls to manage which experiences may run in the background. | -| [Enable or block Windows Mixed Reality apps in the enterprise](manage-windows-mixed-reality.md) | Learn how to enable or block Windows Mixed Reality apps. | -|[App-V](app-v/appv-getting-started.md)| Microsoft Application Virtualization (App-V) for Windows 10 enables organizations to deliver Win32 applications to users as virtual applications| -| [Service Host process refactoring](svchost-service-refactoring.md) | Changes to Service Host grouping in Windows 10 | -|[Per User services in Windows 10](per-user-services-in-windows.md)| Overview of per user services and instructions for viewing and disabling them in Windows 10 and Windows 2016| -[Disabling System Services in Windows Server](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server) | Security guidelines for disabling services in Windows Server 2016 with Desktop Experience -|[Understand apps in Windows 10](apps-in-windows-10.md)| Overview of the different apps included by default in Windows 10 Enterprise| -| [Deploy app upgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md) | How to upgrade apps on Windows 10 Mobile | -[Change history for Application management](change-history-for-application-management.md) | This topic lists new and updated topics in the Application management documentation for Windows 10 and Windows 10 Mobile. \ No newline at end of file diff --git a/windows/application-management/index.yml b/windows/application-management/index.yml new file mode 100644 index 0000000000..dc786fd289 --- /dev/null +++ b/windows/application-management/index.yml @@ -0,0 +1,68 @@ +### YamlMime:Landing + +title: Windows application management # < 60 chars +summary: Learn about managing applications in Windows client, including how to remove background task resource restrictions. # < 160 chars + +metadata: + title: Windows application management # Required; page title displayed in search results. Include the brand. < 60 chars. + description: Learn about managing applications in Windows 10 and Windows Sun Valley. # Required; article description that is displayed in search results. < 160 chars. + services: windows-10 + ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM. + ms.subservice: subservice + ms.topic: landing-page # Required + ms.collection: windows-10 + author: greg-lindsay #Required; your GitHub user alias, with correct capitalization. + ms.author: greglin #Required; microsoft alias of author; optional team alias. + ms.date: 04/30/2021 #Required; mm/dd/yyyy format. + localization_priority: medium + +# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new + +landingContent: +# Cards and links should be based on top customer tasks or top subjects +# Start card title with a verb + # Card (optional) + - title: Manage Windows applications + linkLists: + - linkListType: overview + links: + - text: Understand apps in Windows 10 + url: apps-in-windows-10.md + - text: How to add apps and features to Windows 10 + url: add-apps-and-features.md + - text: Sideload LOB apps in Windows 10 + url: sideload-apps-in-windows-10.md + - text: Keep removed apps from returning during an update + url: remove-provisioned-apps-during-update.md + + # Card (optional) + - title: Application Virtualization (App-V) + linkLists: + - linkListType: overview + links: + - text: App-V overview + url: app-v/appv-for-windows.md + - text: Getting started with App-V + url: app-v/appv-getting-started.md + - text: Planning for App-V + url: app-v/appv-planning-for-appv.md + - text: Deploying App-V + url: app-v/appv-deploying-appv.md + - text: Operations for App-V + url: app-v/appv-operations.md + - text: Troubleshooting App-V + url: app-v/appv-troubleshooting.md + - text: Technical Reference for App-V + url: app-v/appv-technical-reference.md + + # Card (optional) + - title: Windows System Services + linkLists: + - linkListType: overview + links: + - text: Changes to Service Host grouping in Windows 10 + url: svchost-service-refactoring.md + - text: Per-user services in Windows + url: per-user-services-in-windows.md + - text: Per-user services in Windows + url: per-user-services-in-windows.md \ No newline at end of file diff --git a/windows/application-management/msix-app-packaging-tool.md b/windows/application-management/msix-app-packaging-tool.md index 030d1c6a31..8464d6261e 100644 --- a/windows/application-management/msix-app-packaging-tool.md +++ b/windows/application-management/msix-app-packaging-tool.md @@ -11,7 +11,7 @@ ms.topic: article ms.date: 12/03/2018 ms.reviewer: manager: dansimp -author: msfttracyp +author: dansimp --- # Repackage existing win32 applications to the MSIX format diff --git a/windows/application-management/per-user-services-in-windows.md b/windows/application-management/per-user-services-in-windows.md index cd68824109..a703d5ccae 100644 --- a/windows/application-management/per-user-services-in-windows.md +++ b/windows/application-management/per-user-services-in-windows.md @@ -6,7 +6,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: mobile ms.author: dansimp -author: msfttracyp +author: dansimp ms.date: 09/14/2017 ms.reviewer: manager: dansimp diff --git a/windows/application-management/remove-provisioned-apps-during-update.md b/windows/application-management/remove-provisioned-apps-during-update.md index e85e9efb07..591d3ebfe3 100644 --- a/windows/application-management/remove-provisioned-apps-during-update.md +++ b/windows/application-management/remove-provisioned-apps-during-update.md @@ -5,7 +5,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.author: dansimp -author: msfttracyp +author: dansimp ms.date: 05/25/2018 ms.reviewer: manager: dansimp diff --git a/windows/application-management/sideload-apps-in-windows-10.md b/windows/application-management/sideload-apps-in-windows-10.md index 58033a8f99..153f2d49e5 100644 --- a/windows/application-management/sideload-apps-in-windows-10.md +++ b/windows/application-management/sideload-apps-in-windows-10.md @@ -9,7 +9,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: mobile -author: msfttracyp +author: dansimp ms.date: 05/20/2019 --- diff --git a/windows/application-management/svchost-service-refactoring.md b/windows/application-management/svchost-service-refactoring.md index 3bd1bf1897..7960d238c7 100644 --- a/windows/application-management/svchost-service-refactoring.md +++ b/windows/application-management/svchost-service-refactoring.md @@ -6,7 +6,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: mobile ms.author: dansimp -author: msfttracyp +author: dansimp ms.date: 07/20/2017 ms.reviewer: manager: dansimp diff --git a/windows/application-management/TOC.yml b/windows/application-management/toc.yml similarity index 63% rename from windows/application-management/TOC.yml rename to windows/application-management/toc.yml index 0235d54cc0..282bdafc46 100644 --- a/windows/application-management/TOC.yml +++ b/windows/application-management/toc.yml @@ -1,5 +1,7 @@ -- name: Manage applications in Windows 10 - href: index.md +items: +- name: Manage Windows applications + href: index.yml +- name: Application management items: - name: Sideload apps href: sideload-apps-in-windows-10.md @@ -13,99 +15,110 @@ href: add-apps-and-features.md - name: Repackage win32 apps in the MSIX format href: msix-app-packaging-tool.md - - name: Application Virtualization (App-V) for Windows +- name: Application Virtualization (App-V) + items: + - name: App-V for Windows 10 overview href: app-v/appv-for-windows.md + - name: Getting Started items: - name: Getting Started with App-V href: app-v/appv-getting-started.md + - name: What's new items: - name: What's new in App-V for Windows 10, version 1703 and earlier href: app-v/appv-about-appv.md - items: - - name: Release Notes for App-V for Windows 10, version 1607 - href: app-v/appv-release-notes-for-appv-for-windows.md - - name: Release Notes for App-V for Windows 10, version 1703 - href: app-v/appv-release-notes-for-appv-for-windows-1703.md - - name: Evaluating App-V - href: app-v/appv-evaluating-appv.md - - name: High Level Architecture for App-V - href: app-v/appv-high-level-architecture.md + - name: Release Notes for App-V for Windows 10, version 1607 + href: app-v/appv-release-notes-for-appv-for-windows.md + - name: Release Notes for App-V for Windows 10, version 1703 + href: app-v/appv-release-notes-for-appv-for-windows-1703.md + - name: Evaluating App-V + href: app-v/appv-evaluating-appv.md + - name: High Level Architecture for App-V + href: app-v/appv-high-level-architecture.md + - name: Planning + items: - name: Planning for App-V href: app-v/appv-planning-for-appv.md + - name: Preparing your environment items: - - name: Preparing Your Environment for App-V + - name: Preparing your environment for App-V href: app-v/appv-preparing-your-environment.md - items: - - name: App-V Prerequisites - href: app-v/appv-prerequisites.md - - name: App-V Security Considerations - href: app-v/appv-security-considerations.md + - name: App-V Prerequisites + href: app-v/appv-prerequisites.md + - name: App-V security considerations + href: app-v/appv-security-considerations.md + - name: Planning to deploy + items: - name: Planning to Deploy App-V href: app-v/appv-planning-to-deploy-appv.md - items: - - name: App-V Supported Configurations - href: app-v/appv-supported-configurations.md - - name: App-V Capacity Planning - href: app-v/appv-capacity-planning.md - - name: Planning for High Availability with App-V - href: app-v/appv-planning-for-high-availability-with-appv.md - - name: Planning to Deploy App-V with an Electronic Software Distribution System - href: app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md - - name: Planning for the App-V Server Deployment - href: app-v/appv-planning-for-appv-server-deployment.md - - name: Planning for the App-V Sequencer and Client Deployment - href: app-v/appv-planning-for-sequencer-and-client-deployment.md - - name: Planning for Using App-V with Office - href: app-v/appv-planning-for-using-appv-with-office.md - - name: Planning to Use Folder Redirection with App-V - href: app-v/appv-planning-folder-redirection-with-appv.md + - name: App-V Supported Configurations + href: app-v/appv-supported-configurations.md + - name: App-V Capacity Planning + href: app-v/appv-capacity-planning.md + - name: Planning for High Availability with App-V + href: app-v/appv-planning-for-high-availability-with-appv.md + - name: Planning to Deploy App-V with an Electronic Software Distribution System + href: app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md + - name: Planning for the App-V Server Deployment + href: app-v/appv-planning-for-appv-server-deployment.md + - name: Planning for the App-V Sequencer and Client Deployment + href: app-v/appv-planning-for-sequencer-and-client-deployment.md + - name: Planning for Using App-V with Office + href: app-v/appv-planning-for-using-appv-with-office.md + - name: Planning to Use Folder Redirection with App-V + href: app-v/appv-planning-folder-redirection-with-appv.md - name: App-V Planning Checklist href: app-v/appv-planning-checklist.md + - name: Deploying + items: - name: Deploying App-V href: app-v/appv-deploying-appv.md + - name: App-V sequencer and client configuration items: - name: Deploying the App-V Sequencer and Configuring the Client href: app-v/appv-deploying-the-appv-sequencer-and-client.md - items: - - name: About Client Configuration Settings - href: app-v/appv-client-configuration-settings.md - - name: Enable the App-V desktop client - href: app-v/appv-enable-the-app-v-desktop-client.md - - name: How to Install the Sequencer - href: app-v/appv-install-the-sequencer.md + - name: About Client Configuration Settings + href: app-v/appv-client-configuration-settings.md + - name: Enable the App-V desktop client + href: app-v/appv-enable-the-app-v-desktop-client.md + - name: How to Install the Sequencer + href: app-v/appv-install-the-sequencer.md + - name: App-V server deployment + items: - name: Deploying the App-V Server href: app-v/appv-deploying-the-appv-server.md - items: - - name: How to Deploy the App-V Server - href: app-v/appv-deploy-the-appv-server.md - - name: How to Deploy the App-V Server Using a Script - href: app-v/appv-deploy-the-appv-server-with-a-script.md - - name: How to Deploy the App-V Databases by Using SQL Scripts - href: app-v/appv-deploy-appv-databases-with-sql-scripts.md - - name: How to Install the Publishing Server on a Remote Computer - href: app-v/appv-install-the-publishing-server-on-a-remote-computer.md - - name: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services - href: app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md - - name: How to install the Management Server on a Standalone Computer and Connect it to the Database - href: app-v/appv-install-the-management-server-on-a-standalone-computer.md - - name: About App-V Reporting - href: app-v/appv-reporting.md - - name: How to install the Reporting Server on a Standalone Computer and Connect it to the Database - href: app-v/appv-install-the-reporting-server-on-a-standalone-computer.md - - name: App-V Deployment Checklist - href: app-v/appv-deployment-checklist.md - - name: Deploying Microsoft Office 2016 by Using App-V - href: app-v/appv-deploying-microsoft-office-2016-with-appv.md - - name: Deploying Microsoft Office 2013 by Using App-V - href: app-v/appv-deploying-microsoft-office-2013-with-appv.md - - name: Deploying Microsoft Office 2010 by Using App-V - href: app-v/appv-deploying-microsoft-office-2010-wth-appv.md - - name: Operations for App-V - href: app-v/appv-operations.md + - name: How to Deploy the App-V Server + href: app-v/appv-deploy-the-appv-server.md + - name: How to Deploy the App-V Server Using a Script + href: app-v/appv-deploy-the-appv-server-with-a-script.md + - name: How to Deploy the App-V Databases by Using SQL Scripts + href: app-v/appv-deploy-appv-databases-with-sql-scripts.md + - name: How to Install the Publishing Server on a Remote Computer + href: app-v/appv-install-the-publishing-server-on-a-remote-computer.md + - name: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services + href: app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md + - name: How to install the Management Server on a Standalone Computer and Connect it to the Database + href: app-v/appv-install-the-management-server-on-a-standalone-computer.md + - name: About App-V Reporting + href: app-v/appv-reporting.md + - name: How to install the Reporting Server on a Standalone Computer and Connect it to the Database + href: app-v/appv-install-the-reporting-server-on-a-standalone-computer.md + - name: App-V Deployment Checklist + href: app-v/appv-deployment-checklist.md + - name: Deploying Microsoft Office 2016 by Using App-V + href: app-v/appv-deploying-microsoft-office-2016-with-appv.md + - name: Deploying Microsoft Office 2013 by Using App-V + href: app-v/appv-deploying-microsoft-office-2013-with-appv.md + - name: Deploying Microsoft Office 2010 by Using App-V + href: app-v/appv-deploying-microsoft-office-2010-wth-appv.md + - name: Operations items: - - name: Creating and Managing App-V Virtualized Applications - href: app-v/appv-creating-and-managing-virtualized-applications.md + - name: Operations for App-V + href: app-v/appv-operations.md + - name: Creating and managing virtualized applications items: + - name: Creating and Managing App-V Virtualized Applications + href: app-v/appv-creating-and-managing-virtualized-applications.md - name: Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) href: app-v/appv-auto-provision-a-vm.md - name: Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) @@ -122,9 +135,10 @@ href: app-v/appv-create-a-package-accelerator.md - name: How to Create a Virtual Application Package Using an App-V Package Accelerator href: app-v/appv-create-a-virtual-application-package-package-accelerator.md - - name: Administering App-V Virtual Applications by Using the Management Console - href: app-v/appv-administering-virtual-applications-with-the-management-console.md + - name: Administering App-V items: + - name: Administering App-V Virtual Applications by Using the Management Console + href: app-v/appv-administering-virtual-applications-with-the-management-console.md - name: About App-V Dynamic Configuration href: app-v/appv-dynamic-configuration.md - name: How to Connect to the Management Console @@ -149,9 +163,10 @@ href: app-v/appv-customize-virtual-application-extensions-with-the-management-console.md - name: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console href: app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md - - name: Managing Connection Groups - href: app-v/appv-managing-connection-groups.md + - name: Connection groups items: + - name: Managing Connection Groups + href: app-v/appv-managing-connection-groups.md - name: About the Connection Group Virtual Environment href: app-v/appv-connection-group-virtual-environment.md - name: About the Connection Group File @@ -168,31 +183,36 @@ href: app-v/appv-configure-connection-groups-to-ignore-the-package-version.md - name: How to Allow Only Administrators to Enable Connection Groups href: app-v/appv-allow-administrators-to-enable-connection-groups.md - - name: Deploying App-V Packages by Using Electronic Software Distribution (ESD) - href: app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md + - name: Deploying App-V packages with ESD items: + - name: Deploying App-V Packages by Using Electronic Software Distribution (ESD) + href: app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md - name: How to deploy App-V Packages Using Electronic Software Distribution href: app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md - name: How to Enable Only Administrators to Publish Packages by Using an ESD href: app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md - - name: Using the App-V Client Management Console - href: app-v/appv-using-the-client-management-console.md + - name: Using the management console items: + - name: Using the App-V client management console + href: app-v/appv-using-the-client-management-console.md - name: Automatically clean-up unpublished packages on the App-V client href: app-v/appv-auto-clean-unpublished-packages.md - - name: Migrating to App-V from a Previous Version - href: app-v/appv-migrating-to-appv-from-a-previous-version.md + - name: Migrating items: - - name: How to Convert a Package Created in a Previous Version of App-V + - name: Migrating to App-V from a previous version + href: app-v/appv-migrating-to-appv-from-a-previous-version.md + - name: How to convert a package created in a previous version of App-V href: app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md - - name: Maintaining App-V - href: app-v/appv-maintaining-appv.md + - name: Maintenance items: + - name: Maintaining App-V + href: app-v/appv-maintaining-appv.md - name: How to Move the App-V Server to Another Computer href: app-v/appv-move-the-appv-server-to-another-computer.md - - name: Administering App-V by Using Windows PowerShell - href: app-v/appv-administering-appv-with-powershell.md + - name: Administering App-V with Windows PowerShell items: + - name: Administering App-V by using Windows PowerShell + href: app-v/appv-administering-appv-with-powershell.md - name: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help href: app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md - name: How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell @@ -217,9 +237,10 @@ href: app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md - name: Troubleshooting App-V href: app-v/appv-troubleshooting.md - - name: Technical Reference for App-V - href: app-v/appv-technical-reference.md + - name: Technical Reference items: + - name: Technical Reference for App-V + href: app-v/appv-technical-reference.md - name: Available Mobile Device Management (MDM) settings for App-V href: app-v/appv-available-mdm-settings.md - name: Performance Guidance for Application Virtualization @@ -230,6 +251,9 @@ href: app-v/appv-viewing-appv-server-publishing-metadata.md - name: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications href: app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md + +- name: Reference + items: - name: Service Host process refactoring href: svchost-service-refactoring.md - name: Per-user services in Windows @@ -238,7 +262,5 @@ href: /windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server - name: Deploy app upgrades on Windows 10 Mobile href: deploy-app-upgrades-windows-10-mobile.md - - name: Change history for Application management - href: change-history-for-application-management.md - name: How to keep apps removed from Windows 10 from returning during an update - href: remove-provisioned-apps-during-update.md + href: remove-provisioned-apps-during-update.md \ No newline at end of file diff --git a/windows/client-management/change-history-for-client-management.md b/windows/client-management/change-history-for-client-management.md deleted file mode 100644 index 3c7c213761..0000000000 --- a/windows/client-management/change-history-for-client-management.md +++ /dev/null @@ -1,80 +0,0 @@ ---- -title: Change history for Client management (Windows 10) -description: Learn about new and updated topics in the Client management documentation for Windows 10 and Windows 10 Mobile. -keywords: -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: dansimp -ms.author: dansimp -ms.date: 1/21/2020 -ms.reviewer: -manager: dansimp -ms.topic: article ---- - -# Change history for Client management - -This topic lists new and updated topics in the [Client management](index.md) documentation for Windows 10 and Windows 10 Mobile. - -## February 2020 - -New or changed topic | Description ---- | --- -[Blue screen occurs when you update the in-box Broadcom NIC driver](troubleshoot-stop-error-on-broadcom-driver-update.md) | New -[Advanced troubleshooting for Windows startup](troubleshoot-windows-startup.md) | Updated - -## December 2019 - -New or changed topic | Description ---- | --- -[Change in default removal policy for external storage media in Windows 10, version 1809](change-default-removal-policy-external-storage-media.md) | New -[Advanced troubleshooting for Windows startup](troubleshoot-windows-startup.md) | Updated -[Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first"](troubleshoot-event-id-41-restart.md) | New - -## December 2018 - -New or changed topic | Description ---- | --- -[Advanced troubleshooting for TCP/IP](troubleshoot-tcpip.md) | New -[Collect data using Network Monitor](troubleshoot-tcpip-netmon.md) | New -[Troubleshoot TCP/IP connectivity](troubleshoot-tcpip-connectivity.md) | New -[Troubleshoot port exhaustion issues](troubleshoot-tcpip-port-exhaust.md) | New -[Troubleshoot Remote Procedure Call (RPC) errors](troubleshoot-tcpip-rpc-errors.md) | New - -## November 2018 - -New or changed topic | Description ---- | --- - [Advanced troubleshooting for Windows-based computer freeze issues](troubleshoot-windows-freeze.md) | New - [Advanced troubleshooting for Stop error or blue screen error issue](troubleshoot-stop-errors.md) | New - -## RELEASE: Windows 10, version 1709 - -The topics in this library have been updated for Windows 10, version 1709 (also known as the Fall Creators Update). - - -## July 2017 - -| New or changed topic | Description | -| --- | --- | -| [Group Policy settings that apply only to Windows 10 Enterprise and Education Editions](group-policies-for-enterprise-and-education-editions.md) | Added that Start layout policy setting can be applied to Windows 10 Pro, version 1703 | - -## June 2017 - -| New or changed topic | Description | -| --- | --- | -| [Create mandatory user profiles](mandatory-user-profile.md) | Added Windows 10, version 1703, to profile extension table | - -## April 2017 -| New or changed topic | Description | -|----------------------|-------------| -| [New policies for Windows 10](new-policies-for-windows-10.md) | Added a list of new Group Policy settings for Windows 10, version 1703 | - -## RELEASE: Windows 10, version 1703 - -The topics in this library have been updated for Windows 10, version 1703 (also known as the Creators Update). The following new topic has been added: - -- [Manage the Settings app with Group Policy](manage-settings-app-with-group-policy.md) diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json index 694a7e8b07..eb3917a794 100644 --- a/windows/client-management/docfx.json +++ b/windows/client-management/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", diff --git a/windows/client-management/generate-kernel-or-complete-crash-dump.md b/windows/client-management/generate-kernel-or-complete-crash-dump.md index ac31619d20..e0a26c9402 100644 --- a/windows/client-management/generate-kernel-or-complete-crash-dump.md +++ b/windows/client-management/generate-kernel-or-complete-crash-dump.md @@ -78,6 +78,9 @@ To do this, follow these steps: > [!IMPORTANT] > Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur. + +> [!NOTE] +> This registry key is not required for clients running Windows 8 and later, or servers running Windows Server 2012 and later. Setting this registry key on later versions of Windows has no effect. 1. In Registry Editor, locate the following registry subkey: @@ -110,4 +113,4 @@ If you want to run NMI in Microsoft Azure using Serial Console, see [Use Serial ### Use Debugger -[Forcing a System Crash from the Debugger](/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-debugger) \ No newline at end of file +[Forcing a System Crash from the Debugger](/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-debugger) diff --git a/windows/client-management/index.md b/windows/client-management/index.md deleted file mode 100644 index 477c88252a..0000000000 --- a/windows/client-management/index.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -title: Client management (Windows 10) -description: Learn about the administrative tools, tasks and best practices for managing Windows 10 and Windows 10 Mobile clients across your enterprise. -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -author: dansimp -ms.localizationpriority: medium -ms.author: dansimp ---- - -# Client management - -**Applies to** -- Windows 10 - -Learn about the administrative tools, tasks and best practices for managing Windows 10 and Windows 10 Mobile clients across your enterprise. - -| Topic | Description | -|---|---| -|[Administrative Tools in Windows 10](administrative-tools-in-windows-10.md)| Links to documentation for tools for IT pros and advanced users in the Administrative Tools folder.| -|[Create mandatory user profiles](mandatory-user-profile.md)| Instructions for managing settings commonly defined in a mandatory profiles, including (but are not limited to): icons that appear on the desktop, desktop backgrounds, user preferences in Control Panel, printer selections, and more.| -|[Connect to remote Azure Active Directory-joined PCs](connect-to-remote-aadj-pc.md)| Instructions for connecting to a remote PC joined to Azure Active Directory (Azure AD)| -|[Join Windows 10 Mobile to Azure AD](join-windows-10-mobile-to-azure-active-directory.md)| Describes the considerations and options for using Windows 10 Mobile with Azure AD in your organization.| -|[New policies for Windows 10](new-policies-for-windows-10.md)| Listing of new group policy settings available in Windows 10| -|[Windows 10 default media removal policy](change-default-removal-policy-external-storage-media.md) |In Windows 10, version 1809, the default removal policy for external storage media changed from "Better performance" to "Quick removal." | -|[Group policies for enterprise and education editions](group-policies-for-enterprise-and-education-editions.md)| Listing of all group policy settings that apply specifically to Windows 10 Enterprise and Education editions| -| [Manage the Settings app with Group Policy](manage-settings-app-with-group-policy.md) | Starting in Windows 10, version 1703, you can now manage the pages that are shown in the Settings app by using Group Policy. | -|[Reset a Windows 10 Mobile device](reset-a-windows-10-mobile-device.md)| Instructions for resetting a Windows 10 Mobile device using either *factory* or *'wipe and persist'* reset options| -|[Transitioning to modern ITPro management](manage-windows-10-in-your-organization-modern-management.md)| Describes modern Windows 10 ITPro management scenarios across traditional, hybrid and cloud-based enterprise needs| -|[Windows 10 Mobile deployment and management guide](windows-10-mobile-and-mdm.md)| Considerations and instructions for deploying Windows 10 Mobile| -|[Windows libraries](windows-libraries.md)| Considerations and instructions for managing Windows 10 libraries such as My Documents, My Pictures, and My Music.| -|[Mobile device management for solution providers](mdm/index.md) | Procedural and reference documentation for solution providers providing mobile device management (MDM) for Windows 10 devices. | -|[Change history for Client management](change-history-for-client-management.md) | This topic lists new and updated topics in the Client management documentation for Windows 10 and Windows 10 Mobile. | \ No newline at end of file diff --git a/windows/client-management/index.yml b/windows/client-management/index.yml new file mode 100644 index 0000000000..3731f3f13d --- /dev/null +++ b/windows/client-management/index.yml @@ -0,0 +1,67 @@ +### YamlMime:Landing + +title: Client management # < 60 chars +summary: Find out how to apply custom configurations to Windows client devices. Windows provides a number of features and methods to help you configure or lock down specific parts of the Windows interface. # < 160 chars + +metadata: + title: Configure Windows 10 # Required; page title displayed in search results. Include the brand. < 60 chars. + description: Learn about the administrative tools, tasks and best practices for managing Windows clients across your enterprise. # Required; article description that is displayed in search results. < 160 chars. + services: windows-10 + ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM. + ms.subservice: subservice + ms.topic: landing-page # Required + ms.collection: windows-10 + author: greg-lindsay #Required; your GitHub user alias, with correct capitalization. + ms.author: greglin #Required; microsoft alias of author; optional team alias. + ms.date: 04/30/2021 #Required; mm/dd/yyyy format. + localization_priority: medium + +# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new + +landingContent: +# Cards and links should be based on top customer tasks or top subjects +# Start card title with a verb + # Card (optional) + - title: Device management + linkLists: + - linkListType: overview + links: + - text: Administrative Tools in Windows 10 + url: administrative-tools-in-windows-10.md + - text: Create mandatory user profiles + url: mandatory-user-profile.md + - text: Mobile device management (MDM) + url: mdm/index.md + - text: MDM for device updates + url: mdm/device-update-management.md + - text: Mobile device enrollment + url: mdm/mobile-device-enrollment.md + + # Card (optional) + - title: CSP reference documentation + linkLists: + - linkListType: overview + links: + - text: Configuration service provider reference + url: mdm/configuration-service-provider-reference.md + - text: DynamicManagement CSP + url: mdm/dynamicmanagement-csp.md + - text: BitLocker CSP + url: mdm/bitlocker-csp.md + - text: Policy CSP - Update + url: mdm/policy-csp-update.md + + + # Card (optional) + - title: Troubleshoot Windows clients + linkLists: + - linkListType: how-to-guide + links: + - text: Troubleshoot Windows 10 clients + url: windows-10-support-solutions.md + - text: Advanced troubleshooting for Windows networking + url: troubleshoot-networking.md + - text: Advanced troubleshooting for Windows start-up + url: troubleshoot-networking.md + - text: Advanced troubleshooting for Windows networking + url: troubleshoot-windows-startup.md diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md index 3ef1008019..ef43f3c484 100644 --- a/windows/client-management/mdm/diagnosticlog-csp.md +++ b/windows/client-management/mdm/diagnosticlog-csp.md @@ -13,23 +13,24 @@ ms.date: 11/19/2019 --- # DiagnosticLog CSP -The DiagnosticLog configuration service provider (CSP) provides the following feature areas: + +The DiagnosticLog configuration service provider (CSP) provides the following feature areas: - [DiagnosticArchive area](#diagnosticarchive-area). Capture and upload event logs, log files, and registry values for troubleshooting. - [Policy area](#policy-area). Configure Windows event log policies, such as maximum log size. - [EtwLog area](#etwlog-area). Control ETW trace sessions. - [DeviceStateData area](#devicestatedata-area). Provide additional device information. - [FileDownload area](#filedownload-area). Pull trace and state data directly from the device. -The following are the links to different versions of the DiagnosticLog CSP DDF files: +The following are the links to different versions of the DiagnosticLog CSP DDF files: - [DiagnosticLog CSP version 1.4](diagnosticlog-ddf.md#version-1-4) - [DiagnosticLog CSP version 1.3](diagnosticlog-ddf.md#version-1-3) - [DiagnosticLog CSP version 1.2](diagnosticlog-ddf.md#version-1-2) The following shows the DiagnosticLog CSP in tree format. + ``` -./Vendor/MSFT -DiagnosticLog +./Vendor/MSFT/DiagnosticLog ----EtwLog --------Collectors ------------CollectorName @@ -59,7 +60,8 @@ DiagnosticLog ----------------DataBlocks --------------------BlockNumber ``` -**./Vendor/MSFT/DiagnosticLog** + +**./Vendor/MSFT/DiagnosticLog** The root node for the DiagnosticLog CSP. Rest of the nodes in the DiagnosticLog CSP are described within their respective feature area sections. @@ -68,18 +70,18 @@ Rest of the nodes in the DiagnosticLog CSP are described within their respective The DiagnosticArchive functionality within the DiagnosticLog CSP is used to trigger devices to gather troubleshooting data into a zip archive file and upload that archive to cloud storage. DiagnosticArchive is designed for ad-hoc troubleshooting scenarios, such as an IT admin investigating an app installation failure using a collection of event log events, registry values, and app or OS log files. -> [!Note] +> [!NOTE] > DiagnosticArchive is a "break glass" backstop option for device troubleshooting. Diagnostic data such as log files can grow to many gigabytes. Gathering, transferring, and storing large amounts of data may burden the user's device, the network and cloud storage. Management servers invoking DiagnosticArchive must take care to minimize data gathering frequency and scope. The following section describes the nodes for the DiagnosticArchive functionality. -**DiagnosticArchive** -Added in version 1.4 of the CSP in Windows 10, version 1903. Root node for the DiagnosticArchive functionality. +**DiagnosticArchive** +Added in version 1.4 of the CSP in Windows 10, version 1903. Root node for the DiagnosticArchive functionality. The supported operation is Get. -**DiagnosticArchive/ArchiveDefinition** -Added in version 1.4 of the CSP in Windows 10, version 1903. +**DiagnosticArchive/ArchiveDefinition** +Added in version 1.4 of the CSP in Windows 10, version 1903. The supported operations are Add and Execute. @@ -87,7 +89,7 @@ The data type is string. Expected value: Set and Execute are functionality equivalent, and each accepts a `Collection` XML snippet (as a string) describing what data to gather and where to upload it. The results are zipped and uploaded to the specified SasUrl. The zipped filename format is "DiagLogs-{ComputerName}-YYYYMMDDTHHMMSSZ.zip". - + The following is an example of a `Collection` XML. ``` xml @@ -107,16 +109,16 @@ The following is an example of a `Collection` XML. ``` The XML should include the following elements within the `Collection` element: -**ID** +**ID** The ID value uniquely identifies this data-gathering request. To avoid accidental repetition of data gathering, the CSP ignores subsequent Set or Execute invocations with the same ID value. The CSP expects the value to be populated when the request is received, so it must be generated by the IT admin or the management server. -**SasUrl** +**SasUrl** The SasUrl value is the target URI to which the CSP uploads the zip file containing the gathered data. It is the responsibility of the management server to provision storage in such a way that the storage server accepts the device's HTTP PUT to this URL. For example, the device management service could: - Provision cloud storage reachable by the target device, such as a Microsoft Azure blob storage container - Generate a Shared Access Signature URL granting the possessor (the target device) time-limited write access to the storage container -- Pass this value to the CSP on the target device through the `Collection` XML as the `SasUrl` value. +- Pass this value to the CSP on the target device through the `Collection` XML as the `SasUrl` value. -**One or more data gathering directives, which may include any of the following:** +**One or more data gathering directives, which may include any of the following:** - **RegistryKey** - Exports all of the key names and values under a given path (recursive). @@ -133,53 +135,53 @@ The SasUrl value is the target URI to which the CSP uploads the zip file contain - This directive type allows the execution of specific commands such as ipconfig.exe. Note that DiagnosticArchive and the Commands directives are not a general-purpose scripting platform. These commands are allowed in the DiagnosticArchive context to handle cases where critical device information may not be available through existing log files. - Expected input value: The full command line including path and any arguments, such as `%windir%\\system32\\ipconfig.exe /all`. - Output format: Console text output from the command is captured in a text file and included in the overall output archive. For commands which may generate file output rather than console output, a subsequent FolderFiles directive would be used to capture that output. The example XML above demonstrates this pattern with mdmdiagnosticstool.exe's -out parameter. - - Privacy guardrails: To enable diagnostic data capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only the following commands are allowed: - - %windir%\\system32\\certutil.exe - - %windir%\\system32\\dxdiag.exe - - %windir%\\system32\\gpresult.exe - - %windir%\\system32\\msinfo32.exe - - %windir%\\system32\\netsh.exe - - %windir%\\system32\\nltest.exe - - %windir%\\system32\\ping.exe - - %windir%\\system32\\powercfg.exe - - %windir%\\system32\\w32tm.exe - - %windir%\\system32\\wpr.exe - - %windir%\\system32\\dsregcmd.exe - - %windir%\\system32\\dispdiag.exe - - %windir%\\system32\\ipconfig.exe - - %windir%\\system32\\logman.exe - - %windir%\\system32\\tracelog.exe - - %programfiles%\\windows defender\\mpcmdrun.exe - - %windir%\\system32\\MdmDiagnosticsTool.exe - - %windir%\\system32\\pnputil.exe + - Privacy guardrails: To enable diagnostic data capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only the following commands are allowed: + - %windir%\\system32\\certutil.exe + - %windir%\\system32\\dxdiag.exe + - %windir%\\system32\\gpresult.exe + - %windir%\\system32\\msinfo32.exe + - %windir%\\system32\\netsh.exe + - %windir%\\system32\\nltest.exe + - %windir%\\system32\\ping.exe + - %windir%\\system32\\powercfg.exe + - %windir%\\system32\\w32tm.exe + - %windir%\\system32\\wpr.exe + - %windir%\\system32\\dsregcmd.exe + - %windir%\\system32\\dispdiag.exe + - %windir%\\system32\\ipconfig.exe + - %windir%\\system32\\logman.exe + - %windir%\\system32\\tracelog.exe + - %programfiles%\\windows defender\\mpcmdrun.exe + - %windir%\\system32\\MdmDiagnosticsTool.exe + - %windir%\\system32\\pnputil.exe - **FoldersFiles** - Captures log files from a given path (without recursion). - Expected input value: File path with or without wildcards, such as "%windir%\\System32", or "%programfiles%\\*.log". - - Privacy guardrails: To enable diagnostic log capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only paths under the following roots are allowed: - - %PROGRAMFILES% - - %PROGRAMDATA% - - %PUBLIC% - - %WINDIR% - - %TEMP% - - %TMP% - - Additionally, only files with the following extensions are captured: - - .log - - .txt - - .dmp - - .cab - - .zip - - .xml - - .html - - .evtx - - .etl + - Privacy guardrails: To enable diagnostic log capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only paths under the following roots are allowed: + - %PROGRAMFILES% + - %PROGRAMDATA% + - %PUBLIC% + - %WINDIR% + - %TEMP% + - %TMP% + - Additionally, only files with the following extensions are captured: + - .log + - .txt + - .dmp + - .cab + - .zip + - .xml + - .html + - .evtx + - .etl -**DiagnosticArchive/ArchiveResults** -Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting displays the results of the last archive run. +**DiagnosticArchive/ArchiveResults** +Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting displays the results of the last archive run. The supported operation is Get. -The data type is string. +The data type is string. A Get to the above URI will return the results of the data gathering for the last diagnostics request. For the example above it returns: @@ -230,6 +232,7 @@ A Get to the above URI will return the results of the data gathering for the las Each data gathering node is annotated with the HRESULT of the action and the collection is also annotated with an overall HRESULT. In this example, note that the mdmdiagnosticstool.exe command failed. ### Making use of the uploaded data + The zip archive which is created and uploaded by the CSP contains a folder structure like the following: ```powershell @@ -313,7 +316,7 @@ foreach( $element in $resultElements ) Copy-Item $file.FullName -Destination (Join-Path -Path $reformattedArchivePath -ChildPath $leafSummaryString) } } -#endregion +#endregion Remove-Item -Path $diagnosticArchiveTempUnzippedPath -Force -Recurse ``` That example script produces a set of files similar to the following, which can be a useful view for an administrator interactively browsing the results without needing to navigate any sub-folders or refer to `results.xml` repeatedly: @@ -341,17 +344,17 @@ The Policy functionality within the DiagnosticLog CSP configures Windows event l The following section describes the nodes for the Policy functionality. -**Policy** +**Policy** Added in version 1.4 of the CSP in Windows 10, version 1903. Root node to control settings for channels in Event Log. The supported operation is Get. -**Policy/Channels** +**Policy/Channels** Added in version 1.4 of the CSP in Windows 10, version 1903. Node that contains Event Log channel settings. The supported operation is Get. -**Policy/Channels/_ChannelName_** +**Policy/Channels/_ChannelName_** Added in version 1.4 of the CSP in Windows 10, version 1903. Dynamic node to represent a registered channel. The node name must be a valid Windows event log channel name, such as ``Microsoft-Client-Licensing-Platform%2FAdmin``. When specifying the name in the LocURI, it must be URL encoded, otherwise it may unexpectedly translate into a different URI. Supported operations are Add, Delete, and Get. @@ -414,7 +417,7 @@ Get **Channel** ​ ``` -**Policy/Channels/_ChannelName_/MaximumFileSize** +**Policy/Channels/_ChannelName_/MaximumFileSize** Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting specifies the maximum size of the log file in megabytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte and 2 terabytes in megabyte increments. @@ -510,7 +513,7 @@ Replace **MaximumFileSize** ``` -**Policy/Channels/_ChannelName_/SDDL** +**Policy/Channels/_ChannelName_/SDDL** Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting represents SDDL string controlling access to the channel. Supported operations are Add, Delete, Get, and Replace. @@ -519,7 +522,7 @@ The data type is string. Default string is as follows: -https://docs.microsoft.com/windows/desktop/WES/eventmanifestschema-channeltype-complextype. +https://docs.microsoft.com/windows/desktop/WES/eventmanifestschema-channeltype-complextype. Add **SDDL** ``` xml @@ -608,14 +611,14 @@ Replace **SDDL** ``` -**Policy/Channels/_ChannelName_/ActionWhenFull** -Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting controls Event Log behavior when the log file reaches its maximum size. +**Policy/Channels/_ChannelName_/ActionWhenFull** +Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting controls Event Log behavior when the log file reaches its maximum size. Supported operations are Add, Delete, Get, and Replace. The data type is string. -The following are the possible values: +The following are the possible values: - Truncate — When the log file reaches its maximum file size, new events are not written to the log and are lost. - Overwrite — When the log file reaches its maximum file size, new events overwrite old events. - Archive — When the log file reaches its maximum size, the log file is saved to the location specified by the "Archive Location" policy setting. If archive location value is not set, the new file is saved in the same directory as current log file. @@ -709,14 +712,14 @@ Replace **ActionWhenFull** ``` -**Policy/Channels/_ChannelName_/Enabled** +**Policy/Channels/_ChannelName_/Enabled** Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting specifies whether the channel should be enabled or disabled. Supported operations are Add, Delete, Get, and Replace. The data type is boolean. -The following are the possible values: +The following are the possible values: - TRUE — Enables the channel. - FALSE — Disables the channel. @@ -828,22 +831,22 @@ The DiagnosticLog CSP maintains a log file for each collector node and the log f For each collector node, the user can: -- Start or stop the session with all registered and enabled providers -- Query session status -- Change trace log file mode -- Change trace log file size limit +- Start or stop the session with all registered and enabled providers +- Query session status +- Change trace log file mode +- Change trace log file size limit The configurations log file mode and log file size limit does not take effect while trace session is in progress. These are applied when user stops the current session and then starts it again for this collector. For each registered provider in this collector, the user can: -- Specify keywords to filter events from this provider -- Change trace level to filter events from this provider -- Enable or disable the provider in the trace session +- Specify keywords to filter events from this provider +- Change trace level to filter events from this provider +- Enable or disable the provider in the trace session The changes on **State**, **Keywords**, and **TraceLevel** takes effect immediately while trace session is in progress. -> [!Note] +> [!NOTE] > Microsoft-WindowsPhone-Enterprise-Diagnostics-Provider (GUID - 3da494e4-0fe2-415C-b895-fb5265c5c83b) has the required debug resource files built into Windows OS, which will allow the logs files to be decoded on the remote machine. Any other logs may not have the debug resources required to decode. ### Channel-based tracing @@ -864,34 +867,34 @@ For more information about using DiagnosticLog to collect logs remotely from a P To gather diagnostics using this CSP: -1. Specify a *CollectorName* for the container of the target ETW providers. -2. (Optional) Set logging and log file parameters using the following options: +1. Specify a *CollectorName* for the container of the target ETW providers. +2. (Optional) Set logging and log file parameters using the following options: - TraceLogFileMode - LogFileSizeLimitMB -3. Indicate one or more target ETW providers by supplying its *ProviderGUID* to the Add operation of EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*. -4. (Optional) Set logging and log file parameters using the following options: +3. Indicate one or more target ETW providers by supplying its *ProviderGUID* to the Add operation of EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*. +4. (Optional) Set logging and log file parameters using the following options: - TraceLevel - Keywords -5. Start logging using **TraceControl** EXECUTE command “START”. -6. Perform actions on the target device that will generate activity in the log files. -7. Stop logging using **TraceControl** EXECUTE command “STOP”. -8. Collect the log file located in the `%temp%` folder using the method described in [Reading a log file](#reading-a-log-file). +5. Start logging using **TraceControl** EXECUTE command “START”. +6. Perform actions on the target device that will generate activity in the log files. +7. Stop logging using **TraceControl** EXECUTE command “STOP”. +8. Collect the log file located in the `%temp%` folder using the method described in [Reading a log file](#reading-a-log-file). The following section describes the nodes for EtwLog functionality. -**EtwLog** +**EtwLog** Node to contain the Error Tracing for Windows log. The supported operation is Get. -**EtwLog/Collectors** +**EtwLog/Collectors** Interior node to contain dynamic child interior nodes for active providers. The supported operation is Get. -**EtwLog/Collectors/***CollectorName* +**EtwLog/Collectors/_CollectorName_** Dynamic nodes to represent active collector configuration. Supported operations are Add, Delete, and Get. @@ -937,7 +940,7 @@ Delete a collector ``` -**EtwLog/Collectors/*CollectorName*/TraceStatus** +**EtwLog/Collectors/*CollectorName*/TraceStatus** Specifies whether the current logging status is running. The data type is an integer. @@ -947,11 +950,11 @@ The supported operation is Get. The following table represents the possible values: | Value | Description | -|-------|-------------| +| ----- | ----------- | | 0 | Stopped | | 1 | Started | -**EtwLog/Collectors/*CollectorName*/TraceLogFileMode** +**EtwLog/Collectors/*CollectorName*/TraceLogFileMode** Specifies the log file logging mode. The data type is an integer. @@ -961,11 +964,11 @@ Supported operations are Get and Replace. The following table lists the possible values: | Value | Description | -|-------|--------------------| +| ----- | ------------------ | | EVENT_TRACE_FILE_MODE_SEQUENTIAL (0x00000001) | Writes events to a log file sequentially; stops when the file reaches its maximum size. | -| EVENT_TRACE_FILE_MODE_CIRCULAR (0x00000002) | Writes events to a log file. After the file reaches the maximum size, the oldest events are replaced with incoming events. | +| EVENT_TRACE_FILE_MODE_CIRCULAR (0x00000002) | Writes events to a log file. After the file reaches the maximum size, the oldest events are replaced with incoming events. | -**EtwLog/Collectors/*CollectorName*/TraceControl** +**EtwLog/Collectors/*CollectorName*/TraceControl** Specifies the logging and report action state. The data type is a string. @@ -973,9 +976,9 @@ The data type is a string. The following table lists the possible values: | Value | Description | -|-------|--------------------| +| ----- | ------------------ | | START | Start log tracing. | -| STOP | Stop log tracing | +| STOP | Stop log tracing. | The supported operation is Execute. @@ -1029,7 +1032,7 @@ Stop collector trace logging ``` -**EtwLog/Collectors/*CollectorName*/LogFileSizeLimitMB** +**EtwLog/Collectors/*CollectorName*/LogFileSizeLimitMB** Sets the log file size limit, in MB. The data type is an integer. @@ -1038,15 +1041,15 @@ Valid values are 1-2048. The default value is 4. Supported operations are Get and Replace. -**EtwLog/Collectors/*CollectorName*/Providers** +**EtwLog/Collectors/*CollectorName*/Providers** Interior node to contain dynamic child interior nodes for active providers. The supported operation is Get. -**EtwLog/Collectors/*CollectorName*/Providers/***ProviderGUID* +**EtwLog/Collectors/*CollectorName*/Providers/_ProviderGUID_** Dynamic nodes to represent active provider configuration per provider GUID. -> [!Note] +> [!NOTE] > Microsoft-WindowsPhone-Enterprise-Diagnostics-Provider (GUID - 3da494e4-0fe2-415C-b895-fb5265c5c83b) has the required debug resource files built into Windows OS, which will allow the logs files to be decoded on the remote machine. Any other logs may not have the debug resources required to decode. Supported operations are Add, Delete, and Get. @@ -1092,7 +1095,7 @@ Delete a provider ``` -**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/TraceLevel** +**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/TraceLevel** Specifies the level of detail included in the trace log. The data type is an integer. @@ -1102,12 +1105,12 @@ Supported operations are Get and Replace. The following table lists the possible values: | Value | Description | -|-------|--------------------| +| ----- | ------------------ | | 1 – TRACE_LEVEL_CRITICAL | Abnormal exit or termination events | -| 2 – TRACE_LEVEL_ERROR | Severe error events | -| 3 – TRACE_LEVEL_WARNING | Warning events such as allocation failures | -| 4 – TRACE_LEVEL_INFORMATION | Non-error events, such as entry or exit events | -| 5 – TRACE_LEVEL_VERBOSE | Detailed information | +| 2 – TRACE_LEVEL_ERROR | Severe error events | +| 3 – TRACE_LEVEL_WARNING | Warning events such as allocation failures | +| 4 – TRACE_LEVEL_INFORMATION | Non-error events, such as entry or exit events | +| 5 – TRACE_LEVEL_VERBOSE | Detailed information | Set provider **TraceLevel** @@ -1132,7 +1135,7 @@ Set provider **TraceLevel** ``` -**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/Keywords** +**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/Keywords** Specifies the provider keywords to be used as MatchAnyKeyword for this provider. The data type is a string. @@ -1156,7 +1159,7 @@ Get provider **Keywords** - + ``` @@ -1181,24 +1184,24 @@ Set provider **Keywords** 12345678FFFFFFFF - + ``` -**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/State** +**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/State** Specifies if this provider is enabled in the trace session. The data type is a boolean. Supported operations are Get and Replace. This change will be effective during active trace session. -The following table lists the possible values: +The following table lists the possible values: | Value | Description | -|-------|--------------------| -| TRUE | Provider is enabled in the trace session. This is the default. | -| FALSE | Provider is disabled in the trace session. | +| ----- | ------------------ | +| TRUE | Provider is enabled in the trace session. This is the default. | +| FALSE | Provider is disabled in the trace session. | Set provider **State** @@ -1223,12 +1226,12 @@ Set provider **State** ``` -**EtwLog/Channels** +**EtwLog/Channels** Interior node to contain dynamic child interior nodes for registered channels. The supported operation is Get. -**EtwLog/Channels/***ChannelName* +**EtwLog/Channels/_ChannelName_** Dynamic nodes to represent a registered channel. The node name must be a valid Windows event log channel name, such as "Microsoft-Client-Licensing-Platform%2FAdmin" Supported operations are Add, Delete, and Get. @@ -1274,7 +1277,7 @@ Delete a channel ``` -**EtwLog/Channels/*ChannelName*/Export** +**EtwLog/Channels/*ChannelName*/Export** Node to trigger the command to export channel event data into the log file. The supported operation is Execute. @@ -1298,7 +1301,7 @@ Export channel event data ``` -**EtwLog/Channels/*ChannelName*/Filter** +**EtwLog/Channels/*ChannelName*/Filter** Specifies the XPath query string to filter the events while exporting. The data type is a string. @@ -1326,7 +1329,7 @@ Get channel **Filter** ``` -**EtwLog/Channels/*ChannelName*/State** +**EtwLog/Channels/*ChannelName*/State** Specifies if the Channel is enabled or disabled. The data type is a boolean. @@ -1335,10 +1338,10 @@ Supported operations are Get and Replace. The following table lists the possible values: -| Value | Description | -|-------|--------------------| -| TRUE | Channel is enabled. | -| FALSE | Channel is disabled. | +| Value | Description | +| ----- | -------------------- | +| TRUE | Channel is enabled. | +| FALSE | Channel is disabled. | Get channel **State** @@ -1388,10 +1391,10 @@ The DeviceStateData functionality within the DiagnosticLog CSP provides addition The following section describes the nodes for the DeviceStateData functionality. -**DeviceStateData** +**DeviceStateData** Added in version 1.3 of the CSP in Windows 10, version 1607. Node for all types of device state data that are exposed. -**DeviceStateData/MdmConfiguration** +**DeviceStateData/MdmConfiguration** Added in version 1.3 of the CSP in Windows 10, version 1607. Triggers the snapping of device management state data with SNAP. The supported value is Execute. @@ -1418,9 +1421,11 @@ The supported value is Execute. ``` ## FileDownload area + The FileDownload feature of the DiagnosticLog CSP enables a management server to pull data directly from the device. In the FileDownload context the client and server roles are conceptually reversed, with the management server acting as a client to download the data from the managed device. ### Comparing FileDownload and DiagnosticArchive + Both the FileDownload and DiagnosticArchive features can be used to get data from the device to the management server, but they are optimized for different workflows. - FileDownload enables the management server to directly pull byte-level trace data from the managed device. The data transfer takes place through the existing OMA-DM/SyncML context. It is typically used together with the EtwLogs feature as part of an advanced monitoring or diagnostic flow. FileDownlod requires granular orchestration by the management server, but avoids the need for dedicated cloud storage. @@ -1428,16 +1433,16 @@ Both the FileDownload and DiagnosticArchive features can be used to get data fro The following section describes the nodes for the FileDownload functionality. -**FileDownload** +**FileDownload** Node to contain child nodes for log file transportation protocols and corresponding actions. -**FileDownload/DMChannel** +**FileDownload/DMChannel** Node to contain child nodes using DM channel for transport protocol. -**FileDownload/DMChannel/***FileContext* -Dynamic interior nodes that represents per log file context. +**FileDownload/DMChannel/_FileContext_** +Dynamic interior nodes that represent per log file context. -**FileDownload/DMChannel/*FileContext*/BlockSizeKB** +**FileDownload/DMChannel/*FileContext*/BlockSizeKB** Sets the log read buffer, in KB. The data type is an integer. @@ -1488,7 +1493,7 @@ Get **BlockSizeKB** ``` -**FileDownload/DMChannel/*FileContext*/BlockCount** +**FileDownload/DMChannel/*FileContext*/BlockCount** Represents the total read block count for the log file. The data type is an integer. @@ -1514,7 +1519,7 @@ Get **BlockCount** ``` -**FileDownload/DMChannel/*FileContext*/BlockIndexToRead** +**FileDownload/DMChannel/*FileContext*/BlockIndexToRead** Represents the read block start location. The data type is an integer. @@ -1567,7 +1572,7 @@ Set **BlockIndexToRead** at 1 ``` -**FileDownload/DMChannel/*FileContext*/BlockData** +**FileDownload/DMChannel/*FileContext*/BlockData** The data type is Base64. The only supported operation is Get. @@ -1591,21 +1596,22 @@ Get **BlockData** ``` -**FileDownload/DMChannel/*FileContext*/DataBlocks** +**FileDownload/DMChannel/*FileContext*/DataBlocks** Node to transfer the selected log file block to the DM server. -**FileDownload/DMChannel/*FileContext*/DataBlocks/***BlockNumber* +**FileDownload/DMChannel/*FileContext*/DataBlocks/_BlockNumber_** The data type is Base64. The supported operation is Get. ### Reading a log file -To read a log file: -1. Enumerate log file under **./Vendor/MSFT/DiagnosticLog/FileDownload/DMChannel**. -2. Select a log file in the Enumeration result. -3. Set **BlockSizeKB** per DM server payload limitation. -4. Get **BlockCount** to determine total read request. -5. Set **BlockIndexToRead** to initialize read start point. -6. Get **BlockData** for upload log block. -7. Increase **BlockIndexToRead**. -8. Repeat steps 5 to 7 until **BlockIndexToRead == (BlockIndexToRead – 1)**. \ No newline at end of file + +To read a log file: +1. Enumerate log file under **./Vendor/MSFT/DiagnosticLog/FileDownload/DMChannel**. +2. Select a log file in the Enumeration result. +3. Set **BlockSizeKB** per DM server payload limitation. +4. Get **BlockCount** to determine total read request. +5. Set **BlockIndexToRead** to initialize read start point. +6. Get **BlockData** for upload log block. +7. Increase **BlockIndexToRead**. +8. Repeat steps 5 to 7 until **BlockIndexToRead == (BlockIndexToRead – 1)**. diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md index 97ae6b939f..9ce12f6be8 100644 --- a/windows/client-management/mdm/euiccs-csp.md +++ b/windows/client-management/mdm/euiccs-csp.md @@ -25,10 +25,6 @@ eUICCs --------IsActive --------PPR1Allowed --------PPR1AlreadySet ---------DownloadServers -------------ServerName -----------------DiscoveryState -----------------AutoEnable --------Profiles ------------ICCID ----------------ServerName diff --git a/windows/client-management/mdm/policy-csp-admx-filerecovery.md b/windows/client-management/mdm/policy-csp-admx-filerecovery.md index 124a5759b8..7f2635d2ab 100644 --- a/windows/client-management/mdm/policy-csp-admx-filerecovery.md +++ b/windows/client-management/mdm/policy-csp-admx-filerecovery.md @@ -90,7 +90,8 @@ ADMX Info:
-Footnotes: +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md index a1b52fa8fd..856646d7d1 100644 --- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md +++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md @@ -102,17 +102,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md index 768b9ea68d..b3759a2b16 100644 --- a/windows/client-management/mdm/policy-csp-admx-filesys.md +++ b/windows/client-management/mdm/policy-csp-admx-filesys.md @@ -573,17 +573,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md index c1b7ee3ab0..cfada38cac 100644 --- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md +++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md @@ -555,17 +555,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md index 4a4c00cd36..b37e84f406 100644 --- a/windows/client-management/mdm/policy-csp-admx-globalization.md +++ b/windows/client-management/mdm/policy-csp-admx-globalization.md @@ -1882,16 +1882,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md index 1b089bd628..45abf7cdd0 100644 --- a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md @@ -3397,15 +3397,6 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md index 3b42429ea9..f1ea850871 100644 --- a/windows/client-management/mdm/policy-csp-admx-help.md +++ b/windows/client-management/mdm/policy-csp-admx-help.md @@ -340,17 +340,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md index ca46354852..bd11b4a210 100644 --- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md +++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md @@ -316,17 +316,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md index 63e72f5539..eecfadc85d 100644 --- a/windows/client-management/mdm/policy-csp-admx-icm.md +++ b/windows/client-management/mdm/policy-csp-admx-icm.md @@ -1975,17 +1975,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md index ec9b9e660a..76d11f5aa4 100644 --- a/windows/client-management/mdm/policy-csp-admx-kdc.md +++ b/windows/client-management/mdm/policy-csp-admx-kdc.md @@ -502,17 +502,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md index 7f36359852..0546c527b2 100644 --- a/windows/client-management/mdm/policy-csp-admx-kerberos.md +++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md @@ -625,17 +625,7 @@ ADMX Info:
- -Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md index 74d7cb2b32..e8d00a28cb 100644 --- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md +++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md @@ -366,16 +366,8 @@ ADMX Info:
-Footnotes: -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md index 96da8caef4..ac60e3f522 100644 --- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md +++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md @@ -270,16 +270,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md index d8eee0b351..146ad0388c 100644 --- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md +++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md @@ -175,17 +175,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md index b463924f33..68442eff39 100644 --- a/windows/client-management/mdm/policy-csp-admx-logon.md +++ b/windows/client-management/mdm/policy-csp-admx-logon.md @@ -1192,17 +1192,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md index 2b47023734..aa27ba10da 100644 --- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md +++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md @@ -6837,17 +6837,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md index dc9f501685..05474b42bb 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmc.md +++ b/windows/client-management/mdm/policy-csp-admx-mmc.md @@ -430,17 +430,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md index dcbb289b4b..688de0b909 100644 --- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md +++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md @@ -8435,16 +8435,7 @@ ADMX Info: -Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md index 3532d29c56..c94cb373ac 100644 --- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md @@ -101,17 +101,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md index c5cb159658..85cdf6f62c 100644 --- a/windows/client-management/mdm/policy-csp-admx-msched.md +++ b/windows/client-management/mdm/policy-csp-admx-msched.md @@ -176,17 +176,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md index e6ab53acce..4af5ccff52 100644 --- a/windows/client-management/mdm/policy-csp-admx-msdt.md +++ b/windows/client-management/mdm/policy-csp-admx-msdt.md @@ -273,17 +273,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md index 3e2094f298..b3f1bd2e74 100644 --- a/windows/client-management/mdm/policy-csp-admx-msi.md +++ b/windows/client-management/mdm/policy-csp-admx-msi.md @@ -1860,16 +1860,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md index aaa011b575..da4cff082f 100644 --- a/windows/client-management/mdm/policy-csp-admx-nca.md +++ b/windows/client-management/mdm/policy-csp-admx-nca.md @@ -611,17 +611,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md index 2dc203705f..7bca9000d2 100644 --- a/windows/client-management/mdm/policy-csp-admx-ncsi.md +++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md @@ -506,17 +506,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 - +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md index 45405c7cc2..76c9223297 100644 --- a/windows/client-management/mdm/policy-csp-admx-netlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md @@ -2753,16 +2753,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md index 7e542154a7..deb0305f18 100644 --- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md +++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md @@ -2185,16 +2185,6 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 - +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md index 27b56e21e6..d9524a1f82 100644 --- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md +++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md @@ -3689,17 +3689,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md index ed16a33a35..7704597e96 100644 --- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md +++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md @@ -791,16 +791,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md index 0e39a89004..a19a43f761 100644 --- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md +++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md @@ -347,17 +347,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md index 3d1a58a8f1..e7609b69d8 100644 --- a/windows/client-management/mdm/policy-csp-admx-power.md +++ b/windows/client-management/mdm/policy-csp-admx-power.md @@ -1867,16 +1867,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md index 5880faae13..cf73077bc0 100644 --- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md +++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md @@ -337,16 +337,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md index e97cb3df92..c831b4a527 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing.md +++ b/windows/client-management/mdm/policy-csp-admx-printing.md @@ -2013,16 +2013,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md index 8ce369426a..60ed6563a3 100644 --- a/windows/client-management/mdm/policy-csp-admx-printing2.md +++ b/windows/client-management/mdm/policy-csp-admx-printing2.md @@ -727,15 +727,6 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md index d7e0d1fec9..b325def568 100644 --- a/windows/client-management/mdm/policy-csp-admx-programs.md +++ b/windows/client-management/mdm/policy-csp-admx-programs.md @@ -553,17 +553,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md index 398c939856..794b2ccea4 100644 --- a/windows/client-management/mdm/policy-csp-admx-reliability.md +++ b/windows/client-management/mdm/policy-csp-admx-reliability.md @@ -346,17 +346,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md index 692487c12d..ee0e87ac83 100644 --- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md +++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md @@ -190,17 +190,7 @@ ADMX Info:
- -Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are for upcoming release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md index 6a9c3b8bfa..05f6d8b135 100644 --- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md +++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md @@ -2314,16 +2314,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md index 4c77e82fa2..053d6fda1d 100644 --- a/windows/client-management/mdm/policy-csp-admx-rpc.md +++ b/windows/client-management/mdm/policy-csp-admx-rpc.md @@ -375,17 +375,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md index 56b8fa10a1..8019979d43 100644 --- a/windows/client-management/mdm/policy-csp-admx-scripts.md +++ b/windows/client-management/mdm/policy-csp-admx-scripts.md @@ -970,17 +970,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md index dca614dec2..cf6bf9fdf7 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md @@ -245,16 +245,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md index 7590b70934..4e97164a9e 100644 --- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md +++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md @@ -111,17 +111,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md index 66a0fdf6d6..aa5c26fd6f 100644 --- a/windows/client-management/mdm/policy-csp-admx-sensors.md +++ b/windows/client-management/mdm/policy-csp-admx-sensors.md @@ -387,16 +387,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md index af834f2656..6b62a42e86 100644 --- a/windows/client-management/mdm/policy-csp-admx-servicing.md +++ b/windows/client-management/mdm/policy-csp-admx-servicing.md @@ -101,17 +101,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md index 53ca6431fc..b79d238174 100644 --- a/windows/client-management/mdm/policy-csp-admx-settingsync.md +++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md @@ -691,16 +691,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md index a9749a346b..467cab854e 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md +++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md @@ -177,17 +177,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md index 42e13cdd7d..faccab55d9 100644 --- a/windows/client-management/mdm/policy-csp-admx-sharing.md +++ b/windows/client-management/mdm/policy-csp-admx-sharing.md @@ -98,16 +98,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md index 58d1a90759..223fa3819b 100644 --- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md +++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md @@ -333,17 +333,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-skydrive.md b/windows/client-management/mdm/policy-csp-admx-skydrive.md index e42d009528..464845261e 100644 --- a/windows/client-management/mdm/policy-csp-admx-skydrive.md +++ b/windows/client-management/mdm/policy-csp-admx-skydrive.md @@ -101,17 +101,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md index b75b3b086d..227aeb686b 100644 --- a/windows/client-management/mdm/policy-csp-admx-smartcard.md +++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md @@ -1214,17 +1214,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md index 8b1a15bdca..9e6698333d 100644 --- a/windows/client-management/mdm/policy-csp-admx-snmp.md +++ b/windows/client-management/mdm/policy-csp-admx-snmp.md @@ -275,17 +275,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md index 2c16014c48..43eb801c4d 100644 --- a/windows/client-management/mdm/policy-csp-admx-startmenu.md +++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md @@ -4996,16 +4996,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md index 70b84425c0..d636e16649 100644 --- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md +++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md @@ -105,17 +105,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md index bff61dc5f1..4237d69e83 100644 --- a/windows/client-management/mdm/policy-csp-admx-taskbar.md +++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md @@ -1648,17 +1648,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 - +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md index 3cd6999994..c4ebc56f82 100644 --- a/windows/client-management/mdm/policy-csp-admx-tcpip.md +++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md @@ -996,17 +996,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md index 73f6ca56cd..d21e77ad3c 100644 --- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md +++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md @@ -248,18 +248,8 @@ ADMX Info:
- -Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md index d12a0686f7..a428786a24 100644 --- a/windows/client-management/mdm/policy-csp-admx-tpm.md +++ b/windows/client-management/mdm/policy-csp-admx-tpm.md @@ -788,17 +788,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md index 7f23f18d6f..54ba484366 100644 --- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md +++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md @@ -9461,17 +9461,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 - +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md index dcc45e4c5e..2382a9fb8e 100644 --- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md +++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md @@ -641,15 +641,6 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md index 37697fb185..7a60fbadde 100644 --- a/windows/client-management/mdm/policy-csp-admx-w32time.md +++ b/windows/client-management/mdm/policy-csp-admx-w32time.md @@ -414,17 +414,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md index 0c5ea22e12..85f0ad3341 100644 --- a/windows/client-management/mdm/policy-csp-admx-wcm.md +++ b/windows/client-management/mdm/policy-csp-admx-wcm.md @@ -257,17 +257,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md index 399309047c..de5d9fde63 100644 --- a/windows/client-management/mdm/policy-csp-admx-wincal.md +++ b/windows/client-management/mdm/policy-csp-admx-wincal.md @@ -177,17 +177,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md b/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md index efff151d08..5902416124 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md @@ -100,16 +100,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md index 086405efd2..d65677d585 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md @@ -249,17 +249,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md index 004f66dae4..234f5f9d6c 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md @@ -5353,16 +5353,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md b/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md index 610f1840b9..66662cba51 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md @@ -342,16 +342,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md index 66570c3061..301c276ef2 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md @@ -101,17 +101,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md index f0273482cf..86aa3334d8 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md @@ -1599,17 +1599,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md index dc7bcf1f15..89752639b2 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md @@ -170,16 +170,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md index cec2e2bd4f..ce460a7d15 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md @@ -395,15 +395,6 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md index 93d25c2f1e..29981fc6c6 100644 --- a/windows/client-management/mdm/policy-csp-admx-wininit.md +++ b/windows/client-management/mdm/policy-csp-admx-wininit.md @@ -243,17 +243,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md index f1998bb579..1867096ce5 100644 --- a/windows/client-management/mdm/policy-csp-admx-winlogon.md +++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md @@ -479,16 +479,7 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-admx-winsrv.md b/windows/client-management/mdm/policy-csp-admx-winsrv.md index ac5a01bce6..afef9cf403 100644 --- a/windows/client-management/mdm/policy-csp-admx-winsrv.md +++ b/windows/client-management/mdm/policy-csp-admx-winsrv.md @@ -103,17 +103,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md index c66f4a6598..8dc6686b17 100644 --- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md +++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md @@ -245,17 +245,8 @@ ADMX Info:
-Footnotes: - -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md index 7e7e4ee561..99ac55e97e 100644 --- a/windows/client-management/mdm/policy-csp-admx-wpn.md +++ b/windows/client-management/mdm/policy-csp-admx-wpn.md @@ -475,16 +475,9 @@ ADMX Info:
-Footnotes: +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. + -- 1 - Available in Windows 10, version 1607 -- 2 - Available in Windows 10, version 1703 -- 3 - Available in Windows 10, version 1709 -- 4 - Available in Windows 10, version 1803 -- 5 - Available in Windows 10, version 1809 -- 6 - Available in Windows 10, version 1903 -- 7 - Available in Windows 10, version 1909 -- 8 - Available in Windows 10, version 2004 -- 9 - Available in Windows 10, version 20H2 \ No newline at end of file diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 44ac3534f2..4a44915184 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -1004,7 +1004,7 @@ This security setting determines which service accounts are prevented from regis GP Info: -- GP English name: *Deny log on as a service* +- GP English name: *Deny log on Locally* - GP path: *Windows Settings/Security Settings/Local Policies/User Rights Assignment* @@ -1901,4 +1901,4 @@ Footnotes: - 6 - Available in Windows 10, version 1903. - 7 - Available in Windows 10, version 1909. - 8 - Available in Windows 10, version 2004. - \ No newline at end of file + diff --git a/windows/client-management/mdm/provisioning-csp.md b/windows/client-management/mdm/provisioning-csp.md index 1e6a236656..aad96d1dbf 100644 --- a/windows/client-management/mdm/provisioning-csp.md +++ b/windows/client-management/mdm/provisioning-csp.md @@ -17,13 +17,13 @@ ms.date: 06/26/2017 The Provisioning configuration service provider is used for bulk user enrollment to an MDM service. -> **Note**  Bulk enrollment does not work when two factor authentication is enabled. - - +> [!NOTE] +> Bulk enrollment does not work when two-factor authentication is enabled. For bulk enrollment step-by-step guide, see [Bulk enrollment](bulk-enrollment-using-windows-provisioning-tool.md). The following shows the Provisioning configuration service provider in tree format. + ``` ./Vendor/MSFT/ProvisioningCommands ProvisioningCommands @@ -40,43 +40,34 @@ ProvisioningCommands ----------------RestartRequired ----------------ContinueInstall ``` -**./Vendor/MSFT** + +**./Vendor/MSFT/ProvisioningCommands** Root node for Provisioning CSP. -**Provisioning/Enrollments** +**Provisioning/Enrollments** Node for defining bulk enrollment of users into an MDM service. -**Provisioning/Enrollments/***UPN* -Unique identifier for the enrollment. For bulk enrollment, this must a service account that is allowed to enroll multiple users. Example, "generic-device@contoso.com" +**Provisioning/Enrollments/_UPN_** +Unique identifier for the enrollment. For bulk enrollment, this must be a service account that is allowed to enroll multiple users. For example, "generic-device@contoso.com". -**Provisioning/Enrollments/*UPN*/DiscoveryServiceFullURL** +**Provisioning/Enrollments/*UPN*/DiscoveryServiceFullURL** The full URL for the discovery service. -**Provisioning/Enrollments/*UPN*/Secret** +**Provisioning/Enrollments/*UPN*/Secret** This information is dependent on the AuthPolicy being used. Possible values: -- Password string for on-premises authentication enrollment -- Federated security token for federated enrollment -- Certificate thumb print for certificated based enrollment +- Password string for on-premises authentication enrollment +- Federated security token for federated enrollment +- Certificate thumbprint for certificated based enrollment -**Provisioning/Enrollments/*UPN*/AuthPolicy** +**Provisioning/Enrollments/*UPN*/AuthPolicy** Specifies the authentication policy used by the MDM service. Valid values: -- OnPremise -- Certificate +- OnPremise +- Certificate -**Provisioning/Enrollments/*UPN*/PolicyServiceFullURL** +**Provisioning/Enrollments/*UPN*/PolicyServiceFullURL** Specifies the policy service URL. -**Provisioning/Enrollments/*UPN*/EnrollmentServiceFullURL** +**Provisioning/Enrollments/*UPN*/EnrollmentServiceFullURL** Specifies the enrollment service URL. - - - - - - - - - - diff --git a/windows/client-management/mdm/proxy-csp.md b/windows/client-management/mdm/proxy-csp.md index 540a52a931..2a474b9321 100644 --- a/windows/client-management/mdm/proxy-csp.md +++ b/windows/client-management/mdm/proxy-csp.md @@ -17,18 +17,17 @@ ms.date: 06/26/2017 The PROXY configuration service provider is used to configure proxy connections. -> **Note**  Use [CM\_ProxyEntries CSP](cm-proxyentries-csp.md) instead of PROXY CSP, which will be deprecated in a future release. +> [!NOTE] +> Use [CM\_ProxyEntries CSP](cm-proxyentries-csp.md) instead of PROXY CSP, which will be deprecated in a future release. This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application. - - For the PROXY CSP, you cannot use the Replace command unless the node already exists. The following shows the PROXY configuration service provider management object in tree format as used by OMA DM. The OMA Client Provisioning protocol is not supported by this configuration service provider. + ``` -./Vendor/MSFT -Proxy +./Vendor/MSFT/Proxy ----* --------ProxyId --------Name @@ -56,82 +55,73 @@ Proxy ------------Microsoft ----------------Guid ``` -**./Vendor/MSFT/Proxy** + +**./Vendor/MSFT/Proxy** Root node for the proxy connection. -***ProxyName*** +***ProxyName*** Defines the name of a proxy connection. It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two proxy connections, use "PROXY0" and "PROXY1" as the element names. Any unique name can be used if desired (such as "GPRS-NAP"), but no spaces may appear in the name (use %20 instead). -The addition, update, and deletion of this sub-tree of nodes have be specified in a single atomic transaction. +The addition, update, and deletion of this sub-tree of nodes have to be specified in a single atomic transaction. -***ProxyName*/PROXYID** +***ProxyName*/PROXYID** Specifies the unique identifier of the proxy connection. -***ProxyName*/NAME** +***ProxyName*/NAME** Specifies the user-friendly name of the proxy connection. -***ProxyName*/ADDR** +***ProxyName*/ADDR** Specifies the address of the proxy server. This value may be the network name of the server, or any other string (such as an IP address) used to uniquely identify the proxy connection. -***ProxyName*/ADDRTYPE** +***ProxyName*/ADDRTYPE** Specifies the type of address used to identify the proxy server. The valid values are IPV4, IPV6, E164, ALPHA. -***ProxyName*/PROXYTYPE** +***ProxyName*/PROXYTYPE** Specifies the type of proxy connection. Depending on the ProxyID, the valid values are ISA, WAP, SOCKS, or NULL. -***ProxyName*/Ports** +***ProxyName*/Ports** Node for port information. -***ProxyName*/Ports/***PortName* +***ProxyName*/Ports/_PortName_** Defines the name of a port. It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two ports, use "PORT0" and "PORT1" as the element names. -***ProxyName*/Ports/*PortName*/PortNbr** +***ProxyName*/Ports/*PortName*/PortNbr** Specifies the port number to be associated with the parent port. -***ProxyName*/Ports/*PortName*/Services** +***ProxyName*/Ports/*PortName*/Services** Node for services information. -***ProxyName*/Ports/Services/***ServiceName* +***ProxyName*/Ports/Services/_ServiceName_** Defines the name of a service. It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two services, use "SERVICE0" and "SERVICE1" as the element names. -***ProxyName*/Ports/Services/*ServiceName*/ServiceName** +***ProxyName*/Ports/Services/*ServiceName*/ServiceName** Specifies the protocol to be associated with the parent port. One commonly used value is "HTTP". -***ProxyName*/ConRefs** +***ProxyName*/ConRefs** Node for connection reference information -***ProxyName*/ConRefs/***ConRefName* +***ProxyName*/ConRefs/_ConRefName_** Defines the name of a connection reference. It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two connection references, use "CONREF0" and "CONREF1" as the element names. -***ProxyName*/ConRefs/*ConRefName*/ConRef** +***ProxyName*/ConRefs/*ConRefName*/ConRef** Specifies one single connectivity object associated with the proxy connection. ## Related topics - [Configuration service provider reference](configuration-service-provider-reference.md) - - - - - - - - - diff --git a/windows/client-management/mdm/TOC.yml b/windows/client-management/mdm/toc.yml similarity index 99% rename from windows/client-management/mdm/TOC.yml rename to windows/client-management/mdm/toc.yml index 8a50f6ccd9..8680bff0db 100644 --- a/windows/client-management/mdm/TOC.yml +++ b/windows/client-management/mdm/toc.yml @@ -1,3 +1,4 @@ +items: - name: Mobile device management href: index.md items: diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md index db915eb9fe..89c8d33d45 100644 --- a/windows/client-management/mdm/update-csp.md +++ b/windows/client-management/mdm/update-csp.md @@ -16,13 +16,13 @@ ms.date: 02/23/2018 The Update configuration service provider enables IT administrators to manage and control the rollout of new updates. -> [!Note] -> The Update CSP functionality of 'AprrovedUpdates' is not recommended for managing desktop devices. To manage updates to desktop devices from Windows Update, see the [Policy CSP - Updates](policy-csp-update.md) documentation for the recommended policies. +> [!NOTE] +> The Update CSP functionality of 'AprrovedUpdates' is not recommended for managing desktop devices. To manage updates to desktop devices from Windows Update, see the [Policy CSP - Updates](policy-csp-update.md) documentation for the recommended policies. The following shows the Update configuration service provider in tree format. -```./Vendor/MSFT -Update +``` +./Vendor/MSFT/Update ----ApprovedUpdates --------Approved Update Guid ------------ApprovedTime @@ -50,7 +50,8 @@ Update --------QualityUpdateStatus --------FeatureUpdateStatus ``` -**Update** + +**./Vendor/MSFT/Update**

The root node.

Supported operation is Get. @@ -70,10 +71,10 @@ Update

Supported operations are Get and Add. -**ApprovedUpdates/***Approved Update Guid* +**ApprovedUpdates/_Approved Update Guid_**

Specifies the update GUID. -

To auto-approve a class of updates, you can specify the Update Classifications GUIDs. We strongly recommend to always specify the DefinitionsUpdates classification (E0789628-CE08-4437-BE74-2495B842F43B), which are used for anti-malware signatures. There are released periodically (several times a day). Some businesses may also want to auto-approve security updates to get them deployed quickly. +

To auto-approve a class of updates, you can specify the Update Classifications GUIDs. We strongly recommend to always specify the DefinitionsUpdates classification (E0789628-CE08-4437-BE74-2495B842F43B), which are used for anti-malware signatures. These are released periodically (several times a day). Some businesses may also want to auto-approve security updates to get them deployed quickly.

Supported operations are Get and Add. @@ -93,8 +94,8 @@ Update

Supported operation is Get. -**FailedUpdates/***Failed Update Guid* -

Update identifier field of the UpdateIdentity GUID that represent an update that failed to download or install. +**FailedUpdates/_Failed Update Guid_** +

Update identifier field of the UpdateIdentity GUID that represents an update that failed to download or install.

Supported operation is Get. @@ -118,7 +119,7 @@ Update

Supported operation is Get. -**InstalledUpdates/***Installed Update Guid* +**InstalledUpdates/_Installed Update Guid_**

UpdateIDs that represent the updates installed on a device.

Supported operation is Get. @@ -133,7 +134,7 @@ Update

Supported operation is Get. -**InstallableUpdates/***Installable Update Guid* +**InstallableUpdates/_Installable Update Guid_**

Update identifiers that represent the updates applicable and not installed on a device.

Supported operation is Get. @@ -141,9 +142,9 @@ Update **InstallableUpdates/*Installable Update Guid*/Type**

The UpdateClassification value of the update. Valid values are: -- 0 - None -- 1 - Security -- 2 = Critical +- 0 - None +- 1 - Security +- 2 - Critical

Supported operation is Get. @@ -157,7 +158,7 @@ Update

Supported operation is Get. -**PendingRebootUpdates/***Pending Reboot Update Guid* +**PendingRebootUpdates/_Pending Reboot Update Guid_**

Update identifiers for the pending reboot state.

Supported operation is Get. @@ -188,26 +189,25 @@ Added in Windows 10, version 1803. Node for the rollback operations. **Rollback/QualityUpdate** Added in Windows 10, version 1803. Roll back latest Quality Update, if the machine meets the following conditions: -- Condition 1: Device must be Windows Update for Business Connected -- Condition 2: Device must be in a Paused State -- Condition 3: Device must have the Latest Quality Update installed on the device (Current State) +- Condition 1: Device must be Windows Update for Business Connected +- Condition 2: Device must be in a Paused State +- Condition 3: Device must have the Latest Quality Update installed on the device (Current State) If the conditions are not true, the device will not Roll Back the Latest Quality Update. **Rollback/FeatureUpdate** Added in Windows 10, version 1803. Roll Back Latest Feature Update, if the machine meets the following conditions: -- Condition 1: Device must be Windows Update for Business Connected -- Condition 2: Device must be in Paused State -- Condition 3: Device must have the Latest Feature Update Installed on the device (Current State) -- Condition 4: Machine should be within the uninstall period +- Condition 1: Device must be Windows Update for Business Connected +- Condition 2: Device must be in Paused State +- Condition 3: Device must have the Latest Feature Update Installed on the device (Current State) +- Condition 4: Machine should be within the uninstall period -> [!Note] -> This only works for Semi Annual Channel Targeted devices. +> [!NOTE] +> This only works for Semi-Annual Channel Targeted devices. If the conditions are not true, the device will not Roll Back the Latest Feature Update. - **Rollback/QualityUpdateStatus** Added in Windows 10, version 1803. Returns the result of last RollBack QualityUpdate operation. @@ -217,6 +217,3 @@ Added in Windows 10, version 1803. Returns the result of last RollBack FeatureUp ## Related topics [Configuration service provider reference](configuration-service-provider-reference.md) - - - diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index 921891e030..15c30be7f5 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -866,6 +866,17 @@ Added in Windows 10, version 1607. Specifies the class-based default routes. Fo Value type is bool. Supported operations include Get, Add, Replace, and Delete. +**VPNv2/**ProfileName**/NativeProfile/PlumbIKEv2TSAsRoutes** +Determines whether plumbing IPSec traffic selectors as routes onto VPN interface is enabled. + +If set to False, plumbing traffic selectors as routes is disabled. + +If set to True, plumbing traffic selectors as routes is enabled. + +By default, this value is set to False. + +Value type is bool. Supported operations include Get, Add, Replace, and Delete. + ## Examples @@ -1590,6 +1601,3 @@ Servers - - - diff --git a/windows/client-management/mdm/win32appinventory-csp.md b/windows/client-management/mdm/win32appinventory-csp.md index 1e0af5deb5..c8c22786a1 100644 --- a/windows/client-management/mdm/win32appinventory-csp.md +++ b/windows/client-management/mdm/win32appinventory-csp.md @@ -18,9 +18,9 @@ ms.date: 06/26/2017 The Win32AppInventory configuration service provider is used to provide an inventory of installed applications on a device. The following shows the Win32AppInventory configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM. + ``` -./Vendor/MSFT -Win32AppInventory +./Vendor/MSFT/Win32AppInventory ----Win32InstalledProgram --------InstalledProgram ------------Name @@ -32,40 +32,41 @@ Win32AppInventory ------------MsiProductCode ------------MsiPackageCode ``` -**./Vendor/MSFT/Win32AppInventory** + +**./Vendor/MSFT/Win32AppInventory** The root node for the Win32AppInventory configuration service provider. The supported operation is Get. -**Win32InstalledProgram** +**Win32InstalledProgram** This represents an inventory of installed Win32 applications on the device. The supported operation is Get. -**Win32InstalledProgram/**InstalledProgram +**Win32InstalledProgram/_InstalledProgram_** A node that contains information for a specific application. -**Win32InstalledProgram/**InstalledProgram**/Name** +**Win32InstalledProgram/_InstalledProgram_/Name** A string that specifies the name of the application. The supported operation is Get. -**Win32InstalledProgram/**InstalledProgram**/Publisher** +**Win32InstalledProgram/_InstalledProgram_/Publisher** A string that specifies the publisher of the application. The supported operation is Get. -**Win32InstalledProgram/**InstalledProgram**/Version** +**Win32InstalledProgram/_InstalledProgram_/Version** A string that specifies the version of the application. The supported operation is Get. -**Win32InstalledProgram/**InstalledProgram**/Language** +**Win32InstalledProgram/_InstalledProgram_/Language** A string that specifies the language of the application. The supported operation is Get. -**Win32InstalledProgram/**InstalledProgram**/RegKey** +**Win32InstalledProgram/_InstalledProgram_/RegKey** A string that specifies product code or registry subkey. For MSI-based applications this is the product code. @@ -74,32 +75,21 @@ For applications found in Add/Remove Programs, this is the registry subkey. The supported operation is Get. -**Win32InstalledProgram/**InstalledProgram**/Source** +**Win32InstalledProgram/_InstalledProgram_/Source** A string that specifies where the application was discovered, such as MSI or Add/Remove Programs. The supported operation is Get. -**Win32InstalledProgram/**InstalledProgram**/MsiProductCode** +**Win32InstalledProgram/_InstalledProgram_/MsiProductCode** A GUID that uniquely identifies a particular MSI product. The supported operation is Get. -**Win32InstalledProgram/**InstalledProgram**/MsiPackageCode** +**Win32InstalledProgram/_InstalledProgram_/MsiPackageCode** A GUID that identifies an MSI package. Multiple products can make up a single package. The supported operation is Get. ## Related topics - [Configuration service provider reference](configuration-service-provider-reference.md) - - - - - - - - - - diff --git a/windows/client-management/TOC.yml b/windows/client-management/toc.yml similarity index 59% rename from windows/client-management/TOC.yml rename to windows/client-management/toc.yml index 78c6932e8f..4b43db4f1b 100644 --- a/windows/client-management/TOC.yml +++ b/windows/client-management/toc.yml @@ -1,38 +1,49 @@ -- name: Manage clients in Windows 10 - href: index.md +items: +- name: Windows client management + href: index.yml items: - - name: Administrative Tools in Windows 10 - href: administrative-tools-in-windows-10.md - items: + - name: Client management tools and settings + items: + - name: Administrative Tools in Windows 10 + href: administrative-tools-in-windows-10.md - name: Use Quick Assist to help users href: quick-assist.md - - name: Create mandatory user profiles - href: mandatory-user-profile.md - - name: Connect to remote Azure Active Directory-joined PC - href: connect-to-remote-aadj-pc.md - - name: Join Windows 10 Mobile to Azure Active Directory - href: join-windows-10-mobile-to-azure-active-directory.md - - name: New policies for Windows 10 - href: new-policies-for-windows-10.md - - name: Windows 10 default media removal policy - href: change-default-removal-policy-external-storage-media.md - - name: Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education - href: group-policies-for-enterprise-and-education-editions.md - - name: Manage the Settings app with Group Policy - href: manage-settings-app-with-group-policy.md - - name: What version of Windows am I running - href: windows-version-search.md - - name: Reset a Windows 10 Mobile device - href: reset-a-windows-10-mobile-device.md - - name: Transitioning to modern management - href: manage-windows-10-in-your-organization-modern-management.md - - name: Windows 10 Mobile deployment and management guide - href: windows-10-mobile-and-mdm.md - - name: Windows libraries - href: windows-libraries.md - - name: Troubleshoot Windows 10 clients - href: windows-10-support-solutions.md + - name: Create mandatory user profiles + href: mandatory-user-profile.md + - name: Connect to remote Azure Active Directory-joined PC + href: connect-to-remote-aadj-pc.md + - name: Join Windows 10 Mobile to Azure Active Directory + href: join-windows-10-mobile-to-azure-active-directory.md + - name: New policies for Windows 10 + href: new-policies-for-windows-10.md + - name: Windows 10 default media removal policy + href: change-default-removal-policy-external-storage-media.md + - name: Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education + href: group-policies-for-enterprise-and-education-editions.md + - name: Manage the Settings app with Group Policy + href: manage-settings-app-with-group-policy.md + - name: What version of Windows am I running + href: windows-version-search.md + - name: Reset a Windows 10 Mobile device + href: reset-a-windows-10-mobile-device.md + - name: Transitioning to modern management + href: manage-windows-10-in-your-organization-modern-management.md + - name: Windows 10 Mobile deployment and management guide + href: windows-10-mobile-and-mdm.md + - name: Windows libraries + href: windows-libraries.md + - name: Mobile device management (MDM) items: + - name: Mobile Device Management + href: mdm/index.md + - name: Configuration Service Provider (CSP) + items: + - name: CSP reference + href: mdm/configuration-service-provider-reference.md + - name: Troubleshoot Windows 10 clients + items: + - name: Windows 10 support solutions + href: windows-10-support-solutions.md - name: Advanced troubleshooting for Windows networking href: troubleshoot-networking.md items: @@ -77,7 +88,5 @@ href: troubleshoot-event-id-41-restart.md - name: Stop error occurs when you update the in-box Broadcom network adapter driver href: troubleshoot-stop-error-on-broadcom-driver-update.md - - name: Mobile device management for solution providers - href: mdm/index.md - - name: Change history for Client management - href: change-history-for-client-management.md + + diff --git a/windows/client-management/windows-10-support-solutions.md b/windows/client-management/windows-10-support-solutions.md index f906dc759d..ef2b5a09cc 100644 --- a/windows/client-management/windows-10-support-solutions.md +++ b/windows/client-management/windows-10-support-solutions.md @@ -1,6 +1,6 @@ --- -title: Troubleshooting Windows 10 -description: Learn where to find information about troubleshooting Windows 10 issues, for example Bitlocker issues and bugcheck errors. +title: Windows 10 support solutions +description: Learn where to find information about troubleshooting Windows 10 issues, for example BitLocker issues and bugcheck errors. ms.reviewer: kaushika manager: dansimp ms.prod: w10 @@ -12,7 +12,7 @@ ms.localizationpriority: medium ms.topic: troubleshooting --- -# Troubleshoot Windows 10 client +# Windows 10 support solutions Microsoft regularly releases both updates for Windows Server. To ensure your servers can receive future updates, including security updates, it's important to keep your servers updated. Check out - [Windows 10 and Windows Server 2016 update history](https://support.microsoft.com/en-us/help/4000825/windows-10-windows-server-2016-update-history) for a complete list of released updates. diff --git a/windows/configure/docfx.json b/windows/configure/docfx.json index 26b7898d55..032a6cf7e4 100644 --- a/windows/configure/docfx.json +++ b/windows/configure/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", diff --git a/windows/deploy/docfx.json b/windows/deploy/docfx.json index c532dc05a9..f8c535fddb 100644 --- a/windows/deploy/docfx.json +++ b/windows/deploy/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index fb137e61eb..c8a3334ac2 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -164,6 +164,11 @@ href: update/waas-manage-updates-wufb.md - name: Configure Windows Update for Business href: update/waas-configure-wufb.md + - name: Windows Update for Business deployment service + href: update/deployment-service-overview.md + items: + - name: Troubleshoot the Windows Update for Business deployment service + href: update/deployment-service-troubleshoot.md - name: Enforcing compliance deadlines for updates href: update/wufb-compliancedeadlines.md - name: Integrate Windows Update for Business with management solutions @@ -249,6 +254,8 @@ href: update/windows-update-errors.md - name: Windows Update error code reference href: update/windows-update-error-reference.md + - name: Troubleshoot the Windows Update for Business deployment service + href: update/deployment-service-troubleshoot.md - name: Reference items: diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index d8339ad571..612b3619c6 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -251,7 +251,7 @@ Use the following figures to help you troubleshoot when users experience these c ### Review requirements on devices -Devices must be running Windows 10 Pro, version 1703, and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. You can use the following procedures to review whether a particular device meets requirements. +Devices must be running Windows 10 Pro, version 1703 (or later), and be Azure Active Directory joined, or hybrid domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. You can use the following procedures to review whether a particular device meets requirements. **To determine if a device is Azure Active Directory joined:** @@ -264,4 +264,4 @@ At a command prompt, type: **winver** A popup window will display the Windows 10 version number and detailed OS build information. -If a device is running a previous version of Windows 10 Pro (for example, version 1511), it will not be upgraded to Windows 10 Enterprise when a user signs in, even if the user has been assigned a subscription in the CSP portal. \ No newline at end of file +If a device is running a version of Windows 10 Pro prior to version 1703 (for example, version 1511), it will not be upgraded to Windows 10 Enterprise when a user signs in, even if the user has been assigned a subscription in the CSP portal. diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index ebe98a9061..ba163c16c9 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -194,7 +194,7 @@ On **MDT01**: 2. WinPE x64 3. Windows 10 x64 3. In the new Windows 10 x64 folder, create the following folder structure: - - Dell Inc + - Dell Inc. - Latitude E7450 - Hewlett-Packard - HP EliteBook 8560w @@ -215,7 +215,7 @@ When you import drivers to the MDT driver repository, MDT creates a single insta 2. WinPE x64 3. Windows 10 x64 3. In the **Windows 10 x64** folder, create the following folder structure: - - Dell Inc + - Dell Inc. - Latitude E7450 - Hewlett-Packard - HP EliteBook 8560w @@ -304,15 +304,15 @@ On **MDT01**: For the Dell Latitude E7450 model, you use the Dell Driver CAB file, which is accessible via the [Dell TechCenter website](https://go.microsoft.com/fwlink/p/?LinkId=619544). -In these steps, we assume you have downloaded and extracted the CAB file for the Latitude E7450 model to the **D:\\Drivers\\Dell Inc\\Latitude E7450** folder. +In these steps, we assume you have downloaded and extracted the CAB file for the Latitude E7450 model to the **D:\\Drivers\\Dell Inc.\\Latitude E7450** folder. On **MDT01**: -1. In the **Deployment Workbench**, in the **MDT Production** > **Out-Of-Box Drivers** > **Windows 10 x64** node, expand the **Dell Inc** node. +1. In the **Deployment Workbench**, in the **MDT Production** > **Out-Of-Box Drivers** > **Windows 10 x64** node, expand the **Dell Inc.** node. 2. Right-click the **Latitude E7450** folder and select **Import Drivers** and use the following Driver source directory to import drivers: - **D:\\Drivers\\Windows 10 x64\\Dell Inc\\Latitude E7450** + **D:\\Drivers\\Windows 10 x64\\Dell Inc.\\Latitude E7450** ### For the HP EliteBook 8560w diff --git a/windows/deployment/images/configmgr-assets.PNG b/windows/deployment/images/configmgr-assets.PNG deleted file mode 100644 index ac315148c5..0000000000 Binary files a/windows/deployment/images/configmgr-assets.PNG and /dev/null differ diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md new file mode 100644 index 0000000000..4c034921b7 --- /dev/null +++ b/windows/deployment/update/deployment-service-overview.md @@ -0,0 +1,175 @@ +--- +title: Windows Update for Business deployment service +description: Overview of deployment service to control approval, scheduling, and safeguarding of Windows updates +ms.custom: seo-marvel-apr2020 +ms.prod: w10 +ms.mktglfcycl: manage +author: jaimeo +ms.localizationpriority: medium +ms.author: jaimeo +ms.reviewer: +manager: laurawi +ms.topic: article +--- + + + +# Windows Update for Business deployment service + +> Applies to: Windows 10 + +The Windows Update for Business deployment service is a cloud service within the Windows Update for Business product family. It provides control over the approval, scheduling, and safeguarding of updates delivered from Windows Update. It's designed to work in harmony with your existing Windows Update for Business policies. + +The deployment service is designed for IT Pros who are looking for more control than is provided through deferral policies and deployment rings. It provides the following abilities: + +- You can schedule deployment of updates to start on a specific date (for example, deploy 20H2 to specified devices on March 14, 2021). +- You can stage deployments over a period of days or weeks by using rich expressions (for example, deploy 20H2 to 500 devices per day, beginning on March 14, 2021). +- You can bypass pre-configured Windows Update for Business policies to immediately deploy a security update across your organization when emergencies arise. +- You can benefit from deployments with automatic piloting tailored to your unique device population to ensure coverage of hardware and software in your organization. + +The service is privacy focused and backed by leading industry compliance certifications. + +## How it works + +The deployment service complements existing Windows Update for Business capabilities, including existing device policies and [Update Compliance](update-compliance-monitor.md). + +:::image type="content" source="media/wufbds-product-large.png" alt-text="Elements in following text"::: + +Windows Update for Business comprises three elements: +- Client policy to govern update experiences and timing – available through Group Policy and CSPs +- Deployment service APIs to approve and schedule specific updates – available through the Microsoft Graph and associated SDKs (including PowerShell) +- Update Compliance to monitor update deployment – available through the Azure Marketplace + +Unlike existing client policy, the deployment service does not interact with devices directly. The service is native to the cloud and all operations take place between various Microsoft services. It creates a direct communication channel between a management tool (including scripting tools such as Windows PowerShell) and the Windows Update service so that the approval and offering of content can be directly controlled by an IT Pro. + +:::image type="content" source="media/wufbds-interaction-small.png" alt-text="Process described in following text"::: + +Using the deployment service typically follows a common pattern: +1. IT Pro uses a management tool to select devices and approve content to be deployed. This tool could be PowerShell, a Microsoft Graph app or a more complete management solution such as Microsoft Endpoint Manager. +2. The chosen tool conveys your approval, scheduling, and device selection information to the deployment service. +3. The deployment service processes the content approval and compares it with previously approved content. Final update applicability is determined and conveyed to Windows Update, which then offers approved content to devices on their next check for updates. + + +The deployment service exposes these capabilities through Microsoft [Graph REST APIs](/graph/overview). You can call the APIs directly, through a Graph SDK, or integrate them with a management tool such as Microsoft Endpoint Manager. + +## Prerequisites + +To work with the deployment service, devices must meet all these requirements: + +- Be running Windows 10, version 1709 or later +- Be joined to Azure Active Directory (AD) or Hybrid AD +- Have one of the following Windows 10 editions installed: + - Windows 10 Pro + - Windows 10 Enterprise + - Windows 10 Education + - Windows 10 Pro Education + - Windows 10 Pro for Workstations + +Additionally, your organization must have one of the following subscriptions: +- Windows 10 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) +- Windows 10 Education A3 or A5 (included in Microsoft 365 A3 or A5) +- Windows Virtual Desktop Access E3 or E5 +- Microsoft 365 Business Premium + + +## Getting started + +To use the deployment service, you use a management tool built on the platform, script common actions using PowerShell, or build your own application. + +### Using Microsoft Endpoint Manager + +Microsoft Endpoint Manager integrates with the deployment service to provide Windows 10 update management capabilities. For more information, see [Windows 10 feature updates policy in Intune](/mem/intune/protect/windows-10-feature-updates). + +### Scripting common actions using PowerShell + +The Microsoft Graph SDK includes a PowerShell extension that you can use to script and automate common update actions. For more information, see [Get started with the Microsoft Graph PowerShell SDK](/graph/powershell/get-started). + + +### Building your own application + +Microsoft Graph makes deployment service APIs available through. Get started with these learning paths: +- Learning Path: [Microsoft Graph Fundamentals](/learn/paths/m365-msgraph-fundamentals/) +- Learning Path: [Build apps with Microsoft Graph](/learn/paths/m365-msgraph-associate/) + +Once you are familiar with Microsoft Graph development, see [Windows updates API overview in Microsoft Graph](/graph/windowsupdates-concept-overview) for more. + +## Deployment protections + +The deployment service protects deployments through a combination of rollout controls and machine-learning algorithms that monitor deployments and react to issues during the rollout. + +### Schedule rollouts with automatic piloting + +The deployment service allows any update to be deployed over a period of days or weeks. Once an update has been scheduled, the deployment service optimizes the deployment based on the scheduling parameters and unique attributes spanning the devices being updated. The service follows these steps: + +1. Determine the number of devices to be updated in each deployment wave, based on scheduling parameters. +2. Select devices for each deployment wave so that earlier waves have a diversity of hardware and software, to function as pilot device populations. +3. Start deploying to earlier waves to build coverage of device attributes present in the population. +4. Continue deploying at a uniform rate until all waves are complete and all devices are updated. + +This built-in piloting capability complements your existing ring structure and provides another support for reducing and managing risk during an update. Unlike tools such as Desktop Analytics, this capability is intended to operate within each ring. The deployment service does not provide a workflow for creating rings themselves. + +You should continue to use deployment rings as part of the servicing strategy for your organization, but use gradual rollouts to add scheduling convenience and additional protections within each ring. + +### Monitoring deployments to detect rollback issues + +During a feature update deployment, driver combinations can sometimes result in an unexpected update failure that makes the device revert to the previously installed operating system version. The deployment service can monitor devices for such issues and automatically pause deployments when this happens, giving you time to detect and mitigate issues. + + +### How to enable deployment protections + +Deployment scheduling controls are always available, but to take advantage of the unique deployment protections tailored to your organization, devices must share diagnostic data with Microsoft. + +#### Device prerequisites + +> [!NOTE] +> Deployment protections are currently in preview and available if you're using Update Compliance. If you set these policies on a a device that isn't enrolled in Update Compliance, there is no effect. + +- Diagnostic data is set to *Required* or *Optional*. +- The **AllowWUfBCloudProcessing** policy is set to **1**. + +#### Set the **AllowWUfBCloudProcessing** policy + +To enroll devices in Windows Update for Business cloud processing, set the **AllowWUfBCloudProcessing** policy using mobile device management (MDM) policy. + +> [!NOTE] +> Setting this policy by using Group Policy isn't currently supported. + +| Policy | Sets registry key under **HKLM\\Software** | +|--------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------| +| MDM for Windows 10, version 1809 or later: ../Vendor/MSFT/ Policy/Config/System/**AllowWUfBCloudProcessing** | \\Microsoft\\PolicyManager\\default\\System\\AllowWUfBCloudProcessing | + +Following is an example of setting the policy using Microsoft Endpoint Manager: + +1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +2. Select **Devices** > **Configuration profiles** > **Create profile**. +3. Select **Windows 10 and later** in **Platform**, select **Templates** in **Profile type**, select **Custom** in **Template name**, and then select **Create**. +4. In **Basics**, enter a meaningful name and a description for the policy, and then select **Next**. +5. In **Configuration settings**, select **Add**, enter the following settings, select **Save**, and then select **Next**. + - Name: **AllowWUfBCloudProcessing** + - Description: Enter a description. + - OMA-URI: `./Vendor/MSFT/Policy/Config/System/AllowWUfBCloudProcessing` + - Data type: **String** + - Value: **1** +6. In **Assignments**, select the groups that will receive the profile, and then select **Next**. +7. In **Review + create**, review your settings, and then select **Create**. +8. (Optional) To verify that the policy reached the client, check the value of the following registry entry: **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager \\default\\System\\AllowWUfBCloudProcessing**. + +## Best practices +Follow these suggestions for the best results with the service. + +### Device onboarding + +- Wait until devices finish provisioning before managing with the service. If a device is being provisioned by Autopilot, it can only be managed by the deployment service after it finishes provisioning (typically one day). +- Use the deployment service for feature update management without feature update deferral policy. If you want to use the deployment service to manage feature updates on a device that previously used a feature update deferral policy, it's best to set the feature update deferral policy to **0** days to avoid having multiple conditions governing feature updates. You should only change the feature update deferral policy value to 0 days after you've confirmed that the device was enrolled in the service with no errors. + +### General + +Avoid using different channels to manage the same resources. If you use Microsoft Endpoint Manager along with Microsoft Graph APIs or PowerShell, aspects of resources (such as devices, deployments, updatable asset groups) might be overwritten if you use both channels to manage the same resources. Instead, only manage each resource through the channel that created it. + + +## Next steps + +To learn more about the deployment service, try the following: + +- [Windows 10 feature updates policy in Intune](/mem/intune/protect/windows-10-feature-updates) +- [Windows updates API overview in Microsoft Graph](/graph/windowsupdates-concept-overview) diff --git a/windows/deployment/update/deployment-service-troubleshoot.md b/windows/deployment/update/deployment-service-troubleshoot.md new file mode 100644 index 0000000000..1f9675d1d9 --- /dev/null +++ b/windows/deployment/update/deployment-service-troubleshoot.md @@ -0,0 +1,35 @@ +--- +title: Troubleshoot the Windows Update for Business deployment service +description: Solutions to common problems with the service +ms.custom: seo-marvel-apr2020 +ms.prod: w10 +ms.mktglfcycl: manage +author: jaimeo +ms.localizationpriority: medium +ms.author: jaimeo +ms.reviewer: +manager: laurawi +ms.topic: article +--- + + + +# Troubleshoot the Windows Update for Business deployment service + +> Applies to: Windows 10 + +This troubleshooting guide addresses the most common issues that IT administrators face when using the Windows Update for Business [deployment service](deployment-service-overview.md). For a general troubleshooting guide for Windows Update, see [Windows Update troubleshooting](windows-update-troubleshooting.md). + +## The device isn't receiving an update that I deployed + +- Check that the device doesn't have updates of the relevant category paused. See [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) and [Pause quality updates](waas-configure-wufb.md#pause-quality-updates). +- **Feature updates only**: The device might have a safeguard hold applied for the given feature update version. For more about safeguard holds, see [Safeguard holds](safeguard-holds.md) and [Opt out of safeguard holds](safeguard-opt-out.md). +- Check that the deployment to which the device is assigned has the state *offering*. Deployments that have the states *paused* or *scheduled* won't deploy content to devices. +- Check that the device has scanned for updates and is scanning the Windows Update service. To learn more about scanning for updates, see [Scanning updates](how-windows-update-works.md#scanning-updates). +- **Feature updates only**: Check that the device is successfully enrolled in feature update management by the deployment service. A device that is successfully enrolled will be represented by an Azure AD device resource with an update management enrollment for feature updates and have no Azure AD device registration errors. +- **Expedited quality updates only**: Check that the device has the Update Health Tools installed (available for Windows 10 version 1809 or later in the update described in [KB 4023057 - Update for Windows 10 Update Service components](https://support.microsoft.com/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a), or a more recent quality update). The Update Health Tools are required for a device to receive an expedited quality update. On a device, the program can be located at **C:\\Program Files\\Microsoft Update Health Tools**. You can verify its presence by reviewing **Add or Remove Programs** or using the following PowerShell script: `Get-WmiObject -Class Win32\_Product \| Where-Object {$\_.Name -amatch "Microsoft Update Health Tools"}`. + +## The device is receiving an update that I didn't deploy + +- Check that the device is scanning the Windows Update service and not a different endpoint. If the device is scanning for updates from a WSUS endpoint, for example, it might receive different updates. To learn more about scanning for updates, see [Scanning updates](how-windows-update-works.md#scanning-updates). +- **Feature updates only**: Check that the device is successfully enrolled in feature update management by the deployment service. A device that is not successfully enrolled might receive different updates according to its feature update deferral period, for example. A device that is successfully enrolled will be represented by an Azure AD device resource with an update management enrollment for feature updates and have no Azure AD device registration errors. diff --git a/windows/deployment/update/media/wufbds-interaction-small.png b/windows/deployment/update/media/wufbds-interaction-small.png new file mode 100644 index 0000000000..f06201edde Binary files /dev/null and b/windows/deployment/update/media/wufbds-interaction-small.png differ diff --git a/windows/deployment/update/media/wufbds-product-large.png b/windows/deployment/update/media/wufbds-product-large.png new file mode 100644 index 0000000000..f74c499411 Binary files /dev/null and b/windows/deployment/update/media/wufbds-product-large.png differ diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index 09425105a0..e044463423 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -297,7 +297,7 @@ When you run Disk Cleanup and enable the option to Clean up system files, you ca > [!TIP] > It is no longer necessary to open an elevated command prompt to run the [SetupDiag](setupdiag.md) tool. However, this is still the optimal way to run the tool. -To launch an elevated command prompt, press the Windows key on your keyboard, type **cmd**, press Ctrl+Shift+Enter, and then Alt+C to confirm the elevation prompt. Screenshots and other steps to open an administrator (aka elevated) command prompt are [here](https://answers.microsoft.com/en-us/windows/forum/windows_7-security/command-prompt-admin-windows-7/6a188166-5e23-461f-b468-f325688ec8c7). +To launch an elevated command prompt, press the Windows key on your keyboard, type **cmd**, press Ctrl+Shift+Enter, and then click **Yes** to confirm the elevation prompt. Screenshots and other steps to open an elevated command prompt are [here](https://answers.microsoft.com/en-us/windows/forum/windows_7-security/command-prompt-admin-windows-7/6a188166-5e23-461f-b468-f325688ec8c7). Note: When you open an elevated command prompt, you will usually start in the **C:\WINDOWS\system32** directory. To run a program that you recently downloaded, you must change to the directory where the program is located. Alternatively, you can move or copy the program to a location on the computer that is automatically searched. These directories are listed in the [PATH variable](https://answers.microsoft.com/windows/forum/windows_10-other_settings-winpc/adding-path-variable/97300613-20cb-4d85-8d0e-cc9d3549ba23). diff --git a/windows/device-security/docfx.json b/windows/device-security/docfx.json index 40cbd2b6ea..fb05d45e14 100644 --- a/windows/device-security/docfx.json +++ b/windows/device-security/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", diff --git a/windows/keep-secure/docfx.json b/windows/keep-secure/docfx.json index c7756c160f..d153310b25 100644 --- a/windows/keep-secure/docfx.json +++ b/windows/keep-secure/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", diff --git a/windows/manage/docfx.json b/windows/manage/docfx.json index 2e17041b0d..904388daf4 100644 --- a/windows/manage/docfx.json +++ b/windows/manage/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", diff --git a/windows/plan/docfx.json b/windows/plan/docfx.json index 78f81bc195..f226ea1fe0 100644 --- a/windows/plan/docfx.json +++ b/windows/plan/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md index 718909cd4c..692cfa0a09 100644 --- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md +++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md @@ -9,7 +9,7 @@ ms.pagetype: security ms.localizationpriority: high audience: ITPro ms.author: siosulli -author: DaniHalfin +author: dansimp manager: dansimp ms.collection: M365-security-compliance ms.topic: article diff --git a/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md b/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md index 20b56e6e79..170bd2f449 100644 --- a/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md +++ b/windows/privacy/data-processor-service-for-windows-enterprise-public-preview-terms.md @@ -9,7 +9,7 @@ ms.topic: article f1.keywords: - NOCSH ms.author: siosulli -author: DaniHalfin +author: dansimp manager: dansimp audience: itpro ms.collection: diff --git a/windows/privacy/deploy-data-processor-service-windows.md b/windows/privacy/deploy-data-processor-service-windows.md index dbc0883936..01a6bbec79 100644 --- a/windows/privacy/deploy-data-processor-service-windows.md +++ b/windows/privacy/deploy-data-processor-service-windows.md @@ -9,7 +9,7 @@ ms.topic: article f1.keywords: - NOCSH ms.author: siosulli -author: DaniHalfin +author: dansimp manager: dansimp audience: itpro ms.collection: diff --git a/windows/privacy/index.yml b/windows/privacy/index.yml index da814f7791..ad4c6fefef 100644 --- a/windows/privacy/index.yml +++ b/windows/privacy/index.yml @@ -11,8 +11,8 @@ metadata: ms.product: windows ms.topic: hub-page # Required ms.collection: M365-security-compliance - author: danihalfin - ms.author: daniha + author: dansimp + ms.author: dansimp manager: dansimp ms.date: 07/21/2020 #Required; mm/dd/yyyy format. ms.localizationpriority: high diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md index 59b76ac590..1a07013ef3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md @@ -37,7 +37,7 @@ This guide assumes that baseline infrastructure exists which meets the requireme - A well-connected, working network - Internet access -- Multi-factor Authentication Server to support MFA during Windows Hello for Business provisioning +- Multi-factor Authentication is required during Windows Hello for Business provisioning - Proper name resolution, both internal and external names - Active Directory and an adequate number of domain controllers per site to support authentication - Active Directory Certificate Services 2012 or later @@ -78,4 +78,4 @@ Following are the various deployment guides and models included in this topic: Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop. Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**. > [!NOTE] -> You need to allow access to the URL account.microsoft.com to initiate Windows Hello for Business provisioning. This URL launches the subsequent steps in the provisioning process and is required to successfully complete Windows Hello for Business provisioning. This URL does not require any authentication and as such, does not collect any user data. \ No newline at end of file +> You need to allow access to the URL account.microsoft.com to initiate Windows Hello for Business provisioning. This URL launches the subsequent steps in the provisioning process and is required to successfully complete Windows Hello for Business provisioning. This URL does not require any authentication and as such, does not collect any user data. diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md index 47f61560aa..453dcb53bb 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md @@ -14,13 +14,34 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 01/14/2021 +ms.date: 05/03/2021 ms.reviewer: --- # Windows Hello for Business Known Deployment Issues The content of this article is to help troubleshoot and workaround known deployment issues for Windows Hello for Business. Each issue below will describe the applicable deployment type Windows versions. +## PIN Reset on Azure AD Join Devices Fails with "We can't open that page right now" error + +Applies to: + +- Azure AD joined deployments +- Windows 10, version 1803 and later + +PIN reset on Azure AD joined devices uses a flow called web sign-in to authenticate the user above lock. Web sign in only allows navigation to specific domains. If it attempts to navigate to a domain that is not allowed it will shows a page with the "We can't open that page right now" error message. + +### Identifying Azure AD joined PIN Reset Allowed Domains Issue + +The user can launch the PIN reset flow from above lock using the "I forgot my PIN" link in the PIN credential provider. Selecting this link will launch a full screen UI for the PIN experience on Azure AD Join devices. Typically, this UI will display an Azure authentication server page where the user will authenticate using Azure AD credentials and complete multi-factor authentication. + +In federated environments authentication may be configured to route to AD FS or a third party identity provider. If the PIN reset flow is launched and attempts to navigate to a federated identity provider server page, it will fail and display the "We can't open that page right now" error if the domain for the server page is not included in an allow list. + +If you are a customer of Azure US Government cloud, PIN reset will also attempt to navigate to a domain that is not included in the default allow list. This results in the "We can't open that page right now" being shown. + +### Resolving Azure AD joined PIN Reset Allowed Domains Issue + +To resolve this error, a list of allowed domains for PIN reset can be configured using the [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-authentication#authentication-configurewebsigninallowedurls) policy. For information on how to configure this policy, see [PIN Reset - Configure Web Sign-in Allowed URLs for Third Party Identity Providers on Azure AD Joined Devices](hello-feature-pin-reset.md#configure-web-sign-in-allowed-urls-for-third-party-identity-providers-on-azure-ad-joined-devices). + ## Hybrid Key Trust Logon Broken Due to User Public Key Deletion Applies to: diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index 542ece9a6b..6d1ae1fbd1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -13,7 +13,7 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 12/22/2020 +ms.date: 5/3/2021 ms.reviewer: --- @@ -23,7 +23,54 @@ ms.reviewer: - Windows 10, version 1709 or later -## Hybrid Deployments +Windows Hello for Business provides the capability for users to reset forgotten PINs using the "I forgot my PIN link" from the Sign-in options page in Settings or from above the lock screen. User's are required to authenticate and complete multi-factor authentication to reset their PIN. + +There are two forms of PIN reset called destructive and non-destructive. Destructive PIN reset is the default and does not require configuration. During a destructive PIN reset, the user's existing PIN and underlying credentials, including any keys or certificates added to their Windows Hello container, will be deleted from the client and a new logon key and PIN are provisioned. For non-destructive PIN reset, you must deploy the Microsoft PIN reset service and client policy to enable the PIN recovery feature. During a non-destructive PIN reset, the user's Windows Hello for Business container and keys are preserved, but the user's PIN that they use to authorize key usage is changed. + +## Using PIN Reset + +**Requirements** + +- Reset from settings - Windows 10, version 1703 +- Reset above Lock - Windows 10, version 1709 + +Destructive and non-destructive PIN reset use the same entry points for initiating a PIN reset. If a user has forgotten their PIN, but has an alternate logon method, they can navigate to Sign-in options in Settings and initiate a PIN reset from the PIN options. If they do not have an alternate way to sign into their device, PIN reset can also be initiated from above the lock screen in the PIN credential provider. + +>[!IMPORTANT] +>For hybrid Azure AD joined devices, users must have corporate network connectivity to domain controllers to reset their PIN. If AD FS is being used for certificate trust or for on-premises only deployments, users must also have corporate network connectivity to federation services to reset their PIN. + +### Reset PIN from Settings + +1. Sign-in to Windows 10, version 1703 or later using an alternate credential. +2. Open **Settings**, click **Accounts**, click **Sign-in options**. +3. Under **PIN**, click **I forgot my PIN** and follow the instructions. + +### Reset PIN above the Lock Screen + +For Azure AD joined devices: + +1. If the PIN credential provider is not selected, expand the **Sign-in options** link, and select the PIN pad icon. +1. Click **I forgot my PIN** from the PIN credential provider +1. Select an authentication option from the list of presented options. This list will be based on the different authentication methods enabled in your tenant (i.e. Password, PIN, Security key) +1. Follow the instructions provided by the provisioning process +1. When finished, unlock your desktop using your newly created PIN. + +For Hybrid Azure AD joined devices: + +1. If the PIN credential provider is not selected, expand the **Sign-in options** link, and select the PIN pad icon. +1. Click **I forgot my PIN** from the PIN credential provider +1. Enter your password and press enter. +1. Follow the instructions provided by the provisioning process +1. When finished, unlock your desktop using your newly created PIN. + +> [!NOTE] +> Key trust on hybrid Azure AD joined devices does not support destructive PIN reset from above the Lock Screen. This is due to the sync delay between when a user provisions their Windows Hello for Business credential and being able to use it for sign-in. For this deployment model, you must deploy non-destructive PIN reset for above lock PIN reset to work. + +You may find that PIN reset from settings only works post login, and that the "lock screen" PIN reset function will not work if you have any matching limitation of SSPR password reset from the lock screen. For more information, see [Enable Azure Active Directory self-service password reset at the Windows sign-in screen - General ](/azure/active-directory/authentication/howto-sspr-windows#general-limitations). + +Visit the [Windows Hello for Business Videos](./hello-videos.md) page and watch [Windows Hello for Business forgotten PIN user experience](./hello-videos.md#windows-hello-for-business-forgotten-pin-user-experience). + +## Non-Destructive PIN reset **Requirements:** @@ -32,10 +79,13 @@ ms.reviewer: - Azure AD registered, Azure AD joined, and Hybrid Azure AD joined - Windows 10, version 1709 to 1809, **Enterprise Edition**. There is no licensing requirement for this feature since version 1903. -The Microsoft PIN reset services enables you to help users recover who have forgotten their PIN. Using Group Policy, Microsoft Intune or a compatible MDM, you can configure Windows 10 devices to securely use the Microsoft PIN reset service that enables users to reset their forgotten PIN through settings or above the lock screen without requiring re-enrollment. +When non-destructive PIN reset is enabled on a client, a 256-bit AES key is generated locally and added to a user's Windows Hello for Business container and keys as the PIN reset protector. This PIN reset protector is encrypted using a public key retrieved from the Microsoft PIN reset service and then stored on the client for later use during PIN reset. After a user initiates a PIN reset, completes authentication to Azure, and completes multi-factor authentication, the encrypted PIN reset protector is sent to the Microsoft PIN reset service, decrypted, and returned to the client. The decrypted PIN reset protector is used to change the PIN used to authorize Windows Hello for Business keys and it is then cleared from memory. + +Using Group Policy, Microsoft Intune or a compatible MDM, you can configure Windows 10 devices to securely use the Microsoft PIN reset service that enables users to reset their forgotten PIN through settings or above the lock screen without requiring re-enrollment. >[!IMPORTANT] > The Microsoft PIN Reset service only works with **Enterprise Edition** for Windows 10, version 1709 to 1809. The feature works with **Enterprise Edition** and **Pro** edition with Windows 10, version 1903 and newer. +> The Microsoft PIN Reset service is not currently available in Azure Government. ### Onboarding the Microsoft PIN reset service to your Intune tenant @@ -44,18 +94,14 @@ Before you can remotely reset PINs, you must on-board the Microsoft PIN reset se ### Connect Azure Active Directory with the PIN reset service 1. Go to the [Microsoft PIN Reset Service Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=b8456c59-1230-44c7-a4a2-99b085333e84&resource=https%3A%2F%2Fgraph.windows.net&redirect_uri=https%3A%2F%2Fcred.microsoft.com&state=e9191523-6c2f-4f1d-a4f9-c36f26f89df0&prompt=admin_consent), and sign in using the Global administrator account you use to manage your Azure Active Directory tenant. - -2. After you have logged in, choose **Accept** to give consent for the PIN reset service to access your account. - +1. After you have logged in, choose **Accept** to give consent for the PIN reset service to access your account. ![PIN reset service application in Azure](images/pinreset/pin-reset-service-prompt.png) - -3. Go to the [Microsoft PIN Reset Client Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=9115dd05-fad5-4f9c-acc7-305d08b1b04e&resource=https%3A%2F%2Fcred.microsoft.com%2F&redirect_uri=ms-appx-web%3A%2F%2FMicrosoft.AAD.BrokerPlugin%2F9115dd05-fad5-4f9c-acc7-305d08b1b04e&state=6765f8c5-f4a7-4029-b667-46a6776ad611&prompt=admin_consent), and sign in using the Global administrator account you use to manage your Azure Active Directory tenant. - -4. After you have logged in, choose **Accept** to give consent for the PIN reset client to access your account. +1. Go to the [Microsoft PIN Reset Client Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=9115dd05-fad5-4f9c-acc7-305d08b1b04e&resource=https%3A%2F%2Fcred.microsoft.com%2F&redirect_uri=ms-appx-web%3A%2F%2FMicrosoft.AAD.BrokerPlugin%2F9115dd05-fad5-4f9c-acc7-305d08b1b04e&state=6765f8c5-f4a7-4029-b667-46a6776ad611&prompt=admin_consent), and sign in using the Global administrator account you use to manage your Azure Active Directory tenant. +1. After you have logged in, choose **Accept** to give consent for the PIN reset client to access your account. ![PIN reset client application in Azure](images/pinreset/pin-reset-client-prompt.png) -> [!NOTE] -> After you have accepted the PIN reset service and client requests, you will land on a page that states "You do not have permission to view this directory or page." This behavior is expected. Be sure to confirm that the two PIN reset applications are listed for your tenant. -5. In the [Azure portal](https://portal.azure.com), verify that the Microsoft PIN Reset Service and Microsoft PIN Reset Client are integrated from the **Enterprise applications** blade. Filter to application status "Enabled" and both Microsoft Pin Reset Service Production and Microsoft Pin Reset Client Production will show up in your tenant. + > [!NOTE] + > After you have accepted the PIN reset service and client requests, you will land on a page that states "You do not have permission to view this directory or page." This behavior is expected. Be sure to confirm that the two PIN reset applications are listed for your tenant. +1. In the [Azure portal](https://portal.azure.com), verify that the Microsoft PIN Reset Service and Microsoft PIN Reset Client are integrated from the **Enterprise applications** blade. Filter to application status "Enabled" and both Microsoft Pin Reset Service Production and Microsoft Pin Reset Client Production will show up in your tenant. > [!div class="mx-imgBorder"] > ![PIN reset service permissions page](images/pinreset/pin-reset-applications.png) @@ -65,70 +111,103 @@ Before you can remotely reset PINs, you must on-board the Microsoft PIN reset se You configure Windows 10 to use the Microsoft PIN Reset service using the computer configuration portion of a Group Policy object. 1. Using the Group Policy Management Console (GPMC), scope a domain-based Group Policy to computer accounts in Active Directory. - -2. Edit the Group Policy object from Step 1. - -3. Enable the **Use PIN Recovery** policy setting located under **Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business**. - -4. Close the Group Policy Management Editor to save the Group Policy object. Close the GPMC. +1. Edit the Group Policy object from Step 1. +1. Enable the **Use PIN Recovery** policy setting located under **Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business**. +1. Close the Group Policy Management Editor to save the Group Policy object. Close the GPMC. #### Create a PIN Reset Device configuration profile using Microsoft Intune 1. Sign-in to [Endpoint Manager admin center](https://endpoint.microsoft.com/) using a Global administrator account. - -2. Click **Endpoint Security** > **Account Protection** > **Properties**. - -3. Set **Enable PIN recovery** to **Yes**. +1. Click **Endpoint Security** > **Account Protection** > **Properties**. +1. Set **Enable PIN recovery** to **Yes**. > [!NOTE] > You can also setup PIN recovery using configuration profiles. -> 1. Sign in to Endpoint Manager. > -> 2. Click **Devices** > **Configuration Profiles** > Create a new profile or edit an existing profile using the Identity Protection profile type. -> -> 3. Set **Enable PIN recovery** to **Yes**. +> 1. Sign in to Endpoint Manager. +> 1. Click **Devices** > **Configuration Profiles** > Create a new profile or edit an existing profile using the Identity Protection profile type. +> 1. Set **Enable PIN recovery** to **Yes**. #### Assign the PIN Reset Device configuration profile using Microsoft Intune 1. Sign in to the [Azure portal](https://portal.azure.com) using a Global administrator account. +1. Navigate to the Microsoft Intune blade. Choose **Device configuration** > **Profiles**. From the list of device configuration profiles, choose the profile that contains the PIN reset configuration. +1. In the device configuration profile, select **Assignments**. +1. Use the **Include** and/or **Exclude** tabs to target the device configuration profile to select groups. -2. Navigate to the Microsoft Intune blade. Choose **Device configuration** > **Profiles**. From the list of device configuration profiles, choose the profile that contains the PIN reset configuration. +### Confirm that PIN recovery policy is enforced on the client -3. In the device configuration profile, select **Assignments**. +The PIN reset configuration for a user can be viewed by running [**dsregcmd /status**](/azure/active-directory/devices/troubleshoot-device-dsregcmd) from the command line. This state can be found under the output in the user state section as the **CanReset** line item. If **CanReset** reports as DestructiveOnly, then only destructive PIN reset is enabled. If **CanReset** reports DestructiveAndNonDestructive, then non-destructive PIN reset is enabled. -4. Use the **Include** and/or **Exclude** tabs to target the device configuration profile to select groups. +#### Sample User state Output for Destructive PIN Reset -## On-premises Deployments +``` ++----------------------------------------------------------------------+ +| User State | ++----------------------------------------------------------------------+ -**Requirements** + NgcSet : YES + NgcKeyId : {FA0DB076-A5D7-4844-82D8-50A2FB42EC7B} + CanReset : DestructiveOnly + WorkplaceJoined : NO + WamDefaultSet : YES + WamDefaultAuthority : organizations + WamDefaultId : https://login.microsoft.com + WamDefaultGUID : { B16898C6-A148-4967-9171-64D755DA8520 } (AzureAd) -* Active Directory -* On-premises Windows Hello for Business deployment -* Reset from settings - Windows 10, version 1703, Professional -* Reset above Lock - Windows 10, version 1709, Professional ++----------------------------------------------------------------------+ +``` -On-premises deployments provide users with the ability to reset forgotten PINs either through the settings page or from above the user's lock screen. Users must know or be provided their password for authentication, must perform a second factor of authentication, and then re-provision Windows Hello for Business. +#### Sample User state Output for Non-Destructive PIN Reset ->[!IMPORTANT] ->Users must have corporate network connectivity to domain controllers and the federation service to reset their PINs. +``` ++----------------------------------------------------------------------+ +| User State | ++----------------------------------------------------------------------+ -### Reset PIN from Settings + NgcSet : YES + NgcKeyId : {FA0DB076-A5D7-4844-82D8-50A2FB42EC7B} + CanReset : DestructiveAndNonDestructive + WorkplaceJoined : NO + WamDefaultSet : YES + WamDefaultAuthority : organizations + WamDefaultId : https://login.microsoft.com + WamDefaultGUID : { B16898C6-A148-4967-9171-64D755DA8520 } (AzureAd) -1. Sign-in to Windows 10, version 1703 or later using an alternate credential. -2. Open **Settings**, click **Accounts**, click **Sign-in options**. -3. Under **PIN**, click **I forgot my PIN** and follow the instructions. ++----------------------------------------------------------------------+ +``` -#### Reset PIN above the Lock Screen +## Configure Web Sign-in Allowed URLs for Third Party Identity Providers on Azure AD Joined Devices -1. On Windows 10, version 1709, click **I forgot my PIN** from the Windows Sign-in -2. Enter your password and press enter. -3. Follow the instructions provided by the provisioning process -4. When finished, unlock your desktop using your newly created PIN. +**Applies to:** -You may find that PIN reset from settings only works post login, and that the "lock screen" PIN reset function will not work if you have any matching limitation of SSPR password reset from the lock screen. For more information, see [Enable Azure Active Directory self-service password reset at the Windows sign-in screen - **General limitations**](/azure/active-directory/authentication/howto-sspr-windows#general-limitations). +- Windows 10, version 1803 or later +- Azure AD joined + +The [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-authentication#authentication-configurewebsigninallowedurls) policy allows you to specify a list of domains that are allowed to be navigated to during PIN reset flows on Azure AD joined devices. If you have a federated environment and authentication is handled using AD FS or a third-party identity provider, this policy should be set to ensure that authentication pages from that identity provider can be used during Azure AD joined PIN reset. + +### Configuring Policy Using Intune + +1. Sign-in to [Endpoint Manager admin center](https://endpoint.microsoft.com/) using a Global administrator account. +1. Click **Devices**. Click **Configuration profiles**. Click **Create profile**. +1. For Platform select **Windows 10 and later** and for Profile type select **Templates**. In the list of templates that is loaded, select **Custom** and click Create. +1. In the **Name** field type **Web Sign In Allowed URLs** and optionally provide a description for the configuration. Click Next. +1. On the Configuration settings page, click **Add** to add a custom OMA-URI setting. Provide the following information for the custom settings + - **Name:** Web Sign In Allowed URLs + - **Description:** (Optional) List of domains that are allowed during PIN reset flows. + - **OMA-URI:** ./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls + - **Data type:** String + - **Value**: Provide a semicolon delimited list of domains needed for authentication during the PIN reset scenario. An example value would be "signin.contoso.com;portal.contoso.com" + + ![Custom Configuration for ConfigureWebSignInAllowedUrls policy](images/pinreset/allowlist.png) + +1. Click the Save button to save the custom configuration. +1. On the Assignments page, use the Included groups and Excluded groups sections to define the groups of users or devices that should receive this policy. Once you have completed configuring groups click the Next button. +1. On the Applicability rules page, click Next. +1. Review the configuration that is shown on the Review + create page to make sure that it is accurate. Click create to save the profile and apply it to the configured groups. > [!NOTE] -> Visit the [Windows Hello for Business Videos](./hello-videos.md) page and watch [Windows Hello for Business forgotten PIN user experience](./hello-videos.md#windows-hello-for-business-forgotten-pin-user-experience). +> For Azure Government, there is a known issue with PIN reset on Azure AD Joined devices failing. When the user attempts to launch PIN reset, the PIN reset UI shows an error page that says, "We can't open that page right now." The ConfigureWebSignInAllowedUrls policy can be used to work around this issue. If you are experiencing this problem and you are using Azure US Government cloud, set **login.microsoftonline.us** as the value for the ConfigureWebSignInAllowedUrls policy. ## Related topics diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md index 284db3b991..00aa120b98 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md @@ -1,5 +1,5 @@ --- -title: Windows Hello for Business Trust New Installation (Windows Hello for Business) +title: Hybrid Azure AD joined Windows Hello for Business Trust New Installation (Windows Hello for Business) description: Learn about new installations for Windows Hello for Business certificate trust and the various technologies hybrid certificate trust depoyments rely on. keywords: identity, PIN, biometric, Hello, passport, WHFB ms.prod: w10 @@ -13,10 +13,10 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 08/19/2018 +ms.date: 4/30/2021 ms.reviewer: --- -# Windows Hello for Business Certificate Trust New Installation +# Hybrid Azure AD joined Windows Hello for Business Certificate Trust New Installation **Applies to** - Windows 10, version 1703 or later diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index 1abceb0c9a..e80dc75f72 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -1,5 +1,5 @@ --- -title: Configure Device Registration for Hybrid Windows Hello for Business +title: Configure Device Registration for Hybrid Azure AD joined Windows Hello for Business description: Azure Device Registration for Hybrid Certificate Trust Deployment (Windows Hello for Business) keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration ms.prod: w10 @@ -13,10 +13,10 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 08/18/2018 +ms.date: 4/30/2021 ms.reviewer: --- -# Configure Device Registration for Hybrid Windows Hello for Business +# Configure Device Registration for Hybrid Azure AD joined Windows Hello for Business **Applies to** - Windows 10, version 1703 or later diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md index 451c829d6c..d867b494ec 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md @@ -1,5 +1,5 @@ --- -title: Hybrid Windows Hello for Business Prerequisites +title: Hybrid Azure AD joined Windows Hello for Business Prerequisites description: Learn these prerequisites for hybrid Windows Hello for Business deployments using certificate trust. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust ms.prod: w10 @@ -13,10 +13,10 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 08/19/2018 +ms.date: 4/30/2021 ms.reviewer: --- -# Hybrid Windows Hello for Business Prerequisites +# Hybrid Azure AD joined Windows Hello for Business Prerequisites **Applies to** - Windows 10, version 1703 or later diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index 355c24f66a..cfaf049efd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -1,5 +1,5 @@ --- -title: Hybrid Windows Hello for Business Provisioning (Windows Hello for Business) +title: Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning (Windows Hello for Business) description: In this article, learn about provisioning for hybrid certificate trust deployments of Windows Hello for Businesss. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust ms.prod: w10 @@ -13,10 +13,10 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 08/19/2018 +ms.date: 4/30/2021 ms.reviewer: --- -# Hybrid Windows Hello for Business Provisioning +# Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning **Applies to** - Windows 10, version 1703 or later @@ -27,7 +27,7 @@ ms.reviewer: ## Provisioning The Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop. Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**. -![Event358](images/Event358.png) +![Event358 from User Device Registration log showing Windows Hello for Business prerequisite check result](images/Event358.png) The first thing to validate is the computer has processed device registration. You can view this from the User device registration logs where the check **Device is AAD joined (AADJ or DJ++): Yes** appears. Additionally, you can validate this using the **dsregcmd /status** command from a console prompt where the value for **AzureADJoined** reads **Yes**. @@ -81,4 +81,4 @@ The certificate authority validates the certificate was signed by the registrati 3. [New Installation Baseline](hello-hybrid-cert-new-install.md) 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md) 5. [Configure Windows Hello for Business policy settings](hello-hybrid-cert-whfb-settings-policy.md) -6. Sign-in and Provision (*You are here*) \ No newline at end of file +6. Sign-in and Provision (*You are here*) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md index b186880166..eeb5ed60a9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md @@ -1,5 +1,5 @@ --- -title: Configure Hybrid Windows Hello for Business - Active Directory (AD) +title: Configure Hybrid Azure AD joined Windows Hello for Business - Active Directory (AD) description: Discussing the configuration of Active Directory (AD) in a Hybrid deployment of Windows Hello for Business keywords: identity, PIN, biometric, Hello, passport, WHFB, ad ms.prod: w10 @@ -13,10 +13,10 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 08/19/2018 +ms.date: 4/30/2021 ms.reviewer: --- -# Configure Windows Hello for Business: Active Directory +# Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory **Applies to** - Windows 10, version 1703 or later diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md index cfb8b164f0..880a1fa1cc 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md @@ -1,5 +1,5 @@ --- -title: Configuring Hybrid Windows Hello for Business - Active Directory Federation Services (ADFS) +title: Configuring Hybrid Azure AD joined Windows Hello for Business - Active Directory Federation Services (ADFS) description: Discussing the configuration of Active Directory Federation Services (ADFS) in a Hybrid deployment of Windows Hello for Business keywords: identity, PIN, biometric, Hello, passport, WHFB, adfs ms.prod: w10 @@ -13,10 +13,10 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 01/14/2021 +ms.date: 4/30/2021 ms.reviewer: --- -# Configure Windows Hello for Business: Active Directory Federation Services +# Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory Federation Services **Applies to** diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md index 7adb1b0b6d..b835c4fad1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md @@ -1,5 +1,5 @@ --- -title: Configure Hybrid Windows Hello for Business Directory Synch +title: Configure Hybrid Azure AD joined Windows Hello for Business Directory Synch description: Discussing Directory Synchronization in a Hybrid deployment of Windows Hello for Business keywords: identity, PIN, biometric, Hello, passport, WHFB, dirsync, connect ms.prod: w10 @@ -13,11 +13,11 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 10/23/2017 +ms.date: 4/30/2021 ms.reviewer: --- -# Configure Hybrid Windows Hello for Business: Directory Synchronization +# Configure Hybrid Azure AD joined Windows Hello for Business: Directory Synchronization **Applies to** - Windows 10, version 1703 or later diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md index 2b5e042c13..25a3d96332 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md @@ -1,5 +1,5 @@ --- -title: Configuring Hybrid Windows Hello for Business - Public Key Infrastructure (PKI) +title: Configuring Hybrid Azure AD joined Windows Hello for Business - Public Key Infrastructure (PKI) description: Discussing the configuration of the Public Key Infrastructure (PKI) in a Hybrid deployment of Windows Hello for Business keywords: identity, PIN, biometric, Hello, passport, WHFB, PKI ms.prod: w10 @@ -13,11 +13,11 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 01/14/2021 +ms.date: 4/30/2021 ms.reviewer: --- -# Configure Hybrid Windows Hello for Business: Public Key Infrastructure +# Configure Hybrid Azure AD joined Windows Hello for Business: Public Key Infrastructure **Applies to** diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md index 80325188e6..9ddd57ccd7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md @@ -1,5 +1,5 @@ --- -title: Configuring Hybrid Windows Hello for Business - Group Policy +title: Configuring Hybrid Azure AD joined Windows Hello for Business - Group Policy description: Discussing the configuration of Group Policy in a Hybrid deployment of Windows Hello for Business keywords: identity, PIN, biometric, Hello, passport, WHFB ms.prod: w10 @@ -13,10 +13,10 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 08/19/2018 +ms.date: 4/30/2021 ms.reviewer: --- -# Configure Hybrid Windows Hello for Business: Group Policy +# Configure Hybrid Azure AD joined Windows Hello for Business: Group Policy **Applies to** - Windows 10, version 1703 or later diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md index 2f6f72752a..73d00fcc58 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md @@ -13,10 +13,10 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 08/19/2018 +ms.date: 4/30/2021 ms.reviewer: --- -# Configure Windows Hello for Business +# Configure Hybrid Azure AD joined Windows Hello for Business **Applies to** - Windows 10, version 1703 or later diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md index 3765f94152..a72c7e9f5e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md @@ -1,5 +1,5 @@ --- -title: Windows Hello for Business Key Trust New Installation +title: Windows Hello for Business Hybrid Azure AD joined Key Trust New Installation description: Learn how to configure a hybrid key trust deployment of Windows Hello for Business for systems with no previous installations. keywords: identity, PIN, biometric, Hello, passport, WHFB ms.prod: w10 @@ -13,10 +13,10 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 08/19/2018 +ms.date: 4/30/2021 ms.reviewer: --- -# Windows Hello for Business Key Trust New Installation +# Windows Hello for Business Hybrid Azure AD joined Key Trust New Installation **Applies to** - Windows 10, version 1703 or later diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md index e7ab21b989..741d1cd8fc 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md @@ -1,5 +1,5 @@ --- -title: Configure Device Registration for Hybrid key trust Windows Hello for Business +title: Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business description: Azure Device Registration for Hybrid Certificate Key Deployment (Windows Hello for Business) keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust, device, registration ms.prod: w10 @@ -13,10 +13,10 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 08/19/2018 +ms.date: 4/30/2021 ms.reviewer: --- -# Configure Device Registration for Hybrid key trust Windows Hello for Business +# Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business **Applies to** - Windows 10, version 1703 or later diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md index b2515e71f4..a74ecbe0cb 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md @@ -1,5 +1,5 @@ --- -title: Configure Directory Synchronization for Hybrid key trust Windows Hello for Business +title: Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business description: Azure Directory Synchronization for Hybrid Certificate Key Deployment (Windows Hello for Business) keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust, directory, synchronization, AADConnect ms.prod: w10 @@ -13,10 +13,10 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 08/19/2018 +ms.date: 4/30/2021 ms.reviewer: --- -# Configure Directory Synchronization for Hybrid key trust Windows Hello for Business +# Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business **Applies to** - Windows 10, version 1703 or later diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index addb6018f5..b245d6282d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -1,5 +1,5 @@ --- -title: Hybrid Key trust Windows Hello for Business Prerequisites (Windows Hello for Business) +title: Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites (Windows Hello for Business) description: Learn about the prerequisites for hybrid Windows Hello for Business deployments using key trust and what the next steps are in the deployment process. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust ms.prod: w10 @@ -13,10 +13,10 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 08/20/2018 +ms.date: 4/30/2021 ms.reviewer: --- -# Hybrid Key trust Windows Hello for Business Prerequisites +# Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites **Applies to** - Windows 10, version 1703 or later @@ -74,7 +74,7 @@ The minimum required Enterprise certificate authority that can be used with Wind * The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1), and KDC Authentication (1.3.6.1.5.2.3.5). * The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name. * The certificate template must have an extension that has the value "DomainController", encoded as a [BMPstring](/windows/win32/seccertenroll/about-bmpstring). If you are using Windows Server Enterprise Certificate Authority, this extension is already included in the domain controller certificate template. -* The domain controller certificate must be installed in the local computer's certificate store. See [Configure Hybrid Windows Hello for Business: Public Key Infrastructure](./hello-hybrid-cert-whfb-settings-pki.md) for details. +* The domain controller certificate must be installed in the local computer's certificate store. See [Configure Hybrid Windows Hello for Business: Public Key Infrastructure](./hello-hybrid-key-whfb-settings-pki.md) for details. > [!IMPORTANT] diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md index 9c149abb04..9caf362da6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md @@ -1,5 +1,5 @@ --- -title: Hybrid Windows Hello for Business key trust Provisioning (Windows Hello for Business) +title: Hybrid Azure AD joined Windows Hello for Business key trust Provisioning (Windows Hello for Business) description: Learn about provisioning for hybrid key trust deployments of Windows Hello for Business and learn where to find the hybrid key trust deployment guide. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust ms.prod: w10 @@ -13,10 +13,10 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 08/20/2018 +ms.date: 4/30/2021 ms.reviewer: --- -# Hybrid Windows Hello for Business Provisioning +# Hybrid Azure AD joined Windows Hello for Business Key Trust Provisioning **Applies to** - Windows 10, version 1703 or later @@ -68,4 +68,4 @@ The remainder of the provisioning includes Windows Hello for Business requesting 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md) 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md) 6. [Configure Windows Hello for Business settings](hello-hybrid-key-whfb-settings.md) -7. Sign-in and Provision(*You are here*) \ No newline at end of file +7. Sign-in and Provision(*You are here*) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md index 3d7c456790..c34af8b4ca 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md @@ -1,5 +1,5 @@ --- -title: Configuring Hybrid key trust Windows Hello for Business - Active Directory (AD) +title: Configuring Hybrid Azure AD joined key trust Windows Hello for Business - Active Directory (AD) description: Configuring Hybrid key trust Windows Hello for Business - Active Directory (AD) keywords: identity, PIN, biometric, Hello, passport, WHFB, ad, key trust, key-trust ms.prod: w10 @@ -13,10 +13,10 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 08/20/2018 +ms.date: 4/30/2021 ms.reviewer: --- -# Configuring Hybrid key trust Windows Hello for Business: Active Directory +# Configuring Hybrid Azure AD joined key trust Windows Hello for Business: Active Directory **Applies to** - Windows 10, version 1703 or later diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index e3fbad8b54..b5a7d75097 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -1,5 +1,5 @@ --- -title: Hybrid Windows Hello for Business - Directory Synchronization +title: Hybrid Azure AD joined Windows Hello for Business - Directory Synchronization description: How to configure Hybrid key trust Windows Hello for Business - Directory Synchronization keywords: identity, PIN, biometric, Hello, passport, WHFB, dirsync, connect, Windows Hello, AD Connect, key trust, key-trust ms.prod: w10 @@ -13,10 +13,10 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 08/19/2018 +ms.date: 4/30/2021 ms.reviewer: --- -# Configure Hybrid Windows Hello for Business: Directory Synchronization +# Configure Hybrid Azure AD joined Windows Hello for Business: Directory Synchronization **Applies to** - Windows 10, version 1703 or later diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index 7c662edce9..11ea807b5c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -1,5 +1,5 @@ --- -title: Configure Hybrid key trust Windows Hello for Business +title: Configure Hybrid Azure AD joined key trust Windows Hello for Business description: Configuring Hybrid key trust Windows Hello for Business - Public Key Infrastructure (PKI) keywords: identity, PIN, biometric, Hello, passport, WHFB, PKI, Windows Hello, key trust, key-trust ms.prod: w10 @@ -13,11 +13,11 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 01/14/2021 +ms.date: 04/30/2021 ms.reviewer: --- -# Configure Hybrid Windows Hello for Business: Public Key Infrastructure +# Configure Hybrid Azure AD joined Windows Hello for Business: Public Key Infrastructure **Applies to** @@ -50,7 +50,8 @@ Sign-in a certificate authority or management workstations with _Domain Admin_ e 3. In the **Certificate Template Console**, right-click the **Kerberos Authentication** template in the details pane and click **Duplicate Template**. 4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2008 R2** from the **Certification Authority** list. Select **Windows 7.Server 2008 R2** from the **Certification Recipient** list. 5. On the **General** tab, type **Domain Controller Authentication (Kerberos)** in Template display name. Adjust the validity and renewal period to meet your enterprise's needs. - **Note**If you use different template names, you'll need to remember and substitute these names in different portions of the lab. + > [!NOTE] + > If you use different template names, you'll need to remember and substitute these names in different portions of the lab. 6. On the **Subject Name** tab, select the **Build from this Active Directory information** button if it is not already selected. Select **None** from the **Subject name format** list. Select **DNS name** from the **Include this information in alternate subject** list. Clear all other items. 7. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list. Select **RSA** from the **Algorithm name** list. Type **2048** in the **Minimum key size** text box. Select **SHA256** from the **Request hash** list. Click **OK**. 8. Close the console. @@ -81,11 +82,12 @@ Sign-in a certificate authority or management workstations with _Enterprise Admi The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list. However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities. > [!NOTE] -> A domain controller's certificate must chain to a certificate in the NTAuth store in Active Directory. By default, online "Enterprise" Active Directory Certificate Authority certificates are added to the NTAuth store at installation time. If you are using a third-party CA, this is not done by default. If the domain controller certificate does not chain to a trusted CA in the NTAuth store, user authentication will fail. -> -> You can view an AD forest's NTAuth store (NTAuthCertificates) using PKIVIEW.MSC from an ADCS CA. Open PKIView.msc, then click the Action menu -> Manage AD Containers. To see all certificates in the NTAuth store, run **Certutil -viewstore -enterprise NTAuth** from the command-line interface (Cmd.exe). - -### Publish Certificate Templates to a Certificate Authority +> The domain controller's certificate must chain to a root in the NTAuth store. By default, the Active Directory Certificate Authority's root certificate is added to the NTAuth store. If you are using a third-party CA, this may not be done by default. If the domain controller certificate does not chain to a root in the NTAuth store, user authentication will fail. +>you can view +> +>'''powershell +>Certutil -view +>Publish Certificate Templates to a Certificate Authority The certificate authority may only issue certificates for certificate templates that are published to that certificate authority. If you have more than one certificate authority and you want that certificate authority to issue certificates based on a specific certificate template, then you must publish the certificate template to all certificate authorities that are expected to issue the certificate. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index f39befdec4..4e90347c72 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -1,5 +1,5 @@ --- -title: Configure Hybrid Windows Hello for Business - Group Policy +title: Configure Hybrid Azure AD joined Windows Hello for Business - Group Policy description: Configuring Hybrid key trust Windows Hello for Business - Group Policy keywords: identity, PIN, biometric, Hello, passport, WHFB, Windows Hello, key trust, key-trust ms.prod: w10 @@ -13,10 +13,10 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 08/20/2018 +ms.date: 4/30/2021 ms.reviewer: --- -# Configure Hybrid Windows Hello for Business: Group Policy +# Configure Hybrid Azure AD joined Windows Hello for Business: Group Policy **Applies to** - Windows 10, version 1703 or later diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md index 9103431811..72ae9b3df4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md @@ -1,5 +1,5 @@ --- -title: Configure Hybrid Windows Hello for Business key trust Settings +title: Configure Hybrid Azure AD joined Windows Hello for Business key trust Settings description: Begin the process of configuring your hybrid key trust environment for Windows Hello for Business. Start with your Active Directory configuration. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust ms.prod: w10 @@ -13,18 +13,17 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 08/19/2018 +ms.date: 4/30/2021 ms.reviewer: --- -# Configure Hybrid Windows Hello for Business key trust settings +# Configure Hybrid Azure AD joined Windows Hello for Business key trust settings **Applies to** - Windows 10, version 1703 or later - Hybrid deployment - Key trust - -You are ready to configure your hybrid key trust environment for Windows Hello for Business. +You are ready to configure your hybrid Azure AD joined key trust environment for Windows Hello for Business. > [!IMPORTANT] > Ensure your environment meets all the [prerequisites](hello-hybrid-key-trust-prereqs.md) before proceeding. Review the [New Installation baseline](hello-hybrid-key-new-install.md) section of this deployment document to learn how to prepare your environment for your Windows Hello for Business deployment. diff --git a/windows/security/identity-protection/hello-for-business/images/pinreset/allowlist.png b/windows/security/identity-protection/hello-for-business/images/pinreset/allowlist.png new file mode 100644 index 0000000000..097b1e036d Binary files /dev/null and b/windows/security/identity-protection/hello-for-business/images/pinreset/allowlist.png differ diff --git a/windows/security/identity-protection/index.md b/windows/security/identity-protection/index.md index dd87cded73..3a9682cff1 100644 --- a/windows/security/identity-protection/index.md +++ b/windows/security/identity-protection/index.md @@ -7,7 +7,7 @@ ms.sitesec: library ms.pagetype: security audience: ITPro author: dansimp -ms.author: daniha +ms.author: dansimp manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md index e929ec1a15..2c1405d9e0 100644 --- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md +++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md @@ -25,6 +25,10 @@ In Windows 10, a number of features were added to auto-trigger VPN so users won - Name-based trigger - Always On +> [!NOTE] +> Auto-triggered VPN connections will not work if Folder Redirection for AppData is enabled. Either Folder Redirection for AppData must be disabled or the auto-triggered VPN profile must be deployed in system context, which changes the path to where the rasphone.pbk file is stored. + + ## App trigger VPN profiles in Windows 10 can be configured to connect automatically on the launch of a specified set of applications. You can configure desktop or Universal Windows Platform (UWP) apps to trigger a VPN connection. You can also configure per-app VPN and specify traffic rules for each app. See [Traffic filters](vpn-security-features.md#traffic-filters) for more details. @@ -100,4 +104,4 @@ After you add an associated app, if you select the **Only these apps can use thi - [VPN and conditional access](vpn-conditional-access.md) - [VPN name resolution](vpn-name-resolution.md) - [VPN security features](vpn-security-features.md) -- [VPN profile options](vpn-profile-options.md) \ No newline at end of file +- [VPN profile options](vpn-profile-options.md) diff --git a/windows/security/index.yml b/windows/security/index.yml index d7b6fbe5a3..83e7dcbb53 100644 --- a/windows/security/index.yml +++ b/windows/security/index.yml @@ -12,8 +12,8 @@ metadata: ms.product: windows ms.topic: hub-page # Required ms.collection: M365-security-compliance # Optional; Remove if no collection is used. - author: danihalfin #Required; your GitHub user alias, with correct capitalization. - ms.author: daniha #Required; microsoft alias of author; optional team alias. + author: dansimp #Required; your GitHub user alias, with correct capitalization. + ms.author: dansimp #Required; microsoft alias of author; optional team alias. ms.date: 01/08/2018 #Required; mm/dd/yyyy format. ms.localizationpriority: high diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index 9a9e14b5bc..0ad0174199 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -196,4 +196,5 @@ For secure administrative workstations, Microsoft recommends TPM with PIN protec - [Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d) - [BitLocker Group Policy settings](./bitlocker-group-policy-settings.md) -- [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp) \ No newline at end of file +- [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp) +- [Winlogon automatic restart sign-on (ARSO)](https://docs.microsoft.com/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 61f3f7421b..ca6667c273 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb -ms.date: 04/26/2021 +ms.date: 04/28/2021 ms.reviewer: manager: dansimp ms.custom: asr @@ -77,11 +77,15 @@ This feature is currently experimental only and is not functional without an add ### What is the WDAGUtilityAccount local account? -This account is part of Application Guard beginning with Windows 10, version 1709 (Fall Creators Update). This account remains disabled until Application Guard is enabled on your device. This item is integrated to the OS and is not considered as a threat/virus/malware. +WDAGUtilityAccount is part of Application Guard, beginning with Windows 10, version 1709 (Fall Creators Update). It remains disabled by default, unless Application Guard is enabled on your device. WDAGUtilityAccount is used to sign in to the Application Guard container as a standard user with a random password. It is NOT a malicious account. If *Run as a service* permissions are revoked for this account, you might see the following error: + +**Error: 0x80070569, Ext error: 0x00000001; RDP: Error: 0x00000000, Ext error: 0x00000000 Location: 0x00000000** + +We recommend that you do not modify this account. ### How do I trust a subdomain in my site list? -To trust a subdomain, you must precede your domain with two dots, for example: `..contoso.com` ensures that `mail.contoso.com` or `news.contoso.com` are trusted. The first dot represents the strings for the subdomain name (mail or news), the second dot recognizes the start of the domain name (`contoso.com`). This prevents sites such as `fakesitecontoso.com` from being trusted. +To trust a subdomain, you must precede your domain with two dots (..). For example: `..contoso.com` ensures that `mail.contoso.com` or `news.contoso.com` are trusted. The first dot represents the strings for the subdomain name (mail or news), and the second dot recognizes the start of the domain name (`contoso.com`). This prevents sites such as `fakesitecontoso.com` from being trusted. ### Are there differences between using Application Guard on Windows Pro vs Windows Enterprise? @@ -89,21 +93,23 @@ When using Windows Pro or Windows Enterprise, you have access to using Applicati ### Is there a size limit to the domain lists that I need to configure? -Yes, both the Enterprise Resource domains hosted in the cloud and the Domains categorized as both work and personal have a 16383-B limit. +Yes, both the Enterprise Resource domains that are hosted in the cloud and the domains that are categorized as both work and personal have a 16383-B limit. ### Why does my encryption driver break Microsoft Defender Application Guard? -Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (`0x80070013 ERROR_WRITE_PROTECT`). +Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (**0x80070013 ERROR_WRITE_PROTECT**). ### Why do the Network Isolation policies in Group Policy and CSP look different? There is not a one-to-one mapping among all the Network Isolation policies between CSP and GP. Mandatory network isolation policies to deploy Application Guard are different between CSP and GP. -Mandatory network isolation GP policy to deploy Application Guard: "DomainSubnets or CloudResources" -Mandatory network isolation CSP policy to deploy Application Guard: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)" -For EnterpriseNetworkDomainNames, there is no mapped CSP policy. +- Mandatory network isolation GP policy to deploy Application Guard: **DomainSubnets or CloudResources** -Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (`0x80070013 ERROR_WRITE_PROTECT`). +- Mandatory network isolation CSP policy to deploy Application Guard: **EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)** + +- For EnterpriseNetworkDomainNames, there is no mapped CSP policy. + +Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (**0x80070013 ERROR_WRITE_PROTECT**). ### Why did Application Guard stop working after I turned off hyperthreading? diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md index d100941402..3aed014401 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md @@ -28,13 +28,12 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p > [!NOTE] > To use this procedure, download and distribute the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your WDAC policies allow the WDAC policy refresh tool or use a managed installer to distribute the tool. -## Script-based deployment process for WDAC policy +## Script-based deployment process for Windows 10 version 1903 and above 1. Initialize the variables to be used by the script. ```powershell # Policy binary files should be named as {GUID}.cip for multiple policy format files (where {GUID} = from the Policy XML) - # Single policy format binaries should be named as SiPolicy.p7b. $PolicyBinary = "" $DestinationFolder = $env:windir+"\System32\CodeIntegrity\CIPolicies\Active\" $RefreshPolicyTool = "" @@ -43,7 +42,7 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p 2. Copy WDAC policy binary to the destination folder. ```powershell - cp $PolicyBinary $DestinationFolder + Copy-Item -Path $PolicyBinary -Destination $DestinationFolder -Force ``` 3. Repeat steps 1-2 as appropriate to deploy additional WDAC policies. @@ -53,4 +52,24 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p & $RefreshPolicyTool ``` -5. If successful, you should see the message **Rebootless ConfigCI Policy Refreshing Succeeded!** +## Script-based deployment process for Windows 10 versions earlier than 1903 + +1. Initialize the variables to be used by the script. + + ```powershell + # Policy binary files should be named as SiPolicy.p7b for Windows 10 versions earlier than 1903 + $PolicyBinary = "" + $DestinationBinary = $env:windir+"\System32\CodeIntegrity\SiPolicy.p7b" + ``` + +2. Copy WDAC policy binary to the destination. + + ```powershell + Copy-Item -Path $PolicyBinary -Destination $DestinationBinary -Force + ``` + +3. Refresh and activate WDAC policy using WMI + + ```powershell + Invoke-CimMethod -Namespace root\Microsoft\Windows\CI -ClassName PS_UpdateAndCompareCIPolicy -MethodName Update -Arguments @{FilePath = $DestinationBinary} + ``` diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain.md b/windows/security/threat-protection/windows-firewall/isolated-domain.md index 1b9d83e173..b9656fd06d 100644 --- a/windows/security/threat-protection/windows-firewall/isolated-domain.md +++ b/windows/security/threat-protection/windows-firewall/isolated-domain.md @@ -20,9 +20,10 @@ ms.technology: mde # Isolated Domain -**Applies to** -- Windows 10 -- Windows Server 2016 +**Applies to:** +- Windows 10 +- Windows Server 2016 +- Windows Server 2019 The isolated domain is the primary zone for trusted devices. The devices in this zone use connection security and firewall rules to control the communications that can be sent between devices in the zone. diff --git a/windows/threat-protection/docfx.json b/windows/threat-protection/docfx.json index ed96201d45..7576fcf3df 100644 --- a/windows/threat-protection/docfx.json +++ b/windows/threat-protection/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**", diff --git a/windows/update/docfx.json b/windows/update/docfx.json index 10a5192bee..723941b24a 100644 --- a/windows/update/docfx.json +++ b/windows/update/docfx.json @@ -3,7 +3,8 @@ "content": [ { "files": [ - "**/*.md" + "**/*.md", + "**/*.yml" ], "exclude": [ "**/obj/**",